With the move to electronic services, one issue that surfaces over and over is the need for ensuring that all privacy requirements are met. While security has been on the front page almost every day, many of the challenges are actually related to privacy.
This past April, the Canadian Federal Government passed Bill C-6, the Personal Information Protection and Electronic Documents Act ( see CIO Legal Brief), which comes into effect Jan. 1, 2001. With this new law being implemented, the privacy bar is being raised for the private sector, and organizations will need to prepare for and respond to this challenge.
CIOs and IT executives should investigate what business unit manages and corporate executives are doing to prepare for the implementation of Bill C-6. And they should also be diligent in determining what implications the new legislation might have on IT. Here are some Web sources that may help you.
NOTABLE WEB PRIVACY SITES
One of the leading sites in Canada regarding privacy is maintained by the Office of the Privacy Commissioner of Canada – www.privcom.gc.ca. This site provides the latest information about various privacy initiatives going on within Canada and the world, and contains links to other leading sites and Web-based documents. Their annual report also makes for very useful reading.
The other Canadian site I’d study closely would be the one maintained by the Ontario Information and Privacy Commissioner office, which can be found at www.ipc.on.ca/. The site offers extensive coverage of various privacy issues, and provides links to other sites to assist your improvement efforts.
A major U.S. Web site supporting privacy efforts is maintained by EPIC (Electronic Privacy Information Center), at www.epic.org. This organization was established in 1994 to focus public attention on emerging privacy issues relating to the National Information Infrastructure, such as the Clipper Chip, the Digital Telephony proposal, medical records privacy, and the sale of consumer data. EPIC conducts litigation, sponsors conferences, produces reports, publishes the EPIC Alert, and leads campaigns on privacy issues.
REPORT OF THE MONTH
This month’s featured report is entitled Information Security Management and Assurance: A Guide for Directors and Executives, which was released this year at the White House in conjunction with an April Security Summit that I was able to attend. It is discussed at http://www3.theiia.org/ecm/bookstore.cfm?doc_id=1049.
The guide includes a 20-page resource designed to increase understanding of the importance of a sound information security program in protecting the health of an organization, enabling competitive advantage, and providing new business opportunities. The Institute of Internal Auditors (IIA) has distributed over 15,000 copies of the report to various Corporate Directors across North America so requests for information from members of your Board of Directors may be forthcoming (soon).
LEADING WEB SITES TO ASSIST PRIVACY EFFORTS
www.privcom.gc.ca/
www.epic.org/privacy/privacy_resources_faq.html
e-com.ic.gc.ca/english/privacy/632d21.html
www3.theiia.org/ecm/bookstore.cfm?doc_id=1049
www.ciao.gov/
www.nduknowledge.net/
www.itgovernance.org
www.isaca.org
www.cio.gov
foia.state.gov/cio/spci/spci.html
www.ipc.on.ca/
www.ipc.on.ca/english/index.htm
www.ipc.on.ca/english/links/links.htm
Dan Swanson is a management consultant with LGS Group in Winnipeg. He specializes in audit and management consulting and can be reached at dswanson@lgs.ca.
What Do You Recommend?
Remember, Web Browser is always interested in your feedback. Please e-mail Dan Swanson with your recommendations for reports and Web sites of interest to IT executives.