Fox IT Symposium

Information Security and Client Data: Balancing the Use of Client Data with Privacy and Data Protection Requirements

Location: Desmond Hotel and Conference Center, Malvern, PA

Panelists

Craig Conway, Senior Vice President, First Data Prepaid Services
Partha Bhattacharya, Director of Security Engineering, Cisco Systems
Eric Hudson, Senior Vice President and CIO, Foamex International, Inc
James Koenig, Practice Co-Leader, Privacy Strategy & Compliance, PricewaterhouseCoopers LLP

Moderator

Judith E. Tschirgi, Chief Information Officer and Senior Vice President, SEI

Summary

For any corporation, and thus for the CIO, there will always be a need to strike a balance between the need to protect the privacy of their clients’ (or employees) data and the need to use those data for legitimate business purposes.   In order to manage this process effectively, the CIO and technology organization needs to understand all the stakeholders and their competing interests.  Personal data is used by commercial, governmental, and non-profit organizations for a variety of institutional and societal benefits:  to evaluate and manage risk, to evaluate and pursue market opportunities, and to enhance  our general social welfare.  We discussed the fact that much of what is considered personal information may, in fact, be public information, but in combination with other sensitive information such as medical or financial data becomes highly risky information and needs to be private and secured.   We also discussed that  the legal and regulatory approach to the issue worldwide is to a) secure the data and b) emphasize consumers rights to notice of an institutions practice,  a consumers choice on how information is collected, and consumers access to view information’s accuracy.   For the technology community then, the challenge is primarily one of determining what data must they protect and secure, what controls do they put in place to secure it, how do they test to insure those controls are working properly, and how do they prove they have tested those controls.    A further challenge is present in having to monitor the  plethora of regulatory requirements that are issued at the global, federal and state level since there is no uniform framework for data privacy protection.  We discussed some ways that Technology organizations work with their counterparts in Legal and Compliance organizations to work effectively to track the changing policy landscape.  But the basics of information security management, as represented in many of the frameworks such as COBIT, are the starting points for creating a control infrastructure.

Topics

2007 - 2008

• 04/09/08: Where Art Thou Innovation?
• 03/18/08: Enterprise Systems
• 01/31/08: Social Networking

2006 - 2007