LAW SEMINARS INTERNATIONAL New Developments in Internet Marketing & Selling November 13 & 14, 2006 San Francisco, California Moderator : Maureen A. Young.

Slides:

Advertisements

Similar presentations

1 Embedding International Financial Reporting Standards to Promote Private Sector Growth Baku – May 17, 2005 Jody Campbell, Managing Partner, Ernst & Young.

Advertisements

SEMINAR NAIC/ASSAL/SVS REGULATION & SUPERVISION OF MARKET CONDUCT © 2014 National Association of Insurance Commissioners Overview and Purpose of Market.

Confidentiality and HIPAA

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.

PIPA PRESENTATION PERSONAL INFORMATION PROTECTION ACT.

The Data Protection (Jersey) Law 2005.

© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.

Children's Online Privacy Protection Act and the Video Privacy Protection Act By: Alana Rushing.

Transposition of Consumer Rights ERGEG Monitoring Report Christina Veigl-Guthann, ERGEG Task Force Chair.

Internet Privacy Policies Presented by: Paul Frenken President, COLAIP.

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

McCarthy Tétrault McCarthy Tétrault LLP An Act respecting the protection of personal information in the private sector (Quebec): « Particularities of the.

P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.

The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.

NTIA Privacy Multistakeholder Meeting March 25, 2014 Amanda Koulousias, Attorney Division of Privacy and Identity Protection Federal Trade Commission FTC.

SAFA- IFAC Regional SMP Forum

Access to Medicine Index 3 rd International Conference for Improving the Use of Medicines Poster 599 Tuesday 15 th November 2011.

SMART GRID: Privacy Awareness and Training – for PUCs/PSCs A Starting Point December 2011 SGIP-CSWG Privacy Group 1 DRAFT.

E-commerce E-commerce is defined "as the process of buying, selling, or exchanging products, services, or information via computer networks, including.

Internal Auditing and Outsourcing

Global Information Systems

© 2010 Dorsey & Whitney LLP Social Media Friday, September 17, 2010 The Committee on Finance & Information Technology (CFIT)

STRONG POLICIES AND INTERNAL CONTROLS – SAFEGUARDING YOUR RESOURCES, AND YOUR REPUTATION Maria Falvo Chief Operating Officer American Savings Foundation.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

HIPAA PRIVACY AND SECURITY AWARENESS.

ADB Project TA 3696-PAK, Regulation for Corporate Governance 1 REGULATION FOR CORPORATE GOVERNANCE IN PAKISTAN CAPITAL MARKETS.

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

Product Safety 201 January 15, 2013 Implementing Best Practices to Protect our Businesses and our Industry Product Safety and Regulatory Compliance for.

1 Interagency Committee on Government Information (ICGI) and the Web Content Standards Working Group Sheila Campbell, GSA / FirstGov Records Administration.

Marketing Systems Group Southern California MRA Education Seminar Presentation September 17, 2005 Privacy and Current Issues.

The Significance and Evolution of End User Privacy Julie Earp College of Management North Carolina State University WISE 2010 Sponsored by TRUST June 21-24,

Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.

Sharing Information With Affiliates and Third Parties F. Jay Meyer Vice President & Senior Counsel TD Bank, N.A. Portland, Maine.

Policies for Peering and Internet Exchanges AFIX Technical Workshop Session 8.

Mayer Brown is a global legal services organization comprising legal practices that are separate entities ("Mayer Brown Practices"). The Mayer Brown Practices.

Practice Management Quality Control

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

FIRMA April 2010 SOCIAL NETWORKING Christine M. Farquhar Managing Director, Compliance J.P. Morgan U.S. Private Banking.

CORPORATE RECORDS RETENTION POLICY TRAINING By: Diana C. Toman, Corporate Counsel & Assistant Secretary.

The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.

Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.

The Internet of Things and Consumer Protection

ECT 455/HCI 513 ECT 4 55/HCI 513 E-Commerce Web Site Engineering Legal Issues.

U.S. Department of Education Safeguarding Student Privacy Melanie Muenzer U.S. Department of Education Chief of Staff Office of Planning, Evaluation, and.

1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.

Read to Learn Define marketing. Identify the functions of marketing. List the elements of the marketing mix.

PRESENTED AT THE STAKEHOLDERS FORUM ON QUALITY OF SERVICE AND CONSUMER EXPERIENCE LAICO REGENCY HOTEL Creating Space for Consumer Rights in.

An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.

HIPAA Training Workshop #1 Council of Community Clinics – San Diego February 7, 2003 by Kaye L. Rankin Rankin Healthcare Consultants, Inc.

E-Commerce ©David Whiteley/McGraw-Hill, Chapter 4: Business strategy.

James Fox Shane Stuart Danny Deselle Matt Baldwin Acceptable Use Policies.

The Privacy Symposium August 22, 2007 ©2007. Goodwin Procter LLP The Ethics and Responsibilities of a Privacy Professional.

Data protection—training materials [Name and details of speaker]

1 HIPAA Privacy Rule Clean-Up Following Compliance Date Tracie Hanna & Emily McConkey American Republic Insurance Company.

MGMT 452 Corporate Social Responsibility

Data Minimization Framework

HIPAA CONFIDENTIALITY

6 October 2016 Social media: do you have the right social media strategy that will impact your business’ growth? - Legal and Regulatory Issues William.

Microsoft 365 Get help with regulatory compliance

Decrypting Data Compliance in China

General Data Protection Regulations: what you really need to know

GDPR support January GDPR support January 2018.

Chapter 3: IRS and FTC Data Security Rules

G.D.P.R General Data Protection Regulations

Current Privacy Issues That May Affect Your Credit Union

General Data Protection Regulations 2018

On the Cutting Edge – Update on Privacy Legislation

PRIVACY PRESENTATION TO THE SPRING 2013 CONFERENCE BY HANK MOORLAG

Managing Privacy Risk in Your Commercial Practices

SOCIAL NETWORKING Christine M. Farquhar Managing Director, Compliance J.P. Morgan U.S. Private Banking.

Presentation transcript:

LAW SEMINARS INTERNATIONAL New Developments in Internet Marketing & Selling November 13 & 14, 2006 San Francisco, California Moderator : Maureen A. Young Partner Bingham McCutchen LLP

2 A. Some “Starting” Questions 1.We know well which specific privacy and data protections laws apply to our particular industry sectors. But many companies select privacy policies and data protection standards that go beyond the minimum applicable legal requirements. For some companies, such decisions are made to simplify global compliance - they choose to "comply up" with laws affecting subsidiaries in other countries with more stringent privacy laws than in the U.S. But for some other companies, such decisions are made for corporate strategy reasons. Can we discuss the process of how companies select best practices to be incorporated into their privacy policies? Conversely, other companies decide to adopt privacy policies and other disclosures which only reflect the applicable legal minimums, yet may internally adopt tougher standards. Can we discuss the thinking that goes into such strategies?

3 A. Some “Starting” Questions (cont.) 2.Once a Privacy Policy is established, what measures do companies need to take to ensure that the company's actual practices conform with its Privacy Policy standards? How should privacy and data protection compliance be monitored and audited? What are some of the most successful compliance techniques?

4 A. Some “Starting” Questions (cont.) 3.Privacy folks and Marketing folks can frequently be at odds. What are some best practices for ensuring that the two worlds work well with each other? What if an adopted privacy standard is not working for a company? What are some of the best practices for revising and updating privacy and data protection standards?

5 B. Discussion of Some Particular Areas for Best Practices 4.By now, all of us have gone through dozens of security breach drills. What are some of the best practices for responding to security breach situations? Discuss some particular things that companies are doing to strengthen their information security programs.

6 B. Discussion of Some Particular Areas for Best Practices (cont.) 5.A huge area for improving information security at a company is tied to its process for handling, retaining and disposing of data. What are some of the best practices for ensuring that a company is collecting the appropriate type of data, retaining that data only for as long as necessary, developing sound policies regarding which data must be retained for longer periods, and disposing of data?

7 B. Discussion of Some Particular Areas for Best Practices (cont.) 6. In any compliance program, the training of employees is a key pillar. Different categories of employees require different levels of training. How does a company develop a layered training program for its employees? What are some of the most successful formats for training? How does a company instill the often-touted "culture of compliance"?

8 B. Discussion of Some Particular Areas for Best Practices (cont.) 7.Successful vendor management remains a challenging area for privacy and data protection compliance programs. Sharing nonpublic personal information with business partners and service providers is often a necessary evil. What are the key elements of a due diligence program for selecting a third party business partner or service provider? In structuring a business relationship with such third parties, what are some of the issues considered? What are some of the best contractual standards to obtain? What about best practices for ongoing monitoring of business partners and service providers?

9 C. Some Special Areas of Concern 8.There was a time when many companies briefly disclosed in their privacy policies that they track a customer's online activities for the purpose of directing information to them regarding “promotions, materials, products and services” that may be of interest. These days, the scope of tracking the online behavior of users has become a hot issue with consumer groups and legislators. What factors should a company consider in developing its practices for online tracking? What are some best practices for selecting technologies and controlling use of the data collected? What is the appropriate extent of disclosures that should be made regarding a company’s “harvesting” of data about a consumer’s online behavior?

10 C. Some Special Areas of Concern (cont.) 9.We have been following the burning debates over the growth of social networking sites, including issues related to COPPA compliance, predatory stalking of minors, etc. In the Internet world, a lot of lip-service is paid to protecting evolving "communities." But in the corporate world, blogs, user reviews, chat rooms and other functions on the company website are offered to further product sales and marketing strategies. What are some best practices for structuring and monitoring corporate blogs? How different are the issues surrounding corporate blogs from the issues surrounding social networks?

11 C. Some Special Areas of Concern (cont.) 10. We know that one of CAN-SPAM's goals was to facilitate a consumer's ability to clearly identify s that are commercial in nature. The FTC's Request for Comments in implementing the CAN- SPAM regulations suggested that the FTC may consider formalizing an exception for "Refer a Friend" programs within limited circumstances. However, many companies today are using "Refer a Friend" programs to promote extensive marketing campaigns. What are the best practices that a company should follow in offering and promoting the "Refer a Friend" function?