Download Global Privacy Regulation

Document related concepts

Business intelligence wikipedia , lookup

Transcript
Recent Privacy Developments
ISACA
January 12, 2012
Keith A. Cheresko and Robert L. Rothman
Principals, Privacy Associates International LLC
Purpose
Purpose
Purpose
Purpose
Purpose
Purpose
Purpose
Areas or Topics of Privacy Activity
•
•
•
•
•
•
•
•
•
Breach
Cloud
Geo-location
Facial Recognition
BYOD
Marketing
Social Media
OBA
Consumer Financial
Protection Bureau
• Federal Trade
Commission
• COPPA
• Health Care
• International
• EU Cookie Rules
• EU Data Protection
Directive
• APEC
• USA PATRIOT ACT
• Supplier Relationships
Focus on Several Items
•
•
•
•
•
•
Social Media
Breach
Marketing
Supplier Relationships
Privacy Developments from the EU
TEST!
US Developments
Breach
PII
States Continue Tightening
Requirements
Class Actions Proliferating
Breach Notification
No general national beach notification law - BUT
Breach Notification
•
•
•
•
Internal processes
Training
Policies and practices
Supplier action implications
Social Media
Endorsements
HR Implications
Social Media
Labor Relations
Social Media
NLRB Actions
Social Media
•
•
•
•
Policies and practices
Internal processes
Training
Enforcement
BYOD
Marketing
OBA – Online Behavioral Advertising
Geo-Location
COPPA
Texting
Marketing
•
•
•
•
Policies and practices
Internal processes
Training
Enforcement
Facial Recognition
Supplier Relationships
Supplier Relationships
Cloud Computing
Supplier Relationships
Contracts!
Supplier Relationships
• Contract
• Allocation of liability
• Responsibility for actions of others
European Data Protection Directive
The European Data Protection Laws
Have Been a Compliance Headache for
Companies Around the World
Proposed New Data Protection
Regulation
The Good News
DIRECTIVE
REGULATION
The Bad News
Nearly
Everything
Else
Significantly Increased Fines and
Penalties
Consent Narrowed
Data Breach Notification
Right to Be Forgotten
Data Minimization
Accountability
Mandatory Data Privacy Officer
Companies Outside Europe
Potentially Subject to the Regulation
Status of Regulation
My Head Hurts
BULL
NO-BULL TEST
Statements about the Update
• Bull – the statement is not true
• Not Bull – the statement is true
• Requires audience participation
–Vocalization of response
–Be careful of “trick” statements
Sample Statement
The proposed EU privacy
regulation will finally prevent the
possibility of English mad cows
from entering this country.
BULL
NO-BULL
BULL
Statement One
The US is unique in the world by
requiring notification to
individuals who are affected by a
security breach involving the loss
of personal information.
BULL
NO-BULL
BULL
Statement Two
The Proposed EU Data Privacy
Regulation will require all
companies to appoint an
independent data protection
officer to serve for a term of not
less than two years.
BULL
NO-BULL
BULL
Statement Three
Personal Identification
Information breaches in the US
are regulated by the federal
breach notification statute.
BULL
NO-BULL
BULL
Statement Four
Product claims made on social
media are not covered by normal
FTC advertising rules under the
“Zuckerman” exception.
BULL
NO-BULL
BULL
Statement Five
The basic rule in the EU is that
personal data can not be sent to
the US because the US does not
have adequate privacy laws.
BULL
NO-BULL
NO BULL
Question Six
A company can not contract away
all its privacy responsibility to its
suppliers.
BULL
NO-BULL
NO BULL
Final Statement
This has been an interesting and
informative and somewhat
entertaining session.
Contact Information
Keith A. Cheresko
Privacy Associates
International LLC
[email protected]
www.privassoc.com
(248) 535-2819
Robert L. Rothman
Privacy Associates
International LLC
[email protected]
www.privassoc.com
(248) 880-3942