Presentation is loading. Please wait.

Presentation is loading. Please wait.

General Counsel and Chief Privacy Officer

Published byClare Owens Modified over 6 years ago

Similar presentations

Presentation on theme: "General Counsel and Chief Privacy Officer"— Presentation transcript:

1 General Counsel and Chief Privacy Officer
Carol DiBattiste General Counsel and Chief Privacy Officer ChoicePoint

2 Responding to Security Breaches
Information security breaches are a nationwide, industry-wide problem affecting: Government/Military Educational Institutions Health Care Banking/Credit/Financial Services Businesses Non Profits Information security breaches reported during the past three years: 2005, approximately 151 2006, approximately 314 2007, 186 (as of July 2, 2007)

3 Responding to Security Breaches
Responding to an information security breach Crisis response plan Notification plan Investigations/lawsuits Conduct enterprise-wide review of privacy and security programs

4 Responding to Security Breaches
Seven Point Plan to Assist in Protecting Information Against Fraudulent Access and/or Misuse

5 Responding to Security Breaches
Limit access to Sensitive Personally Identifiable Information (“SPII”) Exit high risk markets Remove or truncate SPII when possible Restrict resellers access to certain data

6 Responding to Security Breaches
2. Credential Customers, Employees and Vendors Centralized credentialing Internal and external verification Site visits Recredentialing program Third party service provider self-assessment questionnaire

7 Responding to Security Breaches
3. Establish Corporate Accountability Chief Privacy Officer reports to Board of Directors Privacy and Public Responsibility Committee Working groups Security Advisory Committee (Senior Leadership) Security Working Group (Key Managers) Policy, risk and credentialing sub-working groups Privacy and security positions within business units

8 Responding to Security Breaches
Execute Policies, Procedures and Guidelines Data access, protection, transport, restriction, retention, and classification Incident response Credentialing and recredentialing Physical security Information security Public representations Code of Conduct

9 Responding to Security Breaches
Self Regulate Through Audit and Compliance Third party audits In-house audits Customer Consumer sampling Random Suspicious activity Event driven Policy Regulatory compliance

10 Responding to Security Breaches
Implement Technology Solutions Network security External web server scans and application scanning services Encryption Data classification tool Password assessments Risk Management Control Framework

11 Responding to Security Breaches
Enhance Education and Outreach Mandatory annual training programs with assessment Privacy Information Security Code of Conduct Relationship building with privacy advocates, media, government, educational institutions, consumers and customers.

Download ppt "General Counsel and Chief Privacy Officer"

Similar presentations

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
Smarter Decisions. Safer World. ICAE Conference Identity Theft Review Steve Keen.

Smarter Decisions. Safer World. ICAE Conference Identity Theft Review Steve Keen.
2010 Region II Conference Corporate Compliance Panel June 3, 2010

2010 Region II Conference Corporate Compliance Panel June 3, 2010
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.
Security Controls – What Works

Security Controls – What Works
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.

© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.
Peer Information Security Policies: A Sampling Summer 2015.

Peer Information Security Policies: A Sampling Summer 2015.
COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.

COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.
Good Corporate Governance in Practice. Outline What is Corporate Governance? Regulatory Requirements for Banks in Sri Lanka DFCC Practices - Key Elements.

Good Corporate Governance in Practice. Outline What is Corporate Governance? Regulatory Requirements for Banks in Sri Lanka DFCC Practices - Key Elements.
Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.

Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.
Enterprise Computing Community June 13 - 15, 2010February 27, 2010 1 Information Security Industry View Linda Betz IBM Director IT Policy and Information.

Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.
The Institute of Internal Auditors

The Institute of Internal Auditors
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
Developing and Implementing an Effective Compliance Program Mary Sacilotto,BA,CHC Chief Compliance Officer Alliance, Inc.

Developing and Implementing an Effective Compliance Program Mary Sacilotto,BA,CHC Chief Compliance Officer Alliance, Inc.
Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.

Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.
WSV323. CSO/CIO department Regulation translated to control objectives Infrastructure Support Control objectives turned into control activities.

WSV323. CSO/CIO department Regulation translated to control objectives Infrastructure Support Control objectives turned into control activities.

Similar presentations

Ads by Google