 |
A local government organization develops a privacy architecture to protect sensitive information and lays the foundation for future automation of online privacy
|
Business impact
Privacy architecture that defines privacy protection as an integral part of government IT systems.
Issue
Like many government organizations, the Government of Alberta collects and processes vast amounts of sensitive personal information and is responsible for protecting that information. Along with this responsibility comes an understanding of public trust, which necessitates compliance with rigorous privacy legislation that affects all of its operations as well as the operations of some of its non-governmental stakeholders, especially those in the health care sector.
The Office of the Corporate CIO (OCCIO) for the Government of Alberta has a key role in making the government’s use of technology supportive of these privacy obligations. The OCCIO already had some valuable assets, including the Government of Alberta Enterprise Architecture developed with the assistance of IBM Global Services, which could be incorporated into an overall privacy program. However, there was a need to proactively address issues at the intersection of privacy and technology.
Executive summary
The OCCIO needed to develop a technology blueprint that would provide consistent privacy guidance for all stakeholders involved in any government IT initiative. The ideal solution would be a privacy architecture that functioned as an extension of the existing enterprise architecture. The OCCIO engaged IBM to assist in defining and developing this new architecture. Requirements for the planned new architecture were mined from a cross-section of business, technical and policy stakeholders throughout the government. The result of this collaboration was a privacy architecture that is compatible and customizable to any environment within the Government of Alberta.
What IBM did
IBM assembled a cross-functional team of people from IBM Global Services and IBM Research to design the architecture and its many components, including a taxonomy for privacy metadata, an identity key system to prevent unauthorized disclosure, privacy transformation standards and guidance for optimizing IT design for privacy.
Elements of the privacy architecture proved to be immediately useful for many of the stakeholders, and at least one department wants to fast-track implementation planning so it can employ the architecture in projects currently under development. The OCCIO also engaged IBM to work on a solution outline for the identity key system. The long-term effect of the privacy architecture will be even greater. The architecture lays the foundation for the future automation of online privacy negotiations, in which applications will be able to make rule-based decisions about the collection, use and disclosure of personal information based on the preferences of the data subject, the applicable legislation and related privacy policy.
Capabilities applied
The extensive expertise of IBM Research in the area of privacy management, including the IBM Enterprise Privacy Architecture that has been developed by IBM Global Services and IBM Research, was key to this project.