SlideShare una empresa de Scribd logo

Ripped from the Headlines: Cautionary Tales from the Annals of Data Privacy

Descargar como PPTX, PDF
AltheimPrivacy
AltheimPrivacy

Every week seems to bring another story of a data breach or significant privacy gaffe. Learn how to help keep your company out of the Privacy Hall of Shame. This interactive panel was the closing plenary session at LegalTech NY 2014. This panel was moderated by Dori Anne Kuchinsky, Assistant General Counsel Litigation and Global Privacy, W.R. Grace & Co.. The chapter on Social Media Security Fails in 2013 was presented by Al Raymond, CIPP/US, CISSP, Head of US Privacy & Social Media Compliance, TD Bank. The chapter "Location, Location, Location: Why it REALLY matters" was presented by Kamal Patheja, Legal Director Global Software Licensing DHL GBS (UK). The final chapter "Privacy Enforcement in the U.S." was presented by Monique Altheim, CIPP/US/E, Founder and Managing Partner of The Law Office of Monique Altheim. Many thanks to Patrick Oot, Senior Special Counsel for Electronic Discovery at U.S. Securities and Exchange Commission, for providing the polling questions technology.

EmpresarialesTecnología
1 de 45
FEBRUARY 4 – 6, 2014 / THE HILTON NEW YORK Ripped from the Headlines: Cautionary Tales from the Annals of Data Privacy Monique Altheim Principal, The Law Office Monique Altheim Dori Anne Kuchinsky Assistant General Counsel, Litigation & Global Privacy W.R. Grace & Co. Kamal Patheja Legal Director Global Software Licensing DHL Albert M. Raymond Head of U.S. Privacy & Social Media Compliance TD Bank
Target and Neimans and Snapchat, Oh My! The Year in Data Privacy • Privacy Jeopardy:  The Rules  The Categories  The Prizes LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
EU-U.S. Safe Harbor and the “Snowden Effect” Poll Question: The FTC recently announced settlements with 12 U.S. companies for Safe Harbor violations. The violation charged was: a) Allowing the NSA to access EU data transferred under Safe Harbor b) Using Safe Harbor to justify transfers to inadequate countries c) Falsely claiming they had current Safe Harbor certifications d) None of the above LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
Social Media Security Fails in 2013 LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
Associated Press Twitter Account Hack April 2013 • The Associated Press' Twitter account was hacked. • Moments later, the Syrian Electronic Army claimed responsibility for the attack. LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
Associated Press Twitter Account Hack • The message spread quickly, with Twitter users immediately wondering if the account had been hacked. • The Associated Press’ clarified the tweet was a fake a shortly thereafter. LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
Associated Press Twitter Account Hack The Syrian Electronic Army, an organization that supports Syrian President Bashar al-Assad, tweeted: LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
Associated Press Twitter Account Hack Real Repercussions LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
Associated Press Twitter Account Hack Poll Question: Which of these ‘strong’ passwords should have the Associated Press used to protect its Twitter account? a) b) c) d) Password Qwerty Abc123 Muj@hideen2# LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
Chrysler Social Media Faux Pas LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
Chrysler Social Media Faux Pas LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
Chrysler Social Media Faux Pas LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
Chrysler Social Media Faux Pas Poll Question: If your vendor causes a security or privacy event for you, what could be your recourse? a) b) c) d) Legal action Nothing. Your vendor’s action are your own Depends on the contract Run over someone with a Chrysler 300 Hemi LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
Burger King’s Twitter Account Hijacked LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
Burger King’s Twitter Account Hijacked LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
Burger King’s Twitter Account Hijacked • The account was hacked by an unknown group, which changed the company’s logo and profile name to McDonald’s. It then started tweeting offensive messages, along with a message the company was “bought out” by McDonald’s. • After nearly an hour and a half of “tasteless” tweets filled with drug references and obscenities, Twitter finally suspended the account. • Afterwards, Burger King actually gained almost 30,000 followers after the incident!  300% in conversations on BK site (450,000 tweets!) LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
Burger King’s Twitter Account Hijacked LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
Burger King’s Twitter Account Hijacked LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
Burger King’s Twitter Account Hijacked LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
Burger King’s Twitter Account Hijacked LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
Burger King’s Twitter Account Hijacked Poll Question: What do you suppose is the biggest risk from having your SM account hijacked? a) b) c) d) Brand risk Reputation risk Both A & B Loss of the formula for ‘secret sauce’ LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
Lessons Learned? Poor Pwd Management: The companies didn’t know who had access to the account or to the passwords. If the same password can be used across multiple accounts, that’s poor password management. Newsflash!: Passwords need to be changed on a periodic basis. Weakest Link: Any system can be compromised with enough time and effort. Many ways into the crown jewels exist including phishing, smishing, social engineering, software, or applications. Inside Job: Malcontent employees (current or former) who have/had access to the passwords make it difficult to know if the account truly was hacked or if it was an a rogue employee. Many social media accounts are not tied to Active Directory or LDAP systems. Vendor Management: If you lack the skills inside the organization to run your SM site, you may rely on an external firm. Burger King and Chrysler were both highly dependent on external agencies to manage and control their Twitter accounts. Improper governance and oversight led to epic Social Media Fails# LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
Location, Location, Location- Why it REALLY Matters
US vs. EU Conflict with respect to Personal Data* • EU: everything is prohibited unless expressly permitted by law • US: everything is permitted unless expressly prohibited by law *Art. 2 Directive 95/46/EC: “Personal data" means any information relating to an identified or identifiable natural person ("data subject"). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
Incident #1- Dude - Where’s My Data? Data LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
Incident #1 Poll Question: Which of the following is Personal Data? a) b) c) d) e) Car registration plate Work email address Employee number Employee status on corporate live chat system All of the above LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
Incident #1 Poll Question: Which of the following is NOT an adequate way of transferring Personal Data to a third party company outside of the EEA? a) b) c) d) e) Model Clauses Safe Harbor registration White Listed Countries Binding Corporate Rules None of the above LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
Incident #1- Dude - Where’s My Data? • DPDHL UK entity engaged with UK supplier to acquire a claims handling system • The solution involved the hosting of claims related information of DPDHL employees • Contract governed by English law • Contract provides for DPDHL providing personal data to supplier in UK • Contract completed ready for sign off • DPDHL Legal enquire as to supplier’s server location • “Oops, forgot to tell you”: Data to be hosted in US! By a third party! • 3 months later we sign off the deal after arduous negotiations surrounding the data protection provisions – supplier did not see what the big deal was for DPDHL! LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
Incident #2- Show Me the Data! DATA ! LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
Incident #2 Poll Question: Which of the following is deemed valid consent for the purposes of transferring Personal Data? a) Data subject’s waiver in the form of posting of same Personal Data to social media b) A formal consent form signed by the company’s CEO authorizing the transfer of employee Personal Data c) A formal consent form signed by an administrative assistant authorizing transfer of his/her personal data d) An email by CEO authorizing transfer of his/her personal data e) None of the above LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
Incident #2 Poll Question: Which of the following is true? a) E-discovery rules override the EU Data Protection Directive b) EU Data Protection Directive overrides E-discovery rules c) The EU Data Protection Directive can be ignored by US Company only doing business in the US d) Companies can select which privacy regime to follow based on country of registration e) None of the above LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
