Privacy Matters
For IBM Lotus Notes & Domino
Professionals
Christopher Byrne, CISA, IBM CAAD/CASA

Be sTe
rti am not
Christopher

Louis Brandeis
Samuel Warren

\"Only about 10
percent of the
merchants do
the right
thing and
notify
Dan Clements,
customers
CEO, CardCops.com
when there is
a compromise.\"

39
191
Do Not Meet Credit Card Security Standards Meet Credit Card Security Standards

Definition from Roger Clarke
in Information Technology and
Dataveillance

Source: The Digital Person

The EU has put too much emphasis on the
protection of individuals' privacy, and
not enough on ensuring the free flow
of information between companies.

Rule 2: Purpose Specification

Rule 2: Purpose Specification

Rule 2: Purpose Specification

Rule 2: Purpose Specification

Rule 3: Use & Disclosure

Rule 3: Use & Disclosure

Rule 3: Use & Disclosure

Rule 3: Use & Disclosure
If we are required to
register with the Data
Protection Commissioner, does
our register entry include a
full list of persons to whom
we may need to disclose
personal data?

Rule 4: Security

Rule 4: Security

Rule 4: Security

Rule 4: Security

Rule 4: Security

Rule 5: A, r & not e
Do we collect all the
information we need to
serve our purpose
effectively, and to deal
with individuals in a fair
and comprehensive manner?

Rule 5: A, r & not e
Have we checked to make
sure that all the
information we collect is
relevant, and not
excessive, for our
specified purpose?

Rule 5: A, r & not e
If an individual asked us
to justify every piece of
information we hold about
him or her, could we do
so?

Rule 5: A, r & not e

Rule 6: Accurate & Up To Date

Rule 6: Accurate & Up To Date

Rule 6: Accurate & Up To Date

Rule 7: Retention Time

Rule 7: Retention Time

Rule 7: Retention Time

Rule 7: Retention Time

Rule 8: The Right of Access

Rule 8: The Right of Access

Rule 8: The Right of Access

Questions & Answers