Getting to Accountability

Size: px

Start display at page:

Download "Getting to Accountability"

Muriel Rogers
5 years ago
Views:

1 Getting to Accountability Maximizing Your Privacy Management Program

2 Agenda Introductions Accountability Fundamentals Privacy Management Status Privacy Management Program Strategy Develop a Resource-Based Plan to execute the Strategy

3 Workshop Takeaways Getting to Accountability: Maximize the effectiveness of your privacy management program Learn how to: 1. Present Your Privacy Management Status Identify current state including owners of activities 2. Select a Privacy Management Program Strategy 3. Develop a Plan to execute the Strategy Identify applicable privacy management activities Prioritize based on resources and articulate a business case for additional resources

4 Workshop Takeaways

Workshop Materials Accountability Workbook and Framework Document the Status of Privacy Management Define Required Resources Record the Business Case for Additional Resources Demonstrate

5 Workshop Materials Accountability Workbook and Framework Document the Status of Privacy Management Define Required Resources Record the Business Case for Additional Resources Demonstrate Accountability Accountability Paper Privacy Program Strategy Define Components of Privacy Program Strategy Prioritized Program Implementation Feedback Form How can help you? How we can improve workshop?

Introductions Facilitator TERESA TROESTER FALK Chief Global Privacy Strategist NYMITY and former Associate General Counsel (Privacy), Information Services Participants Please introduce yourself:

6 Introductions Facilitator TERESA TROESTER FALK Chief Global Privacy Strategist NYMITY and former Associate General Counsel (Privacy), Information Services Participants Please introduce yourself: Name Company Role Size of company Industry/Sector How many years of experience in privacy? Size of privacy office How would you characterize your program (just getting started, average, mature, other)

7 Introducing Nymity A Data Privacy Research Company Software Solutions for the Privacy Office Focus: Dedicated to global data privacy compliance research Established: 2002 Headquarters: Toronto, Canada Research: Inventor of several compliance methodologies & frameworks Funding: Partially funded by government R&D grants Privacy Management Solutions: Nymity Attestor Nymity Benchmarks Nymity Templates Compliance Research Solutions: Nymity Research Nymity LawTables Nymity MofoNotes Nymity is a global data privacy compliance research company specializing in accountability, risk, and compliance software solutions for the Privacy Office. Nymity s suite of software solutions helps organizations attain, maintain, and demonstrate data privacy compliance.

8 Accountability Fundamentals

9 Module Objective Learn about the evolution of accountability in the context of privacy and data protection Understand the current global discussion on accountability, why it is important, and how it applies to you See how compliance can be an outcome of accountability Learn how Nymity helps put accountability theory, discussion and guidelines into practice

10 EU: General Data Protection Regulation EU: General Data Protection Regulation Guidelines on the Protection of Privacy and Transborder Flows of Personal Data PIPEDA Schedule Principle 1: Accountability Article 29 Data Protection Working Party Opinion 3/2010 on the Principle of Accountability U.S. Federal Trade Commissio n Enforceme nt Actions OECD Revised Guidelines Columbia: Guide for the Implementation of Accountability in Organizations APEC Privacy Framework Canada: Getting Accountability Right With a Privacy Management Program Hong Kong: Privacy Management Programme Best Practice Guide Australia: Privacy Management Framework 1 0

11 Requirement on data controllers to: Implement a privacy management program Demonstrate, on-demand, privacy management program to regulators or other accountability agents 07/09/2015 Copyright 2015 Data by Nymity Privacy Inc. All Asia rights reserved 2015: Your 11

12 Asia Pacific Privacy Authorities: Accountability includes a Privacy Management Program

13 Accountability Today Best Practice Guidelines Canada, Hong Kong, Columbia Part A Baseline Fundamentals of a Privacy Management Programme 1. Organisational Commitments a. Buy-in from the Top b. Data Protection Office and/or Officer c. Reporting 2. Programme Controls a. Personal Data inventory b. Policies c. Risk Assessment Tools d. Training and Education Requirements e. Breach Handling f. Data Processor Management g. Communication Part B Ongoing Assessment and Revision a. Develop an oversight and review plan b. Assess and Revise Programme Controls

14 Nymity s Research on Accountability

15 Demonstrating Accountability

Nymity Research on Accountability Nymity breaks down the concept of Accountability into three components: Responsibility: The organization maintains an effective privacy management program consisting

16 Nymity Research on Accountability Nymity breaks down the concept of Accountability into three components: Responsibility: The organization maintains an effective privacy management program consisting of ongoing privacy management activities. Ownership: An individual is answerable for the management and monitoring of privacy management activities. Evidence: The Privacy Office can support, with documentation, the completion of privacy management activities

Responsibility The organization maintains an effective privacy management program consisting of ongoing privacy management activities

17 Responsibility The organization maintains an effective privacy management program consisting of ongoing privacy management activities Privacy management activities are procedures, policies, systems, measures and other mechanisms impacting the processing of personal data.