Incident #2- Show Me the Data! • US based employee seconded to Germany • The new role never transpired • Employee sought reinstatement to her original role in US • Old role filled!!! • Employee commenced proceedings in US against DPDHL alleging wrongful termination and harassment • Plaintiff produced altered emails • DHL had to collect emails from executives and non-executives in Germany to disprove P’s allegations • US litigators barred by EU Data Protection from collecting data LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
Incident #2- Show Me the Data! • DPDHL had to implement adequate measures which included:  Giving German employees an opportunity to consult with DPDHL Data Protection Officers  DPDHL Officers consulting with German Worker’s Council  US lawyers to disclose data needed, where it would be sent to and how it would be used  US lawyers had to obtain consent from each custodian, subject to refusal or withdrawal  EU employees to self-collect  Data subject to protective order  Then and only then data could be used in litigation LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
Lessons Learned? • From the outset ask suppliers about server locations and DR sites • Quiz your business folk on the type of data to be processed/hosted/stored • In any litigation matter be mindful of any European aspects to the case • Seek Local legal advice on national law issues • The EU Directive has been implemented by all EU members in their local legislation with varying degrees of formality e.g. Germany compared to UK LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
Privacy Enforcement in the U.S. LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
Oregon Woman Awarded $18.6 MILLION Over Equifax Credit Report Mix-Up July 2013 (Reduced to $ 1.62 Million in Appeal on January 29, 2014) LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
FTC Collects $3.5 Million From TeleCheck For Failing To Investigate Disputes Or Correct Errors January 16, 2014 LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
FTC Expands FCRA Coverage to Mobile Industry – Criminal Records Search Apps January 10, 2013 LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
FCRA Poll Question: A consumer reporting agency falls under the FCR Act, if it sells consumer reports to: a) Banks, Insurance Companies, Employers and Consumers b) Banks, Insurance Companies, Employers and for Other Business Purposes c) Banks, Insurance Companies, Employers, Marketers, and Dating Sites d) All of the above LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
FTC Announces First Settlement Involving Privacy and the "Internet of Things" – The TRENDnet Case September 2013 LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
Section 5 (a) of the FTC Act Poll Question: A company has an obligation under section 5 (a) of the FTC Act to provide reasonable security for its PII: a) b) c) d) Always Only if there is risk of substantial damage Only if it promises to do so Never LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
WellPoint Pays HHS $1.7 Million for Leaving Information Accessible Over Internet July 2013 LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
HIPPA Poll Question: The following entities must comply with HIPAA Privacy and Security Rules: a) Law firms that handle PHI from insurance companies, hospitals or health care providers b) Webmd.com and Patientslikeme.com c) H.R. departments d) All of the above LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
Lessons Learned? • Data Brokers and App Developers: If you quack like a duck…you are a duck. Regardless of your ToS, if you act as a consumer reporting agency, you need to be compliant with the FCRA requirements to avoid steep fines from the FTC and law suits from wronged consumers. • Companies under jurisdiction of FTC: Say what you mean and mean what you say in your privacy policies. Don’t make promises you will not keep, lest the FTC will accuse you of deceptive practices under Section 5 (a) FTCA. If you handle sensitive data, the breach of which may result in substantial damage, you must have a data security program in place, lest the FTC will accuse you of unfair practices under Section 5(a) FTCA. • All companies processing PH data from HIPAA “covered entities”: As “business associates” you must comply with HIPAA Privacy and Security Rules as well. HHS/FTC are after you! LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
Questions? LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014

