Compliance News & Opinion 

Privacy process harmonized in BC, Alberta, Ottawa a Western viewpoint

Answering to the Board of Directors security policies and compliance

10 Points for Corporate Directors on Information Security

 

February 2004



Dear Subscriber,

Online voting would be good for democracy, but is it possible right now? A recent editorial in the Toronto Star says no. 

What are your thoughts on online democracy? Will evoting take hold? How could the possible security and privacy implications be managed? Send your questions to compass@integrityincorporated.com.

In this issue of Compass, we look at a question on information security and directors and officers liability, examine a funding allocation and privacy case study, and take a look at some political websites in Canada and the US and see how their privacy policies measure up if they are there at all! 

We encourage you to forward this newsletter to an industry colleague or associate who would be interested and of course, I always welcome your input and feedback! 

Best regards, 

Carolyn Burke, CEO
Integrity Incorporated




Upcoming Events 

What Do Intelligent Enterprises Know? Harness the Power of Data, Content & Knowledge: 
E-Content Institute Conference 2004
Visit us at the Information Highways show at the Holiday Inn on King, March 20-22. Join Integrity CEO Carolyn Burke as she demonstrates how to mitigate security risks within the intelligent enterprise. 

Conference information: econtentinstitute.org/conference

Session Information: 
econtentinstitute.org/conference/program.asp#MitigateRisk





Getting It: Compliance case study - Fundraising

Each issue we’ll examine compliance related to a specific industry or governance problem and walk through how a solution was, or could be, reached.

February Spotlight: Fundraising - Donations Allocations and Privacy

Client: Alumni association at a Canadian university; one of the most 
significant fundraisers in the country raising millions of dollars 
per year. 

The funding committee of this post secondary educational institution's alumni association wanted to ensure that its proceedings from fundraising were allocated without any bias. Funds could not bear the taint of any favouritism, so they needed to be allocated in a way that was equitable and private, to ensure that the school follows through on its commitment to donors that when money is solicited, it is distributed in an unbiased way. 

Working with the Dean of Graduate Studies to manage this process, Integrity Incorporated analyzed the requirements for anonymous allocation of funds to recipients to ensure that the fundraising system retained its integrity. 




Compass Q&A 

We invite you to submit questions on security, privacy and governance compliance to compass@integrityincorporated.com

Dear Compass, 
Have there been any recent rulings on the liability of corporate directors for information security breaches, and how far their responsibilities extend for due diligence? 
- LR, Kitchener

Compass responds: 

Hi LR, 
In Canada, very few, if any. However, there are some established best practices for corporate directors when it comes to managing information security, despite this being an area of responsibility that has very rapid changes. 

A starting resource on this topic is out of Australia and can be found at http://doc.isheriff.com/governance/directors_officers.pdf. It gives a quick overview of some of the present challenges with managing information security, how directors can mitigate risks and the potential repercussions if they don't. 

Another excellent resource, from PKI vendor Entrust, http://www.entrust.com/news/files/10_08_03.htm, summarizes some of the issues in the US specifically. Both of these resources can be used as a basic grounding for similar implications in Canada. 



Cautionary Tales 

We'd have picked a good Canadian party site, but we couldn't. We had to really search to find the Liberal party website's privacy policy (we had to want to donate before they'd tell us how they'll use our information), but it's still a long shot better than the new Conservative site, which doesn't appear to have one, and the NDP, who you'd think would have the best and most visible privacy policy, and, well, if they have one, we haven't found it yet

Liberals - Difficult to find
Conservatives - No privacy policy
NDP No visible privacy policy



Success Stories 


John Kerry, presidential candidate as of this writing, has by far
the best privacy policy of the leading candidates:
johnkerry.com/footerfiles/privacy_policy.html



info@integrityincorporated.com

Integrity Incorporated
155 Dalhousie Street, Ste 701
Toronto, ON, M5B 2P7 Canada
T/ 416 369 0113     F/ 416 369 0148


This newsletter was sent to EMAIL. It is only sent to subscribers. If you received this message in error, please accept our apologies and let us know by return email. To be removed from this mailing list, please unsubscribe on our website.

Full Disclosure:
Microsoft Canada is a consulting client of Integrity Incorporated.

Copyright © 2004 Integrity Incorporated. All rights reserved. The Integrity Incorporated 'mark of integrity' is a registered trademark of Integrity Incorporated and is pending approval in the Canadian Trademark Office. Integrity Incorporated is a member of the family of values-focused River Street Bridge Inc. companies.