Hot Topics in Privacy

Similar documents
Hot Topics in Privacy

Developing Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite?

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?

General Data Protection Regulation (GDPR)

Keeping It Under Wraps: Personally Identifiable Information (PII)

Cybersecurity in Higher Ed

Automotive Privacy. A discussion of privacy and security legal compliance for the automotive industry

Data Security: Public Contracts and the Cloud

Cyber Security in M&A. Joshua Stone, CIA, CFE, CISA

Cybersecurity and Nonprofit

Cloud Computing, SaaS and Outsourcing

Overview of Key E.U. and U.S. Privacy and Cybersecurity Laws. Brett Lockwood Smith, Gambrell & Russell, LLP May 15, 2018

The Role of the Data Protection Officer

Altius IT Policy Collection Compliance and Standards Matrix

DeMystifying Data Breaches and Information Security Compliance

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

US 2013 Consumer Data Privacy Study Mobile Edition

U.S. Private-sector Privacy Certification

Cybersecurity Considerations for GDPR

Altius IT Policy Collection Compliance and Standards Matrix

What To Do When Your Data Winds Up Where It Shouldn t

General Data Protection Regulation April 3, Sarah Ackerman, Managing Director Ross Patz, Consultant

Top Five Privacy and Data Security Issues for Nonprofit Organizations

ITU Asia-Pacific Centres of Excellence Training on Conformity and Interoperability. Session 2: Conformity Assessment Principles

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016

Inside the OCR Investigation/Audit Process 2018 PBI HEALTH LAW INSTITUTE TUESDAY, MARCH 13, 2017 GREGORY M. FLISZAR, J.D., PH.D.

Privacy Policy GENERAL

Cyber Insurance: What is your bank doing to manage risk? presented by

Cloud Computing Risks & Reality. Sandra Liepkalns, CRISC

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

Are your data ready for GDPR Compliance?

2017 Cyber Incident & Breach Readiness Webinar Will Start Shortly

Data Breach Notification: what EU law means for your information security strategy

EU General Data Protection Regulation (GDPR) Achieving compliance

Cybersecurity The Evolving Landscape

All 3 Billion Yahoo Accounts Were Affected by 2013 Attack NY Times 10/3/17

What is GDPR? Editorial: The Guardian: August 7th, EU Charter of Fundamental Rights, 2000

DATA PROTECTION BY DESIGN

Workday s Robust Privacy Program

Aligning Your Organization s Business Units to Achieve a Cohesive Cybersecurity Strategy

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

register to use the Service, place an order, or provide contact information to an Independent Business Owner;

Building YOUR Privacy Program: One Size Does Not Fit All. IBM Security Services

Understanding the Impact of Data Privacy January 2012

Breach Notification Form

GDPR: A QUICK OVERVIEW

Effective Strategies for Managing Cybersecurity Risks

GDPR How to Comply in an HPE NonStop Environment. Steve Tcherchian GTUG Mai 2018

How the European Commission is supporting innovation in mobile health technologies Nordic Mobile Healthcare Technology Congress 2015

DATA PRIVACY & SECURITY THE CHANGING HIPAA CLIMATE

Challenges Managing Self-Encrypting NAND Flash Devices

SAS 70 Audit Concepts. and Benefits JAYACHANDRAN.B,CISA,CISM. August 2010

General Data Protection Regulation Frequently Asked Questions (FAQ) General Questions

Hong Kong s Personal Data (Privacy) Ordinance

HIPAA-HITECH: Privacy & Security Updates for 2015

Developments in Global Data Protection & Transfer: How They Impact Third-Party Contracts

General Data Protection Regulation: Knowing your data. Title. Prepared by: Paul Barks, Managing Consultant

Social Media and Texting: A Growing Concern

Key Customer Issues to Consider Before Entering into a Cloud Services Arrangement

SANMINA CORPORATION PRIVACY POLICY. Effective date: May 25, 2018

Integrating HIPAA into Your Managed Care Compliance Program

Compliance of Panda Products with General Data Protection Regulation (GDPR) Panda Security