18 Ownership An individual is answerable for the management and monitoring of the Privacy Management Activities Privacy Office Activities Privacy officer responsibilities: Privacy Management Activities that are the Responsibility of the privacy office. Operational Activities Privacy officer influences/observes: Privacy Management Activities that are the responsibility of operational units, including, Marketing, HR, IT, Legal, Procurement, and Product Development.

19 Evidence Documentation is a by-product of Privacy Management Activities Privacy Management Activities Evidence/ Documentation Source/ Role Maintain a data privacy policy Data Privacy Policy Produced by privacy office Formal Formal/ Informal Integrate data privacy into e- mail monitoring practices Measure comprehension of data privacy concepts using exams monitoring policy and procedure System generated report of data privacy exam scores Influenced by privacy office Produced by Information Technology Collected by privacy office Produced by Human Resources Formal Informal Provide notice in all marketing communications (e.g. s, flyers, offers) Examples of marketing communications Influenced by privacy office Produced by Marketing Informal

20 Compliance is an Accountability Outcome A privacy management programme serves as a strategic framework to assist an organization in building a robust privacy infrastructure supported by an effective on-going review and monitoring process to facilitate compliance. Privacy Management Programme: A Best Practice Guide Hong Kong Office of the Privacy Commissioner for Personal Data, Hong Kong

21 Accountability and Compliance The Evolving Privacy Landscape COMPLIANCE SHIFT TOWARD ACCOUNTABILITY Privacy Program Outcomes Privacy Program Infrastructure Laws and regulations Responsibility Enforcement actions Ownership Binding Corporate Rules Evidence

22 Traditional Compliance Assessment Approach Assess compliance with each requirement individually Many Regulatory Requirements to Many Privacy Programs & Activities Hong Kong Personal Data (Privacy) Ordinance Company Policies and Procedures Rule Macau 4 Personal Data Protection Act Rule 8/ Rule 2 Rule Malaysia 1 Personal Data Protection Act Rule 3 Rule Singapore Rule 5 Rule Rule 3 Personal 1 Data Protection Act 2012 Rule Rule 4 2 Rule Rule 5 3 Rule South 1 Korea Personal Rule 4 Rule Information 2 Protection Act Rule 1 Rule 5 Rule 3 Rule 2 Rule 4 Rule 3 Rule 5 Rule 4 Rule 5 PHI Policies & Procedures Complaints and Investigations Records Management Audit and Monitoring Information Security Training and Awareness Human Resources Legal Vendor Management

23 Rationalized Rules/Requirements Approach Identify common elements and address outliers Many Regulatory Requirements to One Rationalized Rule Set Hong Kong Personal Data (Privacy) Ordinance Rule Macau 4 Personal Data Protection Act Rule 8/ Rule 2 Rule Malaysia 1 Personal Data Protection Act Rule 3 Rule Rule 5 Rule 3 Rule Singapore 1 Personal Data Rule 4 Protection Act 2012 Rule 2 Rule 5 Rule 3 Rule South 1 Korea Personal Rule 4 Rule Information 2 Protection Rule 1 Act Rule 5 Rule 3 Rule 2 Rule 4 Rule 3 Rule 5 Rule 4 Rule 5 Rule 1 Rule 2 South Korea Breach Notification Macau registration requirement Rule 1 Rule 2 Rationalized Rule Set Rule A Rule B Rule C Rule D Rule E Rule 1 Rule 2 Hong Kong direct marketing provisions Rule 1 Rule 2

