Consumer Privacy An Introduction

Slides:

Advertisements

Similar presentations

Big Data - Ethical Data Use Kimberlin Cranford. Ethical Use in the Era of Big Data  Landscape has Changed  Attitudes about Big Data  PII, Anonymous,

Advertisements

ROUNDTABLE LEADERSHIP Rob Northwood, Senior Compliance Officer, First Mortgage Co. Billy Parsley, Vice President, BancFirst Bruce Schultz, Senior Vice.

International Seminar on ICT Policy Reform and Rural Communication Infrastructure Keio University, Shonan Fujisawa, Japan, 24th August Paul Moffatt.

Developing a Records & Information Retention & Disposition Program:

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Information Systems Security Officer

Laws and Agencies that Provide Financial Safeguards Consumer Protection.

Vendor Risk: Effective Management is Essential

D-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Module D Internal, Governmental, and Fraud Audits “I predict that audit.

Outsourcing Louis P. Piergeti VP, IIROC March 29, 2011.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

Copyright © Houghton Mifflin Company. All rights reserved.1-1 Chapter 1 The Importance of Business Ethics.

Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.

RESPONSIBLE SHREDDING Bob Johnson CEO, NAID. Compliant and secure disposition.

A Perspective: Data Flow Governance in Asia Pacific & APEC Framework Martin Abrams October 21, 2008.

“Commercialization and enforcement of intellectual property rights” - Skopje, April 2009 UNECE ‘Recommendation M’ on the Use of Market Surveillance.

Chapter 1 An Overview of Business Ethics. 1-2 Why differentiate between rules/policies/law & ethics? the difference between an ordinary decision & an.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

International Legal Regulation of the Securities Market Regulation of the securities market is an ordering activity of all its participants and transactions.

Regulatory Institutions in Turkey. Regulatory Institutions Central Bank of Turkey Banking Supervision and Regulatory Institutions Capital Markets Board.

Federal Trade Commission U.S. Rules on Privacy and Data Security Organization for International Investment General Counsel Conference October 16, 2009.

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.

Tad and Terry Legal Issues in ILP. 28 CFR Part 23 The federal rule that governs or provides guidance for these issues. § 23.3 Applicability: These policy.

Privacy: An International Perspective Marty Abrams August 18, 2008.

Module 4: Governance Structures and their responsibilities under the MFMA 1.

Compliance August 18, Agenda Outline Status Draft of Answers.

1 PARCC Data Privacy & Security Policy December 2013.

Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.

Chapter 4 The Institutionalization of Business Ethics Copyright © Houghton Mifflin Company. All rights reserved. MGT University of Bahrain College.

SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.

Presented by: David Reid, DBA International

JMFIP Financial Management Conference

Business in a Changing World

Business Briefing Security Service Providers

Information Security Program

An Update on FERPA and Student Privacy

MGMT 452 Corporate Social Responsibility

Internal Audits, Governmental Audits, and Fraud Examinations

Federal Agencies and Laws for Consumer Rights

Financial Service Centers of America

The Importance of Business Ethics

Microsoft 365 Get help with regulatory compliance

Decrypting Data Compliance in China

E&O Risk Management: Meeting the Challenge of Change

GDPR Awareness and Training Workshop

Principles of Management Learning Session # 12 Dr. A. Rashid Kausar.

Optimizing Your Regulatory Compliance Program

PRESENTATION OF THE AUTHORITY’S ANNUAL REPORT TO THE PORTFOLIO COMMITTEE ON SAFETY & SECURITY 4TH NOVEMBER Private Security Industry Regulatory.

INTRODUCTION TO ISO 9001:2015 FOR IMPLEMENTATION Varinder Kumar CISA, ISO27001 LA, ISO 9001 LA, ITIL, CEH, MEPGP IT, Certificate course in PII & Privacy.

Microsoft Corporation

The Importance of Business Ethics

Accountability and Internal Controls – Best Practices

GDPR - New Data Protection Regulation

General Data Protection Regulation

Advanced Management Control and Sustainable Development

Economic Policymaking

ALTA Best Practices.

Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .

 How does GDPR impact your business? Pro Tip: Pro Tip: Pro Tip:

Adding Value Across the Board

Outline What is governance and what does it comprise?

Economic Policymaking

UNDMTP Presentation, Session V: Early Warning Symposium 24 May 2006

Economic Policymaking

Managing Privacy Risk in Your Commercial Practices

GDPR PERSONDATAFORORDNINGEN I PRAKSIS

Student Data Privacy: National Trends and Wyoming’s Role

Presentation transcript:

Consumer Privacy An Introduction Marty Abrams August 20, 2008

Individuals Have Various Privacy Interests As a consumer How they relate to the market As a worker Employee Small business principal As a resident of a political unit Government use of data it collects, purchases and demands Scope of this session is consumer privacy interests

Privacy May Be Segmented Into Three Elements Security of information Information must have appropriate protections Consumer protection Protection from the harmful application of information Cultural aspects of privacy Space to be myself Space to define myself

Mission of Protection Agencies Makes a Difference US uses consumer protection agencies to enforce privacy Impacts approach Impacts scope Europe and most others use pure privacy protection agencies Scope is personal information Procedurally based enforcement

US Consumer Privacy Legal Protections Are a Mosaic Constitution Very limited Consumer protection laws with a defined harms based focus FCRA ECOA Transparency based GLBA Market fairness based Section 5 of the FTC Act State Laws

Three Eras in US Consumer Privacy Protections Industry specific laws (1972 – 1995) and Privacy Act protection over government records Fair Information Practice Era (1995 – 2001) Harms based enforcement (2001 – forward)

FTC Defined Harms Deception Fraud Intrusion without value Absence of appropriate levels of security

Apples & Oranges of Harm FTC harms as the basis for enforcement FTC prevention of harms as the basis for enforcement 2008 Communiqué from 28th Annual Data Protection and Privacy conference APEC Prevention of Harm principle There is a difference between harms based enforcement and prevention of harm

Understanding and Mitigating Harm to Persons Risky Business Practices Harms to Persons Inadequate security Weak transparency/choice Breakdown in the chain of data custody Unnecessary collection/retention of data Business process outside the box Physical Financial Social May lead to… Evaluated by: Social Norms and Enforcement Criteria Socially unacceptable Beyond established norms Use out of proportion Traditional consumer protection laws (fraud, unfair, deceptive) Resulting in: Legal actions Awareness and change in public opinion Legislation or new limitations Change in business practices Copyright 2008 The Center for Information Policy Leadership

Security Has Become Dominant California Data Breach 40+ state laws Enforcement based on data breaches

Outsourcing Creates Difficulties We are talking about global sourcing as well as outsourcing All process driven by data Customer is required to pass on all obligations and do due diligence to assure vendor has capacity to protect data Vendor has an obligation to both understand obligations and meet them

PII Trap Privacy officers domain is Personal Information or Personally Identifiable Information Increasingly we use information in a fashion that requires extra step to be identifiable Regulators in the US are charging with protecting consumers If your domain is limited to PII you have fallen into a trap

Regulatory Trend Is to Accountability Safeguards rule is the model Accountability is hard Knowledge Application of knowledge to decisions Oversight Answerability

Organizational Privacy Management Current era is compliance driven Tomorrow will be strategic information management Transition will be difficult

How to Reach Me mabrams@ hunton.com