Emerging Challenges in mhealth: Keeping Information Safe & Secure HCCA CI Web Hull Privacy, Data Protection, & Compliance Advisor

POMONA EUROPE ADVISORS LIMITED

Topics 4/11/2016. Emerging Challenges in mhealth: Keeping Information Safe & Secure. Here s the challenge It s just the beginning of mhealth

IT Audit and Risk Trends for Credit Union Internal Auditors. Blair Bautista, Director Bob Grill, Manager David Dyk, Manager

A Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud

2016 Data Protection & Breach Readiness Webinar Will Start Shortly. please download the guide at

Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH

2014 Luxury & Fashion Industry Conference for Multinationals

Certified Information Privacy Professional/United States

DATA SECURITY - DATA PROTECTION ACT

How to Navigate International Privacy and Data Security Developments Beyond the US and the EU, Namely Canada January 30, 2019

Accelerate GDPR compliance with the Microsoft Cloud

IMPACT OF INTERNATIONAL PRIVACY REGULATIONS. Michelle Caswell, Coalfire Julia Jacobson, K&L Gates

GDPR - Are you ready?

GUESTBOOK REWARDS, INC. Privacy Policy

GLBA, information security and incident response a compliance perspective

01.0 Policy Responsibilities and Oversight

NYDFS Cybersecurity Regulations

Privacy Policy. Optimizely, Inc. 1. Information We Collect

Protecting Your Gear, Your Work & Cal Poly

Tokenisation: Reducing Data Security Risk

for the Dental Industry

Emergency Compliance DG Special Case DAMA INDIANA

African Theatre Association (AfTA) PRIVACY POLICY

Compliance A primer. Surveys indicate that 80% of the spend on IT security technology is driven by the need to comply with regulatory legislation.

Cyber Risks in the Boardroom Conference

DATA PROTECTION LAWS OF THE WORLD. United States

SOC 3 for Security and Availability

HITRUST CSF: One Framework

Safeguards on Personal Data Privacy.

CipherCloud CASB+ Connector for ServiceNow

The HIPAA Omnibus Rule

HIPAA in 2017: Hot Topics You Can t Ignore. Danika Brinda, PhD, RHIA, CHPS, HCISPP March 16, 2017

What is Cybersecurity?

Data Management and Security in the GDPR Era

Data Leak Protection legal framework and managing the challenges of a security breach

The GDPR and NIS Directive: Risk-based security measures and incident notification requirements

Transcription:

Hot Topics in Privacy Gretchen S. Herault Monster Worldwide SCCE Conference April 12, 2013 Agenda Privacy Landscape current state of regulatory coverage > Global > Industry Sector > Technology Hot Topics Common Themes Action Steps Questions Additional Resources 2 1

Privacy Landscape 3 Current Landscape US > Regulation based on industry sector, based on consumer protection principles FTC SEC > State-level regulation Data breach notification requirements MA, NV have security requirements for personal information Canada and EU > Comprehensive privacy frameworks, based on notion of privacy as fundamental human right > Canada: PIPEDA > EU: individual member country implementing legislation of EU Data Protection Directive APAC and Latin America > Varies by country > Countries with newer regimes adopting European style approaches 4 2

Current Landscape: Sector Regulation Health information > HIPAA Financial information > GLBA > Credit card information Personal information or PII > Catch all > Varies by sector and by jurisdiction Date of birth > Sensitive information SSN, driver s license number, bank account number, passport number 5 Technology Most privacy laws on the books written in the 90s Since then the development of new technologies and their uses has exceeded the law s capacity to regulate > Apps and social media > Mobile and online payments > User tracking > Behavioral advertising Email addresses becoming most important piece of personal information as technology develops > Used for account credentials to log in > Used for email marketing 6 3

