Privacy and Security
Today’s digital society is built on the fast flow and analysis of information. The strides we make in gathering, routing and analyzing torrents of data hold the promise of an ever-brighter future, a vision we at IBM refer to as Smarter Planet.
But behind these data are real people, real organizations and real concerns about privacy and security. At IBM, we take these concerns very seriously.
IBM believes that consideration for privacy and data protection must be built into the fabric of our business, and our society, in order for individuals and organizations to realize the promises of social progress and economic growth offered by our increasingly interconnected and data-driven world.
The economic value of information continues to increase, and much of that information relates to us as individuals. This information, and how we use it, is at the heart of new business models, new jobs and new ways in which individuals and businesses organize and connect with one another around the globe.
Institutions of all types—including businesses—must work to earn the public’s trust in their ability to steward information, and in turn we as consumers must take educated steps to protect ourselves and our families.
- Early 1970s – first company in the world to adopt a global privacy code of conduct
- 2000 – one of the first companies of any size to appoint a chief privacy officer
- 2012 – recognized as one of the top 10 companies “Most Trusted for Privacy” by US consumers for the seventh consecutive year
In 2012, IBM launched a number of new initiatives around privacy, and expanded others already underway. Some of these programs are designed to help organizations in need of expertise in these areas, some share what works at IBM with the rest of the world, and others strive to promote consideration of privacy and security in the realm of public policy.
Pro Bono Privacy Initiative
According to Independent Sector, a coalition of nonprofits, foundations and corporate giving programs, there are 1.4 million nonprofits in the United States serving the broad public interest by providing services such as homeless shelters, domestic violence assistance and nutrition support. Given the staggering growth of digital data, these nonprofits are increasingly likely to encounter privacy and personal data security-related issues that they must understand, analyze and address.
In 2012, IBM continued its involvement in an initiative we began in 2011 dedicated to providing nonprofit organizations free legal and other advice on responsible and pragmatic practices for protecting individual privacy and data security. Called the Pro Bono Privacy Initiative, this group of privacy professionals aims to engage with human services agencies to help them navigate mission-critical privacy and data protection considerations. Stemming from the initiative’s pilot, IBM continued to share its data security and privacy expertise with Safe Horizon, the largest victims’ assistance agency in the United States.
The Pro Bono Privacy Initiative is designed to help:
- Interested nonprofits improve their compliance and risk posture
- Participating privacy professionals give back to society while enriching their experience and networks
- Supporting companies, law firms and consultancies demonstrate corporate citizenship
Privacy by Design
In 2012, IBM continued its extensive work to build a globally recognized enterprise privacy program that follows Privacy by Design practices. As big data continues to make headlines, we have built privacy-protective features into our new sensemaking analytics technology, code-named G2, and also published a related paper, coauthored by IBM Fellow and Chief Scientist of IBM Entity Analytics Jeff Jonas and Ann Cavoukian, Ph.D., information and privacy commissioner of Ontario, Canada.
Throughout 2012, we continued to develop IBMPrivacy, a site that offers resources and discussion about privacy and data protection for large enterprises, small businesses and nonprofit organizations. With this site IBM hopes to help demystify the privacy and data security issues that all organizations must address in today’s digital world. By proactively developing privacy plans based on current and practical knowledge, organizations can be better positioned to achieve their overall missions in a way that maintains their good reputation and also enhances compliance.
Security is a critical aspect of the entire lifecycle of any system, from design and architecture through to implementation, testing, deployment, maintenance and retirement. Today, organizations and individuals are confronting heightened risks as cybersecurity threats continue to grow and evolve with great speed.
At IBM, we carefully consider cybersecurity challenges when conceiving, developing and marketing our technology solutions. We also recognize it is important to collaborate with public and private organizations that build market awareness of these issues and implement policy governing them. We understand the benefit of providing education as well as technology.
In support of that understanding, IBM takes part in the annual Safer Internet Day event. In 2012 the event’s theme was "Connecting generations and educating each other." IBM released free Internet safety training tools for students and deployed thousands of volunteers around the world to help educate consumers and businesses on Internet safety and digital awareness. The kits are designed to help teach teenagers how to protect their personal data and reputation online, to give teachers or adults working with children information on Internet safety and common Internet activities that young people engage in, and to help adults recognize and prevent cyberbullying among youth.
Secure, smart and social computing programs
IBM recognizes the value that social computing can bring to a company, both for internal employee interaction and for building stronger relationships with customers, providers and partners. But the use of social media can also introduce risk. We realize that if not managed correctly, individuals’ engagement with social and other computing technologies can work against an organization’s relationship-building efforts and pose significant security threats.
In 2012 we continued our internal Social Business Management Council, a cross-company group of senior leaders charged with aligning the company’s social business strategies with risk mitigation priorities, to address social media and risk issues as they arise and sponsor enterprise-wide policy enhancements in this area. We again reviewed and updated the IBM Social Computing Guidelines to stay current and address labor and other requirements. And we deployed mandatory employee security education and continued to enhance the “Digital IBMer Hub,” an interactive set of resources available for employees to learn social computing skills and reinforce secure social computing. We continued to refine our social recruiting guidelines that outline how social media can and should be used by employees during the recruiting process, and we created an employee guide for managing digital reputations that stresses the importance of individuals taking responsibility for their own online personas.
Recognizing the risk environment in which all organizations now operate, we continue to review and improve our process for reporting suspicious incidents involving data or IT systems, and we continue to devote resources to support expert response efforts.