Hot Topics in Privacy

Size: px
Start display at page:

Download "Hot Topics in Privacy"

Transcription

1 Hot Topics in Privacy Gretchen S. Herault Monster Worldwide SCCE Conference April 12, 2013 Agenda Privacy Landscape current state of regulatory coverage > Global > Industry Sector > Technology Hot Topics Common Themes Action Steps Questions Additional Resources 2 Privacy Landscape 3 1

2 Current Landscape US > Regulation based on industry sector, based on consumer protection principles FTC SEC > State-level regulation Data breach notification requirements MA, NV have security requirements for personal information Canada and EU > Comprehensive privacy frameworks, based on notion of privacy as fundamental human right > Canada: PIPEDA > EU: individual member country implementing legislation of EU Data Protection Directive APAC and Latin America > Varies by country > Countries with newer regimes adopting European style approaches 4 Current Landscape: Sector Regulation Health information > HIPAA Financial information > GLBA > Credit card information Personal information or PII > Catch all > Varies by sector and by jurisdiction Date of birth > Sensitive information SSN, driver s license number, bank account number, passport number 5 Technology Most privacy laws on the books written in the 90s Since then the development of new technologies and their uses has exceeded the law s capacity to regulate > Apps and social media > Mobile and online payments > User tracking > Behavioral advertising addresses becoming most important piece of personal information as technology develops > Used for account credentials to log in > Used for marketing 6 2

3 Common themes Laws and regulation not keeping pace with technological development Technology is allowing the rapid growth of collection of personally identifiable information, > Direct marketing > User tracking Advertising Mobile apps > Social media and mobile apps > Genetic information > Biometrics Facebook facial recognition Greater expectations regarding corporate standards and accountability for privacy and data protection > Subcontractor/supplier duties > Employee privacy rights Self-regulatory standards > NAI, DMA, DAA > TRUSTe, BBB Rising enforcement Additional requirements for breach prevention and greater security > MA Security Reg > Executive Order on Cybersecurity 7 Rapid Growth of collection of Personally Identifiable Information Direct marketing User tracking > Analytics Creation of profiles by amassing and merging large pools of data Rise of Big Data > Advertising User tracking across websites > Mobile apps Universal Device ID Location tracking Maps/Google Street View Social media > Enables more data to be shared, collected, intercepted Genetic information/biometric data 8 User Tracking Tracking > Behavioral Advertising/Targeted Advertising > Retargeting > Use of location in mobile advertising and applications/ Universal Device ID > GPS tracking Big Data > Creation of profiles about individuals > Lack of individual control Anonymization and Re-identification 9 3

4 Greater expectations Subcontractor/supplier duties > SAS 70 replaced by new standard US AICAPA SSAE 16 Employee privacy rights > Use of Social Security numbers as identifiers CT, NY regulations on use of SSN > Mobile device tracking/gps tracking > Company equipment usage monitoring Bring Your Own Device HIPAA/HITECH > Final rule has been adopted and takes effect September 23, 2013 > Security and privacy requirements include business associates > Compromise vs. harm standard of assessing risk > 60 days to notify of breach of PHI > Increased penalties, mandatory HHS audits 10 Self-regulatory standards Marketing organizations Network Advertising Initiative Direct Marketing Association Digital Advertising Alliance Privacy Certifications and Seals > TRUSTe > Better Business Bureau > Safe Harbor 11 Rising enforcement CA AG created Privacy Enforcement and Protection Unit CA and EU have published mobile app privacy guidelines > Both require privacy disclosures before installation of app Greater fining authority for EU data protection authorities > UK ICO levies highest fine yet for Sony Playstation breach ( 250,000) > Google settles WiFi claims with 38 states for $7 million MA automatically requesting copies of Written Information Security Program upon report of breach 12 4

5 Additional requirements for breach prevention and greater security Greater awareness of underweb and hacking > Phishing > Account hacking > Online banking and credit card transactions Cybersecurity initiatives > Executive Order on Cybersecurity > MD cybersecurity commission SEC disclosures on cybersecurity risks 13 Action Steps Know who regulates your business Know where data privacy is relevant to organization > Talk to people who actually handle or manage data and understand how it is used > Create risk profile of data > Triage risk Create/Review Policies > Social media > BYOD > Written Information Security Program Review/Audit Vendors > HIPAA/HITECH for business associate agreements > Security requirements MA security regulation compliance for personal information of MA residents Payment Card Industry Data Security Standard (PCI DSS) compliance Evaluate self-regulatory organizations and value to organization 14 If Nothing Else Be transparent Be clear Honor requests > Account deletion > Opt outs Think ahead of the law 15 5

6 Questions and Discussion 16 Additional Resources International Association of Privacy Professionals, Digital Advertising Alliance, Network Advertising Initiative Publications: BNA, Nymity Privaworks, DataGuidance HIPAA Final Omnibus Rule: EU s Article 29 Working Party Opinion on Mobile Apps: CA AG s recommendations on mobile ecosystem: AICPA s new SSAE 16 standard: SEC guidance on cybersecurity disclosures: MA security regulation: Executive Order on Cybersecurity:

Hot Topics in Privacy

Hot Topics in Privacy Hot Topics in Privacy Gretchen S. Herault Monster Worldwide SCCE Conference April 12, 2013 Agenda Privacy Landscape current state of regulatory coverage > Global > Industry Sector > Technology Hot Topics

More information

Developing Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite?

