Recent Privacy Developments ISACA January 12, 2012 Keith A. Cheresko and Robert L. Rothman Principals, Privacy Associates International LLC.

Slides:

Advertisements

Similar presentations

Data Privacy and Security in the Cloud Presented by Robert J. Scott Managing Partner Scott & Scott, LLP

Advertisements

Chapter 44 Administrative Law Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

Mobile Payments and the FTC Manas Mohapatra Director of Mobile Policy Mobile Technology Unit Federal Trade Commission The views expressed are not necessarily.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.

Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

4.01 Foundational knowledge of promotion

Security Professionals Workshop: Legal Issues in Computer and Network Security Peter C. Cassat.

Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.

SA Constitution Sec 14 – Privacy – RICA – POPI Sec 32 – Access to Information – PAIA – POPI.

Security of Computerized Medical Information: Threats from Authorized Users James G. Anderson, Ph.D. Purdue University.

Phil Lee, Head of US Office, Fieldfisher Jim Brashear, General Counsel, Zix © 2015 ZixCorp. All Rights Reserved. THE CHANGING LEGAL PERSPECTIVE ON BYOD.

Informed Consent and HIPAA Tim Noe Coordinating Center.

NTIA Privacy Multistakeholder Meeting March 25, 2014 Amanda Koulousias, Attorney Division of Privacy and Identity Protection Federal Trade Commission FTC.

“Privacy Implications of RFID Technology in Health Care Settings” Marc Rotenberg President EPIC Dept. of Health & Human Services Washington, DC 11 January.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Recent Developments in Privacy and Data Security Secureworld Expo – Dearborn, Michigan October 4, 2012 Keith A. Cheresko, Principal Privacy Associates.

CONSUMER PROTECTION AND LITIGATION: CONSUMER PROTECTION AND LITIGATION: Ryan Mehm Attorney Bureau of Consumer Protection Federal Trade Commission The views.

Risk Management Overview with Meg Tully, CAE Meg Tully, CAE Association Development Director.

Name of presenter(s) or subtitle Privacy laws and their impact on research David W. Stark MRIA B.C. Chapter November 2, 2005.

Draft EU Privacy Regulation Corporate Privacy Forum January 26, 2012.

Eric J. Pritchard One Liberty Place, 46 th Floor 1650 Market Street Philadelphia, Pennsylvania (215)

Understanding the Fair and Accurate Credit Transaction Act, the “Red Flag” Regulations, and their impact on Health Care Providers Raising a “Red Flag”

Finance and Governance Workshop Data Protection and Information Management 10 June 2014.

Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP

Privacy & Personal Information Prepared by the CBC Law Department CONFIDENTIAL – FALL 2011.

Federal Trade Commission required to issue and enforce regulations concerning children’s online privacy. Initial COPPA Rule effective April 21, 2000;

Privacy Hot Topics Discussion August 18, 2011 The Corporate Privacy Forum Sharing practical solutions to today’s privacy challenges 1.

Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

The Framework for Privacy Policies in the UK: Is telling people what information is gathered about them part of the framework? Does it need to be? Emma.

Why the Data Protection Act was brought in  The 1998 Data Protection Act was passed by Parliament to control the way information is handled and to give.

Robert Guerra Director, CryptoRights Foundation Implementing Privacy Implementing Privacy: Rules of the Game for Developers Mac-Crypto Conference on Macintosh.

Federal Trade Commission U.S. Rules on Privacy and Data Security Organization for International Investment General Counsel Conference October 16, 2009.

Direct from Washington: The Impact of Federal Legislation on Direct & Interactive Marketers.

Privacy: An International Perspective Marty Abrams August 18, 2008.

Student Financial Assistance. Session 55-2 Session 55 Internet Privacy Laws.

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

The EU Directive on "Services in the internal market", COM(2004) 2 final/3 Agnese Knabe Project coordinator European Public Health Alliance Civic Alliance.

Top 10 Series Changes to HIPAA Devon Bernard AOPA Reimbursement Services Coordinator.

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.

Chapter 4: Laws, Regulations, and Compliance

Standards Anti-Trust Compliance Briefing August 31, 2004.

Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Session 11 Data protection. 1 Contents Part 1: Introduction Part 2: Applicability and responsibility Part 3: Our procedures on data protection Part 4:

A solid privacy and security approach Alf Moens, Corporate Security Officer SURF Evelijn Jeunink, Legal adviser, Corporate Privacy Officer SURF.