Common themes Laws and regulation not keeping pace with technological development Technology is allowing the rapid growth of collection of personally identifiable information, > Direct marketing > User tracking Advertising Mobile apps > Social media and mobile apps > Genetic information > Biometrics Facebook facial recognition Greater expectations regarding corporate standards and accountability for privacy and data protection > Subcontractor/supplier duties > Employee privacy rights Self-regulatory standards > NAI, DMA, DAA > TRUSTe, BBB Rising enforcement Additional requirements for breach prevention and greater security > MA Security Reg > Executive Order on Cybersecurity 7 Rapid Growth of collection of Personally Identifiable Information Direct marketing User tracking > Analytics Creation of profiles by amassing and merging large pools of data Rise of Big Data > Advertising User tracking across websites > Mobile apps Universal Device ID Location tracking Maps/Google Street View Social media > Enables more data to be shared, collected, intercepted Genetic information/biometric data 8 4

User Tracking Tracking > Behavioral Advertising/Targeted Advertising > Retargeting > Use of location in mobile advertising and applications/ Universal Device ID > GPS tracking Big Data > Creation of profiles about individuals > Lack of individual control Anonymization and Re-identification 9 Greater expectations Subcontractor/supplier duties > SAS 70 replaced by new standard US AICAPA SSAE 16 Employee privacy rights > Use of Social Security numbers as identifiers CT, NY regulations on use of SSN > Mobile device tracking/gps tracking > Company equipment usage monitoring Bring Your Own Device HIPAA/HITECH > Final rule has been adopted and takes effect September 23, 2013 > Security and privacy requirements include business associates > Compromise vs. harm standard of assessing risk > 60 days to notify of breach of PHI > Increased penalties, mandatory HHS audits 10 5

Self-regulatory standards Marketing organizations Network Advertising Initiative Direct Marketing Association Digital Advertising Alliance Privacy Certifications and Seals > TRUSTe > Better Business Bureau > Safe Harbor 11 Rising enforcement CA AG created Privacy Enforcement and Protection Unit CA and EU have published mobile app privacy guidelines > Both require privacy disclosures before installation of app Greater fining authority for EU data protection authorities > UK ICO levies highest fine yet for Sony Playstation breach ( 250,000) > Google settles WiFi claims with 38 states for $7 million MA automatically requesting copies of Written Information Security Program upon report of breach 12 6

Additional requirements for breach prevention and greater security Greater awareness of underweb and hacking > Phishing > Account hacking > Online banking and credit card transactions Cybersecurity initiatives > Executive Order on Cybersecurity > MD cybersecurity commission SEC disclosures on cybersecurity risks 13 Action Steps Know who regulates your business Know where data privacy is relevant to organization > Talk to people who actually handle or manage data and understand how it is used > Create risk profile of data > Triage risk Create/Review Policies > Social media > BYOD > Written Information Security Program Review/Audit Vendors > HIPAA/HITECH for business associate agreements > Security requirements MA security regulation compliance for personal information of MA residents Payment Card Industry Data Security Standard (PCI DSS) compliance Evaluate self-regulatory organizations and value to organization 14 7

If Nothing Else Be transparent Be clear Honor requests > Account deletion > Opt outs Think ahead of the law 15 Questions and Discussion 16 8

Additional Resources International Association of Privacy Professionals, Digital Advertising Alliance, Network Advertising Initiative Publications: BNA, Nymity Privaworks, DataGuidance HIPAA Final Omnibus Rule: http://www.gpo.gov/fdsys/pkg/fr-2013-01-25/pdf/2013-01073.pdf EU s Article 29 Working Party Opinion on Mobile Apps: http://ec.europa.eu/justice/dataprotection/article-29/documentation/opinion-recommendation/files/2013/wp202_en.pdf CA AG s recommendations on mobile ecosystem: http://oag.ca.gov/sites/all/files/agweb/pdfs/privacy/privacy_on_the_go.pdf? AICPA s new SSAE 16 standard: http://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/pages/sorhome.aspx SEC guidance on cybersecurity disclosures: http://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm MA security regulation: http://www.mass.gov/ocabr/docs/idtheft/201cmr1700reg.pdf Executive Order on Cybersecurity: http://www.whitehouse.gov/the-pressoffice/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity 17 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback