THE ABC’s of

PRIVACY & SECURITY

Disclaimer

Lawyers

what is privacy?

Personally Identifiable Information (PII)

“Personally identifiable information” is information that identifies a particular person. “Pii” includes: !

• Full name; • National identification number; • IP address; • Vehicle registration plate number; • Driver’s license number; • Face; • Fingerprints; • Handwriting; • Credit card numbers; • Digital identity; • Date of birth; • Birthplace; and • Genetic information.

Sensitive PII !

• Information on Medical or Health Condition; • Financial Information; • Racial or Ethnic Origin; • Political Opinion; • Religious or Philosophical Beliefs; • Trade Union Membership; • Sexual Preference; and • Information Related to Criminal Offenses or

Convictions.

Digital Data Privacy law is complicated.

Nationwide legislation is industry specific.

General Accepted Privacy Principles (GAPPs)

General Accepted Privacy Principles (GAPPs) !1. Notice 2. Consent 3. Use, Retention and Disposal 4. Monitoring and Enforcement

California ! Do Not Track ! Data Breach Notification ! No Surprises Approach to Mobile from the AG’s Office ! Digital “Eraser” Law for Minors !

!!!

!

privacy law abroad.

international compliance.

Main Principles of the EU-US Safe Harbor !1. Notice 2. Choice 3. Onward Transfer 4. Access 5. Security 6. Data Integrity 7. Enforcement

kidz online.

yes, different rules apply.

Children’s Online Privacy Protection Act !Requires websites to get parental consent before collecting or sharing info for children under 13. !Enforced by the Federal Trade Commission. !Applies to commercial websites and other online services. !!!

getting prepped

Privacy Management in Seven Steps

Seven Steps for Privacy Management !1. Assess 2. Plan 3. Draft 4. Implement 5. Disclose 6. Grow 7. Rinse & Repeat

!!!

!

Seven Steps for Privacy Management !Assess

!!!

!

Conducting an assessment on privacy and data security.

Audit:

type

amount

use

intake

Seven Steps for Privacy Management !Plan

!!!

!

Seven Steps for Privacy Management !Draft

!!!

!

What Your Privacy Policy Should Say !

!!

!

What Your Privacy Policy Should Say !

How Data is Collected and Stored !

!

What Your Privacy Policy Should Say !

Choice & Consent !

!

What Your Privacy Policy Should Say !

Data Retention !

!

What Your Privacy Policy Should Say !

Redress of Grievances !

!

What Your Privacy Policy Should Say !

Mobile Application Disclosure & Disclaimer !

!

Seven Steps for Privacy Management !Implement

!!!

!

What Your Team Should Know !

Where the Privacy Policy is located !

!

What They Should Know !

What kind of data you should collect !

!

What They Should Know !

How to handle basic customer privacy concerns !

!

Seven Steps for Privacy Management !Disclose

!!!

!

Seven Steps for Privacy Management !Grow

!!!

!

Seven Steps for Privacy Management !Rinse & Repeat

!!!

!

Avoiding the “Oh, crap.”

General Privacy Tips

Where Trouble Arises !Failing to respond to a complaint from the public

!

Where Trouble Arises !Don’t over-promise

!

Where Trouble Arises ! When in doubt, talk to your risk management or legal teams

Where Trouble Arises ! Appropriate account access minimizes liability

Where Trouble Arises ! Use common sense

We just scratched the surface.

?

Lawyer

Christina Gagnier @gagnier gagnier@gamallp.com gamallp.com

THE ABC’s of

PRIVACY & SECURITY