Privacy and IT Transformation

The technology revolution has enabled organizations across all sectors to electronically collect and store unprecedented amounts of personal information. But as business demands continue to grow and outpace integrated IT solutions, managing the security and privacy of that information often occurs as an afterthought and results in a patchwork of existing and legacy systems. To address these challenges, as well as other increasing demands on enterprise systems, many organizations are seeing themselves forced to undertake large-scale IT transformations.

Simply put, Privacy cannot be a secondary consideration. It needs to be included as a fundamental part of any IT transformation. Effectively managing the risk that privacy issues can pose is paramount for organizations aiming to generate additional value and improve performance through the safeguarding of their reputations and their brands.

So, If you’re feeling the impacts of patched up systems trying to meet your privacy needs here are five “best practice” steps to integrating privacy into IT transformations.

Create a Systems Inventory

  • Conduct full system  inventory.
  • Profile active system inventory (e.g., region, department, function, est. decommission date).
  • Identify portion of population classified as high regulatory impact systems (e.g., PII, PCI, SOX, HIPPA and business criticality).

Develop a business case

  • Assess operational impact (e.g., volume of user activity, current level of control automation).
  • Calculate current-state operating costs, cost of compliance, potential savings, ROI, NPV, etc.

Conduct an in-depth assessment

  • Define application scope.
  • Conduct deep-dive assessment of current-state systems/processes (e.g., privacy impact assessments).
  • Assess cross-functional control weaknesses, duplications and process inefficiencies.

Consolidate systems

  • Consolidate Administrative processes and technical controls to address duplication and inefficiencies.
  • Sunset systems that are no longer needed.

Standardize and automate

  • Standardize processes and supporting structures.
  • Employ standard policies and procedures.
  • Consider process automation for systems with high volume and high impact.