First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

privacy policy

Office of the Information and Privacy Commissioners bring your own device program guidelines

iphone-ipad-bring-your-own-device

Using personal devices at work to conduct business (BYOD or “bring your own device”) has become commonplace in the last couple of years. Employers are implementing BYOD policies left, right and centre to try to control the privacy challenges this practice can bring about when employers access these devices to protect their data contained on them.

 

, , , , , , , ,

Supporting and controlling not-for-profit revenues

It’s a rare not-for-profit that isn’t spending a great deal of its time and attention scrabbling for revenue. In fact, it hardly needs to be said that effective generation and management of revenue flows are almost always critical success factors for not-for-profits.

 

, , , , , , , , , , , , ,

Privacy practices for developing mobile applications (apps)

mobile-apps

Privacy practices, and all things mobile, are both hot topics these days. This is in part because mobile devices and apps are fun, cool, provide value, and are on the rise. They are used by professionals of all types, and people of most any age, including our youth. This however feeds the assumption that technology in general, including mobile devices and apps, is threatening the privacy rights of individuals.

 

, , , , , , , , , , , , , , , , , , , , , ,

When a privacy policy is not enough!

Does your organization have an IT risk management program in place that draws upon various stakeholders to identify and prioritize privacy risks and related mitigations? Does your IT risk management program maintain appropriate records and provisions for access to information and privacy? And, have you implemented a privacy policy, only to find out that during internal audits there was a lack of compliance?

 

, , , , , , , , ,

Canada’s anti-spam law: it’s getting closer every day

The latest info from Industry Canada has the new anti-spam legislation coming into force in early 2012. The consultation period is over, and the government will now finalize the regulations that organizations will have to follow.

 

, , , , , , , , , , , , , ,

Can customers be encouraged to read privacy policies?

When was the last time you read a privacy policy? I use dozens of online services—email, social networking, data storage, banking, photos, shopping, etc.—and I’ve only skimmed a couple. What does this mean for the companies that offer these services? Can they reasonably say that they have informed their users of the content of their policies, if most users simply click “Okay” without bothering to read the things?

 

, , , , , , , , , , , , , , ,