24 Accountability goes above and beyond compliance Accountability Compliance Nymity Privacy Management Processes Malaysia Personal Data Protection Act, 2010 Hong Kong Personal Data (Privacy) Ordinance Singapore Personal Data Protection Act, Maintain Governance Structure x x 2 Maintain Personal Data Inventory 3 Maintain Data Privacy Policy x x x 4 Embed Data Privacy into Operations x x x 5 Maintain Training and Awareness Program x 6 Manage Information Security Risk x x x 7 Manage Third-Party Risk x x x 8 Maintain Notices x x x 9 Maintain Procedures for Inquiries and Complaints x x x 10 Monitor for New Operational Practices 11 Maintain a Data Privacy Breach Management Program 12 Monitor Data Handling Practices X = Law/regulation contains compliance requirements 13 related to Track the Privacy External Management Criteria Process

25 Accountability Based Approach Leverage EVIDENCE of Accountability to DEMONSTRATE Compliance One Accountable Privacy Program to Many Regulatory Requirements Evidence of Privacy Management Activities exists throughout the organization (within the Privacy Program as well as Operations) Hong Kong Personal Data (Privacy) Ordinance Evidence is collected in a centralized repository, structured in line with the 13 Privacy Management Processes Rule Macau 4 Personal Data Protection Act Rule 8/ Rule 2 Rule Malaysia 1 Personal Data Protection Act Rule 3 Rule Rule 5 Rule 3 Rule Singapore 1 Personal Data Rule 4 Protection Act 2012 Rule 2 Evidence of Accountability is mapped to requirements, allowing the organization to Demonstrate Compliance with laws and regulations on-demand, supported by Evidence Rule 5 Rule 3 Rule South 1 Korea Personal Rule 4 Rule Information 2 Protection Act Rule 1 Rule 5 Rule 3 Rule 2 Rule 4 Rule 3 Rule 5 Rule 4 Rule 5

26 The Nymity Approach to Accountability

28 Initial Status Baselining Privacy Management

29 Workbook

30 Initial Status Baselining Privacy Management 1. Identify the status of privacy management activities 2. Identify and record owners

31 Identify Status of Privacy Management Pg. 12 Implemented Planned Desired N/A The activity is already in place and have sufficient resources to be maintained. The decision has already been made, resources allocated, and action may be underway toward implementing the activity. The activity is applicable or relevant to the privacy program, but is not currently implemented or resourced (planned). Not applicable or relevant to the organization.

32 Identify Owners of Privacy Management Activities Privacy Office Activities Privacy officer responsibilities: Privacy Management Activities that are the Responsibility of the privacy office. Operational Activities Privacy officer influences/observes: Privacy Management Activities that are the responsibility of operational units, including, Marketing, HR, IT, Legal, Procurement, and Product Development.

33 Examples of Privacy Management Activities Privacy Office Activities Privacy officer responsibilities: Examples: maintain a data privacy policy maintain core training for all employees maintain a data privacy notice that details the organization s personal data handling policies consult with stakeholders throughout the organization on privacy matters Operational Activities Privacy officer influences /observes: Examples: maintain an information security policy maintain technical security measures (e.g. intrusion detection, firewalls, monitoring) maintain data privacy requirements for third parties integrate data privacy into practices for monitoring employees

35 Workbook Exercise Initial Status My Experience Maintain Training and Awareness Program

36 Workbook Exercise Initial Status My Experience Maintain Training and Awareness Program CONT.

37 Workbook Exercise Initial Status My Experience Maintain Notices

38 Workbook Exercise You Do It! You will have 10 minutes to complete this exercise. Please refer to the Accountability Workbook Instructions.

39 How do you compare? Nymity Benchmark Study research Status of All Organizations Rank Privacy Management Activity Implemented (%) Planned (%) Desired (%) N/A (%) 1 Maintain a data privacy notice that details the organization s personal 79.77% 8.99% 7.87% 3.37% data handling policies 2 Provide data privacy notice at all points where personal data is 66.29% 8.99% 19.1% 5.62% collected 3 Provide notice in all forms, contracts and terms 58.89% 7.78% 17.78% 15.56% 4 Provide notice in marketing communications (e.g. s, 56.67% 8.89% 14.44% 20% flyers, offers) 5 Maintain a data privacy notice for employees (processing of 47.19% 13.48% 28.09% 11.24% employee personal data) 6 Provide data privacy education to individuals (e.g. preventing identity 42.23% 7.78% 36.67% 13.33% theft) 7 Provide notice by means of on-location signage, posters 38.88% 4.44% 14.44% 42.22% 8 Maintain scripts for use by employees to explain the data privacy notice 26.67% 7.78% 42.22% 23.33% Ranking of Implemented "Maintain Notices" Privacy Management Activities Data as of 4 March 2015

