privacy concerns in the management of today s information n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Privacy Concerns in the Management of Today's Information PowerPoint Presentation
Download Presentation
Privacy Concerns in the Management of Today's Information

Loading in 2 Seconds...

play fullscreen
1 / 36

Privacy Concerns in the Management of Today's Information - PowerPoint PPT Presentation


  • 110 Views
  • Uploaded on

Privacy Concerns in the Management of Today's Information. Andrew B. Clauss , Esq. Partner, Brophy Clauss, LLC Don McLaughlin, Esq. Founder and CEO, Falcon Discovery Christopher W. Brophy, Esq. Partner, Brophy Clauss LLC Shannon Bell, Esq. Partner, Grund , Dagner & Jung, P.C.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Privacy Concerns in the Management of Today's Information' - deva


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
privacy concerns in the management of today s information

Privacy Concerns in the Management of Today's Information

Andrew B. Clauss, Esq.

Partner, Brophy Clauss, LLC

Don McLaughlin, Esq.

Founder and CEO, Falcon Discovery

Christopher W. Brophy, Esq.

Partner, Brophy Clauss LLC

Shannon Bell, Esq.

Partner, Grund, Dagner& Jung, P.C.

Education Code: TU03-3524

learning objectives
Learning Objectives

2

Upon completion of this session, participants will be able to:

  • Identify types of information and data that can lead to privacy and confidentiality concerns
  • Describe the risks associated with creation, use, and management of this information
  • Develop strategies to minimize and balance these risks in the face of new technology
what this course does not cover
What This Course Does Not Cover

3

  • Privacy and information security are very broad areas; this presentation will not include specifics on the following areas, but you should be aware of them:
    • Detailed state, federal and international laws
    • Specific statutes, guidelines and regulations
        • We highlight only a few
        • Each Industry will have specific laws and rules (e.g., CPNI for telecommunications)
    • Specific areas like security breaches, ISPs, internet sales, wiretap act, children’s privacy, computer crimes, electronic surveillance (e.g. FISA, Patriot Act), SPAM, spyware, pretexting, insurance privacy, FERPA, etc.
introduction
Introduction
  • Three areas where privacy and security issues arise:

1. Businesses possess private employee information. What steps need to be taken to protect that information?

2. Businesses have their own private and confidential information. What steps need to be taken to keep that information private?

3. Businesses have private information about their customers. What needs to be done to keep that information protected?

the playing field sources of privacy law
The Playing Field – Sources of Privacy Law

5

  • International guidelines – OECD, APEC
    • What are they?
  • 7 cornerstones of privacy
    • Notice
    • Choice
    • Onward transfer
    • Access
    • Security
    • Data integrity
    • Enforcement
sources of privacy law
Sources of Privacy Law

6

  • Involvement of the FTC
    • How are the FTC and the FTC Act involved in privacy?
    • Targeted advertising
  • Health-related statutes
    • ADA
    • HIPAA & HITECH
    • State laws
sources of privacy law1
Sources of Privacy Law

7

  • ECPA/SCA
    • What are they?
    • How do they apply?
      • Accessing co-employer’s email
      • Use of another’s log-in information
      • What about consent?
  • Online privacy statutes
    • E.g. California
sources of privacy law2
Sources of Privacy Law

8

  • Financial privacy
    • GLB
      • When does it apply?
      • How could it apply to your business?
    • FCRA
      • How could it apply to your business?
    • FACT
      • What is it and what does it cover?
    • State laws
      • Unique provisions
      • Credit card restrictions
sources of employee information
Sources of Employee Information

9

Employees use company email for personal communications

Employees provide the company with private financial information, including bank accounts, retirement accounts, HSA accounts, etc.

Employees provide human resource information like SSN’s, marital/partner status, etc.

Employees use company resources (computers, phones, etc.) for storing personal information, such as photos, documents, and personal communications (e.g. personal attorney-client and physician-patient communications)

employee privacy issues
Employee Privacy Issues

10

  • Employee privacy issues
    • Private areas provided by employers
    • Privacy expectations
    • Impact of policies
    • Investigations
    • Employee emails
    • Right to purchase device on termination
    • Monitoring employee emails
    • Cell phone privacy
    • BYOD – phones and computers
    • Video surveillance in workplace
what policies and procedures should be considered
What Policies and Procedures Should be Considered?

Companies need to be aware of and guard against litigation exposure from employee activity on company resources

Companies need to establish and enforce policies relating to employee use of company resources for personal business

Companies need to guard against unlawful use/disclosure of employee information

case studies
Case Studies

12

  • Personal information in workplace systems/files
    • Types of data:
      • Health information
      • Personal legal – attorney-client privilege
      • Financial
      • Illegal material – pornography
      • Personal apps/music/photos
    • Where is it located?
    • What are the risks
    • What can be done to minimize risks
case studies1
Case Studies

13

  • Bring Your Own Device (BYOD)
    • Pros vs. cons
      • What are the risks?
      • What are the benefits?
case studies2
Case Studies

14

  • Bring Your Own Device (BYOD)
    • Considerations
      • Eligibility
      • Access
      • Cost
      • Devices/apps
      • Security (data and network)
      • Privacy
      • Support
      • Education and enforcement
      • Feedback and modification
case studies3
Case Studies

15

  • Bring Your Own Device (BYOD)
    • What are the risks?
      • FLSA
      • Discovery issues
      • Ownership issues
      • Security
    • What can be done to minimize risks?
      • Policies and procedures
case studies4
Case Studies

