Privacy, Data Protection & Security

Slides:



Advertisements
Similar presentations
Data Privacy and Security in the Cloud Presented by Robert J. Scott Managing Partner Scott & Scott, LLP
Advertisements

Big Data - Ethical Data Use Kimberlin Cranford. Ethical Use in the Era of Big Data  Landscape has Changed  Attitudes about Big Data  PII, Anonymous,
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
LegalTech Asia DATA PRIVACY LAWS UPDATE Edward Chatterton 4 March 2013.
LAW SEMINARS INTERNATIONAL New Developments in Internet Marketing & Selling November 13 & 14, 2006 San Francisco, California Moderator : Maureen A. Young.
Name of presenter(s) or subtitle Privacy laws and their impact on research David W. Stark MRIA B.C. Chapter November 2, 2005.
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.
IAPP KnowledgeNet Los Angeles “Thinking Outside the Cookie Jar” The Second Wave of Global Privacy Protection: Why This Year Is Different Peter Swire, Senior.
Federal Trade Commission U.S. Rules on Privacy and Data Security Organization for International Investment General Counsel Conference October 16, 2009.
Recent Privacy Developments ISACA January 12, 2012 Keith A. Cheresko and Robert L. Rothman Principals, Privacy Associates International LLC.
Direct from Washington: The Impact of Federal Legislation on Direct & Interactive Marketers.
The Internet of Things and Consumer Protection
Chapter 8 Auditing in an E-commerce Environment
Job Corps Equal Opportunity Officers Orientation Presenter: Kevin Malone U.S. Department of Labor Civil Rights Center.
Legal Jeopardy: Whose Risk Is It?. SPEAKERS Jason Straight Chief Privacy Officer and Senior Vice President Cyber Risk Solutions at UnitedLex Patrick Manzo.
Chapter 4: Laws, Regulations, and Compliance
Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.
Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.
Key Points for a Privacy Programme for Multinationals Steve Coope.
Law Firm Data Security: What In-house Counsel Need to Know
GDPR Impact.
Data Protection Officer’s Overview of the GDPR
DOL Employee Benefit Plan Audits & How to Prepare
Hot Topics in the Financial Industry: Cybersecurity
MGMT 452 Corporate Social Responsibility
Data Minimization Framework
Overview General Data Protection Regulation (GDPR)
Office 365 Security Assessment Workshop
Understanding EU GDPR from an Office 365 perspective
Regulatory Compliance
Contingent Workforce: Global Privacy Laws Overview
6 October 2016 Social media: do you have the right social media strategy that will impact your business’ growth? - Legal and Regulatory Issues William.
Microsoft 365 Get help with regulatory compliance
Decrypting Data Compliance in China
Auditing Cloud Services
GDPR Awareness and Training Workshop
Online platforms Brussels, September 2016.
General Data Protection Regulation
General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.
Privacy and Security in the Employment Relationship
What Does It Mean To Be A Privacy Professional?
GDPR support January GDPR support January 2018.
Microsoft Corporation
INTRODUCTION TO GDPR 19/09/2018.
Data Privacy: Essentials for Payroll
Bob Siegel President Privacy Ref, Inc.
Vikas Dewangan (Senior Technology Architect)
Consumer Privacy An Introduction
The State of Cybersecurity and
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
The Australian Consumer Law in the digital marketplace
Sameer Sharma, ITU 7 August, 2018 Dhaka, Bangladesh.
Welcome!.
GDPR enforcement begins
Tips on Privacy Audits and Assessments Insurance Consumer Affairs Exchange October 2, 2005 Kirk Herath, CPO & Associate General Counsel, Nationwide Insurance.
GDPR for SMEs webinar 15 June 2018.
NCHER 2018 Fall Legal Meeting October 5, 2018
As Business Goes Digital: Balancing Risk, Competition, and Innovation
 GDPR Readiness Quiz Quick Insight: Quick Insight: Quick Insight:
The Impact of Digitization on Global Alignment of Product Safety Regulations ICPHSO International Symposium November 12, 2018.
General Data Protection regulation (GDPR)
Managing Privacy Risk in Your Commercial Practices
Cyber Security: What the Head & Board Need to Know
MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further
THE IMPACT OF DATA PROTECTION RULES ON CORPORATE INFO SECURITY AND INCIDENT RESPONSE MANAGEMENT – The Energy sector CEER Cybersecurity Workshop Massimo.
Texas Assisted Living Association 2019 Conference
IT and Audit Building a Security Aware Culture
GDPR is here – are you ready?
Anatomy of a Common Cyber Attack
Presentation transcript:

Privacy, Data Protection & Security Getting Started in Privacy October 4, 2017

Agenda Introductions Overview: Privacy, Data Protection and Security Law Role of Privacy Lawyers: In –House Law Firms Government Favorite Things about Being a Privacy Lawyer Suggestions for Steps to Take to Prepare to Be a Privacy Lawyer

Introductions Debra Bromson—Assistant General Counsel, AAA Club Alliance Inc. Margaret Gloeckle—VP, Privacy & Compliance Counsel A & E Networks Laura Schmidt—Associate, White & Williams Ashley Slavik-Senior Counsel & Global Data Privacy Officer, Veeva Systems Neil Chilson-Acting Chief Technologist, Federal Trade Commission

Overview Privacy and Security concerns have reached new levels due to: The proliferation of the Internet of Things, and new technologies that allow the collection of personal data Online marketing/Behavioral Advertising/Mobile Apps Significant Global Laws requiring compliance and requirements for protecting and sharing personal data across borders Big Data/Data Analytics Huge increase in Data Breaches Large growth in litigation Cybersecurity requirements

U.S. Privacy Framework No single comprehensive federal law—different laws (sectoral) based on industries such as: Financial Privacy (e.g. GLBA) Educational Privacy Health Privacy (HIPAA) Section 5 of FTC Act prohibiting deceptive and unfair practices State laws Data Breach Notification—48 states, DC and most territories State financial privacy laws ( e.g. NYS; other states have incorporated PCI DSS into laws) California Online Privacy Protection Act (COPPA) and Delaware Online Privacy and Protection Act (DOPPA) Health Privacy Laws

U.S. Privacy Framework Voluntary standards Company Privacy Policy (may be enforced by FTC) Payment Card Industry Data Security Standards (PCI-DSS) Digital Advertising Alliance

Global Privacy Broad scope of laws—Need to understand and determine obligations for an organization based on where they conduct business or collect personal data EU—General Data Protection Regulation becoming effective May 25, 2018. GDPR provides for a strict new framework with increased obligations for organizations Reach is global (referred to as extra-territorial scope)—impacts organizations from any country that offers goods or services (irrespective of whether payment is required) to or monitors behavior of individuals in the EU Asia Canada South America—Brazil as the “lead” country Need to recognize differences between jurisdictions Prepare for mandatory breach notifications

Key Operational Privacy Steps Cross Border Privacy Compliance—Privacy Shield, model contracts, vendor requirements Privacy by Design—Proactive planning Privacy Impact Assessments Data Mapping— “Who, What, Where, When, Why and How” you collect, share and process personal data Vendor Management Privacy Policy requirements Best practices—consent, transparency Data Breach Program Privacy Training and Communications Cybersecurity Insurance

Building a Privacy Team--Interactions with Stakeholders Privacy Office—Chief Privacy Officer Information Technology—CIO; CISO Legal –In-house; Outside Counsel HR External and Internal Communications Outside Consultants

Privacy Lawyer-- In-House Many ways companies may structure privacy support: Privacy Office—Can report to GC; Compliance or IT Data Protection Officer-- as may be required under GDPR Legal Department Bigger companies usually have lawyers who support the Privacy Office Smaller companies may just have a lawyer who acts as a privacy officer or advisor Other business areas that will likely need privacy input from legal: M & A, Contracting and Procurement, Marketing, E-Commerce, HR (eg health plans)

Privacy Lawyers in Law Firms Practice can span litigation, transactional and compliance work Can serve as outside privacy/security counsel for small to mid-size companies Frequently work with other practice areas in the firm – both internal and external marketing is important Working with outside vendors and consultants is very common Learning and keeping up to date on recent developments is critical and must be a daily habit

Privacy Lawyers in Government Law enforcement / litigation FTC’s Division of Privacy and Identity Protection State AG offices International coordination Subject matter expertise + diplomatic skills Compliance with government privacy requirements Chief Privacy Officers Similar to In-House Role

Favorite Things about Being a Privacy Attorney International Scope Area is constantly changing –Both from a technology viewpoint and legal requirements Impacts most areas of a business so provides the ability to work with many different colleagues Building a Privacy Program Customer Focus

Suggestions for Steps to Take to Prepare to Be A Privacy Lawyer Take privacy classes at GW—Dan Solove is a top privacy expert! Experience/understanding of IT and cybersecurity is very helpful Networking/Get a Mentor Learning—Stay up to date through newsletters, free webinars and workshops Join the IAPP, or other industry related groups—consider getting an industry certification (eg. CIPP) Look for positions at firms with clients whose businesses are likely to raise privacy issues, or in-house roles where you can begin to develop your expertise Privacy Internships PrivacyCon2018—FTC has put out a call for presentations from students for PrivacyCon Student Poster Session for PrivacyCon 2018 (February 28, 2018)-- https://www.ftc.gov/news-events/events- calendar/2018/02/privacycon-2018

Suggested Resources Teach Privacy-- www.teachprivacy.com Dan Solove’s other websites: https://www.informationprivacylaw.com/ IAPP website—www.iapp.com Privacy Blogs: Examples: White and Williams: http://cyber.whiteandwilliams.com/ Sidley Austin: http://datamatters.sidley.com/ Hogan Lovells: http://www.hldataprotection.com/ Hunton & Williams: https://www.huntonprivacyblog.com/ Nymity--www.nymity.com TrustArc-www.trustarc.com Charts on US Security Breach Laws-- See BakerHostetler; FoleyLardner; Mintz Levin; Perkins Coie; DavisWrightTremaine