Using Safe Harbor to Develop an Integrated, Global Assessment Approach August 20, 2008. Lael Bellamy, Chief Counsel - IT, IP & Privacy ING Americas (formerly with The Home Depot) Laurie Smaldon, CIPP, Manager, Privacy and Identity Theft Practice, PricewaterhouseCoopers LLP.
Integrated, Global Assessment Approach
August 20, 2008
Lael Bellamy, Chief Counsel - IT, IP & Privacy
ING Americas (formerly with The Home Depot)
Laurie Smaldon, CIPP, Manager, Privacy and Identity Theft Practice, PricewaterhouseCoopers LLP
Click to edit Master subtitle stylePanelists
2.Choice. The policy will also cover areas where consent, permission, data use limitations/opt-out strategies and special treatment for "Sensitive Personal Data“ are applicable.
3, 4 & 5.Access, data integrity and enforcement. The policy also addresses other areas related to existing processes or controls, if applicable, to meet Access, Data Integrity and Enforcement requirements needed to cover a Safe Harbor election.
(i) applicable systems, applications and databases that will be the subject to the Safe Harbor certification
(ii) data elements being used and maintained in such systems, applications and databases, and
(iii) any internal and external transfers of the data.
Pulling it all together:
An Integrated Approach
Common Vulnerabilities and Practices that can Compromise Sensitive Data
Third-party vendor handling and transfers;
Improper access or broad access controls;
Paper handling and dumpster diving;
Phishing, web/email vulnerabilities;
Mobile and home-based workforce;
Call centers and social engineering;
Use of personal information in authentication processes with customers (online, phone, fax);
Peer-to-peer networks (iPods, etc.);
Collecting/using SSNs and personal info; and
Transportable media.Integrated Assessments Overview
Safe Harbor & Ongoing Privacy Assessment