Privacy Advisory Services … … A Best Practices, Integrated Approach Insert Firm Name Here.

Slides:

Advertisements

Similar presentations

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.

Advertisements

AN OVERVIEW OF DATA PROTECTION LAW IN THE GCC NICK OCONNELL, Senior Associate – TMT JUNE 2013.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.

Sept Topics of interest & risk in our industry today Christine Scaini Compliance Consultant Market Conduct Compliance.

Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.

The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

March 6, 2012 SOC Reporting: What is New in the Audit Guides?

© 2003 IBM Corporation Preparing for Privacy Society of Internet Professionals January 19, 2004 Nigel Brown Senior Privacy.

© 2006 IBM Corporation Privacy Matters: Safeguarding Identity, Data and Corporate Reputation Harriet P. Pearson VP Corporate Affairs & Chief Privacy Officer.

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

Security Controls – What Works

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

What if my organization conducts business across borders ? Your footnote Privacy and “Personal Information” have different meanings in different countries;

Per Anders Eriksson

Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.

HIPAA Training +: Beyond Compliance to Culture Change Lois C. Ambash, PhD John Mack, M.A., M. Phil. The Internet Healthcare Coalition e-Health Quality.

Service Organization Control (SOC) Reporting Options and Information

HIPAA PRIVACY AND SECURITY AWARENESS.

GRC - Governance, Risk MANAGEMENT, and Compliance

Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP

Notes for Discussion on a Privacy Practice © Joe Cleetus.

ENCRYPTION Team 2.0 Pamela Dornan, Thomas Malone, David Kotar, Nayan Thakker, and Eddie Gallon.

Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.

Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.

+ Regulation and Compliance Summary “ Making Great Ideas Become Reality”

Environmental Management System Definitions

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

BC Public Libraries November, 2008 Privacy Principles.

C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.

Malcolm Crompton APEC Information Privacy Framework: review, impact, & progress APEC Symposium on Information Privacy Protection in E Government & E Commerce.

PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.

Student Financial Assistance. Session 55-2 Session 55 Internet Privacy Laws.

1 Canadian Privacy Policy: Customizing E.U. Standards Remarks by Jennifer Stoddart Privacy Commissioner of Canada Privacy Symposium: Summer 2007 August.

Approved for Public Release. Distribution Unlimited. 1 Government Privacy Rick Newbold, JD, MBA, CIPP/G Futures Branch 28.

Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.

1 Privacy Lessons from Other Industries Chris Zoladz, CIPP, Vice President, Information Protection Marriott International, President, International Association.

Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.

Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.

CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)

Data protection—training materials [Name and details of speaker]

Privacy and Personal Information. WHAT YOU WILL LEARN: What personal information is. General guidelines for the collection of personal information. Your.

The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law

HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.

Information Security and Privacy in HRIS

HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.

18. Sustainable Marketing in the Global Marketplace.

Pioneers in secure data storage devices. Users have become more accustomed to using multiple devices, are increasingly mobile, and are now used to storing.

MGMT 452 Corporate Social Responsibility

Director, Regulation and Strategy

Privacy principles Individual written policies

Regulatory Compliance

Service Organization Control (SOC)

Move this to online module slides 11-56

General Counsel and Chief Privacy Officer

G.D.P.R General Data Protection Regulations

Current Privacy Issues That May Affect Your Credit Union

 How does GDPR impact your business? Pro Tip: Pro Tip: Pro Tip:

Mandatory Breach Reporting (isn’t *that* bad)

Enforcement and Policy Challenges in Health Information Privacy

The General Data Protection Regulation: Are You Ready?

Managing Privacy Risk in Your Commercial Practices

Student Privacy in the age of big data

Colorado “Protections For Consumer Data Privacy” Law

Privacy Principles Melinda Clarke.

Presentation transcript:

Privacy Advisory Services … … A Best Practices, Integrated Approach Insert Firm Name Here

PRIVACY IN THE NEWS Breach of Credit Card Companies' Security Affects 40 Million Accounts ChoicePoint Exposes Data of 145,000 People NUALA KELLY HIRED AS CHIEF PRIVACY OFFICER FOR OFFICE OF HOMELAND SECURITY Data of More Than 670,000 Customers of Four Banks At Risk Stolen Boeing Laptop has Personal Data on 161,000 Employees CALIFORNIA SENATE PASSES CONSUMER PRIVACY BILLS

INFORMATION TRENDS  Every day, companies collect, use, profile, disclose, and analyze customer information…  Unfortunately, some of this information is: – Misused – Stolen – Abused  This has led to a trust gap among customers.

