Incorporating Privacy Requirements into an IT Methodology

Privacy is a critical success factor for consumer acceptance of e-commerce.

A systematic review of the privacy requirements within an IT methodology minimizes the likelihood of contravening the privacy codes when systems are implemented. Contravention results in public embarrassment and potential liability, and negatively impacts the strategic directions of the organization. Retrofitting the privacy requirements is more costly than incorporation in the original project design. How can the requirements of these privacy codes be incorporated into an organization’s IT methodology?

Many public sector organizations are subject to privacy legislation such as the federal Privacy Act, or various Freedom of Information and Protection of Privacy acts. In Quebec, there exists a private sector data protection scheme for personal information. Bill C-54 – a Bill which will extend protection to personal information that is collected, used or disclosed by the private sector – is before the Senate. The Canadian Information Processing Society adopted the Canadian Standards Association’s (CSA) Model Code for the Protection of Personal Information as CIPS policy in 1997. All of these privacy codes are similar in their content.

Using the CSA Model Code as a basis for discussion, this presentation will examine the nature of privacy and information systems, the privacy principles, and how privacy reviews can be implemented at various stages throughout a methodology.

This presentation will be of interest to data architects, database administrators, information systems management, project managers, analysts and those responsible for implementation of a privacy code.


John Boufford, I.S.P.,  is president of e-Privacy Management Systems – a consulting practice specializing in privacy and information technology. Previously he provided policy advice to a government ministry regarding Ontario’s Freedom of Information and Protection of Privacy Act. He also coordinated development of the Canadian Information Processing Society’s position paper on Privacy and Information Technology. This position paper is available on the CIPS’ web site (

John currently sits on the CIPS’ National Board as the Eastern Ontario regional director. He holds an Information Systems Professional (I.S.P.) designation from the Society.

John has been a frequent speaker at national and regional conferences. He has articles published in the University of New Brunswick Law Journal and Computer World Canada.

Karen Lopez, I.S.P., is president of InfoAdvisors, Inc., a Toronto-based consulting practice specializing in information resource management and project management. Ms. L�pez has 15 years experience consulting to organizations initiating large, multi-project information systems programs for the retail, healthcare, insurance, energy, and defence sectors.

She is the current President of the Information Resource Management Association of Canada (IRMAC), a Data Management Association (DAMA) chapter.

Ms. L�pez’s professional designation, Information Systems Professional (I.S.P.) is a certification program of the Canadian Information Processing Society (CIPS). She serves as a National Director-at-Large of CIPS as well as incoming Director of Professional Standards.

She has served on a consultative workshop representing CIPS and the IT industry for the Prime Minister’s Advisory Council on Science and Technology. Ms. Lopez is also an advisor to the Government of Newfoundland and Labrador Special Programs Accreditation Project.

Ms. Lopez is the moderator of several IT-related discussion groups on data modelling, IT architecture frameworks, IT Methodologies, ERwin, ER/Studio, Platinum Repository, Visible Analyst, and Visible Advantage. (


The presentation is available online at


Mar 08 2000


8:30 am - 11:30 am


Marriott Courtyard (formerly the Howard Johnson's) 475 Yonge Street and one block north of College Subway

Leave a Reply

Your email address will not be published.