IAPP Global Privacy Summit, 3/8/12 1. Joanne McNabb, CIPP/US/G/IT Chief California Office of Privacy Protection Lisa Sotto Partner & Head, Privacy & Information.

Slides:

Advertisements

Similar presentations

How to Convert CPRs into AF Introductions The Hows and Whys.

Advertisements

Background Credit reporting agencies are a key player, helping facilitate modern commerce Credit records help predict the risk of a transaction Credit.

Safeguarding Data to Ensure Effective Data Use Paige Kowalski |Director| State Policy & Advocacy July 2014.

NACARA Annual Conference Industry Perspectives Panel September 29,2014 Boise, Idaho Andy Madden Director State Government Affairs ACA International.

Surviving a Privacy Exam Barbara B. Fitch 2 nd VP–Market Conduct & Compliance National Life Insurance Company October 3, 2005.

Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.

Computers, Freedom and Privacy April 23, 2004 Identity Theft: Addressing the Problem in California Joanne McNabb, Chief CA Office of Privacy Protection.

© 2006 IBM Corporation Privacy Matters: Safeguarding Identity, Data and Corporate Reputation Harriet P. Pearson VP Corporate Affairs & Chief Privacy Officer.

Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.

GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.

Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.

CertAnon A Proposal for an Anonymous WAN Authentication Service David Mirra CS410 January 30, 2007.

© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

In the Belly of the Breach: What Every In-House Counsel Needs to Know about Data Breach Response ACC International Legal Affairs Committee Legal Quick.

Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

Track II: Introduction and Overview of Financial Services and Information Technology Privacy Policy: Synthesizing Financial Services Industry Privacy David.

Enterprise data (decentralized control, data security and privacy) Incident Response: State and Federal Law Rodney Petersen Security Task Force Coordinator.

Responding to a Security Incident Maryland Security Day March 2, 2004 Joy Hughes, CIO

Case Study: Department of Revenue Data Breach National Association of State Auditors, Comptrollers and Treasurers March 21, 2013.

Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.

ENCRYPTION Team 2.0 Pamela Dornan, Thomas Malone, David Kotar, Nayan Thakker, and Eddie Gallon.

7-Oct-15 Threat on personal data Let the user be aware Privacy and protection.

2.07 Reinforce company’s image to exhibit the company’s brand promise.

Data Security: Steps to Improved Information Security September 22, 2015 Presented by: Alex Henderson General Counsel and Chief Administrative Officer.

Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

New Identity Theft Rules Rodney J. Petersen, J.D. Government Relations Officer Security Task Force Coordinator EDUCAUSE.

FIRMA April 2010 DATA BREACHES & PRIVACY Christine M. Farquhar Managing Director, Compliance J.P. Morgan U.S. Private Banking.

Security and Privacy: Panel of Perspectives Rick Skeel University of Oklahoma.

1Copyright Jordan Lawrence. All rights reserved. U. S. Privacy and Security Laws DELVACCA INAUGURAL INHOUSE COUNSEL CONFERENCE April 1, 2009 Marty.

Privacy Advisory Services … … A Best Practices, Integrated Approach Insert Firm Name Here.

Chapter 27 Your Credit and the Law pp Learning Targets 1.Explain 1.Explain how government protects credit rights. 2. Name 2. Name federal laws.

Engineering and Management of Secure Computer Networks School of Engineering © Steve Woodhead 2009 Corporate Governance and Information Security (InfoSec)

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office.

Government Agency’s Name April  At the end of this course, the learner will be able to: ◦ Define personally identifiable information ◦ List examples.

Legal Jeopardy: Whose Risk Is It?. SPEAKERS Jason Straight Chief Privacy Officer and Senior Vice President Cyber Risk Solutions at UnitedLex Patrick Manzo.

Compliance, Defensibility & Usability of Information on a Global Stage Monday, October 19, :00 – 10:30 AM Global Legal Issues 1.

Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.

Data Security in the Cloud and Data Breaches: Lawyer’s Perspective Dino Tsibouris Mehmet Munur

PROTECTING YOUR CREDIT PG NAME, TEACHER AND DATE.

Protecting Yourself from Fraud including Identity Theft Advanced Level.

CMG Events 2016 Cybersecurity Briefing 24 February 2016 John Magee William Fry.

Financial Times Matheson is ranked in the FT’s top 10 European law firms Matheson has also been commended by the FT for corporate law,

CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)

EXPLAIN COMPANY SELLING POLICIES. Marketing Performance Indicator 2.03 Please use your cell phones to search terms during this presentation.

HOW TO AVOID COMMON DATA BREACH PITFALLS IAPP Privacy Academy 2014.

Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.

Combating Identity Fraud In A Virtual World

HIPAA Layered Privacy Notices

Regulatory Compliance

Microsoft 365 Get help with regulatory compliance

Tax Identity Theft Presenter Date

Chapter 3: IRS and FTC Data Security Rules

Richard Purcell Corporate Privacy Officer Microsoft Corporation

Who Uses Encryption? Module 7 Section 3.

Cyber Trends and Market Update

Rogers Enterprise Security Solutions

The State of Cybersecurity and

DATA BREACHES & PRIVACY Christine M

Business Impact Analysis 101

Managing Privacy Risk in Your Commercial Practices

Cyber Security: What the Head & Board Need to Know

Data Mapping & Data Subject Rights

Anthem Data Breach Group 2: Jing Jiang, Dongjie Wang, Haitao Huang, Binju Gaire, Parneet Toor.

Sam elkholy Director, systems engineering

Anatomy of a Common Cyber Attack

Presentation transcript:

IAPP Global Privacy Summit, 3/8/12 1

Joanne McNabb, CIPP/US/G/IT Chief California Office of Privacy Protection Lisa Sotto Partner & Head, Privacy & Information Management Practice Hunton & Williams Susan Grant Director of Consumer Protection Consumer Federation of America 2

Session Outline Cost of a Data Breach Bad Communications Better Communications Making Amends Communications & Litigation 3

Entrust Survey Reveals RSA Data Breach Undermines Confidence in Hard Token Authentication SecurID Company Suffers a Breach of Data Security Sony Data Breach Exposes Users to Years of Identity-Theft Risk Congress Probes TRICARE Breach Bipartisan Effort to Learn More About Massive Incident 4

Breach Cost by Activity 5 Ponemon, 2010 Annual Study: U.S. Cost of a Data Breach

Lost Trust = Lost Customers 6 Some industries suffer more than others. Ponemon, 2010 Annual Study: U.S. Cost of a Data Breach

Breach Impact on Reputation 7 Ponemon, Reputation Impact of a Data Breach, November 2011

8

Notification Timing Issues Not too soon, not too late. Consider delivery date. Avoid multiple flights of notices. 9

Notice Issues A legal notice? A communications piece? A marketing tool? Tone – What NOT to say – Who’s it from? – Addressed to whom? 10

11 User name ENCRYPTED billing address ENCRYPTED credit card info Why?? Huh? EXAMPLE OF A NOT GREAT NOTICE

12

13 BEFORE 351 Words, 12 th Grade AFTER 224Words, 8 th Grade

14

15

16

Good Communications Strategies Outside communications firms Internal folks to train Employee communications Regulator communications Media 17

18 Making amends

Tips for Yom Kippur Accept that you screwed up. Express sincere remorse for your actions. The other person may not be able to accept your apology. Where possible take action to restore what was lost. Reflect on what you’ve learned. 19 From Twin Cities Hub for Jewish Stuff

Choosing a Make-Good Product Should you provide an identity theft service? If no, what else could you do to help your customers? If yes, what type of service would best fit your customers’ needs under the circumstances? What should you look for and what should you avoid when choosing a service? 20

21

Communications Before & During Litigation A contrite word may forestall litigation Before litigation, don’t think like a litigator If you offer a gift card to one unhappy customer, be prepared to offer one to all in settlement of an action If litigation is inevitable, vet all communications through the legal team 22

References & Resources California Office of Privacy Protection, Recommended Practices on Notice of Security Breach (1/12), Consumer Federation of America, Shopping for ID Theft Services, at Plain language resources – –

What to Do Next Week Review “Shopping for ID Theft Services” and select product(s) for future use. Review your breach notice templates. Share plain language resources with your communications people. 24