Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy Concerns in the Management of Today's Information Andrew B. Clauss, Esq. Partner, Brophy Clauss, LLC Don McLaughlin, Esq. Founder and CEO, Falcon.

Published byIzabella Bordwell Modified over 10 years ago

Similar presentations

Presentation on theme: "Privacy Concerns in the Management of Today's Information Andrew B. Clauss, Esq. Partner, Brophy Clauss, LLC Don McLaughlin, Esq. Founder and CEO, Falcon."— Presentation transcript:

1 Privacy Concerns in the Management of Today's Information Andrew B. Clauss, Esq. Partner, Brophy Clauss, LLC Don McLaughlin, Esq. Founder and CEO, Falcon Discovery Christopher W. Brophy, Esq. Partner, Brophy Clauss LLC Shannon Bell, Esq. Partner, Grund, Dagner & Jung, P.C. Education Code: TU03-3524

2 Learning Objectives Upon completion of this session, participants will be able to: 1.Identify types of information and data that can lead to privacy and confidentiality concerns 2.Describe the risks associated with creation, use, and management of this information 3.Develop strategies to minimize and balance these risks in the face of new technology 2

3 What This Course Does Not Cover Privacy and information security are very broad areas; this presentation will not include specifics on the following areas, but you should be aware of them: –Detailed state, federal and international laws –Specific statutes, guidelines and regulations We highlight only a few Each Industry will have specific laws and rules (e.g., CPNI for telecommunications) –Specific areas like security breaches, ISPs, internet sales, wiretap act, childrens privacy, computer crimes, electronic surveillance (e.g. FISA, Patriot Act), SPAM, spyware, pretexting, insurance privacy, FERPA, etc. 3

4 Introduction Three areas where privacy and security issues arise: 1.Businesses possess private employee information. What steps need to be taken to protect that information? 2.Businesses have their own private and confidential information. What steps need to be taken to keep that information private? 3. Businesses have private information about their customers. What needs to be done to keep that information protected? 4

5 The Playing Field – Sources of Privacy Law International guidelines – OECD, APEC –What are they? 7 cornerstones of privacy –Notice –Choice –Onward transfer –Access –Security –Data integrity –Enforcement 5

6 Sources of Privacy Law Involvement of the FTC –How are the FTC and the FTC Act involved in privacy? –Targeted advertising Health-related statutes –ADA –HIPAA & HITECH –State laws 6

7 Sources of Privacy Law ECPA/SCA –What are they? –How do they apply? Accessing co-employers email Use of anothers log-in information What about consent? Online privacy statutes –E.g. California 7

8 Sources of Privacy Law Financial privacy –GLB When does it apply? How could it apply to your business? –FCRA How could it apply to your business? –FACT What is it and what does it cover? –State laws Unique provisions Credit card restrictions 8

9 Sources of Employee Information Employees use company email for personal communications Employees provide the company with private financial information, including bank accounts, retirement accounts, HSA accounts, etc. Employees provide human resource information like SSNs, marital/partner status, etc. Employees use company resources (computers, phones, etc.) for storing personal information, such as photos, documents, and personal communications (e.g. personal attorney-client and physician-patient communications) 9

10 Employee Privacy Issues Employee privacy issues –Private areas provided by employers –Privacy expectations –Impact of policies –Investigations –Employee emails –Right to purchase device on termination –Monitoring employee emails –Cell phone privacy –BYOD – phones and computers –Video surveillance in workplace 10

11 What Policies and Procedures Should be Considered? Companies need to be aware of and guard against litigation exposure from employee activity on company resources Companies need to establish and enforce policies relating to employee use of company resources for personal business Companies need to guard against unlawful use/disclosure of employee information 11

12 Case Studies Personal information in workplace systems/files –Types of data: Health information Personal legal – attorney-client privilege Financial Illegal material – pornography Personal apps/music/photos –Where is it located? –What are the risks –What can be done to minimize risks 12

13 Case Studies Bring Your Own Device (BYOD) –Pros vs. cons What are the risks? What are the benefits? 13

14 Case Studies Bring Your Own Device (BYOD) –Considerations Eligibility Access Cost Devices/apps Security (data and network) Privacy Support Education and enforcement Feedback and modification 14

15 Case Studies Bring Your Own Device (BYOD) –What are the risks? FLSA Discovery issues Ownership issues Security –What can be done to minimize risks? Policies and procedures 15

16 Case Studies Social media/email –Key issues Investigation/review Two-party consent Expectation of privacy issues –Directed use of blogging and social media –Marketing laws –Misuse – liability to company? 16

17 Case Studies Social media/email –What are the risks? Disclosure of confidential information Admissions against interest Cyber defamation –What can be done to minimize risks? Restricted access from company IT systems Email/social media management strategies 17

18 Corporate Privacy Issues Trade secrets, company financial status, company planning, etc., together with employee and customer information Research and development Legal advice Litigation concerns, especially discovery issues relating to the foregoing 18

19 Corporate Privacy Policy Considerations Data destruction –SOX –State laws Document destruction rule Data breach notification laws 19

20 Corporate Privacy Policy Considerations Non-statutory & other concerns –NDAs and agreements –Private suits Intrusion upon seclusion, appropriation of name or likeness, publicity given to private life, and false light publicity –Class-action suits Protection of trade secrets 20

21 Case Studies Cloud computing –Public vs. private vs. hybrid vs. data center –Security breaches and issues –Downtime; financial health of provider –Private contracts with providers –Disclosure/consent from customers –M2M networks –Portal access –Ownership of data 21

22 Case Studies Cloud Computing –Interesting case law –What are the risks? –What can be done to minimize risks? 22

23 Case Studies Trade secret protection –What is a trade secret? –What are the prongs of trade secret law? Reasonable steps to preserve the secrecy of the trade secret –What must you do to protect your trade secrets in order to maintain a cause of action for trade secret theft? Internet/social media Work from home/BYOD Cloud computing 23

24 Case Studies Trade Secret Protection –Interesting case law –What are the risks? –What can be done to minimize risks? 24

25 Customer Information Privacy Issues Companies are collecting more and more personal information about their customers, including social security numbers, email addresses, buying habits/history, etc. Companies have legal obligations to protect this information Companies have restrictions on how such data can be used Social security numbers, credit card information, bank account numbers, birthdates, addresses, etc. –Federal laws –State laws 25

26 Policy Decision Points for PII Companies need to decide what customer information they want/need to retain in light of laws regulating what may or may not be asked of customers –How, where, and for how long is such information going to be retained? –How will the information be used? –Who has access to that information? –How will information be protected? Proper Disclosure of PII 26

27 Case Studies Personally Identifiable Information –What is PII? SSI # Address Credit card numbers Email addresses? IP addresses? –What is required? –Use, disclosure, and destruction –Examples of actual cases 27

28 Case Studies Personally Identifiable Information –Interesting case law –What are the risks? –What can be done to minimize risks? 28

29 General Strategies and Concerns Choices –Benefit to business vs. data & privacy risks –Limit/expand scope of policy –Cost of technology –Insurance and risk shifting –Limit exposure (LOL, consent, etc.) –Trade secret/confidentiality risks –Security breach and risks –Interaction/coordination with other business units (Legal, IT, HR, Risk Management, Marketing, Finance, etc.) –Litigation – discovery, preservation, and spoliation issues 29

30 General Strategies and Concerns Process –Review laws –Develop policies –Incident response plans –Security safeguards –Notification processes –Sensitive information access restrictions –Do third-party vendors meet privacy and security standards? –Auditing and compliance –Identify and address common vulnerabilities 30

31 General Strategies and Concerns Policies –Considerations Consent Limitations Processes Scope 31

32 General Strategies and Concerns Policies –Examples of commonly-used policies Security breach/emergency response BYOD Email AUP Social media Work from home Trade secret/confidentiality 32

33 General Strategies and Concerns Technologies –Encryption –MDM (mobile device management) software –Digital rights management –SharePoint –Customized solutions 33

34 General Strategies and Concerns Outside resources –Attorneys Most law firms have privacy groups to assist with legal requirements and risks In-house legal can assist – involve them –Consultants Most consulting firms have privacy groups to create and implement policies –Technology –Crisis What do you do when something goes wrong? Crisis management can be critical 34

35 Continue the Conversation 35 Twitter @ARMA_INT or #ARMA13 … and find us on Facebook and LinkedIN by searching for ARMA International Facilitator Meet and Greet Pub Crawl (Expo Hall, Tues.) – 3:30-5:30 pm Lunch (General Session, Wed.) – 11:30 am-1:00 pm

36 Privacy Concerns in the Management of Today's Information Education Code: TU03-3524 36 Andrew B. Clauss, Esq. Don McLaughlin, Esq. Christopher W. Brophy, Esq. Kevin Lanoha, Esq.