40 Review Getting to Accountability: Maximize the effectiveness of your privacy management program You will be able to definitively: 1. Present Your Privacy Management Status Identify current state including owners of activities 2. Select a Privacy Management Program Strategy 3. Develop a Plan to execute the Strategy Identify required privacy management activities Prioritize based on resources and articulate a business case for additional resources

41 PRIVACY MANAGEMENT PROGRAM STRATEGIES

42 Privacy Management Strategies Pg. 19 Module objectives: Understand three distinct privacy management strategies Learn about the kind of organizations that chose each strategy Select one that best suits your organization

43 Privacy Management Program Strategies

44 Core Activities Pg. 20 Core activities are fundamental to the organization for privacy management; they are identified by the privacy office as being mandatory.

45 Core Activities Vary from One Organization to the Next Industry/sector Jurisdiction Size of organization Nature of processing Type of personal data Organizational risk appetite

46 Examples of Core Privacy Management Activities Core activity related to compliance: Maintain a data privacy notice that details the organization s personal data handling policies (PMP8) Most laws around the world contain a transparency principle and require notice to individuals. Core activity related to managing risk: Maintain a core training program for all employees (PMP5) Very few laws explicitly require privacy training, but the privacy office usually deems it critical to managing the privacy risk that can arise from employees that do not understand their obligations with regard to privacy.

47 Elective Privacy Management Activities Elective activities are the activities that go beyond the minimum for compliance and risk management. They are the activities the organization has elected to implement to further embed privacy throughout the organization. Activities may be Elective (non-core) because they are not directly tied to privacy compliance or risk such as Hold an annual data privacy day/week (PMP 5), or because they are sophisticated such as Maintain privacy program metrics (PMP 12).

48 Core vs. Elective Activities The following table provides examples of Core and Elective activities that are typical for selected industries/sectors Page 31

49 Choose a Strategy

50 1. Managed Privacy Strategy Pg. 19 Seeks to achieve and maintain the level of accountability that meets but does not exceed the minimum requirements necessary to maintain privacy management activities that are fundamental to the organization and are identified by the privacy office as being mandatory.

51 Which organizations choose Managed Privacy Strategy? low risk related to the processing of personal data Sensitivity, complexity, volume of data Organizations where processing data is not the core business but more of a support or administrative function a new privacy program, where the Managed Privacy Strategy is a starting point

52 2. Advanced Privacy Management Strategy Builds on the Managed Privacy Strategy Goes beyond the minimum to also incorporate additional privacy management activities throughout the organization (Elective Activities)

53 Which Organizations Choose Advanced Privacy Strategy? with a high level of privacy risk with a culture of compliance, and a low tolerance for compliance risk have had a major breach or are subject to enforcement action to fully integrate privacy into all product and program development to manage privacy risk to make privacy a competitive differentiator or to exceed client requirements to prepare for binding corporate rules, APEC, CBPR, or some other optional data transfer mechanisms that goes beyond compliance

54 3. Demonstrate Accountability and Compliance Strategy Demonstrating accountability: Being able to provide on demand reporting on the status and/or ongoing maintenance of privacy management activities, supported by evidence. Demonstrating compliance: Being able to contextualize evidence to rules of law.

55 Documentation as Evidence Pg. 33 The documentation to be used as evidence already exists: Documentation is a byproduct of implemented privacy management activities. You don t create evidence just for the sake of demonstrating accountability/compliance. You just identify and log the evidence that already exists. Privacy Management Activities Maintain a data privacy policy Integrate data privacy into e- mail monitoring practices Measure comprehension of data privacy concepts using exams Provide notice in all marketing communications (e.g. s, flyers, offers) Evidence/ Documentation Data Privacy Policy monitoring policy and procedure System generated report of data privacy exam scores Examples of marketing communications

56 Demonstrate Accountability using the Accountability Status Workbook Populate the Evidence column in the Accountability Status Workbook with all available documentation to show that the activity is in place and maintained Privacy Management Activity Status Owner(s) Core (Y/N) Resources to Implement Resources to Maintain Business Case Description/ Comment Evidence Assign accountability for data privacy at a senior level (PMP 1) Implemen ted Privacy Office Yes % FTE for Chief Privacy Officer Role Ensure effectiveness of the privacy management program The Privacy Officer is John Smith, who is at a VP level and reports through the Chief Compliance Officer CPO Job Description Org Charts Privacy Policy

