October 11, 2012

IAPP Announces Recipients of the 2012 HP-IAPP Privacy Innovation Awards

Four Top Privacy Innovators Recognized by the International Association of Privacy Professionals for Privacy and Data Protection Programs

Vodafone Group Services Limited, Alberta Pensions Services Corporation, CSR - Compliance Solutions and Resources, and Oculis Labs Inc.
Receive HP-IAPP Privacy Innovation Awards

SAN JOSE—October 11, 2012—Winners of the 10th annual HP-International Association of Privacy Professionals (IAPP) Privacy Innovation Awards were recognized today at the IAPP Privacy Dinner, held in conjunction with the IAPP Privacy Academy 2012. The honorees were Vodafone Group, Alberta Pensions Services Corporation, Compliance Solutions and Resources, and Oculis Labs Inc.

The annual awards recognize unique privacy and data protection programs and services that build trust and add value to the private and public sectors. Nominees are judged from a broad field of entries and selected by a panel of private- and public-sector privacy experts.

“This year’s HP-IAPP Privacy Innovation Award winners represent the visionaries in our industry. The pioneering efforts of these organizations to develop original and comprehensive approaches to privacy and security not only benefit consumers and businesses, but elevate the profession as a whole,” said Trevor Hughes, CIPP, IAPP President and CEO.

“HP is pleased to sponsor this award that recognizes advancements in privacy worldwide,” said Scott Taylor, CIPP/US, Hewlett Packard’s Vice President and Chief Privacy Officer. “These organizations are true innovators when it comes to developing privacy initiatives that benefit their consumers.”

  • In the large organization category (more than 5,000 employees), Vodafone, one of the world's largest mobile communications companies, won for its non-traditional approach to managing a wide range of potential privacy risks across diverse markets in the Vodafone Privacy Programme.
    • Their programme is founded upon global principles – the Vodafone Privacy Commitments - and supported by a comprehensive governance and risk management framework. It trains professionals to help the business look for positive solutions rather than regulatory tick-box compliance. Rather than viewing privacy as a legal roadblock to surmount, privacy processes are identified, owned and managed by business units as a way to enhance the customer experience. To ensure that the program was integrated across the organization, Vodafone embedded the Privacy Commitments into the company’s Code of Conduct, making them an essential part of the corporate culture. An employee engagement campaign helps further a culture where respect for privacy is central to building customer trust. The launch of the program promoted the adoption of privacy impact assessments and the involvement of its local privacy professionals in product development.
  • The winner in the small organization category (fewer than 5,000 employees) is Alberta Pensions Services Corporation (APS) for its comprehensive efforts to integrate privacy into operations across all levels of the organization.
    • APS guides the pension experience on behalf of Alberta's public-sector pension plans, handling the data of over 500 employers and more than 312,000 members and pensioners. Following a review of its privacy practices in 2007, APS realized that, while privacy was regarded with the utmost importance, there was no privacy program in place to guide the day-to-day privacy practices of its staff. APS committed to adopting a robust privacy program and, in less than five years, not only implemented a mature privacy program, but also became a privacy leader amongst its peers in the public sector.  Among the results: By 2011, privacy incidents resulting from misdirected mailings were reduced significantly, and the organization rose two levels on the AICPA/CICA Privacy Maturity Model scale.
  • CSR - Compliance Solutions and Resources and Oculis Labs both received honors in the technology category.
    • CSR, a privacy compliance consulting firm, was recognized for its Breach Reporting ToolKit™ (BRT), which facilitates the speedy reporting of data breach incidents to authorities for organizations that handle personal information. When an organization calls to report a breach or suspected breach, a Certified Information Privacy Professional (CIPP) asks questions to determine what authorities would be involved, what types of data were lost, where the organization operates, and more. The team then creates and files reports to meet the requirements of each authority.
    • Oculis Labs, a developer of software that protects mobile and desktop computers from visual eavesdroppers, received honors for PrivateEye™ Enterprise. This software offers a means for securing information on mobile and desktop computer screens. PrivateEye Enterprise uses facial recognition and detection algorithms with a standard webcam to protect displayed information. The software presents a normal clear screen when the user is looking at the display, but when the user’s attention moves away from the display, the software immediately blurs the screen. The technology’s differentiator is in knowing how to stay out of the user’s way most of the time and to use predictive modeling and other heuristics to decide when a security threat is present.

About the IAPP

The International Association of Privacy Professionals (IAPP) is the largest and most comprehensive global information privacy community and resource, helping practitioners develop and advance their careers and organizations manage and protect their data. Founded in 2000, the IAPP is a not-for-profit association that helps define, support and improve the privacy profession through networking, education and certification. More information about the IAPP is available at


For more information, press only:
Tracey Bentley
International Association of Privacy Professionals
+1 (603) 427.9200