A local government organization develops a privacy architecture to protect sensitive information and lays the foundation for future automation of online privacy
Privacy architecture that defines privacy protection as an integral part of government IT systems.
Like many government organizations, the Government of Alberta collects and processes vast amounts of sensitive personal information and is responsible for protecting that information. Along with this responsibility comes an understanding of public trust, which necessitates compliance with rigorous privacy legislation that affects all of its operations as well as the operations of some of its non-governmental stakeholders, especially those in the health care sector.
The Office of the Corporate CIO (OCCIO) for the Government of Alberta has a key role in making the government’s use of technology supportive of these privacy obligations. The OCCIO already had some valuable assets, including the Government of Alberta Enterprise Architecture developed with the assistance of IBM Global Services, which could be incorporated into an overall privacy program. However, there was a need to proactively address issues at the intersection of privacy and technology.
The OCCIO needed to develop a technology blueprint that would provide consistent privacy guidance for all stakeholders involved in any government IT initiative. The ideal solution would be a privacy architecture that functioned as an extension of the existing enterprise architecture. The OCCIO engaged IBM to assist in defining and developing this new architecture. Requirements for the planned new architecture were mined from a cross-section of business, technical and policy stakeholders throughout the government. The result of this collaboration was a privacy architecture that is compatible and customizable to any environment within the Government of Alberta.
What IBM did
IBM assembled a cross-functional team of people from IBM Global Services and IBM Research to design the architecture and its many components, including a taxonomy for privacy metadata, an identity key system to prevent unauthorized disclosure, privacy transformation standards and guidance for optimizing IT design for privacy.
The extensive expertise of IBM Research in the area of privacy management, including the IBM Enterprise Privacy Architecture that has been developed by IBM Global Services and IBM Research, was key to this project.