Transcript Document
TOP 10 TECHNOLOGY INITIATIVES 6. Ensuring Privacy AICPA-CPA Canada Privacy Definition “the rights and obligations of individuals and organizations with respect to the collection, use, retention, disclosure, and disposal of personal information” AICPA – CPA Canada developed Generally Accepted privacy Principles as an international privacy standard. GAPP is a compendium of global best practices S-1 • Management • Access • Notice • Disclosure • Choice and Consent • Security • Collection • Quality • Use and Retention • Monitoring and Enforcement © 2013 - Robert G. Parker TOP 10 TECHNOLOGY INITIATIVES 6. Ensuring Privacy The United States respondents ranked Privacy higher than Canadian respondents. • Canada has had national privacy legislation since 2001-2004 • Most Canadian businesses have addressed privacy • Canada’s privacy legislation does not include robust sanctions and penalties 66% Has a privacy policy that addresses the requirements and risks appropriate to our size of organization and industry Good understanding of the appropriate privacy regulatory and compliance for our size of organization and industry Has put the appropriate privacy safeguards and controls in place to minimize our risk of a privacy breach. S-2 © 2013 - Robert G. Parker 60% 65% TOP 10 TECHNOLOGY INITIATIVES 6. Ensuring Privacy Canada’s Privacy Legislation June 2013 S-3 © 2013 - Robert G. Parker TOP 10 TECHNOLOGY INITIATIVES 6. Ensuring Privacy USA Privacy Legislation Sectorial legislation (GLB, HIPAA, COPPA) Security over Personal Information Breaches (CA-SB 1386, AB1750) Commonwealth of Massachusetts - STANDARDS FOR THE PROTECTION OF PERSONAL INFORMATION OF RESIDENTS OF THE COMMONWEALTH 17.01: Purpose and Scope 17.02: Definitions 17.03: Duty to Protect and Standards for Protecting Personal Information 17.04: Computer System Security Requirements 17.05: Compliance Deadline Federal Trade Commission – FTA -Fraudulent and Deceptive Business Practices Harsh Penalties S-4 © 2013 - Robert G. Parker TOP 10 TECHNOLOGY INITIATIVES 6. Ensuring Privacy Access to Own Personal information Denying 41 patients’ access to their medical records HIPPA Violation Fine – $4.3 Million S-5 © 2013 - Robert G. Parker TOP 10 TECHNOLOGY INITIATIVES 6. Ensuring Privacy Failure to provide reasonably appropriate security Implement a comprehensive security program Biannual independent audit of security program to determine if it adequately protects consumer information The order is in effect for 20 years March 11, 2011 S-6 © 2013 - Robert G. Parker TOP 10 TECHNOLOGY INITIATIVES 6. Ensuring Privacy Regular independent privacy audit for the next 20 years Implement a comprehensive privacy protection program Violations of the US-EU Safe Harbor Agreement Honor commitments in your privacy notice S-7 March 30, 2011 © 2013 - Robert G. Parker TOP 10 TECHNOLOGY INITIATIVES 7. Managing Systems Implementation The Concept of SDLC (Systems Development Lifecycle) is well established The Scope of SDLC has Increased to Include Governance issues such as strategic alignment, enterprise enabling capabilities Needs Identification Business Case Business Process Review Deign SDLC has changed with ERP Systems such as Oracle, PeopleSoft and SAP Development Test Update Policies-Procedures Update Forms, Screens, etc. Data Conversion Systems Implementation Post Implementation Review S-8 © 2013 - Robert G. Parker TOP 10 TECHNOLOGY INITIATIVES 7. Managing Systems Implementation Is properly analyzing the value (e.g. return on investment (ROI), value analysis , net payback, etc.) of IT-related projects 26% Has the proper project governance controls in place to ensure implementation -related decision- making is in accord with the project’s overall goals & objectives 44% Knows how to develop a strong business case for IT-related projects Creating appropriate testing scenarios to ensure that the system will meet the needs of the organization’s operational processes S-9 © 2013 - Robert G. Parker 45% 48% TOP 10 TECHNOLOGY INITIATIVES 7. Managing Systems Implementation Providing appropriate training and documentation to users on the new/ upgraded system Adequately analyzing and documenting key business requirements for IT-related projects 50% 51% Strong alignment between the organization’s strategic goals and alignment between IT-related projects and the organization’s strategic goals Ensuring the quality and