Developing Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite? Developing Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite? Minnesota RIMS 39 th Annual Seminar Risk 2011-2012: Can You Hack

More information

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes: Page 1 of 6 I. Common Principles and Approaches to Privacy A. A Modern History of Privacy a. Descriptions, definitions and classes b. Historical and social origins B. Types of Information a. Personal information

More information

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready? European Union (EU) General Data Protection Regulation (GDPR) Do you handle EU residents personal data? The GDPR update is coming May 25, 2018. Are you ready? What do you need to do? Governance and Accountability

More information

General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR) BCD Travel s Response to the EU General Data Protection Regulation (GDPR) November 2017 Page 1 Response to the EU GDPR Copyright 2017 by BCD Travel N.V. All rights reserved. November 2017 Copyright 2017

More information

Keeping It Under Wraps: Personally Identifiable Information (PII)

Keeping It Under Wraps: Personally Identifiable Information (PII) Keeping It Under Wraps: Personally Identifiable Information (PII) Will Robinson Assistant Vice President Information Security Officer & Data Privacy Officer Federal Reserve Bank of Richmond March 14, 2018

More information

Cybersecurity in Higher Ed

Cybersecurity in Higher Ed Cybersecurity in Higher Ed 1 Overview Universities are a treasure trove of information. With cyber threats constantly changing, there is a need to be vigilant in protecting information related to students,

More information

Automotive Privacy. A discussion of privacy and security legal compliance for the automotive industry

Automotive Privacy. A discussion of privacy and security legal compliance for the automotive industry Automotive Privacy A discussion of privacy and security legal compliance for the automotive industry 2014 Foley & Lardner LLP Attorney Advertising Prior results do not guarantee a similar outcome Models

More information

Data Security: Public Contracts and the Cloud

Data Security: Public Contracts and the Cloud Data Security: Public Contracts and the Cloud July 27, 2012 ABA Public Contract Law Section, State and Local Division Ieuan Mahony Holland & Knight ieuan.mahony@hklaw.com Roadmap Why is security a concern?

More information

Cyber Security in M&A. Joshua Stone, CIA, CFE, CISA

Cyber Security in M&A. Joshua Stone, CIA, CFE, CISA Cyber Security in M&A Joshua Stone, CIA, CFE, CISA Agenda About Whitley Penn, LLP The Threat Landscape Changed Cybersecurity Due Diligence Privacy Practices Cybersecurity Practices Costs of a Data Breach

More information

Cybersecurity and Nonprofit

Cybersecurity and Nonprofit Cybersecurity and Nonprofit 2 2 Agenda Cybersecurity and Non Profits Scenario #1 Scenario #2 What Makes a Difference Cyber Insurance and How it Helps Question and Answer 3 3 Cybersecurity and Nonprofit

More information

Cloud Computing, SaaS and Outsourcing

Cloud Computing, SaaS and Outsourcing Cloud Computing, SaaS and Outsourcing Michelle Perez, AGC Privacy, IPG Bonnie Yeomans, VP, AGC & Privacy Officer, CA Technologies PLI TechLaw Institute 2017: The Digital Agenda Introduction to the Cloud

More information

Overview of Key E.U. and U.S. Privacy and Cybersecurity Laws. Brett Lockwood Smith, Gambrell & Russell, LLP May 15, 2018

Overview of Key E.U. and U.S. Privacy and Cybersecurity Laws. Brett Lockwood Smith, Gambrell & Russell, LLP May 15, 2018 Overview of Key E.U. and U.S. Privacy and Cybersecurity Laws Brett Lockwood Smith, Gambrell & Russell, LLP May 15, 2018 Agenda Principal Obligations Under GDPR Key U.S. Privacy & Cybersecurity Laws E.U.