Recomendados

What if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of usWhat if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of usPhil Cryer
 
Isao MATSUNAMI - Digital security in japanese journalism
Isao MATSUNAMI - Digital security in japanese journalismIsao MATSUNAMI - Digital security in japanese journalism
Isao MATSUNAMI - Digital security in japanese journalismREVULN
 
Media Law
Media LawMedia Law
Media Lawsrcarrol
 
Data Breach Detection: Are you ready for GDPR?
Data Breach Detection: Are you ready for GDPR?Data Breach Detection: Are you ready for GDPR?
Data Breach Detection: Are you ready for GDPR?Digital Transformation EXPO Event Series
 
Ethics and legislation in the it industry
Ethics and legislation in the it industryEthics and legislation in the it industry
Ethics and legislation in the it industryjamiehaworth1
 
"What Could Go Wrong?" - We're Glad You Asked!
"What Could Go Wrong?" - We're Glad You Asked!"What Could Go Wrong?" - We're Glad You Asked!
"What Could Go Wrong?" - We're Glad You Asked!Shawn Tuma
 
Is your data secure? privacy and trust in the social web
Is your data secure? privacy and trust in the social webIs your data secure? privacy and trust in the social web
Is your data secure? privacy and trust in the social webPhil Cryer
 
Osint part 1_personal_privacy
Osint part 1_personal_privacyOsint part 1_personal_privacy
Osint part 1_personal_privacySandra (Sandy) Dunn
 

Recomendados

What if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of usWhat if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of usPhil Cryer
 
Isao MATSUNAMI - Digital security in japanese journalism
Isao MATSUNAMI - Digital security in japanese journalismIsao MATSUNAMI - Digital security in japanese journalism
Isao MATSUNAMI - Digital security in japanese journalismREVULN
 
Media Law
Media LawMedia Law
Media Lawsrcarrol
 
Data Breach Detection: Are you ready for GDPR?
Data Breach Detection: Are you ready for GDPR?Data Breach Detection: Are you ready for GDPR?
Data Breach Detection: Are you ready for GDPR?Digital Transformation EXPO Event Series
 
Ethics and legislation in the it industry
Ethics and legislation in the it industryEthics and legislation in the it industry
Ethics and legislation in the it industryjamiehaworth1
 
"What Could Go Wrong?" - We're Glad You Asked!
"What Could Go Wrong?" - We're Glad You Asked!"What Could Go Wrong?" - We're Glad You Asked!
"What Could Go Wrong?" - We're Glad You Asked!Shawn Tuma
 
Is your data secure? privacy and trust in the social web
Is your data secure? privacy and trust in the social webIs your data secure? privacy and trust in the social web
Is your data secure? privacy and trust in the social webPhil Cryer
 
Osint part 1_personal_privacy
Osint part 1_personal_privacyOsint part 1_personal_privacy
Osint part 1_personal_privacySandra (Sandy) Dunn
 
Government Publications and Research_What You Need to Know 2015 (7)
Government Publications and Research_What You Need to Know 2015 (7)Government Publications and Research_What You Need to Know 2015 (7)
Government Publications and Research_What You Need to Know 2015 (7)Mary Howrey
 
Transeuropa Weekend London
Transeuropa Weekend LondonTranseuropa Weekend London
Transeuropa Weekend LondonNoel Hatch
 
Modern Latin America
Modern Latin AmericaModern Latin America
Modern Latin America03ram
 
Warmte en Competentie als voorspellers van merkgedrag:Een Nederlandse benader...
Warmte en Competentie als voorspellers van merkgedrag:Een Nederlandse benader...Warmte en Competentie als voorspellers van merkgedrag:Een Nederlandse benader...
Warmte en Competentie als voorspellers van merkgedrag:Een Nederlandse benader...Ronald Voorn
 
Applying technology to school
Applying technology to schoolApplying technology to school
Applying technology to schoolAditi Sameer
 
Making a Living Project Plan
Making a Living Project PlanMaking a Living Project Plan
Making a Living Project PlanNoel Hatch
 
PIX:MAG webdesign magazin
PIX:MAG webdesign magazinPIX:MAG webdesign magazin
PIX:MAG webdesign magazinZsuzsanna Tóth
 
Urban Games to Make a Living
Urban Games to Make a LivingUrban Games to Make a Living
Urban Games to Make a LivingNoel Hatch
 
स्वावलंबी गाँव
स्वावलंबी गाँवस्वावलंबी गाँव
स्वावलंबी गाँवChandra Vikash
 
Festival Techniques
Festival TechniquesFestival Techniques
Festival TechniquesNoel Hatch
 
#outcomefest
#outcomefest#outcomefest
#outcomefestNoel Hatch
 
1403903271
14039032711403903271
1403903271chemieusf
 
Nation of America (Mexico)
Nation of America (Mexico)Nation of America (Mexico)
Nation of America (Mexico)03ram
 
How to post a Citizen Report (EN)
How to post a Citizen Report (EN)How to post a Citizen Report (EN)
How to post a Citizen Report (EN)Tom Trewinnard
 
2011 Q2 MD&A & Interim Financial Statements
2011 Q2 MD&A & Interim Financial Statements2011 Q2 MD&A & Interim Financial Statements
2011 Q2 MD&A & Interim Financial StatementsProphecy Corp
 
Collaborative Research & Design
Collaborative Research & DesignCollaborative Research & Design
Collaborative Research & DesignNoel Hatch
 
American Urbanization: New York City
American Urbanization: New York CityAmerican Urbanization: New York City
American Urbanization: New York Citymeggss24
 
How to answer the 64 toughest interview questions
How to answer the 64 toughest interview questionsHow to answer the 64 toughest interview questions
How to answer the 64 toughest interview questionsKarunakar Singh Thakur
 
SIGMA_EMA
SIGMA_EMASIGMA_EMA
SIGMA_EMAPavel Konovalov
 
Interview Questions for Organisations
Interview Questions for OrganisationsInterview Questions for Organisations
Interview Questions for OrganisationsNoel Hatch
 
ePrivacy Law Marketers Need to Know
ePrivacy Law Marketers Need to KnowePrivacy Law Marketers Need to Know
ePrivacy Law Marketers Need to KnowMarketo
 
eMetrics Summit Boston 2014 - Big Data for Marketing - Privacy Principles & P...
eMetrics Summit Boston 2014 - Big Data for Marketing - Privacy Principles & P...eMetrics Summit Boston 2014 - Big Data for Marketing - Privacy Principles & P...
eMetrics Summit Boston 2014 - Big Data for Marketing - Privacy Principles & P...Aurélie Pols
 

Más contenido relacionado

Destacado

Government Publications and Research_What You Need to Know 2015 (7)
Government Publications and Research_What You Need to Know 2015 (7)Government Publications and Research_What You Need to Know 2015 (7)
Government Publications and Research_What You Need to Know 2015 (7)Mary Howrey
 
Transeuropa Weekend London
Transeuropa Weekend LondonTranseuropa Weekend London
Transeuropa Weekend LondonNoel Hatch
 
Modern Latin America
Modern Latin AmericaModern Latin America
Modern Latin America03ram
 
Warmte en Competentie als voorspellers van merkgedrag:Een Nederlandse benader...
Warmte en Competentie als voorspellers van merkgedrag:Een Nederlandse benader...Warmte en Competentie als voorspellers van merkgedrag:Een Nederlandse benader...
Warmte en Competentie als voorspellers van merkgedrag:Een Nederlandse benader...Ronald Voorn
 
Applying technology to school
Applying technology to schoolApplying technology to school
Applying technology to schoolAditi Sameer
 
Making a Living Project Plan
Making a Living Project PlanMaking a Living Project Plan
Making a Living Project PlanNoel Hatch
 
PIX:MAG webdesign magazin
PIX:MAG webdesign magazinPIX:MAG webdesign magazin
PIX:MAG webdesign magazinZsuzsanna Tóth
 
Urban Games to Make a Living
Urban Games to Make a LivingUrban Games to Make a Living
Urban Games to Make a LivingNoel Hatch
 
स्वावलंबी गाँव
स्वावलंबी गाँवस्वावलंबी गाँव
स्वावलंबी गाँवChandra Vikash
 
Festival Techniques
Festival TechniquesFestival Techniques
Festival TechniquesNoel Hatch
 
Nation of America (Mexico)
Nation of America (Mexico)Nation of America (Mexico)
Nation of America (Mexico)03ram
 
How to post a Citizen Report (EN)
How to post a Citizen Report (EN)How to post a Citizen Report (EN)
How to post a Citizen Report (EN)Tom Trewinnard
 
2011 Q2 MD&A & Interim Financial Statements
2011 Q2 MD&A & Interim Financial Statements2011 Q2 MD&A & Interim Financial Statements
2011 Q2 MD&A & Interim Financial StatementsProphecy Corp
 
Collaborative Research & Design
Collaborative Research & DesignCollaborative Research & Design
Collaborative Research & DesignNoel Hatch
 
American Urbanization: New York City
American Urbanization: New York CityAmerican Urbanization: New York City
American Urbanization: New York Citymeggss24
 