57 Which organizations choose this strategy? Pg. 32 Organizations that have a business need to justify the need to stand ready to demonstrate accountability and/or compliance, including: Preparing for a regulatory investigation Complying with future legal requirements for demonstrating compliance ex. EU GDPR Abiding by the binding corporate rules to monitor compliance and make the results available to data protection authorities on demand Meeting expectations of privacy and data protection regulators Preparing to self-certify under EU-US Safe Harbor, or preparing for a third party audit Lowering the cost of independent assessment by gathering documentation and information in advance and presenting it to auditors Maintaining documentation for Trustmarks or accountability agents, ex., organizations participating in the APEC Cross-Border Privacy Rules system Desiring a competitive differentiator ex., outsourcing and data processing providers Providing meaningful management reporting at various levels Demonstrating that they lead by example

58 Choose a Strategy Managed Advanced Demonstrate Accountability and Compliance Business Case Compliance and Risk Management Protect brand reputation Build culture of privacy Privacy as a competitive differentiator Further reduce privacy risk Prepare for future compliance requirements Regulator activity External press coverage BCR Safe Harbor GDPR CBPR Prepare for Inspections Management Reporting Audit

59 Review You will be able to definitively: 1. Present Your Privacy Management Status Identify current state including owners of activities 2. Select a Privacy Management Program Strategy 3. Develop a Plan to execute the Strategy Identify required privacy management activities Prioritize based on resources and articulate a business case for additional resources

60 DEVELOP A PLAN TO EXECUTE THE STRATEGY

61 Module Objective Learn how to Plan and execute your selected Strategy - Select Privacy Management Activities (PMAs) and prioritize Learn how to build a business case for more resources Learn about which activities other organizations implemented first and what they are focused on now

62 Developing Your Plan Select activities based on: Legal, compliance and regulatory obligations Privacy risk Business objectives Prioritize activities based on your Resource Profile: Identify your resource profile Leverage existing resources Prioritize what can be supported Prioritize what can be maintained

63 Select based on Legal, Compliance and Regulatory Requirements Page 16 Understanding Expectations from Privacy and Data Protection Regulators Understanding the Law

64 Select based on Risk Page 18 Risk of harm to the individual data subject Risk of enforcement due to noncompliance or complaints Risk of unauthorized use of personal data Risk of loss to the organization Risk of breach due to stolen data Risk of misuse of personal data Risk of class-action lawsuit And others (see page 48) Which of these is most important to the organization?

65 Select based on Business Objectives Page 18 Align privacy management program strategy with organizational objectives such as: Global expansion goals Moving to paperless record keeping Mergers and acquisitions Competitive advantage Product innovation Cloud computing Others?

66 Common Core Privacy Management Activities Page 23

67 Workbook Exercise Selecting Privacy Management Activities My Experience - Maintain Notices

68 Workbook Exercise Selecting Privacy Management Activities My Experience - Maintain Training and Awareness Program

69 Workbook Exercise Selecting Privacy Management Activities My Experience - Maintain Training and Awareness Program cont.

70 Workbook Exercise You Do It! Determine which PMA s are core in your workbook and identify a business case for your Core desired activities Identify which activities are Core and which are Elective (Pg. 20) Core - Fundamental to privacy management; they are identified by the privacy office as being mandatory. Elective Activities that are not core, but are applicable to the organization. Elective activities go above and beyond the minimum for compliance and risk management. Identify the Business Case (Pg. 27) For PMAs that are desired (resources have not been allocated), note the business case. For example, compliance with laws and regulations, managing risk, alignment with organizational objectives, or implementing best practices. Revisit Desired Activities because if there is no business case, it is N/A Note: Some of you may want to change your previous selections based on your new understanding of Core You will have 30 minutes to complete this exercise.

