Privacy and Security
Today’s digital society is built on the fast flow and analysis of information. The strides we make in gathering, routing and analyzing torrents of data hold the promise of an ever-brighter future, a vision we at IBM refer to as Smarter Planet.
But behind these data are real people, real organizations and real concerns about privacy and security. At IBM, we take these concerns very seriously.
IBM believes that consideration for privacy and data protection must be built into the fabric of our business, and our society, in order for individuals and organizations to realize the promises of social progress and economic growth offered by our increasingly interconnected and data-driven world.
The economic value of information continues to increase, and much of that information relates to us as individuals. This information, and how we use it, is at the heart of new business models, new jobs and new ways in which individuals and businesses organize and connect with one another around the globe. Institutions of all types—including businesses—must work to earn the public’s trust in their ability to steward information, and in turn we as consumers must take educated steps to protect ourselves and our families.
- Early 1970s—first company in the world to adopt a global privacy code of conduct
- 2000—one of the first companies of any size to appoint a chief privacy officer
- 2010—recognized as “Most Trusted for Privacy” in the technology industry in the United States and Canada
In 2011, IBM launched a number of new initiatives around privacy, and expanded others already underway. Some of these programs are designed to help organizations in need of expertise in these areas, some share what works at IBM with the rest of the world, and others strive to promote consideration of privacy and security in the realm of public policy.
Pro Bono Privacy Initiative
According to Independent Sector, a coalition of not-for-profit organizations, foundations and corporate giving programs, there are 1.4 million not-for-profits in the United States serving the broad public interest by providing services such as homeless shelters, domestic violence assistance and nutrition support. Given the staggering growth of digital data, these organizations are increasingly likely to encounter issues related to privacy and personal data security that they must understand, analyze and address.
In 2011, IBM took part in creating an initiative dedicated to providing these not-for-profit organizations with free legal and other advice on responsible and pragmatic practices for protecting individual privacy and data security. Called the Pro Bono Privacy Initiative, this group of privacy professionals aims to engage with human services agencies to help them navigate mission-critical privacy and data protection considerations. As part of the initiative’s pilot, IBM is sharing its data security and privacy expertise with Safe Horizon, the largest victims’ assistance agency in the United States.
The Pro Bono Privacy Initiative is designed to help:
- interested not-for-profits improve their compliance and risk posture
- participating privacy professionals give back to society while enriching their experience and networks
- supporting companies, law firms and consultancies demonstrate corporate citizenship
Privacy by Design
The paper discusses the importance of designing data protection policies into every operation in an organization, and describes how IBM used the principles of Privacy by Design, despite our geographically dispersed and culturally diverse workforce. In doing so, IBM has been able to become proactive, meet business objectives, and create a user-centric environment that fosters respect for privacy.
Cavoukian writes: “For IBM, such a strategic focus on privacy has enabled process improvements that demonstrably link to reduced operational costs and documented compliance. Beyond the foundational objectives at the heart of every organization’s privacy program, the team at Big Blue discovered that Privacy by Design enabled them to tackle more ambitious challenges—ones that directly supported the business strategy of the company.”
In 2011, we launched IBMPrivacy.com, a site that offers resources and discussion about privacy and data protection for large enterprises, small businesses and not-for-profit organizations. In doing so, IBM hopes to help demystify the privacy and data security issues that all organizations must address in today’s digital world. By proactively developing privacy plans based on current and practical knowledge, organizations will be better positioned to achieve their overall missions in a way that maintains their good reputation and also enhances compliance.
Among the resources available free of charge from this site are Security & Privacy Made Simpler, a toolkit and guide offered in the United States by the Better Business Bureau that was informed and co-sponsored by IBM and other leading experts and corporations. There’s also Privacy & Security Resources, presented by the Bureau of Consumer Protection office of the United States Federal Trade Commission. And, for a fee, visitors can download “Building a Privacy Program: A Practitioner’s Guide,” published by the International Association of Privacy Professionals.