How to answer the 64 toughest interview questions
How to answer the 64 toughest interview questionsHow to answer the 64 toughest interview questions
How to answer the 64 toughest interview questionsKarunakar Singh Thakur
 
Interview Questions for Organisations
Interview Questions for OrganisationsInterview Questions for Organisations
Interview Questions for OrganisationsNoel Hatch
 

Destacado (20)

Government Publications and Research_What You Need to Know 2015 (7)
Government Publications and Research_What You Need to Know 2015 (7)Government Publications and Research_What You Need to Know 2015 (7)
Government Publications and Research_What You Need to Know 2015 (7)
 
Transeuropa Weekend London
Transeuropa Weekend LondonTranseuropa Weekend London
Transeuropa Weekend London
 
Modern Latin America
Modern Latin AmericaModern Latin America
Modern Latin America
 
Warmte en Competentie als voorspellers van merkgedrag:Een Nederlandse benader...
Warmte en Competentie als voorspellers van merkgedrag:Een Nederlandse benader...Warmte en Competentie als voorspellers van merkgedrag:Een Nederlandse benader...
Warmte en Competentie als voorspellers van merkgedrag:Een Nederlandse benader...
 
Applying technology to school
Applying technology to schoolApplying technology to school
Applying technology to school
 
Making a Living Project Plan
Making a Living Project PlanMaking a Living Project Plan
Making a Living Project Plan
 
PIX:MAG webdesign magazin
PIX:MAG webdesign magazinPIX:MAG webdesign magazin
PIX:MAG webdesign magazin
 
Urban Games to Make a Living
Urban Games to Make a LivingUrban Games to Make a Living
Urban Games to Make a Living
 
स्वावलंबी गाँव
स्वावलंबी गाँवस्वावलंबी गाँव
स्वावलंबी गाँव
 
Festival Techniques
Festival TechniquesFestival Techniques
Festival Techniques
 
#outcomefest
#outcomefest#outcomefest
#outcomefest
 
1403903271
14039032711403903271
1403903271
 
Nation of America (Mexico)
Nation of America (Mexico)Nation of America (Mexico)
Nation of America (Mexico)
 
How to post a Citizen Report (EN)
How to post a Citizen Report (EN)How to post a Citizen Report (EN)
How to post a Citizen Report (EN)
 
2011 Q2 MD&A & Interim Financial Statements
2011 Q2 MD&A & Interim Financial Statements2011 Q2 MD&A & Interim Financial Statements
2011 Q2 MD&A & Interim Financial Statements
 
Collaborative Research & Design
Collaborative Research & DesignCollaborative Research & Design
Collaborative Research & Design
 
American Urbanization: New York City
American Urbanization: New York CityAmerican Urbanization: New York City
American Urbanization: New York City
 
How to answer the 64 toughest interview questions
How to answer the 64 toughest interview questionsHow to answer the 64 toughest interview questions
How to answer the 64 toughest interview questions
 
SIGMA_EMA
SIGMA_EMASIGMA_EMA
SIGMA_EMA
 
Interview Questions for Organisations
Interview Questions for OrganisationsInterview Questions for Organisations
Interview Questions for Organisations
 

Similar a Ripped from the Headlines: Cautionary Tales from the Annals of Data Privacy

ePrivacy Law Marketers Need to Know
ePrivacy Law Marketers Need to KnowePrivacy Law Marketers Need to Know
ePrivacy Law Marketers Need to KnowMarketo
 
eMetrics Summit Boston 2014 - Big Data for Marketing - Privacy Principles & P...
eMetrics Summit Boston 2014 - Big Data for Marketing - Privacy Principles & P...eMetrics Summit Boston 2014 - Big Data for Marketing - Privacy Principles & P...
eMetrics Summit Boston 2014 - Big Data for Marketing - Privacy Principles & P...Aurélie Pols
 
Privacy and Data Security: Minimizing Reputational and Legal Risks
Privacy and Data Security: Minimizing Reputational and Legal RisksPrivacy and Data Security: Minimizing Reputational and Legal Risks
Privacy and Data Security: Minimizing Reputational and Legal RisksTechWell
 
