SlideShare una empresa de Scribd logo

Hengesbaugh

Descargar como PPTX, PDF
Onkar Sule
Onkar Sule
TecnologíaEmpresariales
1 de 23
E-Commerce Latest Developments in Consumer Privacy Brian Hengesbaugh Baker & McKenzie (Chicago office) 312-861-3077 brian.hengesbaugh@bakernet.com www.bakernet.com/ecommerce
E-Commerce “BIG PICTURE” • State Law Developments • Information Security Programs • Privacy Considerations in Developing and Managing a Website Baker & McKenzie -- Global E- Commerce Law
E-Commerce STATE LAW DEVELOPMENTS • Legal Context – GLB, FCRA, HIPAA all minimum standards – States invited to do more, so long as not “inconsistent” – States as laboratories Baker & McKenzie -- Global E- Commerce Law
E-Commerce Post September 11 • Legislative Interest in Privacy – 750+ state privacy bills – 50+ state financial privacy bills – 85+ federal privacy bills Baker & McKenzie -- Global E- Commerce Law
E-Commerce Vermont Regulation • Financial and Health Information • Opt-in for nonaffiliate sharing • Legal challenge by ACLI, AIA, and more – exceeds authority – violates intent of law • Chances of success??? Baker & McKenzie -- Global E- Commerce Law
E-Commerce New Mexico Regulation • Financial and Health Information • Opt-in for nonaffiliate sharing • Any legal challenge? Baker & McKenzie -- Global E- Commerce Law
E-Commerce California, Illinois, New York, and others considering more – Opt-in measures for nonaffiliate sharing – Limits on sharing within affiliated groups (e.g. prior CA bill) – Driving force for federal preemption? – Financial privacy commission and moratorium on new state laws (HR 3068) Baker & McKenzie -- Global E- Commerce Law
E-Commerce California -- Social Security Numbers • Restrictions on: – transmitting SSNs over Internet – printing SSNs on mailed materials • July 1, 2002 implementation, but grandfather for existing practices if: – continuous – notice of right to opt-out – individual does not opt-out Baker & McKenzie -- Global E- Commerce Law
E-Commerce INFORMATION SECURITY PROGRAMS • Final Interagency Guidelines Establishing Standards for Safeguarding Customer Information (February 1, 2001) • FTC Proposed Standards for Safeguarding Customer Information (Comment Period Closed October 9, 2001) Baker & McKenzie -- Global E- Commerce Law
E-Commerce Focus on Process • Due diligence is 90% of battle (checklist) • STEP 1: Conduct comprehensive assessment that examines: – internal and external threats – sensitivity of data – potential damage Baker & McKenzie -- Global E- Commerce Law
E-Commerce Focus on Process (cont.) • STEP 2: Assess sufficiency of existing policies and procedures: – access controls on systems and encryption – physical access restrictions – automatic reviews of system modifications – technological and environmental hazards – Subjective Standard: . . adopt those measures the bank considers appropriate Baker & McKenzie -- Global E- Commerce Law
E-Commerce Focus on Process (cont.) • STEP 3: Take appropriate organizational and administrative actions: – written information security program – involve board of directors – implement a system for regular testing – information security officer – service provider arrangements* Baker & McKenzie -- Global E- Commerce Law
E-Commerce Service Provider Arrangements • Due diligence in selecting SPs • Establish contract to meet “objectives” of Guidelines* • Where appropriate, ongoing monitoring (or review SAS 70 or similar report) Baker & McKenzie -- Global E- Commerce Law
E-Commerce Contract with SPs • Key Issues: – Appropriate measures to meet “objectives” of Guidelines (full compliance not required) (e.g., board of directors) – Overly strict limits on use and disclosure – Scope of “information” covered Baker & McKenzie -- Global E- Commerce Law
E-Commerce WEBSITE PRIVACY ISSUES • Context: entire privacy and consumer protection legal framework PLUS online application of that framework • FTC and State AG dedication to enforcement Baker & McKenzie -- Global E- Commerce Law
E-Commerce Website Privacy Issues • Passive and active collection • Relationships with third parties • Satisfying GLB notice requirements • Jurisdiction Baker & McKenzie -- Global E- Commerce Law
E-Commerce Passive and Active Collection • Passive collections -- cookies, web bugs, IP addresses, clickstream data, etc. – “wooden” obligations to notify under GLB – broader notification obligations under consumer protection statutes (e.g. Michigan AG and New Jersey AG) • Active collections – “unfriendly” GLB language for policy Baker & McKenzie -- Global E- Commerce Law
E-Commerce Relationships with Third Parties • Support Services – Internet Service Providers – Web hosting services – Application Service Providers – Data analysis firms (Toys R Us) – *GLB security guidelines apply* Baker & McKenzie -- Global E- Commerce Law
E-Commerce Relationships with Third Parties (cont.) • Marketing/ Advertisers – 3rd party advertisers (NAI principles) – Framing and co-branded websites – Joint marketers Baker & McKenzie -- Global E- Commerce Law
E-Commerce Satisfying GLB Notice Requirements Electronically – Reasonable expectation of receipt – Customer agrees – Obtains financial product or service electronically – Retention and accessibility Baker & McKenzie -- Global E- Commerce Law
E-Commerce Jurisdiction • Reach of New Mexico and Vermont • Zippo analysis • How do you know who you are dealing with? Baker & McKenzie -- Global E- Commerce Law
E-Commerce General Website Tips • Know what you are collecting • Know what your service providers are doing • Disclose, disclose, disclose • Keep it simple; avoid flowery language • Keep it flexible; avoid the “never” trap • Be mindful of jurisdiction Baker & McKenzie -- Global E- Commerce Law
E-Commerce Keep track of privacy developments at: www.bakernet.com/ecommerce www/bakernet.com/e-law (weekly newsletter) Baker & McKenzie One E-Commerce World. One Firm. Connected. For companies moving with change

Recomendados

Data Security and Privacy Landscape 2012 (September 2012)
Data Security and Privacy Landscape 2012 (September 2012)Data Security and Privacy Landscape 2012 (September 2012)
Data Security and Privacy Landscape 2012 (September 2012)
Jason Haislmaier
 
Social Media & Legal Risk
Social Media & Legal Risk Social Media & Legal Risk
Social Media & Legal Risk
Endcode_org
 
IAB Online Content Regulation: Trends
IAB Online Content Regulation: Trends IAB Online Content Regulation: Trends
IAB Online Content Regulation: Trends
Endcode_org
 
Cyber Banking Conference
Cyber Banking Conference Cyber Banking Conference
Cyber Banking Conference
Endcode_org
 
Data Protection & Risk Management
Data Protection & Risk Management Data Protection & Risk Management
Data Protection & Risk Management
Endcode_org
 
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
Kenneth Riley
 
*Webinar* CCPA: Get Your Business Ready
*Webinar* CCPA: Get Your Business Ready*Webinar* CCPA: Get Your Business Ready
*Webinar* CCPA: Get Your Business Ready
MoEngage Inc.
 
2019 10-23 ccpa survival guide
2019 10-23 ccpa survival guide2019 10-23 ccpa survival guide
2019 10-23 ccpa survival guide
TrustArc
 

Recomendados

Data Security and Privacy Landscape 2012 (September 2012)
Data Security and Privacy Landscape 2012 (September 2012)Data Security and Privacy Landscape 2012 (September 2012)
Data Security and Privacy Landscape 2012 (September 2012)
Jason Haislmaier
 
Social Media & Legal Risk
Social Media & Legal Risk Social Media & Legal Risk
Social Media & Legal Risk
Endcode_org
 
IAB Online Content Regulation: Trends
IAB Online Content Regulation: Trends IAB Online Content Regulation: Trends
IAB Online Content Regulation: Trends
Endcode_org
 
Cyber Banking Conference
Cyber Banking Conference Cyber Banking Conference
Cyber Banking Conference
Endcode_org
 
Data Protection & Risk Management
Data Protection & Risk Management Data Protection & Risk Management
Data Protection & Risk Management
Endcode_org
 
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
Kenneth Riley
 
*Webinar* CCPA: Get Your Business Ready
*Webinar* CCPA: Get Your Business Ready*Webinar* CCPA: Get Your Business Ready
*Webinar* CCPA: Get Your Business Ready
MoEngage Inc.
 
2019 10-23 ccpa survival guide
2019 10-23 ccpa survival guide2019 10-23 ccpa survival guide
2019 10-23 ccpa survival guide
TrustArc
 
Presentation ncsl - mobile privacy enforcement 130502 (as presented)
Presentation ncsl - mobile privacy enforcement 130502 (as presented)Presentation ncsl - mobile privacy enforcement 130502 (as presented)
Presentation ncsl - mobile privacy enforcement 130502 (as presented)
Jason Haislmaier
 
Knobbe Practice Series- Developments in Data Privacy LawsAcross Various U.S....
Knobbe Practice Series- Developments in Data Privacy LawsAcross Various U.S....Knobbe Practice Series- Developments in Data Privacy LawsAcross Various U.S....
Knobbe Practice Series- Developments in Data Privacy LawsAcross Various U.S....
Knobbe Martens - Intellectual Property Law
 
social, legal and ethical issues of e-commerce..
social, legal and ethical issues of e-commerce..social, legal and ethical issues of e-commerce..
social, legal and ethical issues of e-commerce..
home based
 
Legal ethical issues E commerce
Legal ethical issues E commerceLegal ethical issues E commerce
Legal ethical issues E commerce
Wisnu Dewobroto
 
legal and ethcal issues of e business
legal and ethcal issues of e businesslegal and ethcal issues of e business
legal and ethcal issues of e business
Kdnk Kiriti
 
Ethics in e commerce n it
Ethics in e commerce n itEthics in e commerce n it
Ethics in e commerce n it
amitmitkar
 
Data Privacy
Data PrivacyData Privacy
Data Privacy
Home
 
Social and ethical issues in commerce
Social and ethical issues in commerceSocial and ethical issues in commerce
Social and ethical issues in commerce
University of Central Punjab
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec
 
Forecast cybersecurity regulation v3
Forecast cybersecurity regulation v3Forecast cybersecurity regulation v3
Forecast cybersecurity regulation v3
Joe Orlando
 
Presentation Yun Li
Presentation Yun LiPresentation Yun Li
Presentation Yun Li
YunLi
 
Draft data protection regn 2012
Draft data protection regn 2012Draft data protection regn 2012
Draft data protection regn 2012
lilianedwards
 
Legal issues uniform commercial code for ecommerce
Legal issues uniform commercial code for ecommerceLegal issues uniform commercial code for ecommerce
Legal issues uniform commercial code for ecommerce
Mukul kale
 
Legal social ethical
Legal social ethicalLegal social ethical
Legal social ethical
Sheetal Verma
 
How to Make Sure the Kids Will Still Be Listening to The Beatles on Google Pl...
How to Make Sure the Kids Will Still Be Listening to The Beatles on Google Pl...How to Make Sure the Kids Will Still Be Listening to The Beatles on Google Pl...
How to Make Sure the Kids Will Still Be Listening to The Beatles on Google Pl...
gallowayandcollens
 
Maximizing & Exploiting Big Data in Digital Media....Legally
Maximizing & Exploiting Big Data in Digital Media....LegallyMaximizing & Exploiting Big Data in Digital Media....Legally
Maximizing & Exploiting Big Data in Digital Media....Legally
MediaPost
 
Big data privacy security regulation
Big data privacy security regulation Big data privacy security regulation
Big data privacy security regulation
cjw119
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
Atif Ghauri
 
Leadership lessons-from-obama
Leadership lessons-from-obamaLeadership lessons-from-obama
Leadership lessons-from-obama
Onkar Sule
 
Life
LifeLife
Life
Onkar Sule
 
Information security
Information securityInformation security
Information security
Onkar Sule
 
Cost mms 10
Cost mms 10Cost mms 10
Cost mms 10
Onkar Sule
 

Más contenido relacionado

La actualidad más candente

Ethics in e commerce n it
Ethics in e commerce n itEthics in e commerce n it
Ethics in e commerce n it
amitmitkar
 
Legal social ethical
Legal social ethicalLegal social ethical
Legal social ethical
Sheetal Verma
 
Maximizing & Exploiting Big Data in Digital Media....Legally
Maximizing & Exploiting Big Data in Digital Media....LegallyMaximizing & Exploiting Big Data in Digital Media....Legally
Maximizing & Exploiting Big Data in Digital Media....Legally
MediaPost
 

La actualidad más candente (18)

Presentation ncsl - mobile privacy enforcement 130502 (as presented)
Presentation ncsl - mobile privacy enforcement 130502 (as presented)Presentation ncsl - mobile privacy enforcement 130502 (as presented)
Presentation ncsl - mobile privacy enforcement 130502 (as presented)
 
Knobbe Practice Series- Developments in Data Privacy LawsAcross Various U.S....
Knobbe Practice Series- Developments in Data Privacy LawsAcross Various U.S....Knobbe Practice Series- Developments in Data Privacy LawsAcross Various U.S....
Knobbe Practice Series- Developments in Data Privacy LawsAcross Various U.S....
 
social, legal and ethical issues of e-commerce..
social, legal and ethical issues of e-commerce..social, legal and ethical issues of e-commerce..
social, legal and ethical issues of e-commerce..
 
Legal ethical issues E commerce
Legal ethical issues E commerceLegal ethical issues E commerce
Legal ethical issues E commerce
 
legal and ethcal issues of e business
legal and ethcal issues of e businesslegal and ethcal issues of e business
legal and ethcal issues of e business
 
Ethics in e commerce n it
Ethics in e commerce n itEthics in e commerce n it
Ethics in e commerce n it
 
Data Privacy
Data PrivacyData Privacy
Data Privacy
 
Social and ethical issues in commerce
Social and ethical issues in commerceSocial and ethical issues in commerce
Social and ethical issues in commerce
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
 
Forecast cybersecurity regulation v3
Forecast cybersecurity regulation v3Forecast cybersecurity regulation v3
Forecast cybersecurity regulation v3
 
Presentation Yun Li
Presentation Yun LiPresentation Yun Li
Presentation Yun Li
 
Draft data protection regn 2012
Draft data protection regn 2012Draft data protection regn 2012
Draft data protection regn 2012
 
Legal issues uniform commercial code for ecommerce
Legal issues uniform commercial code for ecommerceLegal issues uniform commercial code for ecommerce
Legal issues uniform commercial code for ecommerce
 
Legal social ethical
Legal social ethicalLegal social ethical
Legal social ethical
 
How to Make Sure the Kids Will Still Be Listening to The Beatles on Google Pl...
How to Make Sure the Kids Will Still Be Listening to The Beatles on Google Pl...How to Make Sure the Kids Will Still Be Listening to The Beatles on Google Pl...
How to Make Sure the Kids Will Still Be Listening to The Beatles on Google Pl...
 
Maximizing & Exploiting Big Data in Digital Media....Legally
Maximizing & Exploiting Big Data in Digital Media....LegallyMaximizing & Exploiting Big Data in Digital Media....Legally
Maximizing & Exploiting Big Data in Digital Media....Legally
 
Big data privacy security regulation
Big data privacy security regulation Big data privacy security regulation
Big data privacy security regulation
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
 

Destacado

Improving english oral communication skills of pakistani public
Improving english oral communication skills of pakistani publicImproving english oral communication skills of pakistani public
Improving english oral communication skills of pakistani public
Sizzling Peridot
 

Destacado (8)

Leadership lessons-from-obama
Leadership lessons-from-obamaLeadership lessons-from-obama
Leadership lessons-from-obama
 
Life
LifeLife
Life
 
Information security
Information securityInformation security
Information security
 
Cost mms 10
Cost mms 10Cost mms 10
Cost mms 10
 
I walden
I waldenI walden
I walden
 
Management of oral and written communication
Management of oral and written communicationManagement of oral and written communication
Management of oral and written communication
 
Oral communication
Oral communicationOral communication
Oral communication
 
Improving english oral communication skills of pakistani public
Improving english oral communication skills of pakistani publicImproving english oral communication skills of pakistani public
Improving english oral communication skills of pakistani public
 

Similar a Hengesbaugh

2019-06-11 What New US State Laws Mean For Your Business
2019-06-11 What New US State Laws Mean For Your Business2019-06-11 What New US State Laws Mean For Your Business
2019-06-11 What New US State Laws Mean For Your Business
TrustArc
 
E Marketing Ethical and Legal Issues
E Marketing Ethical and Legal IssuesE Marketing Ethical and Legal Issues
E Marketing Ethical and Legal Issues
karthik indrajit
 
Online Behavioral Advertising (OBA) Legal & Regulatory Compliance
Online Behavioral Advertising (OBA) Legal & Regulatory ComplianceOnline Behavioral Advertising (OBA) Legal & Regulatory Compliance
Online Behavioral Advertising (OBA) Legal & Regulatory Compliance
Adler Law Group
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Shawn Tuma
 
Data Privacy Trends in 2021: Compliance with New Regulations
Data Privacy Trends in 2021: Compliance with New RegulationsData Privacy Trends in 2021: Compliance with New Regulations
Data Privacy Trends in 2021: Compliance with New Regulations
PECB
 
Data breach protection from a DB2 perspective
Data breach protection from a DB2 perspectiveData breach protection from a DB2 perspective
Data breach protection from a DB2 perspective
Craig Mullins
 

Similar a Hengesbaugh (20)

E-Commerce Legal Framework In The UAE
E-Commerce Legal Framework In The UAEE-Commerce Legal Framework In The UAE
E-Commerce Legal Framework In The UAE
 
Basema aljaberi tra
Basema aljaberi traBasema aljaberi tra
Basema aljaberi tra
 
FTC Privacy Roundtable Background And Summary
FTC Privacy Roundtable Background And SummaryFTC Privacy Roundtable Background And Summary
FTC Privacy Roundtable Background And Summary
 
Legal Framework For E Commerce In Ecowas Africa
Legal Framework For E Commerce In Ecowas AfricaLegal Framework For E Commerce In Ecowas Africa
Legal Framework For E Commerce In Ecowas Africa
 
2019-06-11 What New US State Laws Mean For Your Business
2019-06-11 What New US State Laws Mean For Your Business2019-06-11 What New US State Laws Mean For Your Business
2019-06-11 What New US State Laws Mean For Your Business
 
Technology Law: Regulations on the Internet and Emerging Technologies
Technology Law: Regulations on the Internet and Emerging TechnologiesTechnology Law: Regulations on the Internet and Emerging Technologies
Technology Law: Regulations on the Internet and Emerging Technologies
 
Technology Law: Regulations on the Internet and Emerging Technologies
Technology Law: Regulations on the Internet and Emerging TechnologiesTechnology Law: Regulations on the Internet and Emerging Technologies
Technology Law: Regulations on the Internet and Emerging Technologies
 
Electronic Business
Electronic BusinessElectronic Business
Electronic Business
 
Enforcement and Litigation Trends and Developments in Privacy and Data Security
Enforcement and Litigation Trends and Developments in Privacy and Data Security Enforcement and Litigation Trends and Developments in Privacy and Data Security
Enforcement and Litigation Trends and Developments in Privacy and Data Security
 
E Marketing Ethical and Legal Issues
E Marketing Ethical and Legal IssuesE Marketing Ethical and Legal Issues
E Marketing Ethical and Legal Issues
 
Online Behavioral Advertising (OBA) Legal & Regulatory Compliance
Online Behavioral Advertising (OBA) Legal & Regulatory ComplianceOnline Behavioral Advertising (OBA) Legal & Regulatory Compliance
Online Behavioral Advertising (OBA) Legal & Regulatory Compliance
 
Legal regulation ecommerce_2015
Legal regulation ecommerce_2015Legal regulation ecommerce_2015
Legal regulation ecommerce_2015
 
Pbm thomas eggar_kimwalker
Pbm thomas eggar_kimwalkerPbm thomas eggar_kimwalker
Pbm thomas eggar_kimwalker
 
PCI, ADA and COPPA - OH MY! Managing Regulatory Compliance - Magento Imagine ...
PCI, ADA and COPPA - OH MY! Managing Regulatory Compliance - Magento Imagine ...PCI, ADA and COPPA - OH MY! Managing Regulatory Compliance - Magento Imagine ...
PCI, ADA and COPPA - OH MY! Managing Regulatory Compliance - Magento Imagine ...
 
Privacy & Security Challenges Faced By Financial Services In The Digital Age
Privacy & Security Challenges Faced By Financial Services In The Digital AgePrivacy & Security Challenges Faced By Financial Services In The Digital Age
Privacy & Security Challenges Faced By Financial Services In The Digital Age
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
 
Ekyc.xyz
Ekyc.xyzEkyc.xyz
Ekyc.xyz
 
Data Privacy Trends in 2021: Compliance with New Regulations
Data Privacy Trends in 2021: Compliance with New RegulationsData Privacy Trends in 2021: Compliance with New Regulations
Data Privacy Trends in 2021: Compliance with New Regulations
 
Countdown to CCPA: 48 Days Until Your IBM i Data Needs to Be Secured
Countdown to CCPA: 48 Days Until Your IBM i Data Needs to Be SecuredCountdown to CCPA: 48 Days Until Your IBM i Data Needs to Be Secured
Countdown to CCPA: 48 Days Until Your IBM i Data Needs to Be Secured
 
Data breach protection from a DB2 perspective
Data breach protection from a DB2 perspectiveData breach protection from a DB2 perspective
Data breach protection from a DB2 perspective
 

Más de Onkar Sule

Understanding e commerce
Understanding e commerceUnderstanding e commerce
Understanding e commerce
Onkar Sule
 
Nordin malaysia
Nordin malaysiaNordin malaysia
Nordin malaysia
Onkar Sule
 
Maloney slides
Maloney slidesMaloney slides
Maloney slides
Onkar Sule
 
Introduction to ecommerce
Introduction to ecommerceIntroduction to ecommerce
Introduction to ecommerce
Onkar Sule
 
E commerce052503
E commerce052503E commerce052503
E commerce052503
Onkar Sule
 
Ecommerce overview
Ecommerce overviewEcommerce overview
Ecommerce overview
Onkar Sule
 
E commerce (1)
E commerce (1)E commerce (1)
E commerce (1)
Onkar Sule
 
Am chamtaipei sept2004
Am chamtaipei sept2004Am chamtaipei sept2004
Am chamtaipei sept2004
Onkar Sule
 
A realistic look at e commerce
A realistic look at e commerceA realistic look at e commerce
A realistic look at e commerce
Onkar Sule
 

Más de Onkar Sule (20)

Understanding e commerce
Understanding e commerceUnderstanding e commerce
Understanding e commerce
 
Tisc99keynote
Tisc99keynoteTisc99keynote
Tisc99keynote
 
Part i
Part iPart i
Part i
 
Overview
OverviewOverview
Overview
 
Nordin malaysia
Nordin malaysiaNordin malaysia
Nordin malaysia
 
Maloney slides
Maloney slidesMaloney slides
Maloney slides
 
I walden
I waldenI walden
I walden
 
Introduction to ecommerce
Introduction to ecommerceIntroduction to ecommerce
Introduction to ecommerce
 
E commerce052503
E commerce052503E commerce052503
E commerce052503
 
Ecommerce2
Ecommerce2Ecommerce2
Ecommerce2
 
E commerce
E commerceE commerce
E commerce
 
Ecommerce overview
Ecommerce overviewEcommerce overview
Ecommerce overview
 
Ecommerce (2)
Ecommerce (2)Ecommerce (2)
Ecommerce (2)
 
E commerce (1)
E commerce (1)E commerce (1)
E commerce (1)
 
Ecommerce (1)
Ecommerce (1)Ecommerce (1)
Ecommerce (1)
 
Ec elim purch
Ec elim purchEc elim purch
Ec elim purch
 
Conklin
ConklinConklin
Conklin
 
Conklin
ConklinConklin
Conklin
 
Am chamtaipei sept2004
Am chamtaipei sept2004Am chamtaipei sept2004
Am chamtaipei sept2004
 
A realistic look at e commerce
A realistic look at e commerceA realistic look at e commerce
A realistic look at e commerce
 

Último

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Último (20)

Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 

Hengesbaugh

  • 1. E-Commerce Latest Developments in Consumer Privacy Brian Hengesbaugh Baker & McKenzie (Chicago office) 312-861-3077 brian.hengesbaugh@bakernet.com www.bakernet.com/ecommerce
  • 2. E-Commerce “BIG PICTURE” • State Law Developments • Information Security Programs • Privacy Considerations in Developing and Managing a Website Baker & McKenzie -- Global E- Commerce Law
  • 3. E-Commerce STATE LAW DEVELOPMENTS • Legal Context – GLB, FCRA, HIPAA all minimum standards – States invited to do more, so long as not “inconsistent” – States as laboratories Baker & McKenzie -- Global E- Commerce Law
  • 4. E-Commerce Post September 11 • Legislative Interest in Privacy – 750+ state privacy bills – 50+ state financial privacy bills – 85+ federal privacy bills Baker & McKenzie -- Global E- Commerce Law
  • 5. E-Commerce Vermont Regulation • Financial and Health Information • Opt-in for nonaffiliate sharing • Legal challenge by ACLI, AIA, and more – exceeds authority – violates intent of law • Chances of success??? Baker & McKenzie -- Global E- Commerce Law
  • 6. E-Commerce New Mexico Regulation • Financial and Health Information • Opt-in for nonaffiliate sharing • Any legal challenge? Baker & McKenzie -- Global E- Commerce Law
  • 7. E-Commerce California, Illinois, New York, and others considering more – Opt-in measures for nonaffiliate sharing – Limits on sharing within affiliated groups (e.g. prior CA bill) – Driving force for federal preemption? – Financial privacy commission and moratorium on new state laws (HR 3068) Baker & McKenzie -- Global E- Commerce Law
  • 8. E-Commerce California -- Social Security Numbers • Restrictions on: – transmitting SSNs over Internet – printing SSNs on mailed materials • July 1, 2002 implementation, but grandfather for existing practices if: – continuous – notice of right to opt-out – individual does not opt-out Baker & McKenzie -- Global E- Commerce Law
  • 9. E-Commerce INFORMATION SECURITY PROGRAMS • Final Interagency Guidelines Establishing Standards for Safeguarding Customer Information (February 1, 2001) • FTC Proposed Standards for Safeguarding Customer Information (Comment Period Closed October 9, 2001) Baker & McKenzie -- Global E- Commerce Law
  • 10. E-Commerce Focus on Process • Due diligence is 90% of battle (checklist) • STEP 1: Conduct comprehensive assessment that examines: – internal and external threats – sensitivity of data – potential damage Baker & McKenzie -- Global E- Commerce Law
  • 11. E-Commerce Focus on Process (cont.) • STEP 2: Assess sufficiency of existing policies and procedures: – access controls on systems and encryption – physical access restrictions – automatic reviews of system modifications – technological and environmental hazards – Subjective Standard: . . adopt those measures the bank considers appropriate Baker & McKenzie -- Global E- Commerce Law
  • 12. E-Commerce Focus on Process (cont.) • STEP 3: Take appropriate organizational and administrative actions: – written information security program – involve board of directors – implement a system for regular testing – information security officer – service provider arrangements* Baker & McKenzie -- Global E- Commerce Law
  • 13. E-Commerce Service Provider Arrangements • Due diligence in selecting SPs • Establish contract to meet “objectives” of Guidelines* • Where appropriate, ongoing monitoring (or review SAS 70 or similar report) Baker & McKenzie -- Global E- Commerce Law
  • 14. E-Commerce Contract with SPs • Key Issues: – Appropriate measures to meet “objectives” of Guidelines (full compliance not required) (e.g., board of directors) – Overly strict limits on use and disclosure – Scope of “information” covered Baker & McKenzie -- Global E- Commerce Law
  • 15. E-Commerce WEBSITE PRIVACY ISSUES • Context: entire privacy and consumer protection legal framework PLUS online application of that framework • FTC and State AG dedication to enforcement Baker & McKenzie -- Global E- Commerce Law
  • 16. E-Commerce Website Privacy Issues • Passive and active collection • Relationships with third parties • Satisfying GLB notice requirements • Jurisdiction Baker & McKenzie -- Global E- Commerce Law
  • 17. E-Commerce Passive and Active Collection • Passive collections -- cookies, web bugs, IP addresses, clickstream data, etc. – “wooden” obligations to notify under GLB – broader notification obligations under consumer protection statutes (e.g. Michigan AG and New Jersey AG) • Active collections – “unfriendly” GLB language for policy Baker & McKenzie -- Global E- Commerce Law
  • 18. E-Commerce Relationships with Third Parties • Support Services – Internet Service Providers – Web hosting services – Application Service Providers – Data analysis firms (Toys R Us) – *GLB security guidelines apply* Baker & McKenzie -- Global E- Commerce Law
  • 19. E-Commerce Relationships with Third Parties (cont.) • Marketing/ Advertisers – 3rd party advertisers (NAI principles) – Framing and co-branded websites – Joint marketers Baker & McKenzie -- Global E- Commerce Law
  • 20. E-Commerce Satisfying GLB Notice Requirements Electronically – Reasonable expectation of receipt – Customer agrees – Obtains financial product or service electronically – Retention and accessibility Baker & McKenzie -- Global E- Commerce Law
  • 21. E-Commerce Jurisdiction • Reach of New Mexico and Vermont • Zippo analysis • How do you know who you are dealing with? Baker & McKenzie -- Global E- Commerce Law
  • 22. E-Commerce General Website Tips • Know what you are collecting • Know what your service providers are doing • Disclose, disclose, disclose • Keep it simple; avoid flowery language • Keep it flexible; avoid the “never” trap • Be mindful of jurisdiction Baker & McKenzie -- Global E- Commerce Law
  • 23. E-Commerce Keep track of privacy developments at: www.bakernet.com/ecommerce www/bakernet.com/e-law (weekly newsletter) Baker & McKenzie One E-Commerce World. One Firm. Connected. For companies moving with change