Information Privacy Guidelines for IT Professionals

InfoAdvisors - Project, Process, and Data Management

Saturday, February 04, 2012

Home
       Data Modeling FAQ
       Search InfoAdvisors.com
       We Want your Feedback
       Site Map
       Modeling Bag of Tricks (ModelBOT) Wiki
       Monitoring the Web
       Member Profiles

Blog

Discussion Groups
       How to Sign Up
       Discussion Group FAQ
       Discussion Group Policies
       How to Unsubscribe
       Data Model Group
       ER/Studio Group
       ERwin Group
       DBArtisan Group
       PowerDesigner Group
       Rational Data Architect Group
       Visible Analyst & Visible Advantage Group
       Other Modeling Tools Group
       Preview Group Content
       Discussion Group Member Map
       Data Management Twitter Group

About Us
       Lopez Project Profile
       Contact Us
       In the News
       InfoAdvisors - Embarcadero Technologies
       InfoAdvisors - Telelogic
       InfoAdvisors - IBM
       Advertise on InfoAdvisors.com
       InfoAdvisors Calendar

Events
       DataRage 2 Documents

Services
       ARTS Data Model
          ARTS Data Model FAQ
       Presentation Topics
       Testimonials
       ARTS Data Model FAQ
       Training

Articles & Videos
       Mass Import of Definitions in ERwin
       Keeping the Doors Open
       Performance Tuning Data Models
       ERStudio HTML Report
       ERwin7x Complete Compare
       ERwin7x Undo
       ERwin7x Check Model
       ERwin 7x PDF Reports
       7 Mistakes Analysts Make
       Fun Page
          Crossword - 19 April 2006
          Diamond Crossword - 25 April 2006
          Crossword - 7 June 2006
       DAMA 2006 - Photos
       Dealing with Digital Clutter
       Facilitate Customer Integration
       Enabling High Quality Analytics
       Peformance, Surrogate Keys, and Dimensional Models
       Semantics, Schemantics
       Using UML & Ratrional Rose
       InfoAdvisors Presentations
       Online Learning
       So You Want to Be a Consultant?
       Information Privacy
       Conceptual Data Modeling for Information Quality
       Add Enterprise Portal to your Browser's Search bar

What's New
       Tweets

Articles & Videos

Information Privacy

Information Privacy Links

OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data ...

CIPS Privacy & Information Technology Paper: Implementation & Operational Guidelines ...

CSA Model Privacy Code ...

CSA Model Privacy Code Principles - Overview ...

Canadian Federal Privacy Legislation ...

Health Insurance Portability and Accountablility Act ...

Children's Online Privacy Protection Act ...

Family Educational Rights and Privacy Act (FERPA) ...

Financial Services Modernization Act ...

UK Data Protection Act ...

Australian Federal Privacy Act - Private Sector ...

Download Information Privacy Presentation

Share The Page

Social Bookmarks -

email |

del.icio.us |

digg |

technorati |

stumbleupon |

facebook |

newsvine

The "I" in IT stands for information, yet few IT professionals have a sufficient understanding of information privacy standards and guidelines to properly design and delivery systems that will adequately protect personal information.

Many IT professionals mistakenly assume that information privacy is the equivalent of information security or information secrecy. This misunderstanding leads many to embrace the following information privacy myths:

Myth, no

Information privacy is something that can be addressed after the coding is done
Information privacy can be addressed by hardware.
Information privacy can be addressed by software.
Having strong passwords is all that is needed to protect personal information.
Privacy is something the corporate lawyers do for customers.
IT professionals don't need to worry about information privacy.
If you work here, you need need access to all the data.
Real testing happens with real customer data (test data is somehow "weaker" than real data).
The data about the customer belongs to the company
Having a privacy policy is all that is needed to be compliant.

We'll deal with those myths on an individual basis in a future article. Let's start now, though, with an overview of information privacy.

The OECD publishes a very detailed set of Guidelines on the Protection of Privacy and Transborder Information Flow.

The Canadian Standard Association used the OECD guidelines to develop ten principles that balance the privacy rights of individuals and the information requirements of private organizations. These principles are:

Accountability
Identifying Purposes
Consent
Limiting Collection
Limiting Use, Disclosure, and Retention
Accuracy
Safeguards
Openness
Individual Access
Challenging Compliance

The Canadian Information Processing Society has a good overview of the above privacy principles.

In reviewing the list above, you can clearly see that information privacy concerns much more than hardware, software, security, or passwords. The principles also require that certain business processes be established to provide access to information, to challenge compliance with legislative guarantees and to identify why information is being collected. This means that incorporating information privacy requirements into your systems will change the initiation, requirements, and design phases of your systems development life cycle. More on that later, too.

Amazon.com Widgets

Privacy Statement