Privacy & How IT Will Help JEFF NORTHROP, CTO

Slides:

Advertisements

Similar presentations

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.

Advertisements

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

CHARTERED SECRETARIES AUSTRALIA New Privacy Laws 6 June 2013.

Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.

IS3350 Security Issues in Legal Context

Agenda COBIT 5 Product Family Information Security COBIT 5 content

© 2003 IBM Corporation Preparing for Privacy Society of Internet Professionals January 19, 2004 Nigel Brown Senior Privacy.

Birnhack & Elkin-Koren, Feb Privacy Practices of Israeli Public Web Sites February 2004 Dr. Michael Birnhack & Dr. Niva Elkin-Koren Haifa Center.

Credit Reporting: What’s the role for the state? Fredes Montes Financial Infrastructure The World Bank.

What’s Next What We believe Who We Are Cloud Computing Big data Mobility Social Enterprise.

6/2/20151 Enterprise Risk & Assurance Management in Zurich North America Brian Selby MA (Audit), FIIA, QiCA, MBCS, CISA.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Code of Conduct for Mobile Money Providers 6 November 2014 All material © GSMA The policy advocacy and regulatory work of the GSMA Mobile Money team.

The Role of Security & Privacy in EA Program

Information Systems Controls for System Reliability -Information Security-

Per Anders Eriksson

Protecting information rights – advancing information policy Privacy law reform for APP entities (organisations)

Internal Auditing and Outsourcing

Section Ten: Security Violations and Deviations Note: All classified markings contained within this presentation are for training purposes only.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

INFORMATION SECURITY REGULATION COMPLIANCE By Insert name dd/mm/yyyy senior leadership training on the primary regulatory requirements,

WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ Identity and Privacy: the.

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.

Criticism Of Google By: Kyle Singler. Privacy Policies One of the main concerns regarding online search is that an individual’s information is kept private.

A Perspective: Data Flow Governance in Asia Pacific & APEC Framework Martin Abrams October 21, 2008.

CBP National Trade Strategy Winter Presenter’s Name June 17, 2003 CBP’s Trade Vision  CBP’s trade vision is to develop a swift, safe, and secure.

Privacy in computing Material/text on the slides from Chapter 10 Textbook: Pfleeger.

The Impact of Privacy on HP’s Customer Relationship Management Solution Mike Overly Vice President, Marketing © 2003 Hewlett-Packard Development Company,

Name Position Organisation Date. What is data integration? Dataset A Dataset B Integrated dataset Education data + EMPLOYMENT data = understanding education.

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

The economics of privacy and surveillance: assessing the social costs and benefits Vicki Nash Oxford Internet Institute Web Science June 2015.

1 Bruce Bowhill University of Portsmouth ISBN: © 2008 John Wiley & Sons Ltd.

Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

NFPA 1600 Disaster/Emergency Management and Business Continuity Programs.

Twelve Guiding Principles for the Regulation of Surveillance Camera Systems Presented by: Alastair Thomas Date: 23 rd October 2013.

The Internet of Things and Consumer Protection

Malcolm Crompton APEC Information Privacy Framework: review, impact, & progress APEC Symposium on Information Privacy Protection in E Government & E Commerce.

ANNOOR ISLAMIC SCHOOL AdvancEd Survey PURPOSE AND DIRECTION.

IT Summit November 4th, 2009 Presented by: IT Internal Audit Team Leroy Amos Sue Ann Lipinski Suzanne Lopez Janice Shelton.

Privacy Act United States Army (Managerial Training)

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Session 12 Information management and security. 1 Contents Part 1: Introduction Part 2: Legal and regulatory responsibilities Part 3: Our Procedures Part.

The Privacy Symposium August 22, 2007 ©2007. Goodwin Procter LLP The Ethics and Responsibilities of a Privacy Professional.

CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)

Current risk and compliance priorities for law firms PETER SCOTT CONSULTING.

PROTECTING THE INTERESTS OF CONSUMERS OF FINANCIAL SERVICES Role of Supervisory Authorities Keynote Address to the FinCoNet Open Meeting 22 April 2016.

Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.

F8: Audit and Assurance. 2 Audit and Assurance Designed to give you knowledge and application of: Section A: Audit Framework and Regulation Section B:

Department of Computer Science Introduction to Information Security Chapter 8 ISO/IEC Semester 1.

Data Minimization Framework

Information Assurance Policy and Management

Privacy principles Individual written policies

Microsoft 365 Get help with regulatory compliance

Decrypting Data Compliance in China

Service Organization Control (SOC)

OECD - Introduction It is an organisation of those countries which describe themselves as Democratic and have Market economy. Its HQ is in Paris, France.

G.D.P.R General Data Protection Regulations

Employee Privacy and Privacy of Employee Information

Chapter 8 Developing an Effective Ethics Program

 How does GDPR impact your business? Pro Tip: Pro Tip: Pro Tip:

IAPP TRUSTe SYMPOSIUM 9-11 JUNE 2004

Managing Privacy Risk in Your Commercial Practices

Data Protection What can I do? GDPR Principles General Data Protection

Presentation transcript:

Privacy & How IT Will Help JEFF NORTHROP, CTO

Ignorant, under-resourced and up against powerful enemies -- we need to shift our thinking from compliance to risk management. IT security at a tipping point

Technological innovation relies on personal information but consumers are increasing uncomfortable Privacy is emerging as tension grows

The Web We Want Project ( Privacy is top issue around the world

The Web We Want Project ( Privacy is the top issue around the world

Facebook’s anonymous login, privacy dinosaur, enhanced controls, etc. Privacy as a value proposition

Microsoft’s Scroogled ( Privacy as a competitive differentiator

Silent Circle Blackphone ( Privacy as the main value proposition

"Notice and consent is the practice of requiring individuals to give positive consent to the personal data collection practices of each individual app, program, or web service. Only in some fantasy world do users actually read these notices and understand their implications before clicking to indicate their consent.” - President’s Council of Advisors on Science and Technology Notice and consent does not work Report to the President: Big Data and Privacy (

President’s Council of Advisors on Science and Technology consider notice and consent a fantasy “Only in some fantasy world…”

FTC vows to sue companies that collect large amounts of data and misuse it Regulators respond to demand

Of the top 10 privacy lawsuits in history, 2013 registered 4 of them. Source: Jay Cline Among the 130 significant Safe Harbor enforcement actions since 1999, 60% were after Source: Jay Cline Among the 50 data security cases since 2000, half came after The FTC had begun to deliberately strengthen its foray into holding businesses accountable for specific data security inadequacies through its unfairness power. Source: IAPP Prior to 2011 the FTC brought ~3 legal actions/year for violations of consumers’ privacy rights, or those that misled consumers by failing to maintain security for sensitive information. Between 2011 and 2013 there were ~5 such cases/year. Source: FTCJay ClineJay ClineIAPP Trend: Increasing regulatory action FTC setting model the rest of the world will likely follow

Privacy regulations are an issue being addressed in every corner of the globe It’s a global issue

The enterprise is being held accountable. It is no longer just the responsibility of the consumer The responsible enterprise

What sensitive data is being collected, where is it being stored, how is it being stored, who has access to it, and for what purposes? Responsible for privacy risk mitigation

We need to move from a checkbox compliance culture to one that focuses more on risk management and assessment Due care, knowing provenance of your data

Knowledgeable: Know where your sensitive data is located. Predictable: Have reliable assumptions about the rationale for the collection of personal information and the data actions to be taken with that personal information. Predictability is accomplished with clear, up-to- date and enforceable policies in place. Manageable: Provide the capability for authorized modification of personal information, including alteration, deletion, or selective disclosure of personal information. Secure. Preserve authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. Guide posts

Train key business stakeholders (data owners) Keep the department up-to-date on laws, regulations, and trends Work closely with the general counsel, external affairs and businesses to ensure both existing and new services comply with privacy and data security obligations. Monitor information security and privacy technology advances Develop and coordinate a risk management and compliance framework for privacy Review of the company’s data and privacy projects and ensure they are consistent with corporate privacy and data security goals and policies Continually monitor systems development and operations for security and privacy compliance Required responsibilities A role or multiple roles need to handle the following

Thank You JEFF NORTHROP, CTO