integrity of data during the implementation of a new or upgraded system S-10 © 2013 - Robert G. Parker 56% 57% TOP 10 TECHNOLOGY INITIATIVES 7. Managing Systems Implementation Best Practices in SDLC Were Developed Decades Ago They Have Been Well Documented and Well Publicized The Survey Identified that Except for: • New System’s Alignment with Strategic Objectives • Ensuring Data Quality and integrity During Implementation The Requirements of All Other Implementation Activities Surveyed Were Less Than 50% Clearly Significant More Attention Needs to be Paid to Ensure that Recognized Systems Implementation Standards and Practices are Adopted S-11 © 2013 - Robert G. Parker TOP 10 TECHNOLOGY INITIATIVES 8. Leveraging Emerging Technologies Dealing With Emerging Technologies is a Way of Life For IT Professionals Leading Edge vs. Bleeding Edge Fast Follower vs. Early Adopter S-12 BYOD – Bring your own device RFID-NFC – Radio frequency identification & near-field communications Tablets and mobile computing Big data Cloud computing Security Mobile apps IT governance Social networks Green computing © 2013 - Robert G. Parker TOP 10 TECHNOLOGY INITIATIVES Social Networks / Social Media Why is it Important? Facebook and other public social networks are already an important part of many individuals’ lives outside their corporate lives Increasingly social networks are being used by businesses and government as a means of communications News broadcasters and law enforcement are aggressively switching to social networks as a means of obtaining and sharing information The use of on-line communities involving customers is also being used to develop customer insights and to encourage customer loyalty Within organizations, social networks are being used to support the development of teams and communities of practise S-13 © 2013 - Robert G. Parker TOP 10 TECHNOLOGY INITIATIVES 8. Leveraging Emerging Technologies Social Media Issues Source: TC Business 2013-03-23 S-14 © 2013 - Robert G. Parker Off Topic Blogs TOP 10 TECHNOLOGY INITIATIVES 8. Leveraging Emerging Technologies Social Media A report from the Securities and Exchange Commission Inappropriate Postings clears companies to use social media outlets like Facebook Issues and Twitter to announce key information, provided that investors have been alerted about which social media will be used “One set of shareholders should not be able to get a jump on other shareholders just because the company is selectively disclosing important information,” said George Canellos, acting director of the SEC’s Division of Enforcement. April 2, 2013 S-15 The SEC’s inquiry into a post by Netflix CEO Reed Hastings on his personal Facebook page stating that Netflix’s monthly online viewing had exceeded 1 billion hours for the first time. Netflix did not report this information to investors through a press release or Form 8-K filing © 2013 - Robert G. Parker TOP 10 TECHNOLOGY INITIATIVES 8. Leveraging Emerging Technologies Is ahead of its competitors with regards to identifying and leveraging emerging technology 25% Has the appropriate staff and resources to support new revenue or cost reduction opportunities related to IT 29% Has the appropriate resources in place with the experience and capabilities to manage a vendor supported emerging technology environment Understands and is appropriately managing the risk associated with emerging technologies S-16 © 2013 - Robert G. Parker 34% 41% TOP 10 TECHNOLOGY INITIATIVES 8. Leveraging Emerging Technologies Has the necessary knowledge to identify new revenue or cost reduction opportunities related to IT. Has access to resources (e.g. training, consultants, internal staff/knowledge) to enable our staff to leverage new technologies 43% 49% Believes that emerging technology, either by leveraging or not leveraging, will be a major factor in determining the success of the organization in the near future Has the financial resources (e.g. capital, credit) to support adoption of emerging technologies S-17 © 2013 - Robert G. Parker 58% 60% TOP 10 TECHNOLOGY INITIATIVES 8. Leveraging Emerging Technologies Key Messages They Know Emerging Technologies Are Important Have the Financial Resources 58% 60% Are They Capitalizing? Have the appropriate staff and resources 25% Have appropriate experience and capabilities 34% Understands and appropriately managing the risk S-18 © 2013 - Robert G. Parker 41%