Skip to main content

 

Data privacy - considerations for the IT department

 
  
 
IBM Canada - ITS Professional Services can help you with your Privacy needs. 

IT departments need to understand the emerging marketplace technologies designed to protect data privacy (e.g. will your company adopt P3P?).

IT departments also need to consider an architecture for data privacy that builds on the enterprise?s existing IT architecture and positions for non-disruptive adoption of emerging data privacy technology.

Top 10 Data Privacy Considerations for the IT Department

1. Data Privacy impact on IT decisions

IT departments must be provided with guidance on data privacy related design and implementation choices for technologies, such as:

  1. Biometrics
  2. Directory Services
  3. CRM tools
  4. Tracking mechanisms (cookies, web beacons etc)
  5. Location tracking devices

2. Incorporation of data privacy into key IT processes

IT departments must incorporate data privacy considerations or requirements into key process checkpoints such as:

  1. Application development
  2. IT design
  3. IT acquisition
  4. Project management
  5. Change management

3. Retrieving personal data

IT departments must know where personal data is stored on their systems. The IT department must also be able to easily respond to a request to retrieve all the personal data pertaining to a single individual.

4. Third party compliance

The management of any IT systems that handle personal data that is subcontracted to another organization (alternatively, IT systems that are subcontracted to your organization) must abide by relevant data privacy regulations or data privacy policies.

5. Cross-border issues

Data privacy must be considered if personal data crosses national boundaries or regulatory jurisdictions (e.g. consolidation or backup strategies).

6. Data privacy in test, compliance and audit 

Data privacy should be considered in compliance and audit activities. Data privacy must also be considered if personal data from your production systems is being used in test and development environments.

7. Access to personal data

Access to IT systems containing personal data must be granted strictly on a need to know basis (e.g. by job role). Audit trails must be in place to prove that access to personal data has been restricted only to those with a need to know.

8. Personal data disposal

When the purpose is served, personal data stored on systems must be disposed of in a secure manner.

9. Impact of data privacy technology on the IT environment

IT departments must understand how data privacy protection technologies may impact the function and perception of the existing IT infrastructure (e.g. P3P cookie management in MS Internet Explorer V6)

10. Adoption of data privacy technology

IT departments should be aware of the tools available to help manage data privacy compliance and reduce data privacy risk, such as:

  1. Web compliance scanners
  2. Policy monitoring and enforcement tools
  3. Data transformation tools


You can have full confidence in IBM's IT Services Professionals!

Contacts:

For more information on this or any other data privacy issue, please contact:

Nigel Brown, Senior Privacy Consultant 
905-316-8606
nigel@ca.ibm.com

Customer Service 1-800-426-2255



 
Contact us


  
IBM Corporation

3600 Steeles Ave E Markham, Ontario Canada L3R 9Z7

105 Moatfield Drive Toronto, Ontario Canada M3B 3R1


Services portfolio

Global Services

Business Resiliency and Continuity Services

IT Management Services

IT Optimization Services

Infrastructure

Infrastructure Resource Management

Networking


More offerings

IT Infrastructure Library

Security Solutions


Technical Support

Electronic Services