16

  • Social media/email
    • Key issues
      • Investigation/review
        • Two-party consent
        • Expectation of privacy issues
    • Directed use of blogging and social media
    • Marketing laws
    • Misuse – liability to company?
case studies5
Case Studies

17

  • Social media/email
    • What are the risks?
      • Disclosure of confidential information
      • Admissions against interest
      • Cyber defamation
    • What can be done to minimize risks?
      • Restricted access from company IT systems
      • Email/social media management strategies
corporate privacy issues
Corporate Privacy Issues

Trade secrets, company financial status, company planning, etc., together with employee and customer information

Research and development

Legal advice

Litigation concerns, especially discovery issues relating to the foregoing

corporate privacy policy considerations
Corporate Privacy Policy Considerations

19

  • Data destruction
    • SOX
    • State laws
      • Document destruction rule
  • Data breach notification laws
corporate privacy policy considerations1
Corporate Privacy Policy Considerations

20

  • Non-statutory & other concerns
    • NDAs and agreements
    • Private suits
      • Intrusion upon seclusion, appropriation of name or likeness, publicity given to private life, and false light publicity
    • Class-action suits
  • Protection of trade secrets
case studies6
Case Studies

21

  • Cloud computing
    • Public vs. private vs. hybrid vs. data center
    • Security breaches and issues
    • Downtime; financial health of provider
    • Private contracts with providers
    • Disclosure/consent from customers
    • M2M networks
    • Portal access
    • Ownership of data
case studies7
Case Studies

22

  • Cloud Computing
    • Interesting case law
    • What are the risks?
    • What can be done to minimize risks?
case studies8
Case Studies

23

  • Trade secret protection
    • What is a trade secret?
    • What are the prongs of trade secret law?
      • Reasonable steps to preserve the secrecy of the trade secret
    • What must you do to protect your trade secrets in order to maintain a cause of action for trade secret theft?
      • Internet/social media
      • Work from home/BYOD
      • Cloud computing
case studies9
Case Studies

24

  • Trade Secret Protection
    • Interesting case law
    • What are the risks?
    • What can be done to minimize risks?
customer information privacy issues
Customer Information Privacy Issues
  • Companies are collecting more and more personal information about their customers, including social security numbers, email addresses, buying habits/history, etc.
  • Companies have legal obligations to protect this information
  • Companies have restrictions on how such data can be used
  • Social security numbers, credit card information, bank account numbers, birthdates, addresses, etc.
    • Federal laws
    • State laws
policy decision points for pii
Policy Decision Points for PII
  • Companies need to decide what customer information they want/need to retain in light of laws regulating what may or may not be asked of customers
    • How, where, and for how long is such information going to be retained?
    • How will the information be used?
    • Who has access to that information?
    • How will information be protected?
    • Proper Disclosure of PII
case studies10
Case Studies

27

  • Personally Identifiable Information
    • What is PII?
      • SSI #
      • Address
      • Credit card numbers
      • Email addresses?
      • IP addresses?
    • What is required?
    • Use, disclosure, and destruction
    • Examples of actual cases
case studies11
Case Studies

28

  • Personally Identifiable Information
    • Interesting case law
    • What are the risks?
    • What can be done to minimize risks?
general strategies and concerns
General Strategies and Concerns

29

  • Choices
    • Benefit to business vs. data & privacy risks
    • Limit/expand scope of policy
    • Cost of technology
    • Insurance and risk shifting
    • Limit exposure (LOL, consent, etc.)
    • Trade secret/confidentiality risks
    • Security breach and risks
    • Interaction/coordination with other business units (Legal, IT, HR, Risk Management, Marketing, Finance, etc.)
    • Litigation – discovery, preservation, and spoliation issues
general strategies and concerns1
General Strategies and Concerns

30

  • Process
    • Review laws
    • Develop policies
    • Incident response plans
    • Security safeguards
    • Notification processes
    • Sensitive information access restrictions
    • Do third-party vendors meet privacy and security standards?
    • Auditing and compliance
    • Identify and address common vulnerabilities
general strategies and concerns2
General Strategies and Concerns

31

  • Policies
    • Considerations
      • Consent
      • Limitations
      • Processes
      • Scope
general strategies and concerns3
General Strategies and Concerns

32

  • Policies
    • Examples of commonly-used policies
      • Security breach/emergency response
      • BYOD
      • Email
      • AUP
      • Social media
      • Work from home
      • Trade secret/confidentiality
general strategies and concerns4
General Strategies and Concerns

33

  • Technologies
    • Encryption
    • MDM (mobile device management) software
    • Digital rights management
    • SharePoint
    • Customized solutions
general strategies and concerns5
General Strategies and Concerns

34

  • Outside resources
    • Attorneys
      • Most law firms have privacy groups to assist with legal requirements and risks
      • In-house legal can assist – involve them
    • Consultants
      • Most consulting firms have privacy groups to create and implement policies
    • Technology
    • Crisis
      • What do you do when something goes wrong?
      • Crisis management can be critical
twitter @arma int or arma13
Twitter

@ARMA_INT or #ARMA13

Continue the Conversation

Facilitator Meet and Greet

Pub Crawl (Expo Hall, Tues.) – 3:30-5:30 pm

Lunch (General Session, Wed.) – 11:30 am-1:00 pm

… and find us on Facebook and LinkedIN by searching for ARMA International

privacy concerns in the management of today s information1
Privacy Concerns in the Management of Today's InformationPlease Complete Your Session Evaluation

Andrew B. Clauss, Esq.

Don McLaughlin, Esq.

Christopher W. Brophy, Esq.

Kevin Lanoha, Esq.

Education Code: TU03-3524