Download presentation
Presentation is loading. Please wait.
Published bySusan Mosey Modified over 9 years ago
1
Dr. Don Lloyd Cook Gill Ragon Owen, PA
2
Practicing law in AR since 1989 Virginia Tech, Ph.D. in Marketing ◦ Virginia Tech Congressional Fellow in the office of Congressman Rick Boucher (1996) Taught at Louisiana Tech University, Georgia State University and University of New Mexico.
3
Certified Information Privacy Professional (CIPP) 2004; CIPP/Canada 2006 Acxiom Corporation 2006-2007 ◦ Privacy and Risk Consultant Feeva Technology 2007-2010 ◦ Chief Privacy Officer and later General Counsel Walmart, Inc. 2010-2011 ◦ Director of Privacy Lunarline, Inc. 2011-2012 ◦ Director of Privacy
4
Counsel at Gill Ragon Owen, P.A. ◦ Member of the Privacy and Data Management Practice ◦ Principal Blogger at “The View from 30,000 Feet” http://gill-lawprivacy.blogspot.com/ (we will come back to this later) http://gill-lawprivacy.blogspot.com/ ◦ Ponemon Institute Distinguished Fellow
5
Breaches are common ◦ 4,457 DATA BREACHES made public since 2005 ◦ Over 900 million records breached Breaches are expensive (Ponemon Institute) ◦ Average cost per record breached of $145 Regulators are paying attention ◦ New laws, new techologies Consumers and Investors are paying attention ◦ Just ask Gregg Steinhafe.
6
Higher Ed Breaches in the Last Year (handout via the Chronology of Data Breaches) 22 significant breaches Over 1 million records breached Costs ◦ Direct vs. indirect ◦ Damage to brand equity Admissions Donor support (GT)
7
FERPA FACTA HIPAA/HITECH Notification Framework Minnesota Plastic Card Security Act Regulatory Actions Civil Litigation
8
Network Operations ◦ Multiple networks and access points Internet Usage and Social Networks Outsourcing IT Implementation Healthcare and Additional Miscellaneous Risks Decentralized Culture Massive record keeping Academic and Personal Freedom Budget
9
University of Miami (2008) ◦ Backup tapes containing 2.1 million medical records stolen from off-site storage Hired expert to determine whether information on tapes was accessible Notified 47,000 individuals whose financial information was compromised Established website and call center to handle information requests
10
UCLA Health Systems (2005-2008) ◦ Employees of the health system, repeatedly and without authorization viewed protective health information of patients (celebrities) ◦ Office of Civil Rights investigated ◦ UCLA agreed to corrective action and paid a settlement of $865,000
11
Unidentified Major State University (2009- 2011) ◦ Since 2009 more than 100,000 faculty, alumni, student and parent records, including names, SSNs, credit card information ◦ Class action lawsuit seeking 2 years credit monitoring, fraud resolution services for affected individuals ◦ Also seeks injunction mandating the university take additional measures to protect personally identifiable information
12
Be Proactive Privacy by Design for New Applications, particular for BYOD Develop the expertise, internally and externally ◦ Information inventory ◦ Policies and procedures Build a culture of privacy Contractual risk sharing and insurance
13
International Association of Privacy Professionals (IAPP) ◦ Education and Certification ◦ Daily Dashboard and other resources The View from 30,000 Feet The View from 30,000 Feet ◦ Privacy blog from Gill Ragon Owen
14
Perform an information audit so you can evaluate your risk Strong passwords and encryption Use social media for advertising and building relationships, not for monitoring employees Look at your partner/vendor contracts. Who bears the risk? Make your policies clear and enforce them Flash drives are evil BYOD is a godsend/disaster SECURE YOUR NETWORKS
15
An ounce of prevention can be worth big bucks down the road! Outsourcing may be cheaper Capitalize on the misfortune of others Insurance can help you manage the risk There are software solutions, vendors, experts and other resources to steer you through the process Shredders are cheap!
16
?
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.