Data protection—training materials [Name and details of speaker]

Key Points for a Privacy Programme for Multinationals Steve Coope.

Welcome to Unit Nine CJ230 Identity Theft Prof. Hulvat.

The Privacy Symposium: Transferring Risk of a Privacy Event Paul Paray & Scott Ernst August 20, 2008.

Data Protection Officer’s Overview of the GDPR

Privacy and Public Policy Implications of IoT

The Citizen in the centre in EU, Bratislava November,2005

Internet Advertising FTC 101.

Microsoft 365 Get help with regulatory compliance

E&O Risk Management: Meeting the Challenge of Change

General Data Protection Regulations: what you really need to know

GDPR support January GDPR support January 2018.

Microsoft Corporation

Advertising and Social Responsibility

THE GOVERNMENT AND THE ECONOMY

Disability Services Agencies Briefing On HIPAA

General Data Protection Regulation

 How does GDPR impact your business? Pro Tip: Pro Tip: Pro Tip:

#eaThinkData Get Ready for GDPR #eaThinkData.

European Commission proposals for data protection

Presentation transcript:

Recent Privacy Developments ISACA January 12, 2012 Keith A. Cheresko and Robert L. Rothman Principals, Privacy Associates International LLC

Purpose

Areas or Topics of Privacy Activity Breach Cloud Geo-location Facial Recognition BYOD Marketing Social Media OBA Consumer Financial Protection Bureau Federal Trade Commission COPPA Health Care International EU Cookie Rules EU Data Protection Directive APEC USA PATRIOT ACT Supplier Relationships

Focus on Several Items Social Media Breach Marketing Supplier Relationships Privacy Developments from the EU TEST!

US Developments

Breach PII

States Continue Tightening Requirements

Class Actions Proliferating

Breach Notification No general national beach notification law - BUT

Breach Notification Internal processes Training Policies and practices Supplier action implications

Social Media

Endorsements

HR Implications

Social Media Labor Relations

Social Media NLRB Actions

Social Media Policies and practices Internal processes Training Enforcement

BYOD

Marketing

OBA – Online Behavioral Advertising

Geo-Location

COPPA

Texting

Marketing Policies and practices Internal processes Training Enforcement

Facial Recognition

Supplier Relationships

Cloud Computing

Supplier Relationships Contracts!

Supplier Relationships Contract Allocation of liability Responsibility for actions of others

European Data Protection Directive

The European Data Protection Laws Have Been a Compliance Headache for Companies Around the World

Proposed New Data Protection Regulation

The Good News DIRECTIVE REGULATION

The Bad News Nearly Everything Else

Significantly Increased Fines and Penalties

Consent Narrowed

Data Breach Notification

Right to Be Forgotten

Data Minimization

Accountability

Mandatory Data Privacy Officer

Companies Outside Europe Potentially Subject to the Regulation

Status of Regulation

My Head Hurts

BULL NO-BULL TEST

Statements about the Update Bull – the statement is not true Not Bull – the statement is true Requires audience participation – Vocalization of response – Be careful of “trick” statements

Sample Statement The proposed EU privacy regulation will finally prevent the possibility of English mad cows from entering this country.

BULL NO-BULL

BULL

Statement One The US is unique in the world by requiring notification to individuals who are affected by a security breach involving the loss of personal information.

BULL NO-BULL

BULL

Statement Two The Proposed EU Data Privacy Regulation will require all companies to appoint an independent data protection officer to serve for a term of not less than two years.

BULL NO-BULL

BULL

Statement Three Personal Identification Information breaches in the US are regulated by the federal breach notification statute.

BULL NO-BULL

BULL

Statement Four Product claims made on social media are not covered by normal FTC advertising rules under the “Zuckerman” exception.

BULL NO-BULL

BULL

Statement Five The basic rule in the EU is that personal data can not be sent to the US because the US does not have adequate privacy laws.

BULL NO-BULL

NO BULL

Question Six A company can not contract away all its privacy responsibility to its suppliers.

BULL NO-BULL

NO BULL

Final Statement This has been an interesting and informative and somewhat entertaining session.

Contact Information Keith A. Cheresko Privacy Associates International LLC (248) Robert L. Rothman Privacy Associates International LLC (248)