INFORMATION STAKEHOLDER CONCERNS  Customers –Concerned with how and why their information is collected, used, disclosed, and retained –Want businesses to earn trust  Businesses –Trying to strike a balance between collection and use of information –Concerned with reducing privacy risk of poor privacy practices –Want to leverage good privacy practices and retain trust of customers  Government –Taking increased action on growing concerns about privacy to:  Protect rights of citizens  Better manage its own data stores

GOVERNMENTS’ RESPONSE  U.S. legislation –Gramm-Leach-Bliley Act (GLBA) –Health Insurance Portability and Accountability Act (HIPAA) –Children’s Online Privacy Protection Act (COPPA) –Controlling the Assault on Non-Solicited Pornography and Marketing Act (CAN SPAM) –Fair and Accurate Credit Transaction Act of 2003 (FACTA)  Other important laws, regulations, and guidelines –Privacy Act of 1974 –European Union Directive on Data Protection –OECD privacy guidelines –Personal Information, Protection and Electronic Documents Act (PIPEDA) in Canada –Privacy Online: A Report to Congress

SO WHERE ARE WE?  Privacy is increasingly in the news, particularly for violations.  Consumers are greatly concerned and want more control.  Businesses are trying to balance collection and use.  The Government is taking increased action.

PRIVACY: A DEFINITION PRIVACY encompasses the rights and obligations of individuals and organizations with respect to the…  Collection  Use  Disclosure, and  Retention …of personal information.

PERSONAL INFORMATION: WHAT IS IT?  Personal information is any information that is, or reasonably could be, attributable to a specific individual. The information can be either factual or subjective, and recorded in any form or even unrecorded. Some examples include: –Name, address, address –Identification numbers –Credit records –Buying history –Employee records  Much of this information is sensitive and greater cause for concern.

IndividualsOrganizations  Be aware of the organization’s privacy policies  Provide accurate and appropriate information suited to the purpose for which the information is needed  Notify the organization of inaccuracies in or changes to personal information used by the organization  Adhere to applicable laws and regulations, and other agreements with the organization  Establish and communicate its privacy policies and commitments to the individual  Provide choices or seek consent for the use of the personal information  Collect, use, retain, and disclose personal information according to its privacy policies and commitments  Allow the individual to update or correct personal information that is used by the organization  Protect the personal information from unauthorized use and disclosure  Otherwise adhere to its policies, applicable laws and regulations, and other agreements with the individual Rights and Obligations

BUSINESS RISKS  60% of customers* say they have decided not to use a company because they weren't sure how their personal information would be used.  Litigation…FTC settlements: BJ’s Wholesale Club, Inc. settles charges that its failure to take appropriate security measures to protect the sensitive information of thousands of its customers was an unfair practice that violated federal law; Petco Animal Supplies Inc. settles charges that security flaws in its Web site violated privacy promises it made to its customers and violated federal law.  Poor privacy practices can damage brand, reputation, customer loyalty and satisfaction, market position, shareholder value, revenue and more *Source: 2004 Privacy & American Business survey

PRIVACY AS A COMPETITIVE ADVANTAGE  Companies are concerned with how their customers see them handling privacy concerns: –100% of companies surveyed* have a privacy policy. –100% of companies surveyed * report that privacy compliance is a significant regulatory concern for their company. –95% of companies surveyed * monitor emerging state and federal privacy regulations. However, only: –62% of companies surveyed * monitor internal compliance with their privacy policy. –49% of companies surveyed * have privacy policies that are easy to understand. –19% of companies surveyed * have had an independent privacy audit conducted within the last two years. *Source: 2005 Benchmark Study of Corporate Privacy Practices co-released by the Ponemon Institute and Vontu, Inc.)

How can our firm help?  We provide a full range of services, including  Privacy strategic and business planning.  Privacy gap and risk analysis.  Benchmarking against the Generally Accepted Privacy Principles (GAPP).  Privacy policy design and implementation.  Performance measurement.  Independent verification of privacy controls.

GENERALLY ACCEPTED PRIVACY PRINCIPLES A Global Privacy Framework OVERALL PRIVACY OBJECTIVE Personal information is collected, used, retained, and disclosed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in Generally Accepted Privacy Principles issued by the AICPA/CICA.

GENERALLY ACCEPTED PRIVACY PRINCIPLES  Management  Notice  Choice and Consent  Collection  Use and Retention  Access  Disclosure  Security  Quality  Monitoring and Enforcement

The Generally Accepted Privacy Principles (A Global Framework) provide detailed privacy guidance! The Framework contains criteria for each of the 10 Privacy Principles. Each criterion’s illustrations and explanations are designed to enhance the understanding of the criteria. Many criteria have additional considerations, such as good privacy practices and selected requirements of specific laws and regulations pertaining to a certain industry or country.

[Firm Name] & GENERALLY ACCEPTED PRIVACY PRINCIPLES HELP BRIDGE THE TRUST GAP [Your Firm Name]

Privacy is a RISK MANAGEMENT ISSUE. Privacy can be used as a COMPETITIVE ADVANTAGE. –56% of the companies surveyed* believe that safeguarding privacy has a direct positive impact on their company's brand or image in the marketplace. (source: 2005 Benchmark Study of Corporate Privacy Practices co-released by the Ponemon Institute and Vontu, Inc.) WHAT DOES THIS MEAN?

Steps to Better Privacy Practices: Designate an individual to be responsible for privacy. Develop a business strategy. Perform a risk assessment and gap analysis of controls and procedures. Develop, design, and implement privacy initiatives. Sustain and manage privacy processes.

CPA Privacy Advisory Services Your Trusted Adviser in Privacy [Insert Firm Name Here] [Insert Address] [Insert Phone No.] [Insert Address]