More information

The Role of the Data Protection Officer

The Role of the Data Protection Officer The Role of the Data Protection Officer Adrian Ross LLB (Hons), MBA GRC Consultant IT Governance Ltd 28 July 2016 www.itgovernance.co.uk Introduction Adrian Ross GRC consultant Infrastructure services

More information

Altius IT Policy Collection Compliance and Standards Matrix

Altius IT Policy Collection Compliance and Standards Matrix Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions

More information

DeMystifying Data Breaches and Information Security Compliance

DeMystifying Data Breaches and Information Security Compliance May 22-25, 2016 Los Angeles Convention Center Los Angeles, California DeMystifying Data Breaches and Information Security Compliance Presented by James Harrison OM32 5/25/2016 3:00 PM - 4:15 PM The handouts

More information

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow Managing Privacy Risk & Compliance in Financial Services Brett Hamilton Advisory Solutions Consultant ServiceNow 1 Speaker Introduction INSERT PHOTO Name: Brett Hamilton Title: Advisory Solutions Consultant

More information

US 2013 Consumer Data Privacy Study Mobile Edition

US 2013 Consumer Data Privacy Study Mobile Edition RESEARCH REPORT US 2013 Consumer Data Privacy Study Mobile Edition 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0

More information

U.S. Private-sector Privacy Certification

U.S. Private-sector Privacy Certification 1 Page 1 of 5 U.S. Private-sector Privacy Certification Outline of the Body of Knowledge for the Certified Information Privacy Professional/United States (CIPP/US ) I. Introduction to the U.S. Privacy

More information

Cybersecurity Considerations for GDPR

Cybersecurity Considerations for GDPR Cybersecurity Considerations for GDPR What is the GDPR? The General Data Protection Regulation (GDPR) is a brand new legislation containing updated requirements for how personal data of European Union

More information

Altius IT Policy Collection Compliance and Standards Matrix

Altius IT Policy Collection Compliance and Standards Matrix Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions

More information

What To Do When Your Data Winds Up Where It Shouldn t

What To Do When Your Data Winds Up Where It Shouldn t What To Do When Your Data Winds Up Where It Shouldn t Don M. Blumenthal Defcon 16 Las Vegas, Nevada August 9, 2008 Disclaimer Opinions expressed are my own and intended for informational purposes. They

More information

General Data Protection Regulation April 3, Sarah Ackerman, Managing Director Ross Patz, Consultant

General Data Protection Regulation April 3, Sarah Ackerman, Managing Director Ross Patz, Consultant General Data Protection Regulation April 3, 2018 Sarah Ackerman, Managing Director Ross Patz, Consultant Introductions Sarah Ackerman, CISSP, CISA Managing Director, Cincinnati Responsible for overall

More information

Top Five Privacy and Data Security Issues for Nonprofit Organizations

Top Five Privacy and Data Security Issues for Nonprofit Organizations Top Five Privacy and Data Security Issues for Nonprofit Organizations Julia K. Tama, Esq. Jeffrey S. Tenenbaum, Esq. Association of Corporate Counsel Nonprofit Organizations Committee Legal Quick Hit MAY

More information

ITU Asia-Pacific Centres of Excellence Training on Conformity and Interoperability. Session 2: Conformity Assessment Principles

ITU Asia-Pacific Centres of Excellence Training on Conformity and Interoperability. Session 2: Conformity Assessment Principles ITU Asia-Pacific Centres of Excellence Training on Conformity and Interoperability Session 2: Conformity Assessment Principles 12-16 October 2015 Beijing, China Keith Mainwaring ITU Expert Agenda 1. Context

More information

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016 Cybersecurity Conference Presentation North Bay Business Journal September 27, 2016 1 PRESENTER Francis Tam, CPA, CISM, CISA, CITP, CRISC, PCI QSA Partner Information Security and Infrastructure Practice

More information

Inside the OCR Investigation/Audit Process 2018 PBI HEALTH LAW INSTITUTE TUESDAY, MARCH 13, 2017 GREGORY M. FLISZAR, J.D., PH.D.

Inside the OCR Investigation/Audit Process 2018 PBI HEALTH LAW INSTITUTE TUESDAY, MARCH 13, 2017 GREGORY M. FLISZAR, J.D., PH.D. Inside the OCR Investigation/Audit Process 2018 PBI HEALTH LAW INSTITUTE TUESDAY, MARCH 13, 2017 GREGORY M. FLISZAR, J.D., PH.D. HIPAA GENERAL RULE PHI may not be disclosed without patient authorization

More information

Privacy Policy GENERAL

Privacy Policy GENERAL Privacy Policy GENERAL This document sets out what information Springhill Care Group Ltd collects from visitors, how it uses the information, how it protects the information and your rights. Springhill

More information

Cyber Insurance: What is your bank doing to manage risk? presented by

Cyber Insurance: What is your bank doing to manage risk? presented by Cyber Insurance: What is your bank doing to manage risk? David Kitchen presented by Lisa Micciche Today s Agenda Claims Statistics Common Types of Cyber Attacks Typical Costs Incurred to Respond to an

More information

Cloud Computing Risks & Reality. Sandra Liepkalns, CRISC

Cloud Computing Risks & Reality. Sandra Liepkalns, CRISC Cloud Computing Risks & Reality Sandra Liepkalns, CRISC sandra.liepkalns@netrus.com What is Cloud Security The quality or state of being secure to be free from danger & minimize risk To be protected from

More information

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

Plan a Pragmatic Approach to the new EU Data Privacy Regulation AmChamDenmark event: EU Compliant & Cyber Resistant Plan a Pragmatic Approach to the new EU Data Privacy Regulation Janus Friis Bindslev, Partner Cyber Risk Services, Deloitte 4 February 2016 Agenda General

More information

Are your data ready for GDPR Compliance?

