ABC's of Privacy and Security
description
Transcript of ABC's of Privacy and Security
THE ABC’s of
PRIVACY & SECURITY
Disclaimer
Lawyers
what is privacy?
Personally Identifiable Information (PII)
“Personally identifiable information” is information that identifies a particular person. “Pii” includes: !
• Full name; • National identification number; • IP address; • Vehicle registration plate number; • Driver’s license number; • Face; • Fingerprints; • Handwriting; • Credit card numbers; • Digital identity; • Date of birth; • Birthplace; and • Genetic information.
Sensitive PII !
• Information on Medical or Health Condition; • Financial Information; • Racial or Ethnic Origin; • Political Opinion; • Religious or Philosophical Beliefs; • Trade Union Membership; • Sexual Preference; and • Information Related to Criminal Offenses or
Convictions.
Digital Data Privacy law is complicated.
Nationwide legislation is industry specific.
General Accepted Privacy Principles (GAPPs)
General Accepted Privacy Principles (GAPPs) !1. Notice 2. Consent 3. Use, Retention and Disposal 4. Monitoring and Enforcement
California ! Do Not Track ! Data Breach Notification ! No Surprises Approach to Mobile from the AG’s Office ! Digital “Eraser” Law for Minors !
!!!
!
privacy law abroad.
international compliance.
Main Principles of the EU-US Safe Harbor !1. Notice 2. Choice 3. Onward Transfer 4. Access 5. Security 6. Data Integrity 7. Enforcement
kidz online.
yes, different rules apply.
Children’s Online Privacy Protection Act !Requires websites to get parental consent before collecting or sharing info for children under 13. !Enforced by the Federal Trade Commission. !Applies to commercial websites and other online services. !!!
getting prepped
Privacy Management in Seven Steps
Seven Steps for Privacy Management !1. Assess 2. Plan 3. Draft 4. Implement 5. Disclose 6. Grow 7. Rinse & Repeat
!!!
!
Seven Steps for Privacy Management !Assess
!!!
!
Conducting an assessment on privacy and data security.
Audit:
type
amount
use
intake
Seven Steps for Privacy Management !Plan
!!!
!
Seven Steps for Privacy Management !Draft
!!!
!
What Your Privacy Policy Should Say !
!!
!
What Your Privacy Policy Should Say !
How Data is Collected and Stored !
!
What Your Privacy Policy Should Say !
Choice & Consent !
!
What Your Privacy Policy Should Say !
Data Retention !
!
What Your Privacy Policy Should Say !
Redress of Grievances !
!
What Your Privacy Policy Should Say !
Mobile Application Disclosure & Disclaimer !
!
Seven Steps for Privacy Management !Implement
!!!
!
What Your Team Should Know !
Where the Privacy Policy is located !
!
What They Should Know !
What kind of data you should collect !
!
What They Should Know !
How to handle basic customer privacy concerns !
!
Seven Steps for Privacy Management !Disclose
!!!
!
Seven Steps for Privacy Management !Grow
!!!
!
Seven Steps for Privacy Management !Rinse & Repeat
!!!
!
Avoiding the “Oh, crap.”
General Privacy Tips
Where Trouble Arises !Failing to respond to a complaint from the public
!
Where Trouble Arises !Don’t over-promise
!
Where Trouble Arises ! When in doubt, talk to your risk management or legal teams
Where Trouble Arises ! Appropriate account access minimizes liability
Where Trouble Arises ! Use common sense
We just scratched the surface.
?
THE ABC’s of
PRIVACY & SECURITY