Presentation on theme: "Dr. Don Lloyd Cook Gill Ragon Owen, PA. Practicing law in AR since 1989 Virginia Tech, Ph.D. in Marketing ◦ Virginia Tech Congressional Fellow in."— Presentation transcript:
Practicing law in AR since 1989 Virginia Tech, Ph.D. in Marketing ◦ Virginia Tech Congressional Fellow in the office of Congressman Rick Boucher (1996) Taught at Louisiana Tech University, Georgia State University and University of New Mexico.
Certified Information Privacy Professional (CIPP) 2004; CIPP/Canada 2006 Acxiom Corporation 2006-2007 ◦ Privacy and Risk Consultant Feeva Technology 2007-2010 ◦ Chief Privacy Officer and later General Counsel Walmart, Inc. 2010-2011 ◦ Director of Privacy Lunarline, Inc. 2011-2012 ◦ Director of Privacy
Counsel at Gill Ragon Owen, P.A. ◦ Member of the Privacy and Data Management Practice ◦ Principal Blogger at “The View from 30,000 Feet” http://gill-lawprivacy.blogspot.com/ (we will come back to this later) http://gill-lawprivacy.blogspot.com/ ◦ Ponemon Institute Distinguished Fellow
Breaches are common ◦ 4,457 DATA BREACHES made public since 2005 ◦ Over 900 million records breached Breaches are expensive (Ponemon Institute) ◦ Average cost per record breached of $145 Regulators are paying attention ◦ New laws, new techologies Consumers and Investors are paying attention ◦ Just ask Gregg Steinhafe.
Higher Ed Breaches in the Last Year (handout via the Chronology of Data Breaches) 22 significant breaches Over 1 million records breached Costs ◦ Direct vs. indirect ◦ Damage to brand equity Admissions Donor support (GT)
Network Operations ◦ Multiple networks and access points Internet Usage and Social Networks Outsourcing IT Implementation Healthcare and Additional Miscellaneous Risks Decentralized Culture Massive record keeping Academic and Personal Freedom Budget
University of Miami (2008) ◦ Backup tapes containing 2.1 million medical records stolen from off-site storage Hired expert to determine whether information on tapes was accessible Notified 47,000 individuals whose financial information was compromised Established website and call center to handle information requests
UCLA Health Systems (2005-2008) ◦ Employees of the health system, repeatedly and without authorization viewed protective health information of patients (celebrities) ◦ Office of Civil Rights investigated ◦ UCLA agreed to corrective action and paid a settlement of $865,000
Unidentified Major State University (2009- 2011) ◦ Since 2009 more than 100,000 faculty, alumni, student and parent records, including names, SSNs, credit card information ◦ Class action lawsuit seeking 2 years credit monitoring, fraud resolution services for affected individuals ◦ Also seeks injunction mandating the university take additional measures to protect personally identifiable information
Be Proactive Privacy by Design for New Applications, particular for BYOD Develop the expertise, internally and externally ◦ Information inventory ◦ Policies and procedures Build a culture of privacy Contractual risk sharing and insurance
International Association of Privacy Professionals (IAPP) ◦ Education and Certification ◦ Daily Dashboard and other resources The View from 30,000 Feet The View from 30,000 Feet ◦ Privacy blog from Gill Ragon Owen
Perform an information audit so you can evaluate your risk Strong passwords and encryption Use social media for advertising and building relationships, not for monitoring employees Look at your partner/vendor contracts. Who bears the risk? Make your policies clear and enforce them Flash drives are evil BYOD is a godsend/disaster SECURE YOUR NETWORKS
An ounce of prevention can be worth big bucks down the road! Outsourcing may be cheaper Capitalize on the misfortune of others Insurance can help you manage the risk There are software solutions, vendors, experts and other resources to steer you through the process Shredders are cheap!