Are your data ready for GDPR Compliance? Are your data ready for GDPR Compliance? USING A DATA HUB TO PROTECT PERSONAL DATA Track & Trace Capture & Connect Secure & Protect Certify & Curate Publish & Share 2017 Talend 1 Rémi Forest Solution Engineer

More information

2017 Cyber Incident & Breach Readiness Webinar Will Start Shortly

2017 Cyber Incident & Breach Readiness Webinar Will Start Shortly 2017 Cyber Incident & Breach Readiness Webinar Will Start Shortly please download the guide at https://otalliance.org/incident 2017 Cyber Incident & Breach Readiness Webinar Craig Spiezle Executive Director

More information

Data Breach Notification: what EU law means for your information security strategy

Data Breach Notification: what EU law means for your information security strategy Data Breach Notification: what EU law means for your information security strategy Olivier Proust December 8, 2011 Hunton & Williams LLP Key points 1. Introduction 2. Overview of data breach requirements

More information

EU General Data Protection Regulation (GDPR) Achieving compliance

EU General Data Protection Regulation (GDPR) Achieving compliance EU General Data Protection Regulation (GDPR) Achieving compliance GDPR enhancing data protection and privacy The new EU General Data Protection Regulation (GDPR) will apply across all EU member states,

More information

Cybersecurity The Evolving Landscape

Cybersecurity The Evolving Landscape Cybersecurity The Evolving Landscape 1 Presenter Zach Shelton, CISA Principal DHG IT Advisory Zach.Shelton@DHG.com Raleigh, NC 14+ years of experience in IT Consulting 11+ years of experience with DHG

More information

All 3 Billion Yahoo Accounts Were Affected by 2013 Attack NY Times 10/3/17

All 3 Billion Yahoo Accounts Were Affected by 2013 Attack NY Times 10/3/17 2 All 3 Billion Yahoo Accounts Were Affected by 2013 Attack NY Times 10/3/17 4 John Chambers, former CEO and Chairman of the Board of Cisco Systems, Inc. 5 / 6 2017 State of Cybersecurity in Small and

More information

What is GDPR? https://www.eugdpr.org/ Editorial: The Guardian: August 7th, EU Charter of Fundamental Rights, 2000

What is GDPR? https://www.eugdpr.org/ Editorial: The Guardian: August 7th, EU Charter of Fundamental Rights, 2000 GDPR: The basics What is GDPR? The EU General Data Protection Regulation (GDPR) is the biggest European shake-up of data protection in a generation. It s the culmination of two decades of experience of

More information

DATA PROTECTION BY DESIGN

DATA PROTECTION BY DESIGN DATA PROTECTION BY DESIGN Preparing for Europe s New Security Regulations Summary In 2018, the European Union will begin to enforce the provisions of the General Data Protection Regulation (GDPR), a new

More information

Workday s Robust Privacy Program

Workday s Robust Privacy Program Workday s Robust Privacy Program Workday s Robust Privacy Program Introduction Workday is a leading provider of enterprise cloud applications for human resources and finance. Founded in 2005 by Dave Duffield

More information

Aligning Your Organization s Business Units to Achieve a Cohesive Cybersecurity Strategy

Aligning Your Organization s Business Units to Achieve a Cohesive Cybersecurity Strategy Aligning Your Organization s Business Units to Achieve a Cohesive Cybersecurity Strategy Orus Dearman, Director, Business Advisory Services, Grant Thornton Johanna Terronez, Senior Manager, Business Advisory

More information

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information Privacy Statement Introduction Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information about how IT Support (UK) Ltd handle personal information.

More information

register to use the Service, place an order, or provide contact information to an Independent Business Owner;

register to use the Service, place an order, or provide contact information to an Independent Business Owner; Privacy Policy Stella & Dot LLC (d/b/a Stella & Dot Family Brands, KEEP Collective, and EVER LLC) and its wholly-owned U.S. subsidiary, Stella & Dot Jewelry LLC (collectively, Stella & Dot, we, us, or

More information

Building YOUR Privacy Program: One Size Does Not Fit All. IBM Security Services

Building YOUR Privacy Program: One Size Does Not Fit All. IBM Security Services Building YOUR Privacy Program: One Size Does Not Fit All Justine Gottshall Partner, InfoLawGroup, LLP Chief Privacy Officer, Signal Jgottshall@infolawgroup.com Adam Nelson Executive Consultant Global Data

More information

Understanding the Impact of Data Privacy January 2012

Understanding the Impact of Data Privacy January 2012 Understanding the Impact of Data Privacy January 2012 Presented By: Eric Dieterich Agenda Why is data privacy important Quantifying the costs of a data breach Clarifying the differences between a privacy

