Presentation is loading. Please wait.

Presentation is loading. Please wait.

Recent Privacy Developments ISACA January 12, 2012 Keith A. Cheresko and Robert L. Rothman Principals, Privacy Associates International LLC.

Published bySamson Marsh Modified over 9 years ago

Similar presentations

Presentation on theme: "Recent Privacy Developments ISACA January 12, 2012 Keith A. Cheresko and Robert L. Rothman Principals, Privacy Associates International LLC."— Presentation transcript:

1 Recent Privacy Developments ISACA January 12, 2012 Keith A. Cheresko and Robert L. Rothman Principals, Privacy Associates International LLC

2 Purpose

3

4

5

6

7

8

9 Areas or Topics of Privacy Activity Breach Cloud Geo-location Facial Recognition BYOD Marketing Social Media OBA Consumer Financial Protection Bureau Federal Trade Commission COPPA Health Care International EU Cookie Rules EU Data Protection Directive APEC USA PATRIOT ACT Supplier Relationships

10 Focus on Several Items Social Media Breach Marketing Supplier Relationships Privacy Developments from the EU TEST!

11 US Developments

12 Breach PII

13 States Continue Tightening Requirements

14 Class Actions Proliferating

15 Breach Notification No general national beach notification law - BUT

16 Breach Notification Internal processes Training Policies and practices Supplier action implications

17 Social Media

18 Endorsements

19 HR Implications

20 Social Media Labor Relations

21 Social Media NLRB Actions

22 Social Media Policies and practices Internal processes Training Enforcement

23 BYOD

24 Marketing

25 OBA – Online Behavioral Advertising

26 Geo-Location

27 COPPA

28 Texting

29 Marketing Policies and practices Internal processes Training Enforcement

30 Facial Recognition

31 Supplier Relationships

32 Cloud Computing

33 Supplier Relationships Contracts!

34 Supplier Relationships Contract Allocation of liability Responsibility for actions of others

35 European Data Protection Directive

36 The European Data Protection Laws Have Been a Compliance Headache for Companies Around the World

37 Proposed New Data Protection Regulation

38 The Good News DIRECTIVE REGULATION

39 The Bad News Nearly Everything Else

40 Significantly Increased Fines and Penalties

41 Consent Narrowed

42 Data Breach Notification

43 Right to Be Forgotten

44 Data Minimization

45 Accountability

46 Mandatory Data Privacy Officer

47 Companies Outside Europe Potentially Subject to the Regulation

48 Status of Regulation

49 My Head Hurts

50 BULL NO-BULL TEST

51 Statements about the Update Bull – the statement is not true Not Bull – the statement is true Requires audience participation – Vocalization of response – Be careful of “trick” statements

52 Sample Statement The proposed EU privacy regulation will finally prevent the possibility of English mad cows from entering this country.

53 BULL NO-BULL

54 BULL

55 Statement One The US is unique in the world by requiring notification to individuals who are affected by a security breach involving the loss of personal information.

56 BULL NO-BULL

57 BULL

58 Statement Two The Proposed EU Data Privacy Regulation will require all companies to appoint an independent data protection officer to serve for a term of not less than two years.

59 BULL NO-BULL

60 BULL

61 Statement Three Personal Identification Information breaches in the US are regulated by the federal breach notification statute.

62 BULL NO-BULL

63 BULL

64 Statement Four Product claims made on social media are not covered by normal FTC advertising rules under the “Zuckerman” exception.

65 BULL NO-BULL

66 BULL

67 Statement Five The basic rule in the EU is that personal data can not be sent to the US because the US does not have adequate privacy laws.

