Looking ahead privacy laws technology
This presentation is the property of its rightful owner.
Sponsored Links
1 / 41

Looking Ahead Privacy, Laws, & Technology PowerPoint PPT Presentation


  • 65 Views
  • Uploaded on
  • Presentation posted in: General

Looking Ahead Privacy, Laws, & Technology. ____________________________________________ J. Trevor Hughes International Association of Privacy Professionals. Emerging Regulatory Issues. Privacy ID Theft SSNs Spam Telemarketing GLBA FCRA HIPAA Patriot Act Security The Ugly Stepchild

Download Presentation

Looking Ahead Privacy, Laws, & Technology

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Looking ahead privacy laws technology

Looking AheadPrivacy, Laws, & Technology

____________________________________________

J. Trevor Hughes

International Association of Privacy Professionals


Emerging regulatory issues

Emerging Regulatory Issues

  • Privacy

    • ID Theft

    • SSNs

    • Spam

    • Telemarketing

    • GLBA

    • FCRA

    • HIPAA

    • Patriot Act

  • Security

    • The Ugly Stepchild

  • A Look Ahead

    • Emerging Technology

    • Biometrics

    • Data Fluidity

    • Data Aggregation


The privacy strata

The Privacy Strata

Technology Standards

Self Regulatory Standards

The

Rest of the

World

US Government

SSNs

GLB

HIPPA

EUROPE

The States

(Legislatures, DOIs and AGs)

Canada


Show me the harm

Marketing

Telemarketing

SPAM

Identity Theft

Show me the harm...

Harm to Public


Identity theft

FTC Complaints:

2000: 31,000

2001: 86,000

2002: 162,000

Top consumer fraud complaint in 2002

30% growth predicted going forward

Average impact:

$1500

175 hours of clean up

credit disruptions

42% of complaints involve credit card fraud

Identity Theft

Identity theft coverage now available


Social security numbers

Social Security Numbers

  • California:

    • Correspondence to residential addresses cannot include a SSN

    • (Simitian bill) employers cannot use SSN for purposes other than taxes

  • Feds:

    • Proposals to limit use as college ID

  • Looking ahead:

    • Restrictions on the use of SSNs as internal identifiers

      • May be used for verification of identity, accessing medical files and credit reports

      • May not be used as an account number


Looking ahead privacy laws technology

SPAM

  • Hotmail – 80% unsolicited bulk email

  • 31 billion per day (2002)

  • 60 billion per day(2006)

  • Dial up concerns (EU local call problems)

  • Work productivity/liability concerns

  • Deliverability concerns

  • Channel viability concerns (the “900” phenomenon)


Will the cure kill email

Legal Responses:

26 states with anti-spam legislation

Can Spam Act in Congress (expected to pass this year)

EU opt-in requirements

Tech Responses

Blacklists

Filtering by ISPs

Solution providers

Habeus

Trusted Sender

IronPort

Brightmail

Will the Cure Kill Email?

Aggressive filtering results in “false positives”

(legitimate email being blocked)


Employee email privacy

Employee Email Privacy

  • Blurring of work/home boundaries

  • 30% of ecommerce sales generated from the workplace

  • Extensive use of company email for personal use

  • Issue: employer monitoring?

  • European v. US approaches


Telemarketing

Telemarketing

  • The “must have” legislation for every up-and-coming AG

  • TCPA – allows for single vendor opt-out

  • FTC’s 2001 gift to consumers: a national do not call registry (call Billy Tauzin)

  • Telemarketing will diminish as a sales vehicle


Fair credit reporting act

Fair Credit Reporting Act

  • Reauthorization in 2003

  • Big issues:

    • Expand consumer privacy protections?

    • Sunset state preemption?

      • NAAG says “YES!”

      • Business community says “please, no!”

  • For insurers: beware of scope creep in FCRA reauthorization (Sen. Shelby – GLBA did not go far enough; wants opt in for third party transfers)


Layered privacy notices

Layered Privacy Notices


Security

Security

The Ugly Stepchild of Privacy


Security1

Security

  • Security Audit

    • Quickest, easiest way to get a snapshot of your security issues

  • Develop a “Security Portfolio”

    • Internet/Acceptable use policies

    • E-mail policies

    • Remote access policies

    • Special access policies

    • Data protection policies

    • Firewall management policies

    • Cost sensitive, appropriate architecture

  • Reassess, Audit, Revise

Defense

In

Depth!


Security2

Security

  • Protect Internally and Externally

    • IIS Survey (2000) – 68% of attacks are internal

  • Protect Network AND Data

    • Data is usually the target of an attack, not the “network”


Security what to do

Security – What to do?

  • Standards Emerge!

    • Data encryption to the column level

    • Role-based access control to the row level

    • Role-based access for DBAs

    • Transaction auditability

  • Pay now, or Pay Later!


A look ahead

A look ahead...


Emerging dynamics

Emerging Dynamics

  • Data Fluidity

    • Personalization

    • Persistent Surveillance

    • Biometrics

  • Data Aggregation

    • Targeted messaging

  • Geo Privacy


Data friction and fluidity

Data Friction and Fluidity

FRICTION

FLUIDITY

Digital Data

Printing Press

Paper

Stone Tablets

Data Velocity


Personalization

Personalization

  • As data becomes more fluid, personal targeting becomes possible

  • Privacy issues prevail

  • .NET (Microsoft), Liberty Alliance (Sun)

    • Never entering your name, password, address and credit card again

  • Do we really want this?

  • The rise of GUIDs


Personlization today

Personlization Today

Hello John Anderton...


Data fluidity for healthcare

Data Fluidity for Healthcare

  • Smart Cards

    • Genome

    • Entire Medical Record

  • HIPAA code sets

  • CRM across all lines/interaction points

  • Single interface solutions for customers


Biometrics everywhere

Biometrics Everywhere

  • Biometric Attestations

    • Faceprints, eyeprints, fingerprints, hand geometry, voice recognition, vein patterns, gait recognition, odor...


Face recognition

Face Recognition

  • 2001 Superbowl

  • Airports

  • Urban hot spots

  • Business campus


Iris fingerprint recognition

Iris/Fingerprint Recognition

  • Airports (Vancouver and Toronto)

  • Signatures

  • High security buildings


Persistent surveillance

Persistent Surveillance

  • “He’s been idented on the Metro...”


Data aggregation

Data Aggregation

Data Silos

Aggregation

Derivative Data

Meta Data

Inferred Data

Core Data

Personalization and Velocity


Geo privacy

Geo Privacy

  • e911

  • Geo Targeted Wireless Services

    • “Smell that coffee? Come in for a cup!”


Lessons to be learned

Lessons to be Learned

  • Data Becomes Much More Fluid

  • Data Management Becomes Much More Difficult

  • Data Moves More Quickly

  • Smart Companies will Harness the Power of Data Fluidity to Reduce Costs and Improve Their Value Propositions


Looking ahead privacy laws technology

  • The International Association of Privacy Professionals

  • is the nation’s leading association for privacy and security

  • professionals. It helps its members build and maintain privacy

  • programs while effectively navigating rapidly changing

  • regulatory and legal environments.

  • Mission of IAPP

    • To promote privacy programs and safeguards – their introduction, development and maintenance. 

    • To provide a forum for interaction and information exchange for our members.

    • To create high quality educational opportunities for those involved with privacy issues.

Phone: 800-266-6501 [email protected]


Looking ahead privacy laws technology

  • THANKS!

    J. Trevor Hughes

    [email protected]

    207 351 1500


  • Login