Call today! 1 866 3 NYMITY
Username: Password:
Nymity News
Nymity logo
Home About Us

Empowering Your Privacy Officer

 

April 2003

 

Terry McQuay, President of Nymity, recently spoke with Jacques Renaud, COO of Privasoft, and asked him some questions on how automating the Privacy Office provides central management to organization's Privacy Officer.

 

Nymity: What do you mean by "Automating the Privacy Office"?

 

Renaud . We refer to automating the privacy office as business applications that help the Privacy Officer and his/her staff manage the corporation's privacy policies and compliance with privacy legislation.

 

Nymity: Why would an organization automate their Privacy Office?

 

Renaud . Organizations are interested in demonstrating accountability to internal and external sources. They are looking for an audit trail of all customer and internal privacy activities. They are looking to produce reports that demonstrate compliance. Organizations want a privacy application for managing customer inquires, complaints, challenges and consent while maintaining a central view of all their data repositories. They want to centralize the management and coordinate the privacy activities with all the owners of each data repository that contains customer information.

 

Nymity: Who is Privasoft?

 

Renaud. Privasoft is the oldest and largest privacy firm in Canada. We have been providing privacy solutions for over 12 years and are the defacto standard for Freedom of Information (FOI) and Privacy solutions in the public sector.

 

Nymity: What solutions does Privasoft offer?

 

Renaud. For the private sector we offer Privasoft Comply which has three models.

  1. Converge , which centrally manages all privacy related information and activities. It provides control to the privacy office plus the tools to manage, audit and report on compliance with organizational privacy policies.
  2. Consent , which manages customer consent requests, builds the corporate suppression file and manages and audits consent related activities with the data repository owners.
  3. Convey , which manages audits and reports customer inquiries, complaints and challenges, while providing the infrastructure to effectively work with data repository owners.

For the public sector, we offer Privasoft's ATIP (Access to Information and Privacy Act) Suite. Privasoft's ATIP Suite has been meeting the stringent requirements of the federal and provincial governments for years and we currently have over 50 customers.

 

Nymity: What makes Privasoft unique?

 

Renaud. Focus. We are 100% privacy. Our solutions stay current with all privacy legislation and we are committed to investing in the functionality required to comply with future provincial legislation. Also, we are Canadian. Our solutions ship in English and with a Canadian French version. In fact, Privasoftâ€Ts office is located in Casselman, a French community, just outside of Ottawa.

 

Nymity: Does Privasoft Comply manage compliance?

 

Renaud . Privasoft Comply is designed to support your compliance effort. Software in and of itself cannot make you compliant, but Comply manages your corporate compliance to your organization's privacy policies. From an operational perspective, compliance is ultimately the responsibility of the business units. The privacy office should not be involved in every customer communication or the day to day operations and interactions with the customers. Ultimately, the business unit is involved in the collection, the usage and the disclosure of the customer information and thus the business unit is responsible for compliance.

 

Nymity: Does Comply report compliance with privacy legislation?

 

Renaud . Yes. Comply allows for the production of compliance reports at corporate, business, department and data repository level. In fact, reports can be generated at the data element level by data repository or cross company. Reports can be policy based or generated based on the 10 fair information practices.

 

Nymity: How does Comply manage the privacy office's interaction with business units?

 

Renaud . Comply's base module is called Converge, as it brings together all the elements necessary to manage privacy into one central location - the privacy office.

 

This includes:

  • detailed information on every personal information repository
  • detailed history of compliance activities by repository
  • detailed history of privacy office communication by business unit and repository
  • online corporate privacy policies and compliance statuses
  • detailed reporting at the corporate level, business unit level, policy level, data level, on your organization's adherences to the 10 fair information practices

With this information your privacy office will have the power to demonstrate corporate accountability to auditors, Commissioner's office, business partners and customers.

 

Nymity: How does Comply manage the privacy office interactions with customers who want to change their consent status?

 

Renaud. Comply has a module called Consent, which allows the privacy office to manage all customer requests to change consent levels. A simple "opt-out" request can become complicated very quickly and Consent provides the infrastructure to manage both the customer and the business units who have to honour the privacy requests. With Consent the privacy office will be able to review with the customer all of your organization's business units that currently utilize the customer's personal information and advise the customer of any contractual relationships that require the company to utilize their personal data. Consent will allow the privacy office to advise the customer when the company has a legal right to use the customer's information and explain where consent was not required. With Consent the privacy office will effectively manage customer consent requests thus minimizing customer complaints and increasing customer satisfaction. Also, Consent produces an audit trail for any customer interactions with the privacy office.

 

Nymity: How does Comply manage the privacy office interaction with customers who request information?

 

Renaud . Comply has a module called Convey, which allows for effective releasing of information to customers. Customers can request any information that organizations store on them. This is the information in every database, every transaction, every email that references the customer, every letter or memo that references the customer, any information in your customer service, help desk, or the CRM. It even includes voice and video recordings.  Comply:

 

  • manages the customer request, minimizing the information required
  • records the information request, and confirmation letters
  • provides time tracking to ensure the request is completed in the allotted 30 day window
  • handles exception management
  • manages the communications with the business units who have to retrieve the information
  • manages the approval process required to release the information
  • process for validation the requester of information

 

Comply provides the power to manage customers' privacy requests while minimizing the burden on the business units. Comply provides an audit trail with the privacy office interactions with the client and the business units. Comply, combined with corporate privacy policies, will ensure all inquiries are satisfied in a timely fashion thus minimizing the probability of a complaint. Should a complaint occur, organizations will have a complete audit trail thus allowing them to easily demonstrate accountability to the Commissioner's office.

 

 

 

 

 

 

 

 

 

 
Contact Us | Privacy Policy | Terms of Use and Disclaimer © 2003 - 2008 NYMITY