Lockstep

[Skip Navigation]
  • Home
  • About Us
  • News
  • Services
  • Partners
  • Library
  • Contact Us
  • Digital Identity
  • Privacy
    • Privacy op-ed in Sydney Morning Herald
    • Public yet still "private"
    • Google's wifi misadventure, and the gulf between IT and Privacy
    • Health Identifiers and Patient Privacy
    • Anonymity & Pseudonymity in eResearch
    • "Privacy Engineering"
    • Inaugural iappANZ Privacy Conference
    • Privacy & Security presentation - ID Summit 2008
    • Lockstep transaction de-identification
    • Privacy Engineering Guidelines Presentation
    • Patient Privacy and Security , Not a zero sum game!
    • Submission to the 2005 Senate inquiry
    • Submission to Dept of Health & Ageing on the National Health Privacy Code
    • Mapping Privacy requirements onto the IT function
    • Don't let privacy take IT by surprise
    • Submission to the Spyware Inquiry
  • Smartcards
  • PKI
  • Biometrics
  • "Babysteps"
  • Lockstep Technologies
  • eHealth
  • Return on Investment
  • Blogs
  • Clients & Case Studies
  • Government submissions
  • Online Banking Review
  • Conference presentations
  • Selected Media Interviews
  • Quotes
  • Links
  • Science generally
  • Downloads

Mapping Privacy requirements onto the IT function

A detailed examination of the relationship between privacy and the enterprise IT function.

This is a pre-print version of a paper published in two parts in "Privacy Law & Policy Reporter", 2003.

Abstract

Full and ongoing conformance with the provisions of Privacy legislation has greater impact on a business's risk management and technology management processes than often they first realise. It is tempting to believe that because privacy issues are broadly business based, they are mainly the concern of the legal department or of audit. But current catch-cries along the line that 'privacy is not a technology issue' should not be interpreted to mean that privacy has no relevance for the IT function at all. There are multiple regulatory requirements of the privacy regime that directly impact most organisations' Information Security Policies, IT management functions, product/service development processes, and internal audit.

This paper presents a detailed mapping of the 10 National Privacy Principles (NPPs) onto the sorts of management processes that in most organisations are controlled by the IT function. The mapping exposes the breadth and depth of impact that Privacy compliance has on the IT function. It thus clarifies how each individual business should fine tune its processes and mobilise its IT function to satisfy the NPPs. It is hoped that such mapping can be repeated and built upon, leading to a common framework for analysing threats and risks to privacy compliance across all organisations.

Mapping privacy requirements onto the IT function[download, 41Kb]
Part 1 of the 2003 PLPR paper
Mapping the NPPs onto business and technology management processes[download, 83Kb]
Part 2 of the 2003 PLPR paper
© 2010 Lockstep Consulting ABN 59 593 754 482
11 Minnesota Avenue Five Dock NSW 2046
Mobile: +61 (0) 414 488 851 Email Us
Terms and Conditions