Computerworld - WASHINGTON
IBM next month will launch a privacy management product, created with the help of some large corporate users, that lets companies build privacy policies directly into their data management systems. The aim is to enable companies to automate their compliance with privacy laws and corporate regulations.
The IBM system is unique in that it takes "privacy law and turns it into a set of privacy rules. I haven't seen anything like that in the industry," said Rick Lacafta, head of IT security at Travelers Property Casualty Corp. in Hartford, Conn. "I think it's a very big strength of the product."
But Lacafta also sees the IBM Tivoli Privacy Manager as a work in progress that has to be developed for more environments and tested for its impact on performance. Travelers, a member of IBM's end-user group, the Privacy Manager Council, is piloting the tool and starting development work to adapt it to some of its customer data systems.
The privacy manager is intended to address the problem of applying customer privacy preferences, legal requirements and company policies to business practices throughout a corporation. Many systems that do that today are limited to specific applications.
This IBM system, however, uses a privacy classification protocol, the World Wide Web Consortium's Platform for Privacy Preferences (P3P), to classify data on back-end systems. P3P allows privacy preferences to be turned into machine-readable code and is widely used in setting privacy policies for Web browsers. Once data is classified or tagged, servers or privacy monitors apply the P3P-enabled rules, enforce access rules and create audit trails.
To find out what customers needed, last November IBM pulled together 20 users from government and business to form the privacy council (see story).
By reaching out to end users, IBM "is able to get a more real-world view in terms of how whatever technology they develop can be effective in helping their customers deal with the privacy issue," said Chris Zoladz, vice president of information protection at Marriott International Inc. in Bethesda, Md.
Along with Marriott and Travelers, other privacy council members include Fidelity Investments in Boston, the U.S. Department of Commerce and Novant Health in Winston-Salem, N.C.
Implementing Tivoli Privacy Manager is no easy task. It was developed to work right out of the box with Lightweight Directory Access Protocol support, but Travelers, for instance, wants to use it with MQSeries, IBM's messaging platform.
Lacafta said the IBM system has to be instructed to handle a company's technology choices and noted that "it's not ubiquitous." But an idea he may raise with the privacy council is having the participants share their systems development work.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
