The IAPP Privacy Innovation Awards and the IAPP/Deloitte & Touche Vanguard Award were presented Oct. 19 during an exclusive member reception at the Hockey Hall of Fame in Toronto.
More than 30 individual organizations participated in the 2006 Innovation Awards, the largest number of nominees ever in the four-year history of this distinguished awards program.
"We are delighted to recognize these organizations for their leadership in the development and delivery of privacy programs," said J. Trevor Hughes, Executive Director of the IAPP. "The depth and breadth of nominations this year is a testament to the continued growth of our field."
Large Organization Category (more than 5,000 employees)
This award was presented jointly to Royal Philips Electronics and General Electric Corp., which tied for their entries on Binding Corporate Rules (BCR) as a mode of compliance for cross-border data transfers.
General Electric is the first company in the world to pursue a BCR policy that assures employees that their data will be handled using the highest and best practices no matter where in the world the employee or the data is located. The GE BCR has been approved in more than a dozen countries to date - more than any other model - and is under consideration in all EU countries. This BCR model governs the company's relationship with its 350,000 employees worldwide and is available in 27 languages.
Philips publicly announced its BCR project at the International Data Protection Conference in Sydney in 2003, when it was already in an advanced drafting stage. The Philips Privacy Code is currently moving through the final approval process in 22 European countries. The unique approach taken by the Philips Privacy Code is that it combines two existing concepts of European data privacy law: the U.S./EU Safe Harbor Program and the (sectoral) Codes of Conduct. The Philips Privacy Code is a self-regulating document which, after endorsement by European Data Protection Authorities, creates a "safe haven" for personal data within the worldwide Philips group.
Small Organization Category (less than 5,000 employees)
The winner in this category was ATB Financial, which won the award for its privacy program communications plan. Alberta, Canada-based ATB Financial is a full service financial institution that is the largest deposit-taking institution headquartered in Western Canada.
ATB Financial's innovative privacy initiative was both strategic and technological, according to the Innovation Awards judges. It crossed multiple divisions of the organization and required extensive, planning, assessment and coordination of cross-sectional business units. Rather than collect customer consent on separate forms, ATB Financial designed a system to direct customers to a single point of entry and awareness. A privacy brochure enforced by a publicly available Customer Privacy Code was also created and distributed to all existing customers to capture one, uniform consent for portfolio management. This complex and intricate effort resulted in the one of the first online opt-outs made available for customers of financial institutions in Canada.
"As an Alberta-based financial institution, ATB Financial is very pleased to be recognized by the IAPP for its innovative privacy approach," said Privacy Officer Sandra Smith-Frampton, CRM.
IAPP Privacy Innovation Technology Award
Voltage Security, Inc., won the technology award for its Voltage Identity-Based Encryption technology incorporated into its data protection solutions. Voltage IBE protects information on PCs (laptops, desktops, mobile and wireless devices) and in email communications, and enables compliance with a broad range of privacy guidelines and regulations, such as PCI, HIPAA, GLBA, PIPEDA and the Data Protection Act.
Voltage IBE solutions can be used to protect the privacy of information internally within an organization, such as HR and financial information; externally with business partners, brokers and the supply chain to protect company confidential information, such as pricing and other trade secrets; as well as with customers to protect personally identifiable information, such as credit card, Social Security and drivers license data. Voltage IBE solutions are in use by more than 250 world-leading organizations, and by partners such as Integro Insurance Brokers, Spheris, XL Global Services, Winterthur Life, Microsoft, NTT Communications, Symantec, Ciphertrust, Proofpoint and Tablus.
Marriott's Chris Zoladz is Privacy Professional of the Year
The IAPP and Deloitte & Touche LLP ("Deloitte & Touche") proudly presented Chris Zoladz, Vice President, Information Protection, Marriott International, with the IAPP/Deloitte & Touche Vanguard Award, which recognizes the privacy professional of 2006.
"Chris Zoladz is a pioneer of the nascent privacy profession," said IAPP Board President Kirk M. Herath, CIPP/G, President of the IAPP Board of Directors and Chief Privacy Officer, Associate General Counsel, Nationwide Insurance Companies. "He was the first CPO for Marriott and he was one of the first leaders of the IAPP. As a mentor to many privacy professionals, I can think of no one more deserving for this year's Vanguard Award."
"Privacy is as much a key business issue as top-line growth, cost reduction, or tax optimization, and Deloitte & Touche is proud to recognize and support excellence in the privacy profession," said Rena Mears, National Privacy & Data Protection leader in the Security & Privacy Services practice at Deloitte & Touche LLP, the co-sponsor of the Vanguard Award. "We support the Vanguard Award and remain deeply committed to advancing the privacy profession."
Zoladz, a longtime committed privacy leader for the privacy industry and past president of the IAPP Board of Directors, was nominated in large part for his role as chairman of the Privacy Roundtable at Marriott, Hilton, Hyatt, Starwood and InterContinental. In this capacity, Zoladz spearheaded an initiative in this group to develop privacy training for hotel employees.
Zoladz, a Certified Information Privacy Professional, brought together this group of marketplace competitors to embrace the importance of launching a gold standard privacy training program for hotel employees. He not only had the vision, but also coordinated the logistics and arrangements with vendors for the program.
Lynn Goodendorf, Vice President of Data Privacy at InterContinental Hotel Group, praised Zoladz for his leadership.
"This effort led to a mandatory brand standard in our company that all hotel employees must be trained using this program," said Goodendorf, who nominated Zoladz for the award. "We have now deployed this training to over 2,500 hotels in the U.S., Canada and Mexico, in both English and Spanish. It takes a special kind of leadership to get fierce competitors to collaborate and Chris did it."