Download ppt "Privacy Concerns in the Management of Today's Information Andrew B. Clauss, Esq. Partner, Brophy Clauss, LLC Don McLaughlin, Esq. Founder and CEO, Falcon."

Similar presentations

H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health

H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health
© 2008 Oracle Corporation – Proprietary and Confidential.

© 2008 Oracle Corporation – Proprietary and Confidential.
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Public B2B Exchanges and Support Services

Public B2B Exchanges and Support Services
Create an Application Title 1A - Adult Chapter 3.

Create an Application Title 1A - Adult Chapter 3.
HIPAA AWARENESS TRAINING

HIPAA AWARENESS TRAINING
MOSS ADAMS LLP | 1 W HAT I S S ENSITIVE D ATA ? Whats the Risk and What Do We Do About It? Weston Nelson Steve Fineberg Steven Gin.

MOSS ADAMS LLP | 1 W HAT I S S ENSITIVE D ATA ? Whats the Risk and What Do We Do About It? Weston Nelson Steve Fineberg Steven Gin.
Privacy Impact Assessment Future Directions TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.

Privacy Impact Assessment Future Directions TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
American Bar Association Ethics 20/20 Commission Presentation to YLD Council Las Vegas, May 12, 2011 Professor Paul D. Paton, Reporter.

American Bar Association Ethics 20/20 Commission Presentation to YLD Council Las Vegas, May 12, 2011 Professor Paul D. Paton, Reporter.
Computer Literacy BASICS

Computer Literacy BASICS
Eight Strategies to Reduce Your Risk in the Event of A Data Breach Sheryl Falk December 10, 2013.

Eight Strategies to Reduce Your Risk in the Event of A Data Breach Sheryl Falk December 10, 2013.
Activity 1………….Why Do You Need A Bank? Activity 2………The Many Services of a Bank Activity 3…The ABCs of a Chequing Account Activity 4………Opening a Chequing.

Activity 1………….Why Do You Need A Bank? Activity 2………The Many Services of a Bank Activity 3…The ABCs of a Chequing Account Activity 4………Opening a Chequing.
Effectively applying ISO9001:2000 clauses 6 and 7.

Effectively applying ISO9001:2000 clauses 6 and 7.
ACT User Meeting June 2011. Your entitlements window Entitlements, roles and v1 security overview Problems with v1 security Tasks, jobs and v2 security.

ACT User Meeting June Your entitlements window Entitlements, roles and v1 security overview Problems with v1 security Tasks, jobs and v2 security.
IP Multicast. 2003-2004 - Information management 2 Groep T Leuven – Information department 2/14 Agenda •Why IP Multicast ? •Multicast fundamentals •Intradomain.

IP Multicast Information management 2 Groep T Leuven – Information department 2/14 Agenda •Why IP Multicast ? •Multicast fundamentals •Intradomain.
2009 Data Protection Seminar

2009 Data Protection Seminar
2 1.Client protection principles 2.Principle #6 in practice 3.The client perspective 4.Participant feedback 5.Tools for improving practice 6.Conclusion.

2 1.Client protection principles 2.Principle #6 in practice 3.The client perspective 4.Participant feedback 5.Tools for improving practice 6.Conclusion.
Record Keeping F OR A S MALL B USINESS. RECORD KEEPING 2 Welcome 1. Agenda 2. Ground Rules 3. Introductions.

Record Keeping F OR A S MALL B USINESS. RECORD KEEPING 2 Welcome 1. Agenda 2. Ground Rules 3. Introductions.
Copyright © AIIM | All rights reserved. #AIIM The Global Community of Information Professionals aiim.org Information Management and Social Media Jesse.

Copyright © AIIM | All rights reserved. #AIIM The Global Community of Information Professionals aiim.org Information Management and Social Media Jesse.
1..

1..

Similar presentations

Ads by Google