slide1
Download
Skip this Video
Download Presentation
Polarized Attitudes

Loading in 2 Seconds...

play fullscreen
1 / 15

Polarized Attitudes - PowerPoint PPT Presentation


  • 96 Views
  • Uploaded on

The Privacy Minefield Sol Bermann Legal Project Manager Technology Policy Group-OSC (614) 688-4578 [email protected] Polarized Attitudes. Protect It. Advocates. Citizens. Protection with use. Consumers. Government. Business. Use It. Privacy Impact Areas.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Polarized Attitudes' - ashton


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
polarized attitudes
Polarized Attitudes

Protect It

Advocates

Citizens

Protection with use

Consumers

Government

Business

Use It

privacy impact areas
Privacy Impact Areas
  • Consumer Records (state & federal law)
    • PII
    • Surfing habits
  • Public Records (state & federal law)
    • SSN
    • Driver’s License
    • Real Estate
    • Arrest Records
  • Credit & Financial Records (GLB)
  • Health Records (HIPPA)
  • Children (COPPA)
privacy dangers
Privacy Dangers
  • External
    • Privacy law violations
    • Privacy policy violations
    • Bad actors (hackers)
      • monitoring issues
  • Internal
    • Privacy law violations
    • Privacy policy violations (acceptable use)
      • monitoring issues
privacy failure consequences
Privacy Failure Consequences
  • Loss of trust
  • Irreparable damage to reputation, user retention
  • Loss of revenue and new business
  • Interruption of transborder data flows, applicable penalties in international jurisdictions
  • Possible federal, state enforcement actions- millions of dollars spent and loss of flexibility in marketplace to implement consent decrees, irreparable damage to key initiatives such as eBusiness or eGovernment
  • Litigation from consumers, privacy advocates, etc...
  • Civil and criminal penalties for wrongful disclosure of protected health information
plan for privacy
Plan for Privacy
  • Have a privacy/security plan
    • External & Internal--there is no single solution
      • A framework is essential
      • Accountability is essential
      • Compliance is essential
      • A Privacy Policy is a value-added proposition for citizens and a competitive advantage for companies
  • Be Honest & Create Trust
    • Let people know what you are doing and let them make their own decisions
policy framework
Policy Framework
  • Where possible follow OECD guidelines
    • Collection Limitation Principle
    • Data Quality Principle
    • Purpose Specification Principle
    • Use Limitation Principle
    • Security Safeguards Principle
    • Openness Principle
    • Individual Participation Principle
    • Accountability Principle
technological framework
Technological Framework
  • How is the data organized, labeled, and stored?
  • What paths does the data take when getting from point A to point B and how are these paths protected?
  • Is there positive control over the data at all time?
  • What security mechanisms surround the use of the data?
accountability
Accountability
  • Everyone (same for business & government)
    • Essential Clearances
      • CEO; Business Units; Marketing; H.R.; General Counsel; Government Affairs; Information Security; I/T
    • BUT ACCOUNTABILITY TO EVERYONE IS ACCOUNTABILITY TO NO ONE
  • Must have an enforcer
    • Chief Privacy Officer (or something similar)
compliance
Compliance
  • Is there a data privacy compliance strategy?
  • What are the elements of the compliance program?
  • Is there an auditor (ex: CPO)
  • What is the role of the auditor?
  • Does the compliance program have teeth?
lesson to remember
LESSON TO REMEMBER
  • Create Trust
  • Be Honest
    • Have a Policy
    • Display Your Policy
    • Follow Your Policy
    • Develop Your Infrastructure
    • Audit Your Infrastructure
    • Be Accountable
    • Have a CPO or Compliance Officer
some good books
Some Good Books
  • “Database Nation”, Simson Garfinkel
  • “The Transparent Society”, David Brin
  • “The Unwanted Gaze”, Jeffrey Rosen
  • “The Hundredth Window : Protecting Your Privacy and Security in the Age of the Internet”, Charles Jennings, Lori Fena
  • “For the Record : Protecting Electronic Health Information”, Computer Science and Telecommunications Board
  • “1984”, George Orwell
  • “Brave New World”, Aldous Huxley
a few of many privacy links
A Few of Many Privacy Links

Regulatory

  • Gramm Leach Bliley www.bog.frb.fed.us/BoardDocs/Press/BoardActs/2000/20000621
  • FTC: www.ftc.gov/acoas/papers/finalreport.htm
  • HIPAA: http://aspe.hhs.gov/admnsimp/
  • EU: http://europa.eu.int/eur-ex/en/lif/dat/1995/en_395L0046.html
  • OECD: http://www.oecd.org//dsti/sti/it/secur/prod/PRIV-EN.HTM#3

General Info

  • www.privacyexchange.org
  • www.epic.org
  • www.privacyplace.com
  • www.eff.org
  • www.leglnet.com/libr-priv.htm
  • www.privacyalliance.org
more links
More Links

Technology and Services

  • www.w3.org/P3P/
  • www.pwcglobal.com/Extweb/service.nsf/
  • www.ibm.com/services/e-business/security.html
  • www.truste.com
  • www.junkbusters.com
  • www.anonymizer.com
  • www.siegesoft.com/products.shtml
  • www.iprivacy.com
  • www.privada.com
  • www. zeroknowledge.com
  • www.safemessage.com
  • www.privacyright.com
ad