u s rules on privacy and data security n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
U.S. Rules on Privacy and Data Security PowerPoint Presentation
Download Presentation
U.S. Rules on Privacy and Data Security

Loading in 2 Seconds...

play fullscreen
1 / 11

U.S. Rules on Privacy and Data Security - PowerPoint PPT Presentation


  • 111 Views
  • Uploaded on

U.S. Rules on Privacy and Data Security. Organization for International Investment General Counsel Conference October 16, 2009. FTC Overview. Broad consumer protection mandate Section 5 of the FTC Act prohibits “unfair or deceptive acts or practices in or affecting commerce”

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'U.S. Rules on Privacy and Data Security' - imelda


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
u s rules on privacy and data security

U.S. Rules on Privacy and Data Security

Organization for International Investment

General Counsel Conference

October 16, 2009

ftc overview
FTC Overview
  • Broad consumer protection mandate
    • Section 5 of the FTC Act prohibits “unfair or deceptive acts or practices in or affecting commerce”
    • Jurisdiction over a wide variety of entities (excluding banks, common carriers, and non-profits)
  • Privacy and data security a major consumer protection priority
ftc overview1
FTC Overview
  • Multi-pronged approach for protecting consumers:
    • Law enforcement
    • Outreach to consumers and businesses
    • Policy initiatives, including working with industry to establish meaningful self-regulatory standards
ftc enforcement
FTC Enforcement
  • Standard is reasonableness
  • Process-oriented approach that emphasizes identifying and mitigating risks
  • There is no one size fits all solution – take into account the size and complexity of the business operations and the sensitivity of the information at stake
outsourcing
Outsourcing
  • Businesses subject to U.S. laws that outsource personal information retain responsibility for ensuring that there are reasonable procedures in place to safeguard that information.
    • This responsibility is the same whether the service provider is located within the U.S. or offshore.
self regulation
Self-regulation
  • Recent examples:
    • Online behavioral advertising principles
    • Self-regulatory initiative in APEC region to establish a framework for ensuring accountability for cross-border data transfers
case study cloud computing
Case study: Cloud Computing

NIST definition:

“a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”

case study cloud computing1
Case study: Cloud Computing
  • Consumer uses of cloud computing:
    • Email, social networking, online gaming, shopping
  • Growing enterprise use of cloud computing:
    • Software as a service, platform as a service, infrastructure as a service
    • Private clouds, public clouds, hybrid clouds, community clouds
case study cloud computing2
Case study: Cloud Computing
  • Legal issues:
    • Compliance with various data security laws (GLB, HIPAA, state breach notification laws)
    • Due diligence and oversight of service providers
    • Contractual issues over data, security issues
ftc privacy roundtables
FTC Privacy Roundtables
  • Series of day-long public roundtables to explore privacy challenges posed by new technologies and business practices
    • First roundtable: December 7, 2009 Washington, D.C.
  • Topics to be explored include online behavioral advertising and cloud computing
for more information
For more information

www.ftc.gov/privacy

Katie Ratté

kratte@ftc.gov