Compliance News &
Opinion
Privacy process harmonized in BC, Alberta, Ottawa – a Western viewpoint
Answering to the Board of Directors – security policies and compliance
10 Points for Corporate Directors on Information Security
|
February 2004
Dear Subscriber,
Online voting would be good for democracy, but is it possible right now? A recent editorial in the
Toronto Star says no. 
What are your thoughts on online democracy? Will evoting take hold? How could the possible security and privacy implications be managed? Send your questions to
compass@integrityincorporated.com.
In this issue of Compass, we look at a question on information security and directors and officers liability, examine a funding allocation and privacy case study, and take a look at some political websites in Canada and the US and see how their privacy policies measure up – if they are there at all!
We encourage you to forward this newsletter to an industry colleague or associate who would be interested – and of course, I always welcome your input and feedback!
Best regards,
Carolyn Burke, CEO
Integrity Incorporated
Upcoming
Events
What Do Intelligent Enterprises Know? Harness the Power of Data,
Content & Knowledge:
E-Content Institute Conference 2004
Visit us at the Information Highways show at the Holiday Inn on King, March
20-22. Join Integrity CEO Carolyn Burke as she demonstrates how to mitigate security risks within the intelligent enterprise.
Conference information: econtentinstitute.org/conference
Session Information:
econtentinstitute.org/conference/program.asp#MitigateRisk
Getting
It: Compliance case study - Fundraising
Each issue we’ll examine compliance related to a specific industry
or governance problem and walk through how a solution was, or could be,
reached.
February Spotlight: Fundraising - Donations Allocations and Privacy
Client: Alumni association at a Canadian university; one of the most
significant fundraisers in the country raising millions of dollars
per year.
The funding committee of this post secondary educational institution's alumni association wanted to ensure that its proceedings from fundraising were allocated without any bias. Funds could not bear the taint of any favouritism, so they needed to be allocated in a way that was equitable and private, to ensure that the school follows through on its commitment to donors that when money is solicited, it is distributed in an unbiased way.
Working with the Dean of Graduate Studies to manage this process, Integrity Incorporated analyzed the requirements for anonymous allocation of funds to recipients to ensure that the fundraising system retained its integrity.
Compass
Q&A
We invite you to submit questions on security, privacy and governance compliance
to compass@integrityincorporated.com.
Dear Compass,
Have there been any recent rulings on the liability of corporate directors for information security breaches, and how far their responsibilities extend for due diligence?
- LR, Kitchener
Compass responds:
Hi LR,
In Canada, very few, if any. However, there are some established best practices for corporate directors when it comes to managing information security, despite this being an area of responsibility that has very rapid changes.
A starting resource on this topic is out of Australia and can be found at http://doc.isheriff.com/governance/directors_officers.pdf. It gives a quick overview of some of the present challenges with managing information security, how directors can mitigate risks and the potential repercussions if they don't.
Another excellent resource, from PKI vendor Entrust, http://www.entrust.com/news/files/10_08_03.htm, summarizes some of the issues in the US specifically. Both of these resources can be used as a basic grounding for similar implications in Canada.
Cautionary
Tales
We'd have picked a good Canadian party site, but we couldn't. We had to really search to find the Liberal party website's privacy policy (we had to want to donate before they'd tell us how they'll use our information), but it's still a long shot better than the new Conservative site, which doesn't appear to have one, and the NDP, who you'd think would have the best and most visible privacy policy, and, well, if they have one, we haven't found it yet …
Liberals
- Difficult to find
Conservatives
- No privacy policy
NDP
– No visible privacy policy
Success
Stories
John Kerry, presidential candidate as of this writing, has by far
the best privacy policy of the leading candidates:
johnkerry.com/footerfiles/privacy_policy.html
This newsletter was sent to EMAIL. It is only sent to subscribers. If you received this message in error, please accept our
apologies and let us know by return email. To be removed from this
mailing list, please unsubscribe
on our website.
Full Disclosure:
Microsoft Canada ® is a consulting client of Integrity Incorporated.
Copyright © 2004 Integrity Incorporated. All rights reserved. The Integrity
Incorporated 'mark of integrity' is a registered trademark of Integrity
Incorporated and is pending approval in the Canadian Trademark Office. Integrity
Incorporated is a member of the family of values-focused River Street Bridge
Inc. companies.
|