More information

Breach Notification Form

Breach Notification Form Breach Notification Form Report a breach of personal data to the Data Protection Commission Use this form if you are a Data Controller that wishes to contact us to report a personal data breach that has

More information

GDPR: A QUICK OVERVIEW

GDPR: A QUICK OVERVIEW GDPR: A QUICK OVERVIEW 2018 Get ready now. 29 June 2017 Presenters Charles Barley Director, Risk Advisory Services Charles Barley, Jr. is responsible for the delivery of governance, risk and compliance

More information

Effective Strategies for Managing Cybersecurity Risks

Effective Strategies for Managing Cybersecurity Risks October 6, 2015 Effective Strategies for Managing Cybersecurity Risks Larry Hessney, CISA, PCI QSA, CIA 1 Everybody s Doing It! 2 Top 10 Cybersecurity Risks Storing, Processing or Transmitting Sensitive

More information

GDPR How to Comply in an HPE NonStop Environment. Steve Tcherchian GTUG Mai 2018

GDPR How to Comply in an HPE NonStop Environment. Steve Tcherchian GTUG Mai 2018 GDPR How to Comply in an HPE NonStop Environment Steve Tcherchian GTUG Mai 2018 Agenda About XYPRO What is GDPR Data Definitions Addressing GDPR Compliance on the HPE NonStop Slide 2 About XYPRO Inc. Magazine

More information

How the European Commission is supporting innovation in mobile health technologies Nordic Mobile Healthcare Technology Congress 2015

How the European Commission is supporting innovation in mobile health technologies Nordic Mobile Healthcare Technology Congress 2015 How the European Commission is supporting innovation in mobile health technologies Nordic Mobile Healthcare Technology Congress 2015 Claudia Prettner, Unit for Health and Well-Being, DG CONNECT Table of

More information

DATA PRIVACY & SECURITY THE CHANGING HIPAA CLIMATE

DATA PRIVACY & SECURITY THE CHANGING HIPAA CLIMATE DATA PRIVACY & SECURITY THE CHANGING HIPAA CLIMATE Melodi (Mel) M. Gates mgates@pattonboggs.com (303) 894-6111 October 25, 2013 THE CHANGING PRIVACY CLIMATE z HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY

More information

Challenges Managing Self-Encrypting NAND Flash Devices

Challenges Managing Self-Encrypting NAND Flash Devices Challenges Managing Self-Encrypting NAND Flash Devices Sandler Rubin Senior Product Manager, Symantec Corp. Santa Clara, CA 1 Agenda 1 Business Case for Encryption 2 What s Wrong with Self-Encrypting Flash?

More information

SAS 70 Audit Concepts. and Benefits JAYACHANDRAN.B,CISA,CISM. August 2010

SAS 70 Audit Concepts. and Benefits JAYACHANDRAN.B,CISA,CISM. August 2010 JAYACHANDRAN.B,CISA,CISM jb@esecurityaudit.com August 2010 SAS 70 Audit Concepts and Benefits Agenda Compliance requirements Overview Business Environment IT Governance and Compliance Management Vendor

More information

General Data Protection Regulation Frequently Asked Questions (FAQ) General Questions

General Data Protection Regulation Frequently Asked Questions (FAQ) General Questions General Data Protection Regulation Frequently Asked Questions (FAQ) This document addresses some of the frequently asked questions regarding the General Data Protection Regulation (GDPR), which goes into

More information

Hong Kong s Personal Data (Privacy) Ordinance

Hong Kong s Personal Data (Privacy) Ordinance Asia Privacy Bridge Forum 11 May 2016 Hong Kong s Personal Data (Privacy) Ordinance Fanny Wong Deputy Privacy Commissioner for Personal Data Hong Kong, China The Personal Data Landscape in Asia 2011 2003

More information

HIPAA-HITECH: Privacy & Security Updates for 2015

HIPAA-HITECH: Privacy & Security Updates for 2015 South Atlantic Regional Annual Conference Orlando, FL February 6, 2015 1 HIPAA-HITECH: Privacy & Security Updates for 2015 Darrell W. Contreras, Esq., LHRM Gregory V. Kerr, CHPC, CHC Agenda 2 OCR On-Site

More information

Developments in Global Data Protection & Transfer: How They Impact Third-Party Contracts

Developments in Global Data Protection & Transfer: How They Impact Third-Party Contracts Developments in Global Data Protection & Transfer: How They Impact Third-Party Contracts Rebecca Eisner Partner +1 312 701 8577 reisner@mayerbrown.com Mark Prinsley Partner +44 20 3130 3900] mprinsley@mayerbrown.com

More information

General Data Protection Regulation: Knowing your data. Title. Prepared by: Paul Barks, Managing Consultant

General Data Protection Regulation: Knowing your data. Title. Prepared by: Paul Barks, Managing Consultant General Data Protection Regulation: Knowing your data Title Prepared by: Paul Barks, Managing Consultant Table of Contents 1. Introduction... 3 2. The challenge... 4 3. Data mapping... 7 4. Conclusion...

More information

Social Media and Texting: A Growing Concern

Social Media and Texting: A Growing Concern Social Media, Care Providers Texting: How Do You Protect PHI? HCCA Compliance Institute Monday, April 18, 2016 Presented By: Donna Thiel, VP & CCO, Fortis Management Group, LLC Craig Day, Esq., Lane Powell

More information

Key Customer Issues to Consider Before Entering into a Cloud Services Arrangement

Key Customer Issues to Consider Before Entering into a Cloud Services Arrangement Key Customer Issues to Consider Before Entering into a Cloud Services Arrangement Law Seminars International December 9, 2014 Peter J. Kinsella 303/291-2328 The information provided in this presentation

More information

SANMINA CORPORATION PRIVACY POLICY. Effective date: May 25, 2018

SANMINA CORPORATION PRIVACY POLICY. Effective date: May 25, 2018 SANMINA CORPORATION PRIVACY POLICY Effective date: May 25, 2018 This Privacy Policy (the Policy ) sets forth the privacy principles that Sanmina Corporation and its subsidiaries (collectively, Sanmina

More information

Integrating HIPAA into Your Managed Care Compliance Program

Integrating HIPAA into Your Managed Care Compliance Program Integrating HIPAA into Your Managed Care Compliance Program The First National HIPAA Summit October 16, 2000 Mark E. Lutes, Esq. Epstein Becker & Green, P.C. 1227 25th Street, N.W., Suite 700 Washington,

More information

Compliance of Panda Products with General Data Protection Regulation (GDPR) Panda Security

Compliance of Panda Products with General Data Protection Regulation (GDPR) Panda Security Panda Security Compliance of Panda Products with General Data Protection Regulation (GDPR) 1 Contents 1.1. SCOPE OF THIS DOCUMENT... 3 1.2. GENERAL DATA PROTECTION REGULATION: OBJECTIVES... 3 1.3. STORED

More information

Emerging Challenges in mhealth: Keeping Information Safe & Secure HCCA CI Web Hull Privacy, Data Protection, & Compliance Advisor

Emerging Challenges in mhealth: Keeping Information Safe & Secure HCCA CI Web Hull Privacy, Data Protection, & Compliance Advisor Emerging Challenges in mhealth: Keeping Information Safe & Secure HCCA CI 2016 Web Hull Privacy, Data Protection, & Compliance Advisor Web.Hull@icloud.com 1 Topics 1. mhealth Challenges & Landscape 2.

More information

POMONA EUROPE ADVISORS LIMITED

POMONA EUROPE ADVISORS LIMITED POMONA EUROPE ADVISORS LIMITED Personal Information Notice Pomona Europe Advisors Limited (Pomona, we/us/our) wants you to be familiar with how we collect, use and disclose personal information. This Personal

More information

Topics 4/11/2016. Emerging Challenges in mhealth: Keeping Information Safe & Secure. Here s the challenge It s just the beginning of mhealth

Topics 4/11/2016. Emerging Challenges in mhealth: Keeping Information Safe & Secure. Here s the challenge It s just the beginning of mhealth Emerging Challenges in mhealth: Keeping Information Safe & Secure HCCA CI 2016 Web Hull Privacy, Data Protection, & Compliance Advisor Web.Hull@icloud.com 1 Topics 1. mhealth Challenges & Landscape 2.

More information

IT Audit and Risk Trends for Credit Union Internal Auditors. Blair Bautista, Director Bob Grill, Manager David Dyk, Manager

IT Audit and Risk Trends for Credit Union Internal Auditors. Blair Bautista, Director Bob Grill, Manager David Dyk, Manager IT Audit and Risk Trends for Credit Union Internal Auditors Blair Bautista, Director Bob Grill, Manager David Dyk, Manager 1 AGENDA Internet Banking Authentication ATM Security and PIN Compliance Social

More information

A Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud

A Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud A Checklist for Compliance in the Cloud 1 A Checklist for Compliance in the Cloud A Checklist for Compliance in the Cloud 1 With the industrialization of hacking and the enormous impact of security breaches,

More information

2016 Data Protection & Breach Readiness Webinar Will Start Shortly. please download the guide at

2016 Data Protection & Breach Readiness Webinar Will Start Shortly. please download the guide at 2016 Data Protection & Breach Readiness Webinar Will Start Shortly please download the guide at https://otalliance.org/breach 1 2016 Data Protection & Breach Readiness Guide February 3, 2016 Craig Spiezle

More information

Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH

Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH 1 Speaker Bio Katie McIntosh, CISM, CRISC, CISA, CIA, CRMA, is the Cyber Security Specialist for Central Hudson Gas &