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Diana Maier
 
Social Media in the Workplace
Social Media in the Workplace Social Media in the Workplace
Social Media in the Workplace Rachel Hamilton
 
The proposed EU Data Protection Regulations...and why we love them
The proposed EU Data Protection Regulations...and why we love themThe proposed EU Data Protection Regulations...and why we love them
The proposed EU Data Protection Regulations...and why we love themNick Banbury
 
eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ...
eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ... eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ...
eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ...Aurélie Pols
 
GDPR - General Data Protection Regulation
GDPR - General Data Protection RegulationGDPR - General Data Protection Regulation
GDPR - General Data Protection RegulationZero Point Development
 
Managing Data Breach Communication on The Social Web
Managing Data Breach Communication on The Social WebManaging Data Breach Communication on The Social Web
Managing Data Breach Communication on The Social WebBoyd Neil
 
Cyber Liability
Cyber LiabilityCyber Liability
Cyber LiabilityRisk Nerds
 
FPRA Capital Chapter: Managing a Hack
FPRA Capital Chapter: Managing a HackFPRA Capital Chapter: Managing a Hack
FPRA Capital Chapter: Managing a HackSandra Fathi
 
A Global Marketer's Guide to Privacy
A Global Marketer's Guide to PrivacyA Global Marketer's Guide to Privacy
A Global Marketer's Guide to PrivacyFLUZO
 
Managing a Hack: A Communicator's Guide to a Data Breach
Managing a Hack: A Communicator's Guide to a Data BreachManaging a Hack: A Communicator's Guide to a Data Breach
Managing a Hack: A Communicator's Guide to a Data BreachSandra Fathi
 
Who ownes the customer? Privacy in the connected age.
Who ownes the customer? Privacy in the connected age.Who ownes the customer? Privacy in the connected age.
Who ownes the customer? Privacy in the connected age.jatharrison
 
Data Accountability & Consumer Trust
Data Accountability & Consumer TrustData Accountability & Consumer Trust
Data Accountability & Consumer TrustAurélie Pols
 

Similar a Ripped from the Headlines: Cautionary Tales from the Annals of Data Privacy (20)

ePrivacy Law Marketers Need to Know
ePrivacy Law Marketers Need to KnowePrivacy Law Marketers Need to Know
ePrivacy Law Marketers Need to Know
 
eMetrics Summit Boston 2014 - Big Data for Marketing - Privacy Principles & P...
eMetrics Summit Boston 2014 - Big Data for Marketing - Privacy Principles & P...eMetrics Summit Boston 2014 - Big Data for Marketing - Privacy Principles & P...
eMetrics Summit Boston 2014 - Big Data for Marketing - Privacy Principles & P...
 
Privacy and Data Security: Minimizing Reputational and Legal Risks
Privacy and Data Security: Minimizing Reputational and Legal RisksPrivacy and Data Security: Minimizing Reputational and Legal Risks
Privacy and Data Security: Minimizing Reputational and Legal Risks
 
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
 
Social Media in the Workplace
Social Media in the Workplace Social Media in the Workplace
Social Media in the Workplace
 
The proposed EU Data Protection Regulations...and why we love them
The proposed EU Data Protection Regulations...and why we love themThe proposed EU Data Protection Regulations...and why we love them
The proposed EU Data Protection Regulations...and why we love them
 
(Webinar slides) Your client posted What!!? Top Social Media Concerns for Law...
(Webinar slides) Your client posted What!!? Top Social Media Concerns for Law...(Webinar slides) Your client posted What!!? Top Social Media Concerns for Law...
(Webinar slides) Your client posted What!!? Top Social Media Concerns for Law...
 
AIIM 2015 - Data Privacy
AIIM 2015 - Data PrivacyAIIM 2015 - Data Privacy
AIIM 2015 - Data Privacy
 
eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ...
eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ... eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ...
eMetrics Summit Boston 2014 - Big Data Marketing - From Über Creepy to Over ...
 
