IBM, Watchfire team up for privacy

In a move to help customers better manage the collection of information from Web sites and comply with privacy laws, IBM Corp. on Monday announced it will be using technology from online practices firm Watchfire Inc.

The deal results from a reseller agreement IBM signed with Watchfire, which would allow the company to use the product as part of its service offerings.

The offering is one that could potentially aid users to more easily comply with Canada’s Personal Information Protection and Electronics (PIPEDA) Act – a law that is designed to ensure the handling of personal information – that came into being three years ago. The deadline for compliancy for the law is Jan. 4, 2004, not leaving a lot of time for Canadian enterprises to get their practices in order.

But it’s not just Canadian laws that enterprises have to worry about. Companies collecting information from U.S. citizens would have to comply with U.S. laws such as Section 508 of the Government’s Rehabilitation Act, said Terry McQuay, privacy consultant and president of Nymity Inc. in Toronto.

Dubbed IBM Online Business Management, this new service will provide users insight into navigation errors, standards violations, risk to brand image, privacy policy linking, data collections practices, piracy and security standards definition and legal exposures, according to IBM. This will be done using Watchfire’s applications.

Users will also have access to IBM’s Global Services Consulting to help them develop in-house processes to address planning, implementation, assessment and management of privacy risks and assist them in complying with regulations and policies.

These new services come in the wake of the results of a study jointly conducted by IBM and Watchfire. The two companies scanned the Web sites of 242 financial services companies listed on Business Weeks’ Global 1000 and scanned a maximum of 3,000 links on each site. The report found that 53 per cent of companies studied collected personal information from a customer in a form on a page that did not link to the company’s online privacy policies.

In addition, only eight per cent of companies supported 128-bit SSL encryption, which, according to the companies, puts personal data collected through these means at risk.

“The ability to monitor, manage and mitigate the risks related to privacy breaches – such as poor data collection and sharing practices, third-party linking issues, and the use of inappropriate tracking technologies – can help firms avoid potential customer backlash and litigation, which can be devastating to a company’s brand an reputation,” said Harriet Pearson, IBM’s chief privacy officer, in a statement.

Nymity’s McQuay said companies would definitely get value from a solution such as IBM’s.

“Definitely organizations need to have a look at their information management practices on their Web sites, and this solution or any solution that can help them do that would be of huge value,” he said.

Watchfire is jointly headquartered in Kanata, Ont., and Waltham Mass. For more information visit In Canada, IBM is online at