71 Review Getting to Accountability: Maximize the effectiveness of your privacy management program You will be able to definitively: 1. Present Your Privacy Management Status Identify current state including owners of activities 2. Select a Privacy Management Program Strategy 3. Develop a Plan to execute the Strategy Identify applicable privacy management activities Prioritize based on resources and articulate a business case for additional resources

72 Prioritize Based on Resources Page 18 I. Determine your resource profile II. Leverage existing resources III. Prioritize what can be supported IV. Prioritize what can be maintained

73 Identifying Resources in Your Organization Pg. 13 People Processes Technology Tools Employees full or partial headcount Buy in or support from Executives/ Senior Management Other departments or groups such as Internal Audit, Compliance, ERM Shared Services (Info Sec, IT, Legal, Procurement) External Consultants/ Advisors/ Auditors/ Service Providers Workflows for approval/sign-off Monitoring/ Reviewing controls or mechanisms Communication/ Meetings Training/knowledge sharing Escalation paths File/document sharing platforms Collaboration tools Information Security/Data Protection controls ERP Systems Ticketing Systems E-Learning System Compliance research subscriptions Subscription newsletter to stay informed Templates and samples Privacy management systems Privacy/ Risk/ Compliance Reporting Software PIA solutions Rationalized rules table generators Benchmarking solutions

74 II. Page 18 Leverage Existing Resources Rely on privacy management activities that are already partially or fully implemented. Example: Human resources department is already maintaining policies and procedures for monitoring employees Privacy office has buy-in from human resources Therefore, relatively low effort to implement and maintain the activity Integrate data privacy into practices for monitoring employees (PMP 4) since the structure is already in place.

75 III. Page 18 Prioritize What is Supported Support from the operational and business units is critical to the success of the program - lack of it can present an obstacle to success. Example: Maintain policies/procedures for secondary use of personal data (PMP 4) may be influenced by the privacy office but owned by an operational unit such as marketing If the privacy office tries to implement the activity without the support of marketing, it will likely not be adopted Even though the activity is important to protecting data, it would not be implemented effectively and would not be the best use of limited resources Privacy office should prioritize activities that are supported by key stakeholders.

76 IV. Prioritize What Can Be Maintained Page 18 Accountability is an ongoing state not a point in time status. Implement privacy management activities that can be maintained based on the ongoing resources available. Example: To implement the activity Maintain a Data Privacy Policy (PMP 3) Initial effort requires medium resources Policy must be socialized with key stakeholders in order to achieve buy in and improve the chances of adoption (ultimately it should be approved be executive leadership) Publishing or issuing the policy is just the first step It must then be reviewed on a periodic basis Not keeping it up-to-date will result in increased privacy risk

77 Workbook Exercise Identify Resources My Experience Maintain Notices

78 Workbook Exercise Identify Resources My Experience Maintain Training and Awareness Program

79 You Do it Columns F and G: Identify the resources required to implement the privacy management activity, and to maintain it. Resource generally fall into the categories of people, processes, technology and tools, e.g. organizational support or buy-in, existing processes or technologies, privacy management tools. People Processes Technology Tools Employees full or partial headcount Buy in or support from Executives/ Senior Management Other departments or groups such as Internal Audit, Compliance, ERM Shared Services (Info Sec, IT, Legal, Procurement) External Consultants/ Advisors/ Auditors/ Service Providers Workflows for approval/sign-off Monitoring/ Reviewing controls or mechanisms Communication/ Meetings Training/knowledge sharing Escalation paths File/document sharing platforms Collaboration tools Information Security/Data Protection controls ERP Systems Ticketing Systems E-Learning System Compliance research subscriptions Subscription newsletter to stay informed Templates and samples Privacy management systems Privacy/ Risk/ Compliance Reporting Software PIA solutions Rationalized rules table generators Benchmarking solutions Pg. 13

80 Wrap-Up Questions, Comments and Future Accountability Research

81 Recap You will be able to definitively: 1. Present Your Privacy Management Status Identify current state including owners of activities 2. Present a Privacy Management Program Strategy 3. Develop a Plan to execute the Strategy Identify applicable privacy management activities Prioritize based on resources and articulate a business case for additional resources

Thank You! Please take a moment to fill out the feedback forms. If you wish to learn more about Nymity products or wish to receive a free Benchmark report, please fill the Demo Request Form.

82 Thank You! Please take a moment to fill out the feedback forms. If you wish to learn more about Nymity products or wish to receive a free Benchmark report, please fill the Demo Request Form. Please feel free to contact us with any questions or comments concerning this workshop at feedback@nymity.com. Copyright 2015 by Nymity Inc. All rights reserved. All text, images, logos, trademarks and information contained in this document are the intellectual property of Nymity Inc. unless otherwise indicated. Reproduction, modification, transmission, use or quotation of any content, including text, images, photographs etc., requires the prior written permission of Nymity Inc., 366 Bay Street, Suite 1200, Toronto, Ontario, Canada M5H 4B2.