68 BULL NO-BULL

69 NO BULL

70 Question Six A company can not contract away all its privacy responsibility to its suppliers.

71 BULL NO-BULL

72 NO BULL

73 Final Statement This has been an interesting and informative and somewhat entertaining session.

74 Contact Information Keith A. Cheresko Privacy Associates International LLC kcheresko@privassoc.com www.privassoc.com (248) 535-2819 Robert L. Rothman Privacy Associates International LLC rrothman@privassoc.com www.privassoc.com (248) 880-3942

Download ppt "Recent Privacy Developments ISACA January 12, 2012 Keith A. Cheresko and Robert L. Rothman Principals, Privacy Associates International LLC."

Similar presentations

Data Privacy and Security in the Cloud Presented by Robert J. Scott Managing Partner Scott & Scott, LLP www.ScottandScottllp.com.

Data Privacy and Security in the Cloud Presented by Robert J. Scott Managing Partner Scott & Scott, LLP
Chapter 44 Administrative Law Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

Chapter 44 Administrative Law Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.
Mobile Payments and the FTC Manas Mohapatra Director of Mobile Policy Mobile Technology Unit Federal Trade Commission The views expressed are not necessarily.

Mobile Payments and the FTC Manas Mohapatra Director of Mobile Policy Mobile Technology Unit Federal Trade Commission The views expressed are not necessarily.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.

The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.
Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.

Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
4.01 Foundational knowledge of promotion

4.01 Foundational knowledge of promotion
Security Professionals Workshop: Legal Issues in Computer and Network Security Peter C. Cassat.

Security Professionals Workshop: Legal Issues in Computer and Network Security Peter C. Cassat.
Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.

Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.
SA Constitution Sec 14 – Privacy – RICA – POPI Sec 32 – Access to Information – PAIA – POPI.

SA Constitution Sec 14 – Privacy – RICA – POPI Sec 32 – Access to Information – PAIA – POPI.
Security of Computerized Medical Information: Threats from Authorized Users James G. Anderson, Ph.D. Purdue University.

Security of Computerized Medical Information: Threats from Authorized Users James G. Anderson, Ph.D. Purdue University.
Phil Lee, Head of US Office, Fieldfisher Jim Brashear, General Counsel, Zix © 2015 ZixCorp. All Rights Reserved. THE CHANGING LEGAL PERSPECTIVE ON BYOD.

Phil Lee, Head of US Office, Fieldfisher Jim Brashear, General Counsel, Zix © 2015 ZixCorp. All Rights Reserved. THE CHANGING LEGAL PERSPECTIVE ON BYOD.
Informed Consent and HIPAA Tim Noe Coordinating Center.

Informed Consent and HIPAA Tim Noe Coordinating Center.
NTIA Privacy Multistakeholder Meeting March 25, 2014 Amanda Koulousias, Attorney Division of Privacy and Identity Protection Federal Trade Commission FTC.

NTIA Privacy Multistakeholder Meeting March 25, 2014 Amanda Koulousias, Attorney Division of Privacy and Identity Protection Federal Trade Commission FTC.
“Privacy Implications of RFID Technology in Health Care Settings” Marc Rotenberg President EPIC Dept. of Health & Human Services Washington, DC 11 January.

“Privacy Implications of RFID Technology in Health Care Settings” Marc Rotenberg President EPIC Dept. of Health & Human Services Washington, DC 11 January.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Recent Developments in Privacy and Data Security Secureworld Expo – Dearborn, Michigan October 4, 2012 Keith A. Cheresko, Principal Privacy Associates.

Recent Developments in Privacy and Data Security Secureworld Expo – Dearborn, Michigan October 4, 2012 Keith A. Cheresko, Principal Privacy Associates.
CONSUMER PROTECTION AND LITIGATION: CONSUMER PROTECTION AND LITIGATION: Ryan Mehm Attorney Bureau of Consumer Protection Federal Trade Commission The views.

CONSUMER PROTECTION AND LITIGATION: CONSUMER PROTECTION AND LITIGATION: Ryan Mehm Attorney Bureau of Consumer Protection Federal Trade Commission The views.

Similar presentations

Ads by Google