Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy, Data Protection & Security

Published byRonald Cameron Modified over 6 years ago

Similar presentations

Presentation on theme: "Privacy, Data Protection & Security"— Presentation transcript:

1 Privacy, Data Protection & Security
Getting Started in Privacy October 4, 2017

2 Agenda Introductions Overview: Privacy, Data Protection and Security Law Role of Privacy Lawyers: In –House Law Firms Government Favorite Things about Being a Privacy Lawyer Suggestions for Steps to Take to Prepare to Be a Privacy Lawyer

3 Introductions Debra Bromson—Assistant General Counsel, AAA Club Alliance Inc. Margaret Gloeckle—VP, Privacy & Compliance Counsel A & E Networks Laura Schmidt—Associate, White & Williams Ashley Slavik-Senior Counsel & Global Data Privacy Officer, Veeva Systems Neil Chilson-Acting Chief Technologist, Federal Trade Commission

4 Overview Privacy and Security concerns have reached new levels due to:
The proliferation of the Internet of Things, and new technologies that allow the collection of personal data Online marketing/Behavioral Advertising/Mobile Apps Significant Global Laws requiring compliance and requirements for protecting and sharing personal data across borders Big Data/Data Analytics Huge increase in Data Breaches Large growth in litigation Cybersecurity requirements

5 U.S. Privacy Framework No single comprehensive federal law—different laws (sectoral) based on industries such as: Financial Privacy (e.g. GLBA) Educational Privacy Health Privacy (HIPAA) Section 5 of FTC Act prohibiting deceptive and unfair practices State laws Data Breach Notification—48 states, DC and most territories State financial privacy laws ( e.g. NYS; other states have incorporated PCI DSS into laws) California Online Privacy Protection Act (COPPA) and Delaware Online Privacy and Protection Act (DOPPA) Health Privacy Laws

6 U.S. Privacy Framework Voluntary standards
Company Privacy Policy (may be enforced by FTC) Payment Card Industry Data Security Standards (PCI-DSS) Digital Advertising Alliance

7 Global Privacy Broad scope of laws—Need to understand and determine obligations for an organization based on where they conduct business or collect personal data EU—General Data Protection Regulation becoming effective May 25, 2018. GDPR provides for a strict new framework with increased obligations for organizations Reach is global (referred to as extra-territorial scope)—impacts organizations from any country that offers goods or services (irrespective of whether payment is required) to or monitors behavior of individuals in the EU Asia Canada South America—Brazil as the “lead” country Need to recognize differences between jurisdictions Prepare for mandatory breach notifications

8 Key Operational Privacy Steps
Cross Border Privacy Compliance—Privacy Shield, model contracts, vendor requirements Privacy by Design—Proactive planning Privacy Impact Assessments Data Mapping— “Who, What, Where, When, Why and How” you collect, share and process personal data Vendor Management Privacy Policy requirements Best practices—consent, transparency Data Breach Program Privacy Training and Communications Cybersecurity Insurance

9 Building a Privacy Team--Interactions with Stakeholders
Privacy Office—Chief Privacy Officer Information Technology—CIO; CISO Legal –In-house; Outside Counsel HR External and Internal Communications Outside Consultants

10 Privacy Lawyer-- In-House
Many ways companies may structure privacy support: Privacy Office—Can report to GC; Compliance or IT Data Protection Officer-- as may be required under GDPR Legal Department Bigger companies usually have lawyers who support the Privacy Office Smaller companies may just have a lawyer who acts as a privacy officer or advisor Other business areas that will likely need privacy input from legal: M & A, Contracting and Procurement, Marketing, E-Commerce, HR (eg health plans)

11 Privacy Lawyers in Law Firms
Practice can span litigation, transactional and compliance work Can serve as outside privacy/security counsel for small to mid-size companies Frequently work with other practice areas in the firm – both internal and external marketing is important Working with outside vendors and consultants is very common Learning and keeping up to date on recent developments is critical and must be a daily habit

12 Privacy Lawyers in Government
Law enforcement / litigation FTC’s Division of Privacy and Identity Protection State AG offices International coordination Subject matter expertise + diplomatic skills Compliance with government privacy requirements Chief Privacy Officers Similar to In-House Role

13 Favorite Things about Being a Privacy Attorney
International Scope Area is constantly changing –Both from a technology viewpoint and legal requirements Impacts most areas of a business so provides the ability to work with many different colleagues Building a Privacy Program Customer Focus

14 Suggestions for Steps to Take to Prepare to Be A Privacy Lawyer
Take privacy classes at GW—Dan Solove is a top privacy expert! Experience/understanding of IT and cybersecurity is very helpful Networking/Get a Mentor Learning—Stay up to date through newsletters, free webinars and workshops Join the IAPP, or other industry related groups—consider getting an industry certification (eg. CIPP) Look for positions at firms with clients whose businesses are likely to raise privacy issues, or in-house roles where you can begin to develop your expertise Privacy Internships PrivacyCon2018—FTC has put out a call for presentations from students for PrivacyCon Student Poster Session for PrivacyCon 2018 (February 28, 2018)-- calendar/2018/02/privacycon-2018

15 Suggested Resources Teach Privacy-- www.teachprivacy.com
Dan Solove’s other websites: IAPP website— Privacy Blogs: Examples: White and Williams: Sidley Austin: Hogan Lovells: Hunton & Williams: Nymity-- TrustArc- Charts on US Security Breach Laws-- See BakerHostetler; FoleyLardner; Mintz Levin; Perkins Coie; DavisWrightTremaine

16

Download ppt "Privacy, Data Protection & Security"

Similar presentations

Data Privacy and Security in the Cloud Presented by Robert J. Scott Managing Partner Scott & Scott, LLP www.ScottandScottllp.com.

Data Privacy and Security in the Cloud Presented by Robert J. Scott Managing Partner Scott & Scott, LLP
Big Data - Ethical Data Use Kimberlin Cranford. Ethical Use in the Era of Big Data  Landscape has Changed  Attitudes about Big Data  PII, Anonymous,

Big Data - Ethical Data Use Kimberlin Cranford. Ethical Use in the Era of Big Data  Landscape has Changed  Attitudes about Big Data  PII, Anonymous,
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
LegalTech Asia DATA PRIVACY LAWS UPDATE Edward Chatterton 4 March 2013.

LegalTech Asia DATA PRIVACY LAWS UPDATE Edward Chatterton 4 March 2013.
LAW SEMINARS INTERNATIONAL New Developments in Internet Marketing & Selling November 13 & 14, 2006 San Francisco, California Moderator : Maureen A. Young.

LAW SEMINARS INTERNATIONAL New Developments in Internet Marketing & Selling November 13 & 14, 2006 San Francisco, California Moderator : Maureen A. Young.
Name of presenter(s) or subtitle Privacy laws and their impact on research David W. Stark MRIA B.C. Chapter November 2, 2005.

Name of presenter(s) or subtitle Privacy laws and their impact on research David W. Stark MRIA B.C. Chapter November 2, 2005.
BITS Proprietary and Confidential © BITS 2003. Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.

Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.
IAPP KnowledgeNet Los Angeles “Thinking Outside the Cookie Jar” The Second Wave of Global Privacy Protection: Why This Year Is Different Peter Swire, Senior.

IAPP KnowledgeNet Los Angeles “Thinking Outside the Cookie Jar” The Second Wave of Global Privacy Protection: Why This Year Is Different Peter Swire, Senior.
Federal Trade Commission U.S. Rules on Privacy and Data Security Organization for International Investment General Counsel Conference October 16, 2009.

Federal Trade Commission U.S. Rules on Privacy and Data Security Organization for International Investment General Counsel Conference October 16, 2009.
Recent Privacy Developments ISACA January 12, 2012 Keith A. Cheresko and Robert L. Rothman Principals, Privacy Associates International LLC.

Recent Privacy Developments ISACA January 12, 2012 Keith A. Cheresko and Robert L. Rothman Principals, Privacy Associates International LLC.
Direct from Washington: The Impact of Federal Legislation on Direct & Interactive Marketers.

Direct from Washington: The Impact of Federal Legislation on Direct & Interactive Marketers.
The Internet of Things and Consumer Protection

The Internet of Things and Consumer Protection
Chapter 8 Auditing in an E-commerce Environment

Chapter 8 Auditing in an E-commerce Environment
Job Corps Equal Opportunity Officers Orientation Presenter: Kevin Malone U.S. Department of Labor Civil Rights Center.

Job Corps Equal Opportunity Officers Orientation Presenter: Kevin Malone U.S. Department of Labor Civil Rights Center.
Legal Jeopardy: Whose Risk Is It?. SPEAKERS Jason Straight Chief Privacy Officer and Senior Vice President Cyber Risk Solutions at UnitedLex Patrick Manzo.

Legal Jeopardy: Whose Risk Is It?. SPEAKERS Jason Straight Chief Privacy Officer and Senior Vice President Cyber Risk Solutions at UnitedLex Patrick Manzo.
Chapter 4: Laws, Regulations, and Compliance

Chapter 4: Laws, Regulations, and Compliance
Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.

Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.
Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.

Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.
Key Points for a Privacy Programme for Multinationals Steve Coope.

Key Points for a Privacy Programme for Multinationals Steve Coope.

Similar presentations

Ads by Google