GDPR - General Data Protection Regulation
GDPR - General Data Protection RegulationGDPR - General Data Protection Regulation
GDPR - General Data Protection Regulation
 
Managing Data Breach Communication on The Social Web
Managing Data Breach Communication on The Social WebManaging Data Breach Communication on The Social Web
Managing Data Breach Communication on The Social Web
 
Big Data & Wrongful Collection
Big Data & Wrongful CollectionBig Data & Wrongful Collection
Big Data & Wrongful Collection
 
Cyber Liability
Cyber LiabilityCyber Liability
Cyber Liability
 
ZyLAB ACEDS Webinar- GDPR
ZyLAB ACEDS Webinar- GDPR ZyLAB ACEDS Webinar- GDPR
ZyLAB ACEDS Webinar- GDPR
 
FPRA Capital Chapter: Managing a Hack
FPRA Capital Chapter: Managing a HackFPRA Capital Chapter: Managing a Hack
FPRA Capital Chapter: Managing a Hack
 
A Global Marketer's Guide to Privacy
A Global Marketer's Guide to PrivacyA Global Marketer's Guide to Privacy
A Global Marketer's Guide to Privacy
 
Data Privacy Compliance
Data Privacy ComplianceData Privacy Compliance
Data Privacy Compliance
 
Managing a Hack: A Communicator's Guide to a Data Breach
Managing a Hack: A Communicator's Guide to a Data BreachManaging a Hack: A Communicator's Guide to a Data Breach
Managing a Hack: A Communicator's Guide to a Data Breach
 
Who ownes the customer? Privacy in the connected age.
Who ownes the customer? Privacy in the connected age.Who ownes the customer? Privacy in the connected age.
Who ownes the customer? Privacy in the connected age.
 
Data Accountability & Consumer Trust
Data Accountability & Consumer TrustData Accountability & Consumer Trust
Data Accountability & Consumer Trust
 

Más de AltheimPrivacy

Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)
Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)
Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)AltheimPrivacy
 
NYCLA Privacy CLE_october_1_2014_presentation
NYCLA Privacy CLE_october_1_2014_presentationNYCLA Privacy CLE_october_1_2014_presentation
NYCLA Privacy CLE_october_1_2014_presentationAltheimPrivacy
 
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...AltheimPrivacy
 
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...AltheimPrivacy
 
How to Hide Your Page "Likes" from Facebook Graph Search and Social Ads
How to Hide Your Page "Likes" from Facebook Graph Search and Social AdsHow to Hide Your Page "Likes" from Facebook Graph Search and Social Ads
How to Hide Your Page "Likes" from Facebook Graph Search and Social AdsAltheimPrivacy
 
Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...
Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...
Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...AltheimPrivacy
 
Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...
Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...
Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...AltheimPrivacy
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)AltheimPrivacy
 
Three Easy Steps To Basic Privacy/Security on Facebook
Three Easy Steps To Basic Privacy/Security on FacebookThree Easy Steps To Basic Privacy/Security on Facebook
Three Easy Steps To Basic Privacy/Security on FacebookAltheimPrivacy
 
Cross Border Ediscovery vs. EU Data Protection at LegalTech West Coast
Cross Border Ediscovery vs. EU Data Protection at LegalTech West Coast Cross Border Ediscovery vs. EU Data Protection at LegalTech West Coast
Cross Border Ediscovery vs. EU Data Protection at LegalTech West CoastAltheimPrivacy
 
Facebook New Changes 2011
Facebook New Changes 2011Facebook New Changes 2011
Facebook New Changes 2011AltheimPrivacy
 

Más de AltheimPrivacy (11)

Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)
Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)
Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)
 
NYCLA Privacy CLE_october_1_2014_presentation
NYCLA Privacy CLE_october_1_2014_presentationNYCLA Privacy CLE_october_1_2014_presentation
NYCLA Privacy CLE_october_1_2014_presentation
 
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
 
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
 
How to Hide Your Page "Likes" from Facebook Graph Search and Social Ads
How to Hide Your Page "Likes" from Facebook Graph Search and Social AdsHow to Hide Your Page "Likes" