Getting Your Privacy House in Order

Similar documents
NYDFS Cybersecurity Regulations

Cyber Risks in the Boardroom Conference

Building YOUR Privacy Program: One Size Does Not Fit All. IBM Security Services

NERC Staff Organization Chart Budget 2019

NERC Staff Organization Chart Budget 2018

NERC Staff Organization Chart Budget 2019

2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action

Aon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary

Investigating Insider Threats

Chief Compliance Officer s (CCO s) Role in Cybersecurity Thursday, February 22 10:00 a.m. 11:00 a.m.

New York DFS Cybersecurity Regulation:

EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS

SCCE ECEI 2014 EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS. Monica Salgado JANINE REGAN CIPP/E

Handling Complex and Difficult Privacy and Information Security Issues

NERC Staff Organization Chart Budget 2017

IMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES

NERC Staff Organization Chart Budget 2017

NERC Staff Organization Chart

Five Ways that Privacy Shield is Different from Safe Harbor and Five Simple Steps Companies Can Take to Prepare for Certification

ISACA MOSCOW CHAPTER Chapter meeting 22 September 2016

Steps to Take Now to be Ready if Your Organization is Breached Thursday, February 22 2:30 p.m. 3:30 p.m.

The Impact of Cybersecurity, Data Privacy and Social Media

Developing a Privacy Compliance Program

GDPR is coming in less than 2 months Are you ready?

HOT TOPICS IN DATA PRIVACY REGULATION IN RUSSIA

A Global Look at IT Audit Best Practices

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

GDPR: A QUICK OVERVIEW

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors

INSIDE. 2 Introduction 15 Conclusion 4 Cyber: A Top-of-Mind Concern A Message From Morrison & Foerster s Global Privacy & Data Security Chair

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

NYDFS Cybersecurity Regulations: What do they mean? What is their impact?

General introduction to. IP Working Group. China-Italy Chamber of Commerce

CYBER RISK MANAGEMENT

2017 Data Security Incident Response Report. Be Compromise Ready: Go Back to the Basics

2014 Luxury & Fashion Industry Conference for Multinationals

2017 PORT SECURITY SEMINAR & EXPO. ISACA/CISM Information Security Management Training for Security Directors/Managers

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

A Privacy and Cybersecurity Primer for Nonprofits Nonprofits in the Digital Age March 9, 2016

Roy E. Hadley, Jr. Overview. Partner. Contact Information. Education.

NERC Staff Organization Chart Budget

SOC 3 for Security and Availability

Manuel E. Maisog Partner

Developments in Global Data Protection & Transfer: How They Impact Third-Party Contracts

costs maximize results minimize legal research Best Practices for Taming e-discovery futurelawoffice.com

Smart Software Licensing tools and Smart Account Management Privacy DataSheet

Robert Bond. Respecting Privacy, Securing Data and Enabling Trust a view from Europe

DEFENSIBLE DELETION TO DOWNSIZE YOUR DATA

Developing Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite?

Hacking and Cyber Espionage

NERC Staff Organization Chart 2015 Budget

Personal Information You Provide When Visiting Danaher Sites

Overview of Key E.U. and U.S. Privacy and Cybersecurity Laws. Brett Lockwood Smith, Gambrell & Russell, LLP May 15, 2018

Cyber Security in M&A. Joshua Stone, CIA, CFE, CISA

EU General Data Protection Regulation (GDPR) Achieving compliance

CIPP/E CIPT. Data Protection Technologist (DPT) Training Bundle Official IAPP Training and Certification

GDPR compliance: some basics & practical to do list

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

Protecting your data. EY s approach to data privacy and information security

CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018

Embedding Privacy by Design

Workday s Robust Privacy Program

2017 RIMS CYBER SURVEY

Cyber Risks, Coverage, and the Board of Directors.

A Checklist for Cybersecurity and Data Privacy Diligence in TMT Transactions

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

Speakers. Shellie Zavatsky Director of Internal Audit at Hurley Medical Center. Trent Long Director of Managed Privacy Services at FairWarning, Inc

U.S. Private-sector Privacy Certification

GEORGIA CYBERSECURITY WORKFORCE ACADEMY. NASCIO 2018 State IT Recognition Awards

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:

HPH SCC CYBERSECURITY WORKING GROUP

4A Healthcare Data Security & Privacy

Risk Advisory Academy Training Brochure

Data Privacy Management in a Digital Age

EY s Data Privacy Services. January 2019

Reliability Standards Development Plan

Testimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON

The GDPR Are you ready?

Enterprise Search at White & Case

EU data security and privacy trends

BHConsulting. Your trusted cybersecurity partner

Changing the Game: An HPR Approach to Cyber CRM007

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

SPEAKER S BIO. Abhishek Agarwal, CIPP/US, Chief Privacy Officer at Baxter International

General Data Protection Regulation April 3, Sarah Ackerman, Managing Director Ross Patz, Consultant

Data Privacy and Cybersecurity

Accelerate GDPR compliance with the Microsoft Cloud

HOW CORPORATE COUNSEL CAN MITIGATE CYBERSECURITY RISKS

Incident Response and Cybersecurity: A View from the Boardroom

General Data Protection Regulation Frequently Asked Questions (FAQ) General Questions

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?

Managing Cyber Risk. Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust

CYBERSECURITY IN THE POST ACUTE ARENA AGENDA

16 th Annual In-House Counsel Conference January 23, 2019 (Anaheim,CA)

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

RippleMatch Privacy Policy

MNsure Privacy Program Strategic Plan FY

DeMystifying Data Breaches and Information Security Compliance

U.S. Corporate Privacy Certification

Transcription:

Getting Your Privacy House in Order Lisa J. Sotto Ewa Abrams Victoria King Partner Associate General Counsel Global Privacy Officer Hunton & Williams LLP Tiffany & Co. UPS (212) 309-1223 (212) 230-5351 (404) 828-6550 lsotto@hunton.com ewa.abrams@tiffany.com vking@ups.com www.huntonprivacyblog.com September 16, 2014

Roadmap Building blocks of a global privacy program Know your data Managing a global enterprise Privacy policies Cross-border data transfer restrictions Registrations Workplace privacy Monitoring policies Whistleblower hotlines BYOD Vendor management Marketing uses of data Cloud computing Cybersecurity and breach preparedness 2

What personal data does your company collect, use and store? In what systems? Where are they located? Consider the various buckets of personal data HR Consumer Vendor Data Flow Mapping 3

Privacy Policies Consumer facing privacy notices Online Apps Stores Special events HR privacy policies Other privacy policies For example, Safe Harbor Policy 4

EEA Consent Model clauses Safe Harbor BCRs Asia Cross-Border Data Transfers CBPRs Other jurisdictions with cross-border data transfer restrictions 5

Registrations Registering the entity s data processing activities Tackling the logistical nightmare Country-specific issues For example, whistleblower hotlines 6

Workplace Privacy Issues Monitoring electronic communications and devices Global variations Social media use policies Overlap with labor and employment law NLRB issues 7

Whistleblower Hotlines Understanding the issues Managing your hotline provider Appropriate documentation Global inconsistences 8

Vendor Management Identifying all vendors with access to personal data Conducting due diligence Contractual protections Ongoing monitoring 9

Marketing Uses of Data Traditional CRM Online behavioral advertising and retargeting Apps Cookies EU-specific issues Data analytics 10

Bring Your Own Device What are the key challenges? Voluntary Monitoring work-related activities Notice and consent 11

Cloud Computing Issues Data that resides in a cloud is maintained by a service provider and locations can change without notice Which jurisdiction s laws apply? Cross-border data transfer restrictions are problematic Security is a key concern Law enforcement access to data stored in the cloud Consider service provider restrictions HIPAA GLB 12

Incident response plan and team Tabletop exercise Vendor engagements Law enforcement coordination Cyber insurance Incident Response and Proactive Preparation 13

Final Words of Wisdom 14

Contacts Lisa J. Sotto Ewa Abrams Victoria King Partner Associate General Counsel Global Privacy Officer Hunton & Williams LLP Tiffany & Co. UPS (212) 309-1223 (212) 230-5351 (404) 828-6550 lsotto@hunton.com ewa.abrams@tiffany.com vking@ups.com www.huntonprivacyblog.com @hunton_privacy

Speaker Biographies 16

Lisa J. Sotto Lisa J. Sotto is the managing partner of the firm s New York office, and chairs the firm s top-ranked Global Privacy and Cybersecurity practice. Named among The National Law Journal s 100 Most Influential Lawyers in 2013, she also was voted the world s leading privacy advisor in Computerworld s three most recent annual surveys and was recognized by Chambers and Partners as a Star performer for Privacy & Data Security. Ms. Sotto also is recognized as a leading lawyer by The Legal 500 United States. Ms. Sotto has extensive experience counseling clients on privacy, cybersecurity and records management issues. She serves as Chairperson of the Department of Homeland Security s Data Privacy and Integrity Advisory Committee. Ms. Sotto is a member of the Board of Directors of the International Association of Privacy Professionals, co-chair of the International Privacy Law Committee of the New York State Bar Association, and chair of the New York Privacy Officers Forum. She is the editor and lead author of the legal treatise entitled Privacy and Data Security Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business. 17

Ewa Abrams Ewa Abrams is Vice President - Associate General Counsel & Chief Privacy Officer of Tiffany & Co. Her work at Tiffany has spanned a variety of practice areas including corporate intellectual property management; unfair competition; anti-counterfeiting; data privacy / security; internet, advertising and media law; securities; and regulatory and compliance matters. For over ten years, Ms. Abrams has been responsible for all aspects of the management of Tiffany s worldwide intellectual property matters, including the strategic administration and protection of Tiffany & Co. s worldwide trademarks, copyrights and patents. Ms. Abrams specializes in trademark prosecution and enforcement, with an emphasis on internet-related issues, including advertising and social media. In her role as Chief Privacy Officer, she is responsible for worldwide privacy compliance for the company, which includes identifying, evaluating and managing risks associated with privacy and information management on a global basis. 18

Victoria King Victoria King is the Global Privacy Officer for UPS. She manages privacy and data protection for UPS global operations which encompass more than 440,000 employees, operations in 220 countries and more than 4 billion annual deliveries. She works closely with both her US and international privacy team members to address both tactical and strategic privacy matters. She also chairs the company s Information Security Council, a cross-functional management group that addresses privacy governance, strategic projects, communications and training. Victoria has been with UPS for 15 years and previously worked with the company s Legal and Public Affairs Departments. Prior to joining UPS, she was partner with the Southern California law firm of Best, Best & Krieger. She started her professional career with PriceWaterhouseCoopers, working in their Los Angeles, St. Louis and Frankfurt, Germany offices. Victoria joined the International Association of Privacy Professionals (IAPP) Educational Advisory Board in 2014. She co-chairs the IAPP s Atlanta Chapter of Privacy Professionals and has received her Certified Information Privacy Professional (CIPP) certification for both US and Information Technology. 19

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback