SlideShare uma empresa Scribd logo

Privacy and Data Protection CLE Presentation for Touro Law Center

Transferir como PPTX, PDF
Jonathan Ezor
Jonathan Ezor

The 19 January 2014 presentation by Jonathan I. Ezor on Privacy and Data Protection for the Touro Law Center Perfect for Practice CLE series

NegóciosTecnologiaNotícias e política
1 de 57
Perfect for Practice CLE: Privacy and Data Protection in Business Prof. Jonathan I. Ezor Director, Center for Innovation in Business, Law and Technology jezor@tourolaw.edu @ProfJonathan on Twitter Perfect for Practice CLE Touro Law Center January 19, 2014
Privacy Has Dual Meaning In Business World • Freedom from having behavior monitored – In person – Over the Internet • Protection of “Personally Identifiable Information” – Any fact(s) that can identify a unique individual – Issues of use, misuse and disclosure • PII more often subject of laws, policies • Digital age added significant weight to privacy issues jezor@tourolaw.edu
Consumer Privacy: Value Versus Value • Consumers may benefit from information use – Regular customers’ preferences known – Sales linked to previous purchases • Businesses benefit from collecting, using information – PII – Behavior (purchases, etc.) • Issue is balancing value to consumer against value of consumer jezor@tourolaw.edu
E-Commerce Case Study: Who’s Involved in Online Retailing? • One major challenge for accurate privacy policy is online retailing • Many third parties involved • Need to consider all ways information will be shared, used when creating or modifying policy jezor@tourolaw.edu
A N E-COMMERCE ROA DMA P $ $ $ $ CHECKING ACCOUNT ISSUING BANK CREDIT CARD PROCESSOR CREDIT CARD PAYOR BUYER ISP HOST CUTEFUZZYBEARS. COM COURIER RECIPIENT WAREHOUSE VISA/MC/ AMEX SUPPLIER ©2003 Jonathan I. Ezor
Fair Information Practice Principles • Evolving set of best practices & recommendations • Arose at outset of information age (early 1970s) • Revised, restated over time • Inform both self-regulatory and legislative approaches • Key concept: consumer empowerment jezor@tourolaw.edu
Fair Information Practice Principles: FTC 1998 Privacy Online Report • • • • • Notice/Awareness Choice/Consent Access/Participation Integrity/Security Enforcement/Redress jezor@tourolaw.edu
• • • • • • • 2012 White House Consumer Privacy Bill of Rights Individual control over what personal data organizations collect from them and how they use it Transparency that allows consumers to easily understand information about privacy and security practices Respect for the context in which consumers provide data Security and responsibility in the way companies handle personal data Access to personal data in usable format and an ability to correct errors Reasonable limits on the personal data that companies collect and retain Accountability as to how companies handle personal data jezor@tourolaw.edu
Self-Regulation vs. Legal Mandate • U.S. default generally self-regulation – Organizations responsible for own practices – Enforcement under consumer protection authority (e.g. FTC Act) • Call for legislation when self-regulation fails or inappropriate – Vulnerable populations – Overly sensitive information • FTC monitors self-regulation, reports to Congress • 1999 FTC call for general online privacy law unheeded jezor@tourolaw.edu
Privacy Policy: Primary Self-Regulatory Method • Consumers must be informed to make proper decisions regarding use of their information • As with securities, information provided through disclosure, via privacy policy • Privacy policies should conform to Fair Information Practice Principles • Accuracy a key requirement • FTC, others may penalize inaccurate privacy policies jezor@tourolaw.edu
Privacy and Electronic Communications: Three Major Statutes • Privacy of electronic communications generally protected • Three major statutes cover these issues: – Wiretap Act: 18 USC §§ 2510-22 – Pen Register statute: 18 USC §§3121-27 – Stored Communications Act: 18 USC §§2701-11 • Each covers different part of communications • Note that these are separate from constitutional protections jezor@tourolaw.edu
CA “Shine The Light” Law Adds Requirements to Policies • California Civil Code § 1798.83 went into effect 1/1/05 • Gives CA residents control of how information is shared • Requires disclosure to CA residents of recipients of information • Mandates language in privacy policies • Recently revised • MA also has data privacy-related laws requiring encryption jezor@tourolaw.edu
EU Data Protection Directive Another Major Factor • Restrictive rules covering collection, export of data about EU residents • Could prevent transfer to US – Problem for multinational companies – Many Web site owners affected • US Dept. of Commerce worked with EU to create Safe Harbor • Other countries also have major privacy laws jezor@tourolaw.edu
COPPA: The Children’s Online Privacy Protection Act of 1998 • • • • • Web sites targeting or appealing to children Covers information from children under age 13 Requires clear and frequent disclosure Mandates verifiable parental consent FTC has enforcement jurisdiction jezor@tourolaw.edu
COPPA Case Study: Ohio Art Company • Ohio Art is the maker of Etch-A-Sketch • Site collected information, suggested parent permission rather than requiring prior parental consent • Fined $35,000 in April 2002 by FTC for COPPA violations in “Etchy’s Birthday Club” Web site • Mrs. Fields Cookies fined $100,000, Hershey Foods $85,000 in 2003 • Universal Music (owners of Motown and others) fined $400,000 in 2/2004 (lilromeo.com) • Xanga.com fined $1,000,000 in 9/06 • Imbee.com fined $130,000 1/30/08 • Sony BMG Music fined $1,000,000 12/11/08 jezor@tourolaw.edu
2012: FTC Revision to COPPA Rule • FTC evaluated, revised COPPA rule in 2012 • Sought input on changes due to – New online technologies – Multiple parties (e.g. advertisers) collecting from single resource • Published two RFCs: – http://ftc.gov/os/2011/09/110915coppa.pdf – http://ftc.gov/os/2012/08/120801copparule.pdf • Published final rule in December 2012 (effective 7/1/13): http://ezor.org/paq3z • Continues enforcement: $1 million penalty against Artist Arena (http://ftc.gov/opa/2012/10/artistarena.shtm) jezor@tourolaw.edu
Gramm-Leach-Bliley: Financial Information Disclosure Requirements • GLB mandates disclosure of information use by those engaged in “financial activities” • Customers have right to opt-out of planned disclosure to 3rd parties • FTC defines “financial activities” broadly – Any entity giving financial or related advice – Attorneys, CPAs have been exempted jezor@tourolaw.edu
HIPAA Privacy Rules: Wide-Reaching and Burdensome • Rules enacted by HHS under Health Insurance Portability and Accountability Act of 1996 (HIPAA) • Rules cover receipt and disclosure of “individually identifiable health information” by health plans, health care clearinghouses, and certain health care providers • Went into effect 4/14/03 for most covered entities • “Business Associates,” companies serving covered entities, must certify compliance with HIPAA privacy rules in written agreement • HITECH Act signed 2/17/09 revises HIPAA rules further jezor@tourolaw.edu
http://ezor.org/nai8d
Data Breach: Prevention and Disclosure • Increasing number and severity of data breaches has encouraged legislative and regulatory action • Focus on identifying and addressing potential risks before occurrences • Growing mandates for disclosing breaches when they occur jezor@tourolaw.edu
FTC Red Flags Rule • Covers all businesses that maintain ongoing billing accounts • Requires ongoing audits of potential “red flags” • Enforcement repeatedly delayed • http://ezor.org/redflagsrule jezor@tourolaw.edu
Self-Regulation and Trade Assocations • PCI Security Standards (https://www.pcisecuritystandards.org/) • NAIC draft proposals • Financial security statements in privacy policies • Internal controls jezor@tourolaw.edu
Privacy Law Enforcers • • • • Federal Trade Commission Industry Regulators State Attorneys General Class Action Lawsuits jezor@tourolaw.edu
FTC Promotion of Consumer Privacy • • • • Enforcement actions Education Support for privacy legislation Encouragement of industry self-regulation jezor@tourolaw.edu
FTC Enforcement Authority • Section 5 of the Federal Trade Commission Act, 15 U.S.C. § 45 • “[U]nfair or deceptive acts or practices in or affecting commerce, are hereby declared unlawful.” • Grants the FTC power to investigate and prevent • Judicial action – Injunctions – Restitution jezor@tourolaw.edu