More information

2014 Luxury & Fashion Industry Conference for Multinationals

2014 Luxury & Fashion Industry Conference for Multinationals 2014 Luxury & Fashion Industry Conference for Multinationals Privacy, Data Protection, and the Impact of Social Media and Online Behavioral Advertising on the Industry Anna Gamvros, Hong Kong Francesca

More information

Certified Information Privacy Professional/United States

Certified Information Privacy Professional/United States Certified Information Privacy Professional/United States The Certified Information Privacy Professional (CIPP) helps organizations around the world bolster compliance and risk mitigation practices, and

More information

DATA SECURITY - DATA PROTECTION ACT

DATA SECURITY - DATA PROTECTION ACT DATA SECURITY - DATA PROTECTION ACT Data Security - Data Protection Act Many businesses are totally reliant on the data stored on their PCs, laptops, networks, mobile devices and in the cloud. Some of

More information

How to Navigate International Privacy and Data Security Developments Beyond the US and the EU, Namely Canada January 30, 2019

How to Navigate International Privacy and Data Security Developments Beyond the US and the EU, Namely Canada January 30, 2019 How to Navigate International Privacy and Data Security Developments Beyond the US and the EU, Namely Canada January 30, 2019 Melissa Krasnow, VLP Law Group LLP, Minneapolis, Email: mkrasnow@vlplawgroup.com

More information

Accelerate GDPR compliance with the Microsoft Cloud

Accelerate GDPR compliance with the Microsoft Cloud Regional Forum on Cybersecurity in the Era of Emerging Technologies & the Second Meeting of the Successful Administrative Practices -2017 Cairo, Egypt 28-29 November 2017 Accelerate GDPR compliance with

More information

IMPACT OF INTERNATIONAL PRIVACY REGULATIONS. Michelle Caswell, Coalfire Julia Jacobson, K&L Gates

IMPACT OF INTERNATIONAL PRIVACY REGULATIONS. Michelle Caswell, Coalfire Julia Jacobson, K&L Gates IMPACT OF INTERNATIONAL PRIVACY REGULATIONS Michelle Caswell, Coalfire Julia Jacobson, K&L Gates Introduction to International Privacy Law General Data Protection Regulation 2 2018 HITRUST Alliance What

More information

GDPR - Are you ready?

GDPR - Are you ready? GDPR - Are you ready? Anne-Marie Bohan and Michael Finn 24 March 2018 Matheson Ranked Ireland s Most Innovative Law Firm Financial Times 2017 International Firm in the Americas International Tax Review

More information

GUESTBOOK REWARDS, INC. Privacy Policy

GUESTBOOK REWARDS, INC. Privacy Policy GUESTBOOK REWARDS, INC. Privacy Policy Welcome to The Guestbook and Gopher, the online and mobile services of Guestbook Rewards, Inc. ( The Guestbook, we, or us ). Our Privacy Policy explains how we collect,

More information

GLBA, information security and incident response a compliance perspective

GLBA, information security and incident response a compliance perspective GLBA, information security and incident response a compliance perspective Introductions How many have experience with IT? How many have responsibilities involving IT? How many have responsibilities involving

More information

01.0 Policy Responsibilities and Oversight

01.0 Policy Responsibilities and Oversight Number 1.0 Policy Owner Information Security and Technology Policy Policy Responsibility & Oversight Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 1. Policy Responsibilities

More information

NYDFS Cybersecurity Regulations

NYDFS Cybersecurity Regulations SPEAKERS NYDFS Cybersecurity Regulations Lisa J. Sotto Hunton & Williams LLP (212) 309-1223 lsotto@hunton.com www.huntonprivacyblog.com March 9, 2017 The Privacy Team at Hunton & Williams Over 30 privacy

More information

Privacy Policy. Optimizely, Inc. 1. Information We Collect

Privacy Policy. Optimizely, Inc. 1. Information We Collect Privacy Policy Posted: Nov. 19, 2015; Effective Date: Nov. 19, 2015 Optimizely, Inc. This privacy policy applies to Optimizely s Virtual Experience website owned and/or operated for Optimizely, Inc., currently

More information

Protecting Your Gear, Your Work & Cal Poly

Protecting Your Gear, Your Work & Cal Poly 9/20/2016 1 Protecting Your Gear, Your Work & Cal Poly Information Security Office Shar i f Shar i f i, CI SSP, CRISC Kyle Gustafson, Information Security Analyst Jon Vasquez, Information Security Analyst

More information

Tokenisation: Reducing Data Security Risk

Tokenisation: Reducing Data Security Risk Tokenisation: Reducing Data Security Risk OWASP Meeting September 3, 2009 Agenda Business Drivers for Data Protection Approaches to Data Security Tokenisation to reduce audit scope and lower risk Examples

More information

for the Dental Industry

for the Dental Industry for the Dental Industry If you re practicing dentistry, you ll also need to be an expert on email encryption and patient privacy. Dental practices are among the fastest growing adopters of cloud email

More information

Emergency Compliance DG Special Case DAMA INDIANA

Emergency Compliance DG Special Case DAMA INDIANA 1 Emergency Compliance DG Special Case DAMA INDIANA Agenda 2 Overview of full-blown data governance (DG) program Emergency compliance with a specific regulation We'll use GDPR as an example What is GDPR

More information

African Theatre Association (AfTA) PRIVACY POLICY

African Theatre Association (AfTA) PRIVACY POLICY African Theatre Association (AfTA) PRIVACY POLICY 1. Our Privacy Pledge We store your personal data safely. We won't share your details with anyone else. You can change your preferences or opt out from

More information

Compliance A primer. Surveys indicate that 80% of the spend on IT security technology is driven by the need to comply with regulatory legislation.

Compliance A primer. Surveys indicate that 80% of the spend on IT security technology is driven by the need to comply with regulatory legislation. Compliance A primer Surveys indicate that 80% of the spend on IT security technology is driven by the need to comply with regulatory legislation. The growth in the sharing of sensitive data combined with

More information

Cyber Risks in the Boardroom Conference

Cyber Risks in the Boardroom Conference Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks

More information

DATA PROTECTION LAWS OF THE WORLD. United States

DATA PROTECTION LAWS OF THE WORLD. United States DATA PROTECTION LAWS OF THE WORLD United States Downloaded: 10 December 2017 UNITED STATES Last modified 25 January 2017 LAW The United States has about 20 sector specific or medium-specific national privacy

More information

SOC 3 for Security and Availability

SOC 3 for Security and Availability SOC 3 for Security and Availability Independent Practioner s Trust Services Report For the Period October 1, 2015 through September 30, 2016 Independent SOC 3 Report for the Security and Availability Trust

More information

HITRUST CSF: One Framework

HITRUST CSF: One Framework HITRUST CSF: One Framework Leveraging the HITRUST CSF to Support ISO, HIPAA, & NIST Implementation and Compliance, and SSAE 16 SOC Reporting Dr. Bryan Cline, CISSP-ISSEP, CISM, CISA, CCSFP, HCISPP Senior

More information

Safeguards on Personal Data Privacy.

Safeguards on Personal Data Privacy. Safeguards on Personal Data Privacy. Peter Koo Partner, Enterprise Risk Services Deloitte Touche Tohmatsu Maverick Tam Associate Director, Enterprise Risk Services Deloitte Touche Tohmatsu Deloitte ERS

More information

CipherCloud CASB+ Connector for ServiceNow

CipherCloud CASB+ Connector for ServiceNow ServiceNow CASB+ Connector CipherCloud CASB+ Connector for ServiceNow The CipherCloud CASB+ Connector for ServiceNow enables the full suite of CipherCloud CASB+ capabilities, in addition to field-level

More information

The HIPAA Omnibus Rule

The HIPAA Omnibus Rule The HIPAA Omnibus Rule What You Should Know and Do as Enforcement Begins Rebecca Fayed, Associate General Counsel and Privacy Officer Eric Banks, Information Security Officer 3 Biographies Rebecca C. Fayed

More information

HIPAA in 2017: Hot Topics You Can t Ignore. Danika Brinda, PhD, RHIA, CHPS, HCISPP March 16, 2017

HIPAA in 2017: Hot Topics You Can t Ignore. Danika Brinda, PhD, RHIA, CHPS, HCISPP March 16, 2017 HIPAA in 2017: Hot Topics You Can t Ignore Danika Brinda, PhD, RHIA, CHPS, HCISPP March 16, 2017 Breach Notification State Law Privacy Rule Authorizations Polices and Procedures The Truth Is Have created

More information

What is Cybersecurity?

What is Cybersecurity? What is Cybersecurity? Protection against unauthorized access to or use of assets via electronic means Not limited to what we think of as Hacking : Fraud Prevention Misuse of Appropriate Access Important

More information

Data Management and Security in the GDPR Era

Data Management and Security in the GDPR Era Data Management and Security in the GDPR Era Franck Hourdin; Vice President, EMEA Security Russ Lowenthal; Director, Database Security Product Management Mike Turner; Chief Operating Officer, Capgemini

More information

Data Leak Protection legal framework and managing the challenges of a security breach

Data Leak Protection legal framework and managing the challenges of a security breach Data Leak Protection legal framework and managing the challenges of a security breach ACC Europe's Annual Conference 2009 June 7-9, 2009 Geneva Alexander Duisberg Partner, Bird & Bird LLP About Bird &

More information

The GDPR and NIS Directive: Risk-based security measures and incident notification requirements

The GDPR and NIS Directive: Risk-based security measures and incident notification requirements The GDPR and NIS Directive: Risk-based security measures and incident notification requirements Adrian Ross LLB (Hons), MBA GRC Consultant IT Governance Ltd 4 May 2017 Introduction Adrian Ross GRC consultant

More information