Interview with John jager

August 2006

Interviewee: John Jager, former Chief Privacy Officer of Sears Canada, and now the Vice President of Product Development for Nymity Inc.

Interviewer: Terry McQuay, President of Nymity Inc.

Subject: Product Development at Nymity

Nymity: John, was your role at Sears prior to joining Nymity?

Jager: At Sears I was responsible for the company’s compliance matters relating to privacy, advertising and marketing, and environmental issues. As this position was relatively new at Sears and given that PIPEDA came into effect on January 1, 2004 a considerable portion of my time was dedicated to developing and enhancing privacy awareness across the organization.

Although privacy as such was not a new issue for Sears having operated a credit card business since soon after its inception in the mid 50’s, we needed to conduct a review of other business processes relating to activities such as marketing across the various business channels, employee privacy etc.

Nymity: What value did Nymity provide you while at Sears?

Jager: As a new Privacy Officer I immediately began searching for resources that would not only bring me up to speed on the legislative requirements but also for practical risk mitigation information that I could quickly put into practice. Having come across Nymity Inc’s information at a conference on privacy I researched the Nymity website. After attending a very informative training session relating to document retention and destruction we became a subscriber to PrivaWorks.

I found the information in PrivaWorks very helpful as we were developing our own internal practices, and assisted us in ensuring that we developed compliant strategies without overly encumbering our business objectives.

Nymity: What brought you to the Nymity team?

Jager: When the opportunity to join the team came along, the prospect of providing the same support to other Privacy Officers that I was given by the Nymity team was too good to pass up. There is continued need for solid and constructive information for Privacy Officers as they face the daily, reality-based issues of privacy. I hope that my practical experience along with the Nymity team’s research expertise can combine to continue the development of Nymity’s suite of tools.

Nymity: As VP of Product development, where do you see Nymity investing in the future?

Jager: I see PrivaWorks as "Privacy Risk Management Support" for Privacy Officers as the program provides management support to reduce the risks associated with the collection, use, retention and disclosure of customer and employee personal information. PrivaWorks helps Privacy Officers minimize corporate exposure to privacy breaches, privacy complaints, non-compliance with privacy laws, and in many cases, over-compliance with privacy laws. When I speak about over-compliance, I mean the potential for a mistaken view of privacy to put unnecessary restrictions on business processes. During my years as a Privacy Officer I have seen several instances of business decisions that were over-compliant that, if left as is, would have unnecessarily restricted business growth. The first example is a marketing program in which the business people felt that they needed express consent from the customer when in fact implied consent was fully acceptable, especially when combined with a clear and easy to execute opt-out option. In the second example the business unit was willing to forego a beneficial business relationship with a business partner based in the United States as it was mistakenly believed that Canadian privacy legislation restricted the transfer to personal information across borders.

For future development with PrivaWorks, I look at it in three phases:

1. Short Term. In the short term I see the research team continuing the creation of "Risk Reviews" by business activities. Nymity has developed a structured methodology which allows Privacy Officer to easily understand the privacy risk at the business activity level.
   
2. Medium Term. I see Nymity investing in an advanced infrastructure to allow subscribers to create custom views and perform advance searches. This will allow subscribers to quickly find the specific information and resource material they need to make informed risk management decisions
   
3. Long Term. I see Nymity creating a version of PrivaWorks for U.S. privacy.

Nymity: What do you see as the role of Privacy Officer?

Jager: The Privacy Officer’s role is to minimize corporate exposure to privacy breaches, privacy complaints, non-compliance with privacy laws and in many cases over-compliance with privacy laws. The Privacy Officer provides a leadership role as she or he must champion privacy across the organization and provides a consultative role to the business decision makers as they develop and implement new business processes. A key element of this role is providing management with the knowledge and understanding of privacy so that as current and new business opportunities are undertaken they meet the balance between compliance with privacy legislation and the business objectives of the corporation.

Nymity: What do you see the largest challenges facing Privacy Officer?

Jager: There are a multitude of challenges, Terry, but the one I that kept me awake at night as a Privacy Officer was the evolutionary nature of privacy. Although the legislation came into effect January 1, 2001 most companies, including Sears for the most part, did not fall within the jurisdiction of the law until January 2004. That is still relatively recent and there is not a lot of hands-on experience dealing with the new legislative environment. With provincial legislation in effect in Quebec, British Columbia and Alberta, the need to keep up to date on the various findings by the Privacy Commissioners, judicial rulings by the courts and increased customer and employee’s expectations requires a significant amount of time and energy from Privacy Officers. For example there are currently 334 findings on the Federal Privacy Commissioner’s website (www.privcom.gc.ca). As a Privacy Officer I needed to understand how this evolution of privacy impacted our business decisions.

Nymity: In closing, how does PrivaWorks support the role of Privacy Officer and help them meet the challenges?

Jager: As a subscriber I found PrivaWorks a valuable resource tool, allowing me to narrow down my research sites to a minimum. I had the confidence that if I had a question or concern I could visit PrivaWorks and find the information needed to help me in my decision making.

That is why I am looking forward to working with the Nymity team, so that together we can continue to provide this excellent support to Privacy Officers.