2011 Google and Facebook Settlements • Requires obtaining consumers’ affirmative express consent before materially changing certain data practices; • Requires adopting company-wide privacy programs that outside auditors will assess for 20 years. • 2012 enforcement of Google settlement – “misrepresented” to users of Safari Internet browser that it would not place tracking “cookies” or serve targeted ads to those users – agreed to pay a record $22.5 million civil penalty jezor@tourolaw.edu
Other Recent Enforcement Targets • Online advertising networks that failed to honor consumer opt out of tracking by advertisers. • Mobile applications that violated the Children’s Online Privacy Protection Act • Entities that sold consumer lists to marketers in violation of Fair Credit Reporting Act • Companies that fail to maintain reasonable data security • Applications that set default privacy settings in a way that caused consumers to unwittingly share their personal data jezor@tourolaw.edu
2012 FTC Privacy White Paper http://ezor.org/bbdjq
Purpose and Scope of White Paper • Articulate best practices • Assist Congress • Limitations – Not intended to extend existing legal obligations – Not applicable to business that collect information from less than 5000 consumers a year and do not share with 3rd parties jezor@tourolaw.edu
“Best Practices” Promoted by White Paper • Privacy by Design • Simplified Choice • Greater Transparency jezor@tourolaw.edu
Initiatives Promoted by FTC • • • • “Do Not Track” “Short, meaningful mobile service disclosures Address consumers’ “lack of control over” data brokers Scrutinize “comprehensive” tracking of consumers online by “large platform providers” - e.g. ISPs, operating systems, browsers and social media • Promoting Enforceable Self-Regulatory Codes – FTC staff working with industry to develop codes – Promoting enforce compliance with codes through FTC Act enforcement jezor@tourolaw.edu
Privacy by Design • “Companies should promote consumer privacy throughout their organizations and at every stage of the development of their products and services” • “Companies should maintain comprehensive data management procedures throughout the life cycle of their products and services” jezor@tourolaw.edu
Implementing Privacy by Design • • • • • Data Security Reasonable Collection Limits Sound retention Disposal Practices Data accuracy jezor@tourolaw.edu
Simplified Choice • “Companies should simplify consumer choice.” • Practices that do not require choice – Data uses consistent with the context of the transaction – Data uses consistent with company’s relationship with consumer – Data uses specifically authorized by law • Practices that require “Affirmative Express Consent” – Using consumer data in a materially different manner than claimed when the data was collected – Collecting sensitive data for certain purposes jezor@tourolaw.edu
What Constitutes “Choice” • Opt-in v. opt-out? • Pre-checked boxes? • Clear and conspicuous disclosure? jezor@tourolaw.edu
Simplified Choice and “Do Not Track” • Tracking technologies • “Do Not Track” Tools – – – – Browser settings DAA’s Icon-based tool W3C Development of International Standards Impact of EU Cookie Directive • “Do Not Track” and the “Free Internet” jezor@tourolaw.edu
Transparency • Companies should increase the transparency of their data practices.” • Privacy notices – Clearer, shorter, more standardized? – Privacy icons? • Access – Companies should provide “reasonable access” to consumers – “Proportionate to the sensitivity of the data and the nature of its use” • Educate consumers about privacy practices jezor@tourolaw.edu
Transparency and Data Brokers • Regulation under FCRA • FTC Recommendations for Legislation • Senator Rockefeller’s Initiative jezor@tourolaw.edu
Olshan Frome Wolosky Privacy Policy: Questionnaire: General Information – Corporate or other official entity name: – Business address(es) of entity: – Does the entity have offices, facilities or remote workers based in other states? If so, which? – Does the entity have offices, facilities, remote workers or customers based in other countries? If so, which? jezor@tourolaw.edu
More General Information – Names and URL of Web site(s) for which policy is being created (if any): – Description of Web site(s): – Is/are Web site(s) part of offline business as well? • If so, describe offline business • Are data shared between online and offline operations? – Is this policy for a specific site/business unit or across the entire corporation? jezor@tourolaw.edu
More General Information • Is/are the entity’s Web site(s) hosted by a third party? • If so, what third party? • Does the third party provide any other services (e.g. e-mail transmission services) to the entity? • Is there a written agreement with that third party for the hosting service? • Does the written agreement protect the confidentiality of information shared by the entity (its own and/or user information collected by the entity)? – Are goods or other tangible products shipped to users through postal mail and/or couriers? – Are there any other third party service providers who may have access to the databases or transmission network through which data is collected and stored? jezor@tourolaw.edu
Data Collection – What specific categories of information are collected from: • • • • • • • • • Forms filled in by the user on the Web site? Purchases made by the user on the Web site? E-mail sent by the user? Analysis of server logs? Postal mail sent by the user? Telephone calls from the user? Faxes from the user? Third-party databases with which the user is matched? Other (specify)? jezor@tourolaw.edu
More Data Collection – Is the user’s age or birth date requested or collected? • If so, is it possible for the user to enter data indicating the user is under 13 years of age? • If the user indicates he/she is under 13, is that data collected, segregated or rejected? • If rejected, using what method? – What method(s) of data protection and access control (if any) are in place? • Physical • Electronic (detail on security measures) – Are backups of the data stored offsite with a third party? jezor@tourolaw.edu
Use of Information – How is the information currently used by the entity collecting it? (Please provide details.) – How may the information be used by the entity in the future? – Is the entity currently sharing the information with other corporate affiliates or business units within the same corporation? – Does it plan to do so in the future? jezor@tourolaw.edu
More Use of Information – Is the entity currently communicating with users on behalf of a third party? • If so, through what method(s)? • Is the third party provided with the user information? – Is the entity currently providing the information to a third party for marketing purposes? – Is the entity currently providing the information to a third party for internal services (e.g. list management or analysis)? jezor@tourolaw.edu
User Access to Information – Can a user request information collected about him/her? • If so, through what method? • In what form/format is the information provided? – Is there a method through which the user can correct errors? • If so, what is it? • How quickly is the correction done? jezor@tourolaw.edu
Regulatory and Legal Compliance – Is the entity a member of any trade associations? • If so, is there a policy about data collection and use mandated for association members? – Does the entity have a current privacy policy? • • • • • If so, please attach a copy of it to this response. How is it provided to users? If online, what is its URL? Is it currently accurate as to information collection? Does it provide for a method by which changes can be made and publicized? If so, what are they? jezor@tourolaw.edu
More on Compliance – Has the entity been involved in any legal compliance or enforcement activity related to privacy or data collection? • If so, please describe it. • Has the entity been involved in any other consumer protection legal compliance or enforcement activity? jezor@tourolaw.edu
Contact Information – Does the entity have an automated list removal process? • If so, how does it work? » Does it remove data from all databases? » Does it apply to 3rd parties to whom information may be shared? • If not, please provide: » An e-mail address to which users can address removal requests » A postal address to which users can address removal requests jezor@tourolaw.edu
More on Contact Information – Which person(s) at the entity are responsible for managing removal requests? – Please provide an address (e-mail or postal) through which California users can request information on how their information has been shared. jezor@tourolaw.edu
QUESTIONS? Prof. Jonathan I. Ezor jezor@tourolaw.edu @ProfJonathan on Twitter

Recomendados

HIPAA Privacy, Security, Breach Overview
HIPAA Privacy, Security, Breach OverviewHIPAA Privacy, Security, Breach Overview
HIPAA Privacy, Security, Breach OverviewHealthCare Too, LLC
 
CSI 2008, Legal Developments In Security and Privacy Law
CSI 2008, Legal Developments In Security and Privacy Law CSI 2008, Legal Developments In Security and Privacy Law
CSI 2008, Legal Developments In Security and Privacy Law padler01
 
HIPAA Overview
HIPAA OverviewHIPAA Overview
HIPAA OverviewTim Perry, MPA, MS, CPHIMS, PCMH CCE, CISSP
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidanceAmy Purcell
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Financial Poise
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
 
Key Insights from the 2019 Legal Trends Report
Key Insights from the 2019 Legal Trends ReportKey Insights from the 2019 Legal Trends Report
Key Insights from the 2019 Legal Trends ReportClio - Cloud-Based Legal Technology
 
How can you improve cybersecurity at your law firm?
How can you improve cybersecurity at your law firm?How can you improve cybersecurity at your law firm?
How can you improve cybersecurity at your law firm?Clio - Cloud-Based Legal Technology
 

Recomendados

HIPAA Privacy, Security, Breach Overview
HIPAA Privacy, Security, Breach OverviewHIPAA Privacy, Security, Breach Overview
HIPAA Privacy, Security, Breach OverviewHealthCare Too, LLC
 
CSI 2008, Legal Developments In Security and Privacy Law
CSI 2008, Legal Developments In Security and Privacy Law CSI 2008, Legal Developments In Security and Privacy Law
CSI 2008, Legal Developments In Security and Privacy Law padler01
 
HIPAA Overview
HIPAA OverviewHIPAA Overview
HIPAA OverviewTim Perry, MPA, MS, CPHIMS, PCMH CCE, CISSP
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidanceAmy Purcell
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Financial Poise
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
 
Key Insights from the 2019 Legal Trends Report
Key Insights from the 2019 Legal Trends ReportKey Insights from the 2019 Legal Trends Report
Key Insights from the 2019 Legal Trends ReportClio - Cloud-Based Legal Technology
 
How can you improve cybersecurity at your law firm?
How can you improve cybersecurity at your law firm?How can you improve cybersecurity at your law firm?
How can you improve cybersecurity at your law firm?Clio - Cloud-Based Legal Technology
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White PaperDmcenter
 
What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!catherinecoulter
 
HITECH-Changes-to-HIPAA
HITECH-Changes-to-HIPAAHITECH-Changes-to-HIPAA
HITECH-Changes-to-HIPAAGurvinder Singh, CISSP, CISA, ITIL v3
 
Uchi data local presentation 2020
Uchi data local presentation 2020Uchi data local presentation 2020
Uchi data local presentation 2020Christo W. Meyer
 
California Consumer Privacy Act - What You Need To Know
California Consumer Privacy Act - What You Need To KnowCalifornia Consumer Privacy Act - What You Need To Know
California Consumer Privacy Act - What You Need To KnowTokenEx
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalData Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalDr. Donald Macfarlane
 
Privacy Compliance for Law Firms: Moving Beyond Confidentiality
Privacy Compliance for Law Firms: Moving Beyond ConfidentialityPrivacy Compliance for Law Firms: Moving Beyond Confidentiality
Privacy Compliance for Law Firms: Moving Beyond ConfidentialityClio - Cloud-Based Legal Technology
 
Cloud primer
Cloud primerCloud primer
Cloud primerZeno Idzerda
 
Cloud Security Law Issues--an Overview
Cloud Security Law Issues--an OverviewCloud Security Law Issues--an Overview
Cloud Security Law Issues--an OverviewMichael C. Keeling, Esq.
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentDonald E. Hester
 
GDPR FAQ'S
GDPR FAQ'SGDPR FAQ'S
GDPR FAQ'SMorgan McKinley
 
*Webinar* CCPA: Get Your Business Ready
*Webinar* CCPA: Get Your Business Ready*Webinar* CCPA: Get Your Business Ready
*Webinar* CCPA: Get Your Business ReadyMoEngage Inc.
 
2019 10-23 ccpa survival guide
2019 10-23 ccpa survival guide2019 10-23 ccpa survival guide
2019 10-23 ccpa survival guideTrustArc
 
Key Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationKey Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationOlivier Vandeputte
 
Dpl november colombia
Dpl november colombiaDpl november colombia
Dpl november colombiaLuis Alberto Montezuma Chávez
 
Getting to Accountability Karbaliotis and Patrikios-Oct 22 2015
Getting to Accountability Karbaliotis and Patrikios-Oct 22 2015Getting to Accountability Karbaliotis and Patrikios-Oct 22 2015
Getting to Accountability Karbaliotis and Patrikios-Oct 22 2015Constantine Karbaliotis
 
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Diana Maier
 
Presentation ncsl - mobile privacy enforcement 130502 (as presented)
Presentation ncsl - mobile privacy enforcement 130502 (as presented)Presentation ncsl - mobile privacy enforcement 130502 (as presented)
Presentation ncsl - mobile privacy enforcement 130502 (as presented)Jason Haislmaier
 
3-Professional Ethics Issues.pptx
3-Professional Ethics Issues.pptx3-Professional Ethics Issues.pptx
3-Professional Ethics Issues.pptxJohnLagman3
 
Privacy Pitfalls in Transactions
Privacy Pitfalls in TransactionsPrivacy Pitfalls in Transactions
Privacy Pitfalls in TransactionsJonathan Ezor
 
Business Law Training: Pushing CCPA Compliance Over the Finish Line: New Deve...
Business Law Training: Pushing CCPA Compliance Over the Finish Line: New Deve...Business Law Training: Pushing CCPA Compliance Over the Finish Line: New Deve...
Business Law Training: Pushing CCPA Compliance Over the Finish Line: New Deve...Quarles & Brady
 

Mais conteúdo relacionado

Mais procurados

CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White PaperDmcenter
 
What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!catherinecoulter
 
Uchi data local presentation 2020
Uchi data local presentation 2020Uchi data local presentation 2020
Uchi data local presentation 2020Christo W. Meyer
 
California Consumer Privacy Act - What You Need To Know
California Consumer Privacy Act - What You Need To KnowCalifornia Consumer Privacy Act - What You Need To Know
California Consumer Privacy Act - What You Need To KnowTokenEx
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalData Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalDr. Donald Macfarlane
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentDonald E. Hester
 
*Webinar* CCPA: Get Your Business Ready
*Webinar* CCPA: Get Your Business Ready*Webinar* CCPA: Get Your Business Ready
*Webinar* CCPA: Get Your Business ReadyMoEngage Inc.
 
2019 10-23 ccpa survival guide
2019 10-23 ccpa survival guide2019 10-23 ccpa survival guide
2019 10-23 ccpa survival guideTrustArc
 
Key Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationKey Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationOlivier Vandeputte
 
Getting to Accountability Karbaliotis and Patrikios-Oct 22 2015
Getting to Accountability Karbaliotis and Patrikios-Oct 22 2015Getting to Accountability Karbaliotis and Patrikios-Oct 22 2015
Getting to Accountability Karbaliotis and Patrikios-Oct 22 2015Constantine Karbaliotis
 
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Diana Maier
 
Presentation ncsl - mobile privacy enforcement 130502 (as presented)
Presentation ncsl - mobile privacy enforcement 130502 (as presented)Presentation ncsl - mobile privacy enforcement 130502 (as presented)
Presentation ncsl - mobile privacy enforcement 130502 (as presented)Jason Haislmaier
 

Mais procurados (19)

CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White Paper
 
What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!What You Need To Know About Privacy Now!
What You Need To Know About Privacy Now!
 
HITECH-Changes-to-HIPAA
HITECH-Changes-to-HIPAAHITECH-Changes-to-HIPAA
HITECH-Changes-to-HIPAA
 
Uchi data local presentation 2020
Uchi data local presentation 2020Uchi data local presentation 2020
Uchi data local presentation 2020
 
California Consumer Privacy Act - What You Need To Know
California Consumer Privacy Act - What You Need To KnowCalifornia Consumer Privacy Act - What You Need To Know
California Consumer Privacy Act - What You Need To Know
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalData Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
 
Privacy Compliance for Law Firms: Moving Beyond Confidentiality
Privacy Compliance for Law Firms: Moving Beyond ConfidentialityPrivacy Compliance for Law Firms: Moving Beyond Confidentiality
Privacy Compliance for Law Firms: Moving Beyond Confidentiality
 
Cloud primer
Cloud primerCloud primer
Cloud primer
 
Cloud Security Law Issues--an Overview
Cloud Security Law Issues--an OverviewCloud Security Law Issues--an Overview
Cloud Security Law Issues--an Overview
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local Government
 
GDPR FAQ'S
GDPR FAQ'SGDPR FAQ'S
GDPR FAQ'S
 
*Webinar* CCPA: Get Your Business Ready
*Webinar* CCPA: Get Your Business Ready*Webinar* CCPA: Get Your Business Ready
*Webinar* CCPA: Get Your Business Ready
 
2019 10-23 ccpa survival guide
2019 10-23 ccpa survival guide2019 10-23 ccpa survival guide
2019 10-23 ccpa survival guide
 
Key Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationKey Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection Regulation
 
Dpl november colombia
Dpl november colombiaDpl november colombia
Dpl november colombia
 
Getting to Accountability Karbaliotis and Patrikios-Oct 22 2015
Getting to Accountability Karbaliotis and Patrikios-Oct 22 2015Getting to Accountability Karbaliotis and Patrikios-Oct 22 2015
Getting to Accountability Karbaliotis and Patrikios-Oct 22 2015
 
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
 
Presentation ncsl - mobile privacy enforcement 130502 (as presented)
Presentation ncsl - mobile privacy enforcement 130502 (as presented)Presentation ncsl - mobile privacy enforcement 130502 (as presented)
Presentation ncsl - mobile privacy enforcement 130502 (as presented)
 

Semelhante a Privacy and Data Protection CLE Presentation for Touro Law Center

3-Professional Ethics Issues.pptx
3-Professional Ethics Issues.pptx3-Professional Ethics Issues.pptx
3-Professional Ethics Issues.pptxJohnLagman3
 
Privacy Pitfalls in Transactions
Privacy Pitfalls in TransactionsPrivacy Pitfalls in Transactions
Privacy Pitfalls in TransactionsJonathan Ezor
 
Business Law Training: Pushing CCPA Compliance Over the Finish Line: New Deve...
Business Law Training: Pushing CCPA Compliance Over the Finish Line: New Deve...Business Law Training: Pushing CCPA Compliance Over the Finish Line: New Deve...
Business Law Training: Pushing CCPA Compliance Over the Finish Line: New Deve...Quarles & Brady
 
Privacy issues in data analytics
Privacy issues in data analyticsPrivacy issues in data analytics
Privacy issues in data analyticsshekharkanodia
 
Privacy and Civil Liberties
Privacy and Civil LibertiesPrivacy and Civil Liberties
Privacy and Civil LibertiesUpekha Vandebona
 
Websites: do you tick all the boxes?
Websites: do you tick all the boxes?Websites: do you tick all the boxes?
Websites: do you tick all the boxes?walescva
 
Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)Jason Haislmaier
 
Who ownes the customer? Privacy in the connected age.
Who ownes the customer? Privacy in the connected age.Who ownes the customer? Privacy in the connected age.
Who ownes the customer? Privacy in the connected age.jatharrison
 
IT risk discusion qustion.pdf
IT risk discusion qustion.pdfIT risk discusion qustion.pdf
IT risk discusion qustion.pdfstirlingvwriters
 
Privacy law-update-whitmeyer-tuffin
Privacy law-update-whitmeyer-tuffinPrivacy law-update-whitmeyer-tuffin
Privacy law-update-whitmeyer-tuffinWhitmeyerTuffin
 
Pli workplace privacy in the year 2013 2013-6-13
Pli workplace privacy in the year 2013 2013-6-13Pli workplace privacy in the year 2013 2013-6-13
Pli workplace privacy in the year 2013 2013-6-13mkeane
 
Public sector breakfast club - October 2017, Exeter
Public sector breakfast club - October 2017, ExeterPublic sector breakfast club - October 2017, Exeter
Public sector breakfast club - October 2017, ExeterBrowne Jacobson LLP
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsFinancial Poise
 
Socialize Conference Toronto 2012 - FaceBook Marketing:
Socialize Conference Toronto 2012 - FaceBook Marketing: Socialize Conference Toronto 2012 - FaceBook Marketing:
Socialize Conference Toronto 2012 - FaceBook Marketing: Adler Law Group
 
Social Media and the Law with Andrew Rosenman, partner, Mayer Brown Law Firm ...
Social Media and the Law with Andrew Rosenman, partner, Mayer Brown Law Firm ...Social Media and the Law with Andrew Rosenman, partner, Mayer Brown Law Firm ...
Social Media and the Law with Andrew Rosenman, partner, Mayer Brown Law Firm ...Social Media Rockstar
 
California Consumer Privacy Act: What your brand needs to know
California Consumer Privacy Act: What your brand needs to knowCalifornia Consumer Privacy Act: What your brand needs to know
California Consumer Privacy Act: What your brand needs to knowOgilvy Health
 
Reddico GDPR Presentation
Reddico GDPR PresentationReddico GDPR Presentation
Reddico GDPR PresentationLuke Kyte
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianPECB
 
3 - Social Media and Enterprise
3 - Social Media and Enterprise3 - Social Media and Enterprise
3 - Social Media and EnterpriseRaymond Gao
 

Semelhante a Privacy and Data Protection CLE Presentation for Touro Law Center (20)

3-Professional Ethics Issues.pptx
3-Professional Ethics Issues.pptx3-Professional Ethics Issues.pptx
3-Professional Ethics Issues.pptx
 
Privacy Pitfalls in Transactions
Privacy Pitfalls in TransactionsPrivacy Pitfalls in Transactions
Privacy Pitfalls in Transactions
 
Business Law Training: Pushing CCPA Compliance Over the Finish Line: New Deve...
Business Law Training: Pushing CCPA Compliance Over the Finish Line: New Deve...Business Law Training: Pushing CCPA Compliance Over the Finish Line: New Deve...
Business Law Training: Pushing CCPA Compliance Over the Finish Line: New Deve...
 
Privacy issues in data analytics
Privacy issues in data analyticsPrivacy issues in data analytics
Privacy issues in data analytics
 
Privacy and Civil Liberties
Privacy and Civil LibertiesPrivacy and Civil Liberties
Privacy and Civil Liberties
 
Websites: do you tick all the boxes?
Websites: do you tick all the boxes?Websites: do you tick all the boxes?
Websites: do you tick all the boxes?
 
Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)
 
Who ownes the customer? Privacy in the connected age.
Who ownes the customer? Privacy in the connected age.Who ownes the customer? Privacy in the connected age.
Who ownes the customer? Privacy in the connected age.
 
IT risk discusion qustion.pdf
IT risk discusion qustion.pdfIT risk discusion qustion.pdf
IT risk discusion qustion.pdf
 
Privacy law-update-whitmeyer-tuffin
Privacy law-update-whitmeyer-tuffinPrivacy law-update-whitmeyer-tuffin
Privacy law-update-whitmeyer-tuffin
 
Pli workplace privacy in the year 2013 2013-6-13
Pli workplace privacy in the year 2013 2013-6-13Pli workplace privacy in the year 2013 2013-6-13
Pli workplace privacy in the year 2013 2013-6-13
 
Public sector breakfast club - October 2017, Exeter
Public sector breakfast club - October 2017, ExeterPublic sector breakfast club - October 2017, Exeter
Public sector breakfast club - October 2017, Exeter
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and Requirements
 
Socialize Conference Toronto 2012 - FaceBook Marketing:
Socialize Conference Toronto 2012 - FaceBook Marketing: Socialize Conference Toronto 2012 - FaceBook Marketing:
Socialize Conference Toronto 2012 - FaceBook Marketing:
 
Social Media and the Law with Andrew Rosenman, partner, Mayer Brown Law Firm ...
Social Media and the Law with Andrew Rosenman, partner, Mayer Brown Law Firm ...Social Media and the Law with Andrew Rosenman, partner, Mayer Brown Law Firm ...
Social Media and the Law with Andrew Rosenman, partner, Mayer Brown Law Firm ...
 
California Consumer Privacy Act: What your brand needs to know
California Consumer Privacy Act: What your brand needs to knowCalifornia Consumer Privacy Act: What your brand needs to know
California Consumer Privacy Act: What your brand needs to know
 
Reddico GDPR Presentation
Reddico GDPR PresentationReddico GDPR Presentation
Reddico GDPR Presentation
 
Privacy Needs to be Personal
Privacy Needs to be PersonalPrivacy Needs to be Personal
Privacy Needs to be Personal
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
 
3 - Social Media and Enterprise
3 - Social Media and Enterprise3 - Social Media and Enterprise
3 - Social Media and Enterprise
 

Mais de Jonathan Ezor

3 14-14 ezor social media ethics rules presentation
3 14-14 ezor social media ethics rules presentation3 14-14 ezor social media ethics rules presentation
3 14-14 ezor social media ethics rules presentationJonathan Ezor
 
10-30-13 Social Media and Confidentiality Presentation
10-30-13 Social Media and Confidentiality Presentation10-30-13 Social Media and Confidentiality Presentation
10-30-13 Social Media and Confidentiality PresentationJonathan Ezor
 
10-22-13 Presentation on Google Glass and Privacy Challenges
10-22-13 Presentation on Google Glass and Privacy Challenges10-22-13 Presentation on Google Glass and Privacy Challenges
10-22-13 Presentation on Google Glass and Privacy ChallengesJonathan Ezor
 
10-8-13 BYOD Risk Presentation for Nassau County Bar Committee
10-8-13 BYOD Risk Presentation for Nassau County Bar Committee10-8-13 BYOD Risk Presentation for Nassau County Bar Committee
10-8-13 BYOD Risk Presentation for Nassau County Bar CommitteeJonathan Ezor
 
Legal Ethics and Social Media: Use in Litigation
Legal Ethics and Social Media: Use in LitigationLegal Ethics and Social Media: Use in Litigation
Legal Ethics and Social Media: Use in LitigationJonathan Ezor
 
4 30 12 Cardozo Social Media Ethics CLE
4 30 12 Cardozo Social Media Ethics CLE4 30 12 Cardozo Social Media Ethics CLE
4 30 12 Cardozo Social Media Ethics CLEJonathan Ezor
 
3 21-12 ethical challenges for mobile practice
3 21-12 ethical challenges for mobile practice3 21-12 ethical challenges for mobile practice
3 21-12 ethical challenges for mobile practiceJonathan Ezor
 
Social Media And Legal Ethics
Social Media And Legal EthicsSocial Media And Legal Ethics
Social Media And Legal EthicsJonathan Ezor
 
11 19 10 Ezor Revised Copyright Presentation
11 19 10 Ezor Revised Copyright Presentation11 19 10 Ezor Revised Copyright Presentation
11 19 10 Ezor Revised Copyright PresentationJonathan Ezor
 
3 23 10 Aitp Li Ezor Presentation On Social Media Risk
3 23 10 Aitp Li Ezor Presentation On Social Media Risk3 23 10 Aitp Li Ezor Presentation On Social Media Risk
3 23 10 Aitp Li Ezor Presentation On Social Media RiskJonathan Ezor
 
9 23 09 140tc Security Presentation
9 23 09 140tc Security Presentation9 23 09 140tc Security Presentation
9 23 09 140tc Security PresentationJonathan Ezor
 
Social Media Horror Stories for Law Students
Social Media Horror Stories for Law StudentsSocial Media Horror Stories for Law Students
Social Media Horror Stories for Law StudentsJonathan Ezor
 
5 19 09 Brandeis Lawyer Technology CLE
5 19 09 Brandeis Lawyer Technology CLE5 19 09 Brandeis Lawyer Technology CLE
5 19 09 Brandeis Lawyer Technology CLEJonathan Ezor
 
11 27 07 Ezor Attorney E Mail Ethics Presentation
11 27 07 Ezor Attorney E Mail Ethics Presentation11 27 07 Ezor Attorney E Mail Ethics Presentation
11 27 07 Ezor Attorney E Mail Ethics PresentationJonathan Ezor
 

Mais de Jonathan Ezor (14)

3 14-14 ezor social media ethics rules presentation
3 14-14 ezor social media ethics rules presentation3 14-14 ezor social media ethics rules presentation
3 14-14 ezor social media ethics rules presentation
 
10-30-13 Social Media and Confidentiality Presentation
10-30-13 Social Media and Confidentiality Presentation10-30-13 Social Media and Confidentiality Presentation
10-30-13 Social Media and Confidentiality Presentation
 
10-22-13 Presentation on Google Glass and Privacy Challenges
10-22-13 Presentation on Google Glass and Privacy Challenges10-22-13 Presentation on Google Glass and Privacy Challenges
10-22-13 Presentation on Google Glass and Privacy Challenges
 
10-8-13 BYOD Risk Presentation for Nassau County Bar Committee
10-8-13 BYOD Risk Presentation for Nassau County Bar Committee10-8-13 BYOD Risk Presentation for Nassau County Bar Committee
10-8-13 BYOD Risk Presentation for Nassau County Bar Committee
 
Legal Ethics and Social Media: Use in Litigation
Legal Ethics and Social Media: Use in LitigationLegal Ethics and Social Media: Use in Litigation
Legal Ethics and Social Media: Use in Litigation
 
4 30 12 Cardozo Social Media Ethics CLE
4 30 12 Cardozo Social Media Ethics CLE4 30 12 Cardozo Social Media Ethics CLE
4 30 12 Cardozo Social Media Ethics CLE
 
3 21-12 ethical challenges for mobile practice
3 21-12 ethical challenges for mobile practice3 21-12 ethical challenges for mobile practice
3 21-12 ethical challenges for mobile practice
 
Social Media And Legal Ethics
Social Media And Legal EthicsSocial Media And Legal Ethics
Social Media And Legal Ethics
 
11 19 10 Ezor Revised Copyright Presentation
11 19 10 Ezor Revised Copyright Presentation11 19 10 Ezor Revised Copyright Presentation
11 19 10 Ezor Revised Copyright Presentation
 
3 23 10 Aitp Li Ezor Presentation On Social Media Risk
3 23 10 Aitp Li Ezor Presentation On Social Media Risk3 23 10 Aitp Li Ezor Presentation On Social Media Risk
3 23 10 Aitp Li Ezor Presentation On Social Media Risk
 
9 23 09 140tc Security Presentation
9 23 09 140tc Security Presentation9 23 09 140tc Security Presentation
9 23 09 140tc Security Presentation
 
Social Media Horror Stories for Law Students
Social Media Horror Stories for Law StudentsSocial Media Horror Stories for Law Students
Social Media Horror Stories for Law Students
 
5 19 09 Brandeis Lawyer Technology CLE
5 19 09 Brandeis Lawyer Technology CLE5 19 09 Brandeis Lawyer Technology CLE
5 19 09 Brandeis Lawyer Technology CLE
 
11 27 07 Ezor Attorney E Mail Ethics Presentation
11 27 07 Ezor Attorney E Mail Ethics Presentation11 27 07 Ezor Attorney E Mail Ethics Presentation
11 27 07 Ezor Attorney E Mail Ethics Presentation
 

Último

Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...
Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...
Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...Aggregage
 
WSMM Media and Entertainment Feb_March_Final.pdf
WSMM Media and Entertainment Feb_March_Final.pdfWSMM Media and Entertainment Feb_March_Final.pdf
WSMM Media and Entertainment Feb_March_Final.pdfJamesConcepcion7
 
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxThe-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxmbikashkanyari
 
Onemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
Onemonitar Android Spy App Features: Explore Advanced Monitoring CapabilitiesOnemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
Onemonitar Android Spy App Features: Explore Advanced Monitoring CapabilitiesOne Monitar
 
Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Americas Got Grants
 
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdfChris Skinner
 
Technical Leaders - Working with the Management Team
Technical Leaders - Working with the Management TeamTechnical Leaders - Working with the Management Team
Technical Leaders - Working with the Management TeamArik Fletcher
 
Welding Electrode Making Machine By Deccan Dynamics
Welding Electrode Making Machine By Deccan DynamicsWelding Electrode Making Machine By Deccan Dynamics
Welding Electrode Making Machine By Deccan DynamicsIndiaMART InterMESH Limited
 
Introducing the Analogic framework for business planning applications
Introducing the Analogic framework for business planning applicationsIntroducing the Analogic framework for business planning applications
Introducing the Analogic framework for business planning applicationsKnowledgeSeed
 
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...ssuserf63bd7
 
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...Hector Del Castillo, CPM, CPMM
 
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdfGUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdfDanny Diep To
 
Interoperability and ecosystems: Assembling the industrial metaverse
Interoperability and ecosystems: Assembling the industrial metaverseInteroperability and ecosystems: Assembling the industrial metaverse
Interoperability and ecosystems: Assembling the industrial metaverseSiemens
 
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxGo for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxRakhi Bazaar
 
Excvation Safety for safety officers reference
Excvation Safety for safety officers referenceExcvation Safety for safety officers reference
Excvation Safety for safety officers referencessuser2c065e
 
Types of Cyberattacks - ASG I.T. Consulting.pdf
Types of Cyberattacks - ASG I.T. Consulting.pdfTypes of Cyberattacks - ASG I.T. Consulting.pdf
Types of Cyberattacks - ASG I.T. Consulting.pdfASGITConsulting
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationAnamaria Contreras
 
Psychic Reading | Spiritual Guidance – Astro Ganesh Ji
Psychic Reading | Spiritual Guidance – Astro Ganesh JiPsychic Reading | Spiritual Guidance – Astro Ganesh Ji
Psychic Reading | Spiritual Guidance – Astro Ganesh Jiastral oracle
 
Data Analytics Strategy Toolkit and Templates
Data Analytics Strategy Toolkit and TemplatesData Analytics Strategy Toolkit and Templates
Data Analytics Strategy Toolkit and TemplatesAurelien Domont, MBA
 

Último (20)

Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...
Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...
Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...
 
WSMM Media and Entertainment Feb_March_Final.pdf
WSMM Media and Entertainment Feb_March_Final.pdfWSMM Media and Entertainment Feb_March_Final.pdf
WSMM Media and Entertainment Feb_March_Final.pdf
 
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxThe-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
 
Onemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
Onemonitar Android Spy App Features: Explore Advanced Monitoring CapabilitiesOnemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
Onemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
 
Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...
 
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
 
Technical Leaders - Working with the Management Team
Technical Leaders - Working with the Management TeamTechnical Leaders - Working with the Management Team
Technical Leaders - Working with the Management Team
 
The Bizz Quiz-E-Summit-E-Cell-IITPatna.pptx
The Bizz Quiz-E-Summit-E-Cell-IITPatna.pptxThe Bizz Quiz-E-Summit-E-Cell-IITPatna.pptx
The Bizz Quiz-E-Summit-E-Cell-IITPatna.pptx
 
Welding Electrode Making Machine By Deccan Dynamics
Welding Electrode Making Machine By Deccan DynamicsWelding Electrode Making Machine By Deccan Dynamics
Welding Electrode Making Machine By Deccan Dynamics
 
Introducing the Analogic framework for business planning applications
Introducing the Analogic framework for business planning applicationsIntroducing the Analogic framework for business planning applications
Introducing the Analogic framework for business planning applications
 
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
 
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
 
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdfGUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
 
Interoperability and ecosystems: Assembling the industrial metaverse
Interoperability and ecosystems: Assembling the industrial metaverseInteroperability and ecosystems: Assembling the industrial metaverse
Interoperability and ecosystems: Assembling the industrial metaverse
 
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxGo for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
 
Excvation Safety for safety officers reference
Excvation Safety for safety officers referenceExcvation Safety for safety officers reference
Excvation Safety for safety officers reference
 
Types of Cyberattacks - ASG I.T. Consulting.pdf
Types of Cyberattacks - ASG I.T. Consulting.pdfTypes of Cyberattacks - ASG I.T. Consulting.pdf
Types of Cyberattacks - ASG I.T. Consulting.pdf
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement Presentation
 
Psychic Reading | Spiritual Guidance – Astro Ganesh Ji
Psychic Reading | Spiritual Guidance – Astro Ganesh JiPsychic Reading | Spiritual Guidance – Astro Ganesh Ji
Psychic Reading | Spiritual Guidance – Astro Ganesh Ji
 
Data Analytics Strategy Toolkit and Templates
Data Analytics Strategy Toolkit and TemplatesData Analytics Strategy Toolkit and Templates
Data Analytics Strategy Toolkit and Templates
 

