JSS Committed to Security and Privacy Protection
By Michelle Chibba and David Ikeda
JSS is currently undergoing a significant compliance review of its IT systems security and protection of privacy. Our organization places the highest value on protecting our client identity and confidential information, as well as that of our donors and volunteers.
In its 27 year history JSS has never had a serious breach of privacy of any client or donor information. Nonetheless, when Michelle joined the JSS board of directors 9 months ago she suggested that the organization keep up with Ontario’s current legislative requirements for privacy and data protection that is regulated by the Information and Privacy Commissioner of Ontario. We also had to update and upgrade our technology to ensure our clients and all who have had or will have any dealing with JSS that all of their information was secure and as hack-proof as possible.
The board, under the leadership of the President and Chair, David Ikeda, thankfully agreed. The process has been detailed and methodical, and will greatly benefit the organization. As a first step, in October, 2016, the board approved an external security and privacy audit of JSS’ technology, computers, phones, internet connections, and other related security and privacy practices.
After receiving the report and recommendations, the board approved a plan to find an external security and technology specialist to help JSS address the high priority recommendations and to give the board a budgeted plan on how to best move forward.
Michelle prepared a Request for Proposal (RFP) and invited five technology security experts in the field to respond. This involved inviting a few of the experts to visit the office and inspect the equipment and how it was configured. Special care was made to make the process and selection as anonymous and fair as possible. Finally, after a thorough comparison of experts, including proposed costs, one expert was selected. The board then approved the successful expert’s plan to move forward on safeguarding client, donor and volunteer information.
We are pleased to announce that on February 18, 2017, JSS began Phase 1 of a three phase plan to bring JSS up to the highest level of security and privacy possible. We won’t go into much detail here, but the changes have been extensive. For example, new email addresses for staff were assigned to agree with the Government of Ontario’s E-health standard. JSS will be running on the E-Health One Mail system, perhaps the most secure network since it is used for sharing and communicating patient information between medical health professionals. We also created a separate Wi-Fi access for guests.
The process is not only focused on technology — the project even involves installing more locking cabinets for paper files. Rest assured JSS clients’ files were pretty safe, being located in a locked cabinet behind locked doors. However, JSS needed more because of its growing number of paper files and other confidential information relating to volunteer activity and programs. We even took into consideration how desks and computer screens are placed to deal with physical privacy and confidentiality when JSS staff and volunteers are working in an open office environment. The office is configured in what all believe to be more professional and respectful.
We really want to thank the staff for their cooperation and work efforts on this front. There were a lot of files and materials that had to be moved and securely destroyed based on standards for retention periods. You can imagine the workload — the office had not been changed in several years. In fact, some desks had been in the same place since JSS first opened at the JCCC!
Given the times and the constant changing and advancement of technology we know that we will have to revisit our security again in the near future. On behalf of the board of directors and staff, we wish to convey our deepest commitment to ensuring the privacy of our clients, donors and volunteers and the security of their information.
By Michelle Chibba
Hi – I’d like to introduce myself to the JSS community. It is actually a funny story about how I got involved with JSS. Last year, my family and I were at a popular Japanese restaurant in downtown Toronto (Ichi Riki) and as I was talking with the owner Minoru, I bumped into Sachiko Kagitomi who was helping to promote the classical piano concert that JSS was organizing as a fundraiser. We got to talking about her efforts and I made a few suggestions. Before I knew it, I was at the Bayview Village having a meeting with Sachiko and Junko Yamamoto (JSS Concert Chair and longtime JSS Board member). I attended a Board meeting with Junko and Sachiko to report on the concert. One thing led to another and this is where I became much more involved, hoping to contribute my experience and knowledge about privacy and security. I’d like to add that as a sansei, I have been a longstanding volunteer at the JCCC. Indeed, I even worked at the JCCC for a brief stint after I graduated university in the mid-1970s.
I come to the JSS Board and this particular initiative with several years of providing privacy expertise (including staff training) to organizations wanting to modernize their existing privacy or information management approach. I am also a co-instructor for an online privacy/security course at the Chang School, Ryerson University and a Strategic Privacy/Policy Advisor at the Privacy and Big Data Institute at Ryerson University (Toronto, Ontario). Before this, I was Director, Policy Department and Special Projects at the Office of the Information and Privacy Commissioner of Ontario, Canada (IPC).