Download
1 / 18
180 likes | 307 Vues
6. Ensuring Privacy. AICPA-CPA Canada Privacy Definition. “the rights and obligations of individuals and organizations with respect to the collection, use, retention, disclosure, and disposal of personal information” .
E N D
6. Ensuring Privacy AICPA-CPA Canada Privacy Definition “the rights and obligations of individuals and organizations with respect to the collection, use, retention, disclosure, and disposal of personal information” AICPA – CPA Canada developed Generally Accepted privacy Principles as an international privacy standard. GAPP is a compendium of global best practices • Management • Notice • Choice and Consent • Collection • Use and Retention • Access • Disclosure • Security • Quality • Monitoring and Enforcement
6. Ensuring Privacy • The United States respondents ranked Privacy higher than Canadian respondents. • Canada has had national privacy legislation since 2001-2004 • Most Canadian businesses have addressed privacy • Canada’s privacy legislation does not include robust sanctions and penalties Has a privacy policy that addresses the requirements and risks appropriate to our size of organization and industry 66% Good understanding of the appropriate privacy regulatory and compliance for our size of organization and industry 65% Has put the appropriate privacy safeguards and controls in place to minimize our risk of a privacy breach. 60%
6. Ensuring Privacy Canada’s Privacy Legislation June 2013
6. Ensuring Privacy USA Privacy Legislation Sectorial legislation (GLB, HIPAA, COPPA) Security over Personal Information Breaches (CA-SB 1386, AB-1750) Commonwealth of Massachusetts - STANDARDS FOR THE PROTECTION OF PERSONAL INFORMATION OF RESIDENTS OF THE COMMONWEALTH 17.01: Purpose and Scope 17.02: Definitions 17.03: Duty to Protect and Standards for Protecting Personal Information 17.04: Computer System Security Requirements 17.05: Compliance Deadline Federal Trade Commission – FTA -Fraudulent and Deceptive Business Practices Harsh Penalties
6. Ensuring Privacy Access to Own Personal information Denying 41 patients’ access to their medical records HIPPA Violation Fine – $4.3 Million
6. Ensuring Privacy Failure to provide reasonably appropriate security Implement a comprehensive security program Biannual independent audit of security program to determine if it adequately protects consumer information The order is in effect for 20 years March 11, 2011
6. Ensuring Privacy Regular independent privacy audit for the next 20 years Implement a comprehensive privacy protection program Violations of the US-EU Safe Harbor Agreement Honor commitments in your privacy notice March 30, 2011
7. Managing Systems Implementation The Concept of SDLC (Systems Development Lifecycle) is well established The Scope of SDLC has Increased to Include Governance issues such as strategic alignment, enterprise enabling capabilities Needs Identification Business Case Business Process Review Deign Development Test Update Policies-Procedures Update Forms, Screens, etc. Data Conversion Systems Implementation Post Implementation Review SDLC has changed with ERP Systems such as Oracle, PeopleSoft and SAP
7. Managing Systems Implementation Is properly analyzing the value (e.g. return on investment (ROI), value analysis , net payback, etc.) of IT-related projects 26% Has the proper project governance controls in place to ensure implementation -related decision- making is in accord with the project’s overall goals & objectives 44% Knows how to develop a strong business case for IT-related projects 45% Creating appropriate testing scenarios to ensure that the system will meet the needs of the organization’s operational processes 48%
7. Managing Systems Implementation Providing appropriate training and documentation to users on the new/ upgraded system 50% Adequately analyzing and documenting key business requirements for IT-related projects 51% Strong alignment between the organization’s strategic goals and alignment between IT-related projects and the organization’s strategic goals 56% Ensuring the quality and integrity of data during the implementation of a new or upgraded system 57%
7. Managing Systems Implementation Best Practices in SDLC Were Developed Decades Ago They Have Been Well Documented and Well Publicized • The Survey Identified that Except for: • New System’s Alignment with Strategic Objectives • Ensuring Data Quality and integrity During Implementation The Requirements of All Other Implementation Activities Surveyed Were Less Than 50% Clearly Significant More Attention Needs to be Paid to Ensure that Recognized Systems Implementation Standards and Practices are Adopted
8. Leveraging Emerging Technologies Dealing With Emerging Technologies is a Way of Life For IT Professionals RFID-NFC – Radio frequency identification & near-field communications Big data Security IT governance Green computing BYOD – Bring your own device Tablets and mobile computing Cloud computing Mobile apps Social networks Leading Edge vs. Bleeding Edge Fast Follower vs. Early Adopter
SocialNetworks / Social Media Why is it Important? Facebook and other public social networks are already an important part of many individuals’ lives outside their corporate lives Increasingly social networks are being used by businesses and government as a means of communications News broadcasters and law enforcement are aggressively switching to social networks as a means of obtaining and sharing information The use of on-line communities involving customers is also being used to develop customer insights and to encourage customer loyalty Within organizations, social networks are being used to support the development of teams and communities of practise
8. Leveraging Emerging Technologies Off Topic Blogs Social Media Issues Source: TC Business 2013-03-23
8. Leveraging Emerging Technologies A report from the Securities and Exchange Commission clears companies to use social media outlets like Facebook and Twitter to announce key information, provided that investors have been alerted about which social media will be used Inappropriate Postings Social Media Issues “One set of shareholders should not be able to get a jump on other shareholders just because the company is selectively disclosing important information,” said George Canellos, acting director of the SEC’s Division of Enforcement. The SEC’s inquiry into a post by Netflix CEO Reed Hastings on his personal Facebook page stating that Netflix’s monthly online viewing had exceeded 1 billion hours for the first time. Netflix did not report this information to investors through a press release or Form 8-K filing April 2, 2013
8. Leveraging Emerging Technologies Is ahead of its competitors with regards to identifying and leveraging emerging technology 25% Has the appropriate staff and resources to support new revenue or cost reduction opportunities related to IT 29% Has the appropriate resources in place with the experience and capabilities to manage a vendor supported emerging technology environment 34% Understands and is appropriately managing the risk associated with emerging technologies 41%
8. Leveraging Emerging Technologies Has the necessary knowledge to identify new revenue or cost reduction opportunities related to IT. 43% Has access to resources (e.g. training, consultants, internal staff/knowledge) to enable our staff to leverage new technologies 49% Believes that emerging technology, either by leveraging or not leveraging, will be a major factor in determining the success of the organization in the near future 58% Has the financial resources (e.g. capital, credit) to support adoption of emerging technologies 60%
8. Leveraging Emerging Technologies Key Messages They Know Emerging Technologies Are Important 58% Have the Financial Resources 60% Are They Capitalizing? Have the appropriate staff and resources 25% 34% Have appropriate experience and capabilities 41% Understands and appropriately managing the risk
