IT professionals and robust processes are needed to protect privacy and compliance

Compliance is a front-of-mind issue for business today. Much of the focus, at least in large companies, is rightly focused on Sarbanes-Oxley. It’s both costly and has severe legal implications.
But compliance takes many forms. Another front-of-mind compliance issue is privacy. This takes on new prominence after several highly-publicized privacy breaches. Are companies just in denial or is it that they just don’t care?

Yet another form of compliance relates to eligibility for a product or service. Many programs in governments, non-governmental organizations (NGOs) and, in the case of outsourced or privatized government programs, the private sector are only available to people that meet eligibility requirements.

Much of this is driven by IT-enabled transformation of programs to provide citizen-centric services, to integrate programs where appropriate, to reduce waste and improve efficiency and to detect fraud. In some of these cases, there is a fine line between efficiency and an invasion of privacy. In Canada, one of these cases went all the way to the Supreme Court of Canada and the program was upheld as legal, which brings us back to privacy and compliance in general.

IT is called upon to build, implement or integrate robust information systems in such a manner that all transactions are captured and these transactions cannot be modified without adequate controls to ensure that they are accurate. To ensure these processes have rigour, business rules must be implemented in the system.

Moreover, we need to ensure that robust IT operations processes are in place. We call these processes by names such as change control, configuration management and patch management. Although many might not think of them that way, these are IT governance processes that support the business in compliance with the applicable regulatory mechanisms.

A lot is at stake for companies. But a lot is also at stake for the IT profession. If we cannot deliver the reliable, robust systems and processes that are required, we are at risk. To meet this challenge, we need a commonly accepted accountability framework for IT practitioners.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.