The Privacy Minefield
This presentation is the property of its rightful owner.
Sponsored Links
1 / 15

Polarized Attitudes PowerPoint PPT Presentation


  • 59 Views
  • Uploaded on
  • Presentation posted in: General

The Privacy Minefield Sol Bermann Legal Project Manager Technology Policy Group-OSC (614) 688-4578 [email protected] Polarized Attitudes. Protect It. Advocates. Citizens. Protection with use. Consumers. Government. Business. Use It. Privacy Impact Areas.

Download Presentation

Polarized Attitudes

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Polarized attitudes

The Privacy MinefieldSol BermannLegal Project ManagerTechnology Policy Group-OSC(614) [email protected]


Polarized attitudes

Polarized Attitudes

Protect It

Advocates

Citizens

Protection with use

Consumers

Government

Business

Use It


Privacy impact areas

Privacy Impact Areas

  • Consumer Records (state & federal law)

    • PII

    • Surfing habits

  • Public Records (state & federal law)

    • SSN

    • Driver’s License

    • Real Estate

    • Arrest Records

  • Credit & Financial Records (GLB)

  • Health Records (HIPPA)

  • Children (COPPA)


Privacy dangers

Privacy Dangers

  • External

    • Privacy law violations

    • Privacy policy violations

    • Bad actors (hackers)

      • monitoring issues

  • Internal

    • Privacy law violations

    • Privacy policy violations (acceptable use)

      • monitoring issues


Privacy failure consequences

Privacy Failure Consequences

  • Loss of trust

  • Irreparable damage to reputation, user retention

  • Loss of revenue and new business

  • Interruption of transborder data flows, applicable penalties in international jurisdictions

  • Possible federal, state enforcement actions- millions of dollars spent and loss of flexibility in marketplace to implement consent decrees, irreparable damage to key initiatives such as eBusiness or eGovernment

  • Litigation from consumers, privacy advocates, etc...

  • Civil and criminal penalties for wrongful disclosure of protected health information


Response

Response


Plan for privacy

Plan for Privacy

  • Have a privacy/security plan

    • External & Internal--there is no single solution

      • A framework is essential

      • Accountability is essential

      • Compliance is essential

      • A Privacy Policy is a value-added proposition for citizens and a competitive advantage for companies

  • Be Honest & Create Trust

    • Let people know what you are doing and let them make their own decisions


Policy framework

Policy Framework

  • Where possible follow OECD guidelines

    • Collection Limitation Principle

    • Data Quality Principle

    • Purpose Specification Principle

    • Use Limitation Principle

    • Security Safeguards Principle

    • Openness Principle

    • Individual Participation Principle

    • Accountability Principle


Technological framework

Technological Framework

  • How is the data organized, labeled, and stored?

  • What paths does the data take when getting from point A to point B and how are these paths protected?

  • Is there positive control over the data at all time?

  • What security mechanisms surround the use of the data?


Accountability

Accountability

  • Everyone (same for business & government)

    • Essential Clearances

      • CEO; Business Units; Marketing; H.R.; General Counsel; Government Affairs; Information Security; I/T

    • BUT ACCOUNTABILITY TO EVERYONE IS ACCOUNTABILITY TO NO ONE

  • Must have an enforcer

    • Chief Privacy Officer (or something similar)


Compliance

Compliance

  • Is there a data privacy compliance strategy?

  • What are the elements of the compliance program?

  • Is there an auditor (ex: CPO)

  • What is the role of the auditor?

  • Does the compliance program have teeth?


Lesson to remember

LESSON TO REMEMBER

  • Create Trust

  • Be Honest

    • Have a Policy

    • Display Your Policy

    • Follow Your Policy

    • Develop Your Infrastructure

    • Audit Your Infrastructure

    • Be Accountable

    • Have a CPO or Compliance Officer


Some good books

Some Good Books

  • “Database Nation”, Simson Garfinkel

  • “The Transparent Society”, David Brin

  • “The Unwanted Gaze”, Jeffrey Rosen

  • “The Hundredth Window : Protecting Your Privacy and Security in the Age of the Internet”, Charles Jennings, Lori Fena

  • “For the Record : Protecting Electronic Health Information”, Computer Science and Telecommunications Board

  • “1984”, George Orwell

  • “Brave New World”, Aldous Huxley


A few of many privacy links

A Few of Many Privacy Links

Regulatory

  • Gramm Leach Bliley www.bog.frb.fed.us/BoardDocs/Press/BoardActs/2000/20000621

  • FTC: www.ftc.gov/acoas/papers/finalreport.htm

  • HIPAA: http://aspe.hhs.gov/admnsimp/

  • EU: http://europa.eu.int/eur-ex/en/lif/dat/1995/en_395L0046.html

  • OECD: http://www.oecd.org//dsti/sti/it/secur/prod/PRIV-EN.HTM#3

    General Info

  • www.privacyexchange.org

  • www.epic.org

  • www.privacyplace.com

  • www.eff.org

  • www.leglnet.com/libr-priv.htm

  • www.privacyalliance.org


More links

More Links

Technology and Services

  • www.w3.org/P3P/

  • www.pwcglobal.com/Extweb/service.nsf/

  • www.ibm.com/services/e-business/security.html

  • www.truste.com

  • www.junkbusters.com

  • www.anonymizer.com

  • www.siegesoft.com/products.shtml

  • www.iprivacy.com

  • www.privada.com

  • www. zeroknowledge.com

  • www.safemessage.com

  • www.privacyright.com


  • Login