Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy & How IT Will Help JEFF NORTHROP, CTO

Published byRichard Flynn Modified over 8 years ago

Similar presentations

Presentation on theme: "Privacy & How IT Will Help JEFF NORTHROP, CTO"— Presentation transcript:

1 Privacy & How IT Will Help JEFF NORTHROP, CTO JEFF@PRIVACYASSOCIATION.ORG

2 Ignorant, under-resourced and up against powerful enemies -- we need to shift our thinking from compliance to risk management. IT security at a tipping point

3 Technological innovation relies on personal information but consumers are increasing uncomfortable Privacy is emerging as tension grows

4 The Web We Want Project (https://webwewant.mozilla.org)https://webwewant.mozilla.org Privacy is top issue around the world

5 The Web We Want Project (https://webwewant.mozilla.org)https://webwewant.mozilla.org Privacy is the top issue around the world

6 Facebook’s anonymous login, privacy dinosaur, enhanced controls, etc. Privacy as a value proposition

7 Microsoft’s Scroogled (http://scroogled.com)http://scroogled.com Privacy as a competitive differentiator

8 Silent Circle Blackphone (https://www.blackphone.ch)https://www.blackphone.ch Privacy as the main value proposition

9 "Notice and consent is the practice of requiring individuals to give positive consent to the personal data collection practices of each individual app, program, or web service. Only in some fantasy world do users actually read these notices and understand their implications before clicking to indicate their consent.” - President’s Council of Advisors on Science and Technology Notice and consent does not work Report to the President: Big Data and Privacy (http://www.whitehouse.gov)http://www.whitehouse.gov

10 President’s Council of Advisors on Science and Technology consider notice and consent a fantasy “Only in some fantasy world…”

11 FTC vows to sue companies that collect large amounts of data and misuse it Regulators respond to demand

12 Of the top 10 privacy lawsuits in history, 2013 registered 4 of them. Source: Jay Cline Among the 130 significant Safe Harbor enforcement actions since 1999, 60% were after 2011. Source: Jay Cline Among the 50 data security cases since 2000, half came after 2010. The FTC had begun to deliberately strengthen its foray into holding businesses accountable for specific data security inadequacies through its unfairness power. Source: IAPP Prior to 2011 the FTC brought ~3 legal actions/year for violations of consumers’ privacy rights, or those that misled consumers by failing to maintain security for sensitive information. Between 2011 and 2013 there were ~5 such cases/year. Source: FTCJay ClineJay ClineIAPP Trend: Increasing regulatory action FTC setting model the rest of the world will likely follow

13 Privacy regulations are an issue being addressed in every corner of the globe It’s a global issue

14 The enterprise is being held accountable. It is no longer just the responsibility of the consumer The responsible enterprise

15 What sensitive data is being collected, where is it being stored, how is it being stored, who has access to it, and for what purposes? Responsible for privacy risk mitigation

16 We need to move from a checkbox compliance culture to one that focuses more on risk management and assessment Due care, knowing provenance of your data

17 Knowledgeable: Know where your sensitive data is located. Predictable: Have reliable assumptions about the rationale for the collection of personal information and the data actions to be taken with that personal information. Predictability is accomplished with clear, up-to- date and enforceable policies in place. Manageable: Provide the capability for authorized modification of personal information, including alteration, deletion, or selective disclosure of personal information. Secure. Preserve authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. Guide posts

18 Train key business stakeholders (data owners) Keep the department up-to-date on laws, regulations, and trends Work closely with the general counsel, external affairs and businesses to ensure both existing and new services comply with privacy and data security obligations. Monitor information security and privacy technology advances Develop and coordinate a risk management and compliance framework for privacy Review of the company’s data and privacy projects and ensure they are consistent with corporate privacy and data security goals and policies Continually monitor systems development and operations for security and privacy compliance Required responsibilities A role or multiple roles need to handle the following

19 Thank You JEFF NORTHROP, CTO JEFF@PRIVACYASSOCIATION.ORG

Download ppt "Privacy & How IT Will Help JEFF NORTHROP, CTO"

Similar presentations

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
CHARTERED SECRETARIES AUSTRALIA New Privacy Laws 6 June 2013.

CHARTERED SECRETARIES AUSTRALIA New Privacy Laws 6 June 2013.
Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.

Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.
IS3350 Security Issues in Legal Context

IS3350 Security Issues in Legal Context
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
© 2003 IBM Corporation www.ibm.com/security/privacy Preparing for Privacy Society of Internet Professionals January 19, 2004 Nigel Brown Senior Privacy.

© 2003 IBM Corporation Preparing for Privacy Society of Internet Professionals January 19, 2004 Nigel Brown Senior Privacy.
Birnhack & Elkin-Koren, Feb. 20041 Privacy Practices of Israeli Public Web Sites February 2004 Dr. Michael Birnhack & Dr. Niva Elkin-Koren Haifa Center.

Birnhack & Elkin-Koren, Feb Privacy Practices of Israeli Public Web Sites February 2004 Dr. Michael Birnhack & Dr. Niva Elkin-Koren Haifa Center.
Credit Reporting: What’s the role for the state? Fredes Montes Financial Infrastructure The World Bank.

Credit Reporting: What’s the role for the state? Fredes Montes Financial Infrastructure The World Bank.
What’s Next What We believe Who We Are Cloud Computing Big data Mobility Social Enterprise.

What’s Next What We believe Who We Are Cloud Computing Big data Mobility Social Enterprise.
6/2/20151 Enterprise Risk & Assurance Management in Zurich North America Brian Selby MA (Audit), FIIA, QiCA, MBCS, CISA.

6/2/20151 Enterprise Risk & Assurance Management in Zurich North America Brian Selby MA (Audit), FIIA, QiCA, MBCS, CISA.
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Code of Conduct for Mobile Money Providers 6 November 2014 All material © GSMA 2014. The policy advocacy and regulatory work of the GSMA Mobile Money team.

Code of Conduct for Mobile Money Providers 6 November 2014 All material © GSMA The policy advocacy and regulatory work of the GSMA Mobile Money team.
The Role of Security & Privacy in EA Program

The Role of Security & Privacy in EA Program
Information Systems Controls for System Reliability -Information Security-

Information Systems Controls for System Reliability -Information Security-
Per Anders Eriksson

Per Anders Eriksson
Protecting information rights –­ advancing information policy Privacy law reform for APP entities (organisations)

Protecting information rights –­ advancing information policy Privacy law reform for APP entities (organisations)
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Section Ten: Security Violations and Deviations Note: All classified markings contained within this presentation are for training purposes only.

Section Ten: Security Violations and Deviations Note: All classified markings contained within this presentation are for training purposes only.

Similar presentations

Ads by Google