Security is an important aspect of the entire lifecycle of any system, from design and architecture through to implementation, testing, deployment, maintenance and retirement. Today, organizations and individuals are confronting heightened risks and security threats as IT moves further into the fabric of business and consumer systems. The sizeable increase in online criminal activity compounds the challenge.
At IBM, we recognize and consider cybersecurity challenges when conceiving, developing and marketing our technology solutions. But we also recognize that it is important to collaborate with public and private organizations that build market awareness of these issues and implement policy governing them. We understand the benefit of providing education as well as technology.
In support of that understanding, IBM took part in Safer Internet Day, held in early 2012. This year’s theme was “Connecting generations and educating each other.” IBM released free Internet safety training tools for students and deployed thousands of volunteers around the world to help educate consumers and businesses on Internet safety and digital awareness. The kits are designed to help teach teenagers how to protect their personal data and reputation online, to give teachers or adults working with children information on Internet safety and common Internet activities that young people engage in and to help adults recognize and prevent cyberbullying among youth.
Other External Engagements
In 2011, IBM also expanded its Institute for Advanced Security to help clients, academics, partners and other businesses understand, address and mitigate complex, multidisciplinary issues associated with securing cyberspace. Formed in 2010 with headquarters in Washington, DC, the Institute opened an office in Asia-Pacific in 2011, providing assistance to countries within the region to help mitigate a range of emerging security complexities. IBM also opened a division of the institute in Europe to help European organizations understand the complex issues associated with addressing their cybersecurity challenges by leveraging IBM’s broad array of security scientists, researchers and experts.
IBM also continued its strategic engagement with government organizations to assist them as they grapple with their role in addressing cybersecurity in today’s changing risk environment. For example, in response to NATO Secretary General Anders Fogh Rasmussen’s call for European allies to adopt a smarter approach to maximizing scarce defense resources, IBM in 2011 joined with the Atlantic Council to help develop strategies and practical road maps for NATO’s modernization to confront future challenges. This initiative focuses on providing thought leadership and innovative policy-relevant solutions for NATO’s continued reform and role in cyber defense and security. “Aligning with IBM allows the Council to continue our cutting edge work on transatlantic security challenges, focusing on NATO reform and cybersecurity,” said Frederick Kempe, president and CEO of the Atlantic Council. “We are especially pleased to work in concert with IBM, a global leader in leveraging technology to increase value, flexibility and productivity across the private and public sector.”
Secure, Smart and Social Computing Programs
IBM recognizes the value that social computing can bring to a company, both for internal employee interaction and building stronger relationships with customers, providers and partners. But the use of social media can also introduce risk. We realize that if not managed correctly, individuals’ engagement with social and other computing technologies can work against an organization’s relationship-building efforts and pose significant security threats.
Thus, in 2011, IBM took several additional steps to fortify the company’s ongoing risk management efforts. We formalized an internal Social Business Management Council, a cross-company group of senior leaders charged with aligning the company’s social business strategies with risk mitigation priorities, as well as leading our employee education and enterprise policy initiatives in this area. We continued to review and update the IBM Social Computing Guidelines and we are deploying mandatory employee security education and an interactive set of resources to emphasize and reinforce secure social computing called the “Digital IBMer Hub.” We’ve also developed social recruiting guidelines that outline how social media can and should be used by employees during the recruiting process, as well as an employee guide for managing digital reputations that stresses the importance of individuals taking responsibility for their own online personas. Finally, recognizing the changing risk environment in which all organizations now operate, we updated and streamlined the resources available to IBM’s entire workforce for reporting suspicious incidents involving data or IT systems, and we continue to devote resources to support expert response efforts.
Featured IBM Initiatives
Celebration of Service
During IBM's centennial in 2011, the Celebration of Service honored our employees, retirees, families and friends in their commitment to volunteer service. More than 3.1 million volunteer hours were pledged by 300,000+ volunteers.Learn More
Smarter Cities Challenge
The Smarter Cities Challenge is a competitive grant program awarding $50 million worth of services and expertise over three years to help 100 cities around the globe address a wide range of challenges.Learn More