Privacy and Data Protection CLE Presentation for Touro Law Center

  • 1. Perfect for Practice CLE: Privacy and Data Protection in Business Prof. Jonathan I. Ezor Director, Center for Innovation in Business, Law and Technology jezor@tourolaw.edu @ProfJonathan on Twitter Perfect for Practice CLE Touro Law Center January 19, 2014
  • 2. Privacy Has Dual Meaning In Business World • Freedom from having behavior monitored – In person – Over the Internet • Protection of “Personally Identifiable Information” – Any fact(s) that can identify a unique individual – Issues of use, misuse and disclosure • PII more often subject of laws, policies • Digital age added significant weight to privacy issues jezor@tourolaw.edu
  • 3. Consumer Privacy: Value Versus Value • Consumers may benefit from information use – Regular customers’ preferences known – Sales linked to previous purchases • Businesses benefit from collecting, using information – PII – Behavior (purchases, etc.) • Issue is balancing value to consumer against value of consumer jezor@tourolaw.edu
  • 4.
  • 5.
  • 6. E-Commerce Case Study: Who’s Involved in Online Retailing? • One major challenge for accurate privacy policy is online retailing • Many third parties involved • Need to consider all ways information will be shared, used when creating or modifying policy jezor@tourolaw.edu
  • 7. A N E-COMMERCE ROA DMA P $ $ $ $ CHECKING ACCOUNT ISSUING BANK CREDIT CARD PROCESSOR CREDIT CARD PAYOR BUYER ISP HOST CUTEFUZZYBEARS. COM COURIER RECIPIENT WAREHOUSE VISA/MC/ AMEX SUPPLIER ©2003 Jonathan I. Ezor
  • 8. Fair Information Practice Principles • Evolving set of best practices & recommendations • Arose at outset of information age (early 1970s) • Revised, restated over time • Inform both self-regulatory and legislative approaches • Key concept: consumer empowerment jezor@tourolaw.edu
  • 9. Fair Information Practice Principles: FTC 1998 Privacy Online Report • • • • • Notice/Awareness Choice/Consent Access/Participation Integrity/Security Enforcement/Redress jezor@tourolaw.edu
  • 10. • • • • • • • 2012 White House Consumer Privacy Bill of Rights Individual control over what personal data organizations collect from them and how they use it Transparency that allows consumers to easily understand information about privacy and security practices Respect for the context in which consumers provide data Security and responsibility in the way companies handle personal data Access to personal data in usable format and an ability to correct errors Reasonable limits on the personal data that companies collect and retain Accountability as to how companies handle personal data jezor@tourolaw.edu
  • 11. Self-Regulation vs. Legal Mandate • U.S. default generally self-regulation – Organizations responsible for own practices – Enforcement under consumer protection authority (e.g. FTC Act) • Call for legislation when self-regulation fails or inappropriate – Vulnerable populations – Overly sensitive information • FTC monitors self-regulation, reports to Congress • 1999 FTC call for general online privacy law unheeded jezor@tourolaw.edu
  • 12. Privacy Policy: Primary Self-Regulatory Method • Consumers must be informed to make proper decisions regarding use of their information • As with securities, information provided through disclosure, via privacy policy • Privacy policies should conform to Fair Information Practice Principles • Accuracy a key requirement • FTC, others may penalize inaccurate privacy policies jezor@tourolaw.edu
  • 13. Privacy and Electronic Communications: Three Major Statutes • Privacy of electronic communications generally protected • Three major statutes cover these issues: – Wiretap Act: 18 USC §§ 2510-22 – Pen Register statute: 18 USC §§3121-27 – Stored Communications Act: 18 USC §§2701-11 • Each covers different part of communications • Note that these are separate from constitutional protections jezor@tourolaw.edu
  • 14. CA “Shine The Light” Law Adds Requirements to Policies • California Civil Code § 1798.83 went into effect 1/1/05 • Gives CA residents control of how information is shared • Requires disclosure to CA residents of recipients of information • Mandates language in privacy policies • Recently revised • MA also has data privacy-related laws requiring encryption jezor@tourolaw.edu
  • 15. EU Data Protection Directive Another Major Factor • Restrictive rules covering collection, export of data about EU residents • Could prevent transfer to US – Problem for multinational companies – Many Web site owners affected • US Dept. of Commerce worked with EU to create Safe Harbor • Other countries also have major privacy laws jezor@tourolaw.edu
  • 16. COPPA: The Children’s Online Privacy Protection Act of 1998 • • • • • Web sites targeting or appealing to children Covers information from children under age 13 Requires clear and frequent disclosure Mandates verifiable parental consent FTC has enforcement jurisdiction jezor@tourolaw.edu
  • 17. COPPA Case Study: Ohio Art Company • Ohio Art is the maker of Etch-A-Sketch • Site collected information, suggested parent permission rather than requiring prior parental consent • Fined $35,000 in April 2002 by FTC for COPPA violations in “Etchy’s Birthday Club” Web site • Mrs. Fields Cookies fined $100,000, Hershey Foods $85,000 in 2003 • Universal Music (owners of Motown and others) fined $400,000 in 2/2004 (lilromeo.com) • Xanga.com fined $1,000,000 in 9/06 • Imbee.com fined $130,000 1/30/08 • Sony BMG Music fined $1,000,000 12/11/08 jezor@tourolaw.edu
  • 18. 2012: FTC Revision to COPPA Rule • FTC evaluated, revised COPPA rule in 2012 • Sought input on changes due to – New online technologies – Multiple parties (e.g. advertisers) collecting from single resource • Published two RFCs: – http://ftc.gov/os/2011/09/110915coppa.pdf – http://ftc.gov/os/2012/08/120801copparule.pdf • Published final rule in December 2012 (effective 7/1/13): http://ezor.org/paq3z • Continues enforcement: $1 million penalty against Artist Arena (http://ftc.gov/opa/2012/10/artistarena.shtm) jezor@tourolaw.edu
  • 19. Gramm-Leach-Bliley: Financial Information Disclosure Requirements • GLB mandates disclosure of information use by those engaged in “financial activities” • Customers have right to opt-out of planned disclosure to 3rd parties • FTC defines “financial activities” broadly – Any entity giving financial or related advice – Attorneys, CPAs have been exempted jezor@tourolaw.edu
  • 20. HIPAA Privacy Rules: Wide-Reaching and Burdensome • Rules enacted by HHS under Health Insurance Portability and Accountability Act of 1996 (HIPAA) • Rules cover receipt and disclosure of “individually identifiable health information” by health plans, health care clearinghouses, and certain health care providers • Went into effect 4/14/03 for most covered entities • “Business Associates,” companies serving covered entities, must certify compliance with HIPAA privacy rules in written agreement • HITECH Act signed 2/17/09 revises HIPAA rules further jezor@tourolaw.edu
  • 21.
  • 22.
  • 23.
  • 25. Data Breach: Prevention and Disclosure • Increasing number and severity of data breaches has encouraged legislative and regulatory action • Focus on identifying and addressing potential risks before occurrences • Growing mandates for disclosing breaches when they occur jezor@tourolaw.edu
  • 26. FTC Red Flags Rule • Covers all businesses that maintain ongoing billing accounts • Requires ongoing audits of potential “red flags” • Enforcement repeatedly delayed • http://ezor.org/redflagsrule jezor@tourolaw.edu
  • 27.
  • 28. Self-Regulation and Trade Assocations • PCI Security Standards (https://www.pcisecuritystandards.org/) • NAIC draft proposals • Financial security statements in privacy policies • Internal controls jezor@tourolaw.edu
  • 29. Privacy Law Enforcers • • • • Federal Trade Commission Industry Regulators State Attorneys General Class Action Lawsuits jezor@tourolaw.edu
  • 30. FTC Promotion of Consumer Privacy • • • • Enforcement actions Education Support for privacy legislation Encouragement of industry self-regulation jezor@tourolaw.edu
  • 31. FTC Enforcement Authority • Section 5 of the Federal Trade Commission Act, 15 U.S.C. § 45 • “[U]nfair or deceptive acts or practices in or affecting commerce, are hereby declared unlawful.” • Grants the FTC power to investigate and prevent • Judicial action – Injunctions – Restitution jezor@tourolaw.edu
  • 32. 2011 Google and Facebook Settlements • Requires obtaining consumers’ affirmative express consent before materially changing certain data practices; • Requires adopting company-wide privacy programs that outside auditors will assess for 20 years. • 2012 enforcement of Google settlement – “misrepresented” to users of Safari Internet browser that it would not place tracking “cookies” or serve targeted ads to those users – agreed to pay a record $22.5 million civil penalty jezor@tourolaw.edu
  • 33. Other Recent Enforcement Targets • Online advertising networks that failed to honor consumer opt out of tracking by advertisers. • Mobile applications that violated the Children’s Online Privacy Protection Act • Entities that sold consumer lists to marketers in violation of Fair Credit Reporting Act • Companies that fail to maintain reasonable data security • Applications that set default privacy settings in a way that caused consumers to unwittingly share their personal data jezor@tourolaw.edu
  • 34. 2012 FTC Privacy White Paper http://ezor.org/bbdjq
  • 35. Purpose and Scope of White Paper • Articulate best practices • Assist Congress • Limitations – Not intended to extend existing legal obligations – Not applicable to business that collect information from less than 5000 consumers a year and do not share with 3rd parties jezor@tourolaw.edu
  • 36. “Best Practices” Promoted by White Paper • Privacy by Design • Simplified Choice • Greater Transparency jezor@tourolaw.edu
  • 37. Initiatives Promoted by FTC • • • • “Do Not Track” “Short, meaningful mobile service disclosures Address consumers’ “lack of control over” data brokers Scrutinize “comprehensive” tracking of consumers online by “large platform providers” - e.g. ISPs, operating systems, browsers and social media • Promoting Enforceable Self-Regulatory Codes – FTC staff working with industry to develop codes – Promoting enforce compliance with codes through FTC Act enforcement jezor@tourolaw.edu
  • 38. Privacy by Design • “Companies should promote consumer privacy throughout their organizations and at every stage of the development of their products and services” • “Companies should maintain comprehensive data management procedures throughout the life cycle of their products and services” jezor@tourolaw.edu
  • 39. Implementing Privacy by Design • • • • • Data Security Reasonable Collection Limits Sound retention Disposal Practices Data accuracy jezor@tourolaw.edu
  • 40. Simplified Choice • “Companies should simplify consumer choice.” • Practices that do not require choice – Data uses consistent with the context of the transaction – Data uses consistent with company’s relationship with consumer – Data uses specifically authorized by law • Practices that require “Affirmative Express Consent” – Using consumer data in a materially different manner than claimed when the data was collected – Collecting sensitive data for certain purposes jezor@tourolaw.edu
  • 41. What Constitutes “Choice” • Opt-in v. opt-out? • Pre-checked boxes? • Clear and conspicuous disclosure? jezor@tourolaw.edu
  • 42. Simplified Choice and “Do Not Track” • Tracking technologies • “Do Not Track” Tools – – – – Browser settings DAA’s Icon-based tool W3C Development of International Standards Impact of EU Cookie Directive • “Do Not Track” and the “Free Internet” jezor@tourolaw.edu
  • 43. Transparency • Companies should increase the transparency of their data practices.” • Privacy notices – Clearer, shorter, more standardized? – Privacy icons? • Access – Companies should provide “reasonable access” to consumers – “Proportionate to the sensitivity of the data and the nature of its use” • Educate consumers about privacy practices jezor@tourolaw.edu
  • 44. Transparency and Data Brokers • Regulation under FCRA • FTC Recommendations for Legislation • Senator Rockefeller’s Initiative jezor@tourolaw.edu
  • 45. Olshan Frome Wolosky Privacy Policy: Questionnaire: General Information – Corporate or other official entity name: – Business address(es) of entity: – Does the entity have offices, facilities or remote workers based in other states? If so, which? – Does the entity have offices, facilities, remote workers or customers based in other countries? If so, which? jezor@tourolaw.edu
  • 46. More General Information – Names and URL of Web site(s) for which policy is being created (if any): – Description of Web site(s): – Is/are Web site(s) part of offline business as well? • If so, describe offline business • Are data shared between online and offline operations? – Is this policy for a specific site/business unit or across the entire corporation? jezor@tourolaw.edu
  • 47. More General Information • Is/are the entity’s Web site(s) hosted by a third party? • If so, what third party? • Does the third party provide any other services (e.g. e-mail transmission services) to the entity? • Is there a written agreement with that third party for the hosting service? • Does the written agreement protect the confidentiality of information shared by the entity (its own and/or user information collected by the entity)? – Are goods or other tangible products shipped to users through postal mail and/or couriers? – Are there any other third party service providers who may have access to the databases or transmission network through which data is collected and stored? jezor@tourolaw.edu
  • 48. Data Collection – What specific categories of information are collected from: • • • • • • • • • Forms filled in by the user on the Web site? Purchases made by the user on the Web site? E-mail sent by the user? Analysis of server logs? Postal mail sent by the user? Telephone calls from the user? Faxes from the user? Third-party databases with which the user is matched? Other (specify)? jezor@tourolaw.edu
  • 49. More Data Collection – Is the user’s age or birth date requested or collected? • If so, is it possible for the user to enter data indicating the user is under 13 years of age? • If the user indicates he/she is under 13, is that data collected, segregated or rejected? • If rejected, using what method? – What method(s) of data protection and access control (if any) are in place? • Physical • Electronic (detail on security measures) – Are backups of the data stored offsite with a third party? jezor@tourolaw.edu
  • 50. Use of Information – How is the information currently used by the entity collecting it? (Please provide details.) – How may the information be used by the entity in the future? – Is the entity currently sharing the information with other corporate affiliates or business units within the same corporation? – Does it plan to do so in the future? jezor@tourolaw.edu
  • 51. More Use of Information – Is the entity currently communicating with users on behalf of a third party? • If so, through what method(s)? • Is the third party provided with the user information? – Is the entity currently providing the information to a third party for marketing purposes? – Is the entity currently providing the information to a third party for internal services (e.g. list management or analysis)? jezor@tourolaw.edu
  • 52. User Access to Information – Can a user request information collected about him/her? • If so, through what method? • In what form/format is the information provided? – Is there a method through which the user can correct errors? • If so, what is it? • How quickly is the correction done? jezor@tourolaw.edu
  • 53. Regulatory and Legal Compliance – Is the entity a member of any trade associations? • If so, is there a policy about data collection and use mandated for association members? – Does the entity have a current privacy policy? • • • • • If so, please attach a copy of it to this response. How is it provided to users? If online, what is its URL? Is it currently accurate as to information collection? Does it provide for a method by which changes can be made and publicized? If so, what are they? jezor@tourolaw.edu
  • 54. More on Compliance – Has the entity been involved in any legal compliance or enforcement activity related to privacy or data collection? • If so, please describe it. • Has the entity been involved in any other consumer protection legal compliance or enforcement activity? jezor@tourolaw.edu
  • 55. Contact Information – Does the entity have an automated list removal process? • If so, how does it work? » Does it remove data from all databases? » Does it apply to 3rd parties to whom information may be shared? • If not, please provide: » An e-mail address to which users can address removal requests » A postal address to which users can address removal requests jezor@tourolaw.edu
  • 56. More on Contact Information – Which person(s) at the entity are responsible for managing removal requests? – Please provide an address (e-mail or postal) through which California users can request information on how their information has been shared. jezor@tourolaw.edu
  • 57. QUESTIONS? Prof. Jonathan I. Ezor jezor@tourolaw.edu @ProfJonathan on Twitter