More Content - Including Podcasts

Friday, February 17, 2012

The Elements of a Data Governance Program: People, Practices, Policies and Technology

Joe Alhadeff, Vice President for Global Public Policy, Chief Privacy Officer, Oracle Corporation
The Elements of a Data Governance Program: People, Practices, Policies and Technology
This keynote will focus on the evolving needs of organizational governance and accountability. Governance and accountability are multifaceted concepts that must be applied in ways that are accessible to the individual, credible at the level of the organization and extensible across the ecosystem. The elements of such a program are based in organizational policies and processes, the technology that supports them and people that oversee and implement them. Today’s accountability and governance program must be developed collaboratively across disciplines to assure that each element supports and underpins the other. Where technology may have limitations to secure data beyond the transaction; policies, processes and contracts may supplement. Technology may support policies and processes through identity management, rights allocation, audit and other tools. When all of these elements function together the whole is greater than the sum of its parts. As part of this keynote we will also consider trends in Canadian law and practice as well as specific applications of technology in identity and privilege management

Global data flows and big data can be "something really cool and marvellous that happens when you get enough data together" or they can be Big Brother.

Privacy questions span generations, but change as they do; again, theme of the continuously moving target of privacy definitions and requirements that legal bodies are continually playing catch-up with.

"Canada has the PhD on accountability" when it comes to privacy leadership worldwide. We are moving from a compliance of objects to an accountability and governance approach.

At the core of privacy and data management, we are tasked with getting the right data to the right people at the right time. This is reflective of the Wednesday morning workshop I attended at the conference.

Reference made to the TAS3 project in the EU. Trusted Architecture for Securely Shared Services. This is a PPP project where technology, governance, law, and policy were co-developed in support of privacy and security. Technolgy assures the first hop, but law, and policy fill the ecosystem and value chain gaps.

Visual shared, a sign from Quebec that states fair-play SVP. Being prepared means being a good neighbour, playing fair, and successful preparation for information management involves:
Stewardship of information
Information lifecycle
Learning organisation

We are encouraged to look at compliance as an opportunity; privacy impact assessments must be user friendly to be valuable. Make it an opportunity to learn, and teach. Security and privacy are visualised as a Venn diagram, and we want to operate in the sweet spot, which is compliance, which optimises operational costs in the long term. Have the backend understand compliance, and governance bodies understand security.

- Posted using BlogPress from my iPad

Location:13th Privacy & Security Conference

No comments: