Why Privacy Now Goes Far Beyond Complying With Your Privacy Policy Peter Swire Facebook: June 3, 2015.

Slides:

Advertisements

Similar presentations

The United States, Privacy, and Data Protection Peter P. Swire Dutch Embassy Presentation January 19, 2001.

Advertisements

Reflections on the White House Privacy Office Peter P. Swire U.S. Chief Counselor for Privacy, OSU College of Law, 2001-present CFP, March 8,

Electronic Surveillance, Security, and Privacy Professor Peter P. Swire Ohio State University InSITes -- Carnegie Mellon February 7, 2002.

From Real-Time Intercepts to Stored Records: Why Encryption Drives the Government to Seek Access to the Cloud Peter Swire Moritz College of Law Ohio State.

The Role of the Federal Government in Privacy Policy Professor Peter P. Swire The Ohio State University Center for American Progress The Privacy Symposium,

Reflections on the White House Privacy Office Peter P. Swire Ohio State University Center for American Progress N.C. State Privacy Day January 29, 2008.

Cybersecurity and UAV Issues John Rose, Deputy-Director, Public Policy, Region VI.

Big Data - Ethical Data Use Kimberlin Cranford. Ethical Use in the Era of Big Data  Landscape has Changed  Attitudes about Big Data  PII, Anonymous,

Andrew J Haire. Agenda  Let us define Terms…  What do we know so far  How did we get here  What are Implications to Policy Makers  What will this.

US View on the Technological Convergence Between the Internet of Things and Cloud Computing June 1, 2010 Brussels, Belgium Presented by: Dan Caprio.

Privacy & Cybersecurity Compliance in the Post-Snowden World Compliance Week 2014 Conference Peter Swire Huang Professor of Law and Ethics.

Jinhyun CHO Senior Researcher Korea Internet and Security Agency.

© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.

The Internet industry’s privacy seal program Silicon Valley Web Guild.

© 2006 IBM Corporation Privacy Matters: Safeguarding Identity, Data and Corporate Reputation Harriet P. Pearson VP Corporate Affairs & Chief Privacy Officer.

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

Mckennalong.com Center for Policy on Emerging Technology Dan Caprio, Senior Strategic Advisor, McKenna.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Privacy in Ontario Brian Beamish Office of the Information and Privacy Commissioner/Ontario Presentation to Security Canada Central 2002 International.

Disclaimer This Presentation is provided “as is” without any express or implied warranty. This Presentation is for educational purposes only and does not.

Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.

Privacy as an International Information Issue MD823 October 18, 2004.

Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.

Rapid Mobile Development Enterprises are having a tough time keeping up with the demand for mobile apps. With these growing demands, businesses are expecting.

Challenges for Civil Liberties

“Privacy Institutions in the Federal Government” Professor Peter Swire Ohio State University Center for American Progress Silicon Flatirons February 14,

LAW SEMINARS INTERNATIONAL New Developments in Internet Marketing & Selling November 13 & 14, 2006 San Francisco, California Moderator : Maureen A. Young.

Name of presenter(s) or subtitle Privacy laws and their impact on research David W. Stark MRIA B.C. Chapter November 2, 2005.

The U.S. Approach to Consumer Protection in the Online World U.S. Presentation FTAA Joint Government Private Sector Committee on Electronic Commerce 13th.

Eric J. Pritchard One Liberty Place, 46 th Floor 1650 Market Street Philadelphia, Pennsylvania (215)

The Declining Half Life of Secrets & the Future of Signals Intelligence Peter Swire Huang Professor of Law and Ethics Security & Human Behavior Conference.

© 2007 The MITRE Corporation. MITRE Privacy Practice W3C Government Linked Data Working Group Michael Aisenberg, Esq. 29 June 2011 Predicate for Privacy.

The Information System Opportunity

How Can We Deal with Risks from the Internet: Why Privacy Legislation Is Hot Right Now Professor Peter Swire Ohio State University/Center for American.

Notes for Discussion on a Privacy Practice © Joe Cleetus.

Student data Privacy and security in a Connected Learning world

Privacy Hot Topics Discussion August 18, 2011 The Corporate Privacy Forum Sharing practical solutions to today’s privacy challenges 1.

IAPP KnowledgeNet Los Angeles “Thinking Outside the Cookie Jar” The Second Wave of Global Privacy Protection: Why This Year Is Different Peter Swire, Senior.

Slide 1 E-commerce strategies: The basic elements of an enabling environment for e-commerce Geneva 11 July 2002 EU Perspectives on Electronic Commerce.

Environmental Management System Definitions

The Impact of Privacy on HP’s Customer Relationship Management Solution Mike Overly Vice President, Marketing © 2003 Hewlett-Packard Development Company,

Privacy & How IT Will Help JEFF NORTHROP, CTO

REPORT OF THE BJS/SEARCH NATIONAL TASK FORCE ON PRIVACY, TECHNOLOGY AND CRIMINAL JUSTICE INFORMATION May 31, 2000 Washington, DC Presented by Robert R.

Federal Trade Commission U.S. Rules on Privacy and Data Security Organization for International Investment General Counsel Conference October 16, 2009.

Direct from Washington: The Impact of Federal Legislation on Direct & Interactive Marketers.

The Internet of Things and Consumer Protection

Student Financial Assistance. Session 55-2 Session 55 Internet Privacy Laws.

Approved for Public Release. Distribution Unlimited. 1 Government Privacy Rick Newbold, JD, MBA, CIPP/G Futures Branch 28.

Introduction to our reality

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Data Security in the Cloud and Data Breaches: Lawyer’s Perspective Dino Tsibouris Mehmet Munur

© 2007 AT&T Knowledge Ventures. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Knowledge Ventures. Current Privacy Policy Issues in.

Key Points for a Privacy Programme for Multinationals Steve Coope.

Privacy Déjà Vu: Crypto, Government Surveillance and Safe Harbor, Peter Swire Georgia Tech/Alston & Bird IAPP Summit April 4, 2016.

EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.

Creating a Culture of Privacy Michael Kaiser Executive Director National Cyber Security

To buy this Report Visit

Andrew J Haire. Agenda  Let us define Terms…  What do we know so far  How did we get here  What are Implications to Policy Makers  What will this.

How Technology is Prompting US/EU Tension on Mutual Legal Assistance Peter Swire Huang Professor Law and Ethics Georgia Tech Scheller College of Business.

Consumer Information Federal Trade Commission Act grants Federal Trade Commission (FTC) responsibility regarding unfair methods of competition and unfair.

Framework of engagement : big data for official use Roy D. Ibay AVP Regulatory PLDT – Smart.

Pioneers in secure data storage devices. Users have become more accustomed to using multiple devices, are increasingly mobile, and are now used to storing.

Privacy and Public Policy Implications of IoT

Judicial Training on Data Protection and Privacy Rights

Peter Swire Holder Chair of Law and Ethics

Internet of (Every)Things

What Does It Mean To Be A Privacy Professional?

U.S. Intelligence Oversight Reforms & the Cloud Act

Peter Swire Engage CISO Roundtable with the

Upcoming PIPEDA Changes

Presentation transcript:

Why Privacy Now Goes Far Beyond Complying With Your Privacy Policy Peter Swire Facebook: June 3, 2015

Overview: Why Privacy Has Gotten Harder  The history:  First Wave of Global Privacy Protection – 1990’s  Post 9/11: comply with the privacy policy was the key  Second Wave – what we are in now  The technology:  From the Internet (90s) to multiple new tech challenges, from social networks to IoT  The result:  Responses from post 9/11 period do not handle the risks and realities in privacy and cyber today  Also, update on USA Freedom Act

First Wave  1993 – commercial activity on Internet  The First Wave  EU Directive in effect (1998); Safe Harbor (2000)  HIPAA (rules )  GLBA (law 1999)  Children’s Online Privacy Protection Act (1998)  Privacy policies and FTC rise to prominence for Internet privacy

Post 9/11 – Privacy slowdown  Security vs. privacy  Connect the dots  From “need to know” to “need to share”  Patriot Act 2001 (compare to 2000 proposal)  PNRs as US/EU focus – sharing more data  Self-regulatory efforts declined  FTC focus on “harm” only  Corporate focus primarily on the privacy policy

Post-9/11 (continued)  Meanwhile  Institutionalization of the CPO role  Safe Harbor adoption  While US did little  Canada, Mexico & steady stream of others led to over 100 countries with comprehensive laws by 2012 …

2012 Privacy Laws Comprehensive Law Sectoral Law

Compare 2012 with 1998 Privacy Laws Comprehensive Law Sectoral Law

The Second Wave: Public Attention to Privacy and Cyber  Like the 90’s, press stories very prominent on privacy and cyber  See the IAPP Daily Dashboard – it’s long every day (11)  Press and private sector  WSJ and “what they know” series  Growth industry for privacy, data breach, cyber reporters

The Second Wave – New Technologies by 2010 that Weren’t Prominent Post-9/11 Social networks Facebook not open to the public until 2006 Mobile and smartphones Location; new customer data to many companies Online behavioral advertising Huge slump after dot.com crash Today, central to many business strategies Cloud Government access (Snowden) Cyber-security/encryption/information sharing

The Second Wave – New Technologies Emerging since 2010 Internet of Things Pervasive sensors reveal the limits of notice and choice Big Data Analytics of PII core to growing range of businesses Challenges to de-identification when have so many data points Discrimination and ethics as emerging major topic Contrast with 1990’s web and E-commerce: OBA is based on web surfing (in part) Social networks, smartphones/location, cloud, IoT, Big Data – raise many different issues than B2C web surfing

EU as a Driver of Change (Again)  Coming soon: General EU Data Protection Regulation  Right to be Forgotten  2% of global revenues  Expanded jurisdiction  Expanding DPA enforcement/activity  Coming changes to Safe Harbor  And, it’s not just the EU  Global companies need a global strategy

Second Wave: The Snowden Effect  Press and government surveillance (Snowden)  Created atmosphere for possible change  Competitive issue for US companies abroad  One response was President Obama’s Review Group on Intelligence & Communications Technology

December 2013: The Situation Room

Second Wave: More Reform than the Skeptics Predicted  USA Freedom Act and Review Group Recommendations  Section 215 order only with judicial approval and heightened standard (Rec 1)  End government storage of bulk telephone data and have records held in private sector, accessible only with a judicial order (Rec 5)  Similar limits on bulk collection: National Security Letters (Rec 2)  General rule limiting bulk collection (Rec 4)  Greater transparency by government about foreign intelligence orders (Rec 9 & 10)  Congressional approval of public interest advocates to represent privacy and civil liberties interests before the FISC (Rec 28)  Multiple executive branch reforms described in Swire March 2015 IAPP Privacy Perspectives

Second Wave: Many US Government Privacy Initiatives  Obama administration  Privacy a big part of 2015 State of the Union  Information sharing bills have passed the House  Data breach being seriously considered this year  New bill language for Consumer Privacy Bill of Rights  Student privacy (K-12): bipartisan  FTC: far beyond 2005 view of “harm”  Consent decrees in privacy: “comprehensive” programs  So many issues/workshops: OBA/DNT, Big Data (discrimination), IoT, data brokers, cross-device tracking  Cyber security (along with many other federal agencies)  Congress  Info sharing, data breach, drones, IoT, Big Data, wearable health devices, ECPA …

Second Wave: The Private Sector  Self-regulation is back  Student privacy; online advertising; smart grid; mobile notices; beacons and retailers; connected cars; drones; IoT  CPO – far beyond drafting privacy policy & compliance  Benefits of data – monetization strategy  Cyber – big data and risk of big data breach  Your company’s data strategy  Compliance with current rules  Compliance with what is coming  Insight about where to position your company  Ethics, training beyond compliance

Conclusion  A lot happened in the first wave of global privacy protection  With 9/11, less privacy change  But the second wave is on us now  Multiple, important emerging technologies that generate many issues beyond web surfing  I started talking about the second wave, and predicting legislative change, in 2012  USA Freedom is one result  Be prepared for others  Organizations need a strategy to manage their data for business goals, consistent with both privacy and security