Presentation is loading. Please wait.

Presentation is loading. Please wait.

IAPP Global Privacy Summit, 3/8/12 1. Joanne McNabb, CIPP/US/G/IT Chief California Office of Privacy Protection Lisa Sotto Partner & Head, Privacy & Information.

Published byMiya Maddox Modified over 9 years ago

Similar presentations

Presentation on theme: "IAPP Global Privacy Summit, 3/8/12 1. Joanne McNabb, CIPP/US/G/IT Chief California Office of Privacy Protection Lisa Sotto Partner & Head, Privacy & Information."— Presentation transcript:

1 IAPP Global Privacy Summit, 3/8/12 1

2 Joanne McNabb, CIPP/US/G/IT Chief California Office of Privacy Protection Lisa Sotto Partner & Head, Privacy & Information Management Practice Hunton & Williams Susan Grant Director of Consumer Protection Consumer Federation of America 2

3 Session Outline Cost of a Data Breach Bad Communications Better Communications Making Amends Communications & Litigation 3

4 Entrust Survey Reveals RSA Data Breach Undermines Confidence in Hard Token Authentication SecurID Company Suffers a Breach of Data Security Sony Data Breach Exposes Users to Years of Identity-Theft Risk Congress Probes TRICARE Breach Bipartisan Effort to Learn More About Massive Incident 4

5 Breach Cost by Activity 5 Ponemon, 2010 Annual Study: U.S. Cost of a Data Breach

6 Lost Trust = Lost Customers 6 Some industries suffer more than others. Ponemon, 2010 Annual Study: U.S. Cost of a Data Breach

7 Breach Impact on Reputation 7 Ponemon, Reputation Impact of a Data Breach, November 2011

8 8

9 Notification Timing Issues Not too soon, not too late. Consider delivery date. Avoid multiple flights of notices. 9

10 Notice Issues A legal notice? A communications piece? A marketing tool? Tone – What NOT to say – Who’s it from? – Addressed to whom? 10

11 11 User name Email ENCRYPTED billing address ENCRYPTED credit card info Why?? Huh? EXAMPLE OF A NOT GREAT NOTICE

12 12

13 13 BEFORE 351 Words, 12 th Grade AFTER 224Words, 8 th Grade

14 14

15 15

16 16

17 Good Communications Strategies Outside communications firms Internal folks to train Employee communications Regulator communications Media 17

18 18 Making amends

19 Tips for Yom Kippur Accept that you screwed up. Express sincere remorse for your actions. The other person may not be able to accept your apology. Where possible take action to restore what was lost. Reflect on what you’ve learned. 19 From Twin Cities Hub for Jewish Stuff

20 Choosing a Make-Good Product Should you provide an identity theft service? If no, what else could you do to help your customers? If yes, what type of service would best fit your customers’ needs under the circumstances? What should you look for and what should you avoid when choosing a service? 20

21 21

22 Communications Before & During Litigation A contrite word may forestall litigation Before litigation, don’t think like a litigator If you offer a gift card to one unhappy customer, be prepared to offer one to all in settlement of an action If litigation is inevitable, vet all communications through the legal team 22

23 References & Resources California Office of Privacy Protection, Recommended Practices on Notice of Security Breach (1/12), www.privacy.ca.gov/businesswww.privacy.ca.gov/business Consumer Federation of America, Shopping for ID Theft Services, at www.idtheftinfo.orgwww.idtheftinfo.org Plain language resources – www.plainlanguage.gov www.plainlanguage.gov – www.transcend.net/library/tools.html www.transcend.net/library/tools.html 23

24 What to Do Next Week Review “Shopping for ID Theft Services” and select product(s) for future use. Review your breach notice templates. Share plain language resources with your communications people. 24

Download ppt "IAPP Global Privacy Summit, 3/8/12 1. Joanne McNabb, CIPP/US/G/IT Chief California Office of Privacy Protection Lisa Sotto Partner & Head, Privacy & Information."

Similar presentations

How to Convert CPRs into AF Introductions The Hows and Whys.

How to Convert CPRs into AF Introductions The Hows and Whys.
Background Credit reporting agencies are a key player, helping facilitate modern commerce Credit records help predict the risk of a transaction Credit.

Background Credit reporting agencies are a key player, helping facilitate modern commerce Credit records help predict the risk of a transaction Credit.
Safeguarding Data to Ensure Effective Data Use Paige Kowalski |Director| State Policy & Advocacy July 2014.

Safeguarding Data to Ensure Effective Data Use Paige Kowalski |Director| State Policy & Advocacy July 2014.
NACARA Annual Conference Industry Perspectives Panel September 29,2014 Boise, Idaho Andy Madden Director State Government Affairs ACA International.

NACARA Annual Conference Industry Perspectives Panel September 29,2014 Boise, Idaho Andy Madden Director State Government Affairs ACA International.
Surviving a Privacy Exam Barbara B. Fitch 2 nd VP–Market Conduct & Compliance National Life Insurance Company October 3, 2005.

Surviving a Privacy Exam Barbara B. Fitch 2 nd VP–Market Conduct & Compliance National Life Insurance Company October 3, 2005.
Information Security Jim Cusson, CISSP. Largest Breaches 110,000 2009-11-27 NorthgateArinso, Verity Trustees 6,400 2009-11-25 Aurora St. Luke's Medical.

Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.
Computers, Freedom and Privacy April 23, 2004 Identity Theft: Addressing the Problem in California Joanne McNabb, Chief CA Office of Privacy Protection.

Computers, Freedom and Privacy April 23, 2004 Identity Theft: Addressing the Problem in California Joanne McNabb, Chief CA Office of Privacy Protection.
© 2006 IBM Corporation Privacy Matters: Safeguarding Identity, Data and Corporate Reputation Harriet P. Pearson VP Corporate Affairs & Chief Privacy Officer.

© 2006 IBM Corporation Privacy Matters: Safeguarding Identity, Data and Corporate Reputation Harriet P. Pearson VP Corporate Affairs & Chief Privacy Officer.
Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.

Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.
GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.

GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.
Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.

Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.
CertAnon A Proposal for an Anonymous WAN Authentication Service David Mirra CS410 January 30, 2007.

CertAnon A Proposal for an Anonymous WAN Authentication Service David Mirra CS410 January 30, 2007.
© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.

© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
In the Belly of the Breach: What Every In-House Counsel Needs to Know about Data Breach Response ACC International Legal Affairs Committee Legal Quick.

In the Belly of the Breach: What Every In-House Counsel Needs to Know about Data Breach Response ACC International Legal Affairs Committee Legal Quick.
Enterprise Computing Community June 13 - 15, 2010February 27, 2010 1 Information Security Industry View Linda Betz IBM Director IT Policy and Information.

Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.
BITS Proprietary and Confidential © BITS 2003. Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
Track II: Introduction and Overview of Financial Services and Information Technology Privacy Policy: Synthesizing Financial Services Industry Privacy David.

Track II: Introduction and Overview of Financial Services and Information Technology Privacy Policy: Synthesizing Financial Services Industry Privacy David.
Enterprise data (decentralized control, data security and privacy) Incident Response: State and Federal Law Rodney Petersen Security Task Force Coordinator.

Enterprise data (decentralized control, data security and privacy) Incident Response: State and Federal Law Rodney Petersen Security Task Force Coordinator.
Responding to a Security Incident Maryland Security Day March 2, 2004 Joy Hughes, CIO

Responding to a Security Incident Maryland Security Day March 2, 2004 Joy Hughes, CIO

Similar presentations

Ads by Google