Media

April 6, 2004

The CIO Institute and Ponemon Institute Present: Managing Privacy Risks in Business and Government

May 19 workshop set for Government Privacy Professionals

Arlington, Virginia -- April 6, 2004 -- While the unprecedented growth of electronic service
delivery solutions has benefited organizations with faster availability of consumer information,
these new technologies have increased privacy risks for all organizations, especially those in
the government sector.

Under the E-Government Act, the Office of Management & Budget has issued new
guidelines organizations must follow in order to ensure the privacy of information that is
collected and retained.

Given these new guidelines and the important role Privacy Impact Assessments (PIA)
will play in adhering to these regulations set by the OMB, The CIO Institute and Ponemon
Institute have teamed up to create a one-day program for government information professionals.
The workshop will address PIA methodologies and the privacy requirements at the network,
application, business process and policy levels.

“A PIA is not a one-time activity, but a repeatable process. Like security risk
assessments, PIAs must be on-going and responsive to changes in systems and their
environments,” Bill Ferguson, executive director of the CIO Institute said. “During this
workshop, participants will learn to distinguish between PIAs on existing systems and PIAs on
systems under development, noting differences in their process requirements.”

The Privacy Impact Assessment Workshop is open to any CIO, CPO, CSO or other
senior executive responsible for privacy and data protection in his or her organization and who
wants to become better prepared to evaluate and moderate privacy risks. Those who attend will
not only take away valuable content but will benefit from networking with other privacy and
security professionals.

“We’re looking forward to bringing this workshop to the government audience,” Dr. Larry
Ponemon said. “We will examine the core PIA activity of privacy risk modeling, including data
capture. In addition, different data sources and their use will be discussed, including selfassessment
instruments and audits.”

-More-


Conveniently located in Arlington, Virginia, the May 19 workshop will be taught by top
privacy experts including Dr. Ponemon, Shahriar Beigi, Solutions Director of Compliance
Advisory Services for Unisys Corporation, and Dr. Stuart Shapiro, Lead Information Security
Scientist for the MITRE Corporation.

“When the workshop is over, I’m confident participants will leave with the tools to help
their organization understand the importance of privacy issues and gain a clearer perspective of
the economic and business impacts of privacy regulations,” Dr. Ponemon added. “Most
importantly, they will be better prepared for compliance with privacy regulations—especially the
OMB guidelines --issued under the E-Government Act.”

To register for this workshop, visit the CIO Institute’s web site at
http://cioi.web.cmu.edu/reg/selectprogram.jsp or contact the CIO Institute at 412-268-4656 for
more information.

####

About the CIO Institute
The Chief Information Officer (CIO) Institute at Carnegie Mellon University is a leading source of research and
continuing education for CIO’s, CSO’s, CPO’s and senior executives from the public, private and non-profit sectors.
The Institute provides concentrated professional education programs created by Carnegie Mellon’s world class
faculty and other top business leaders. The Institute offers certificate programs in a variety of subject areas and
allows Federal CIO Certificate participants to earn credits toward select Carnegie Mellon master degrees. Enrollment
information can be obtained at http://cioi.web.cmu.edu/ or by calling 412-268-4656.

About Ponemon Institute
The Ponemon Institute is a “think tank” dedicated to advancing responsible information management practices in
business and government. To achieve this objective, Ponemon Institute conducts independent research to promote
best practice, to educate leaders from the private and public sectors, and to verify the privacy and data protection
practices of organization. The Institute is headquartered in Tucson, Arizona. For more information, visit
www.ponemon.org or contact us at (520) 290-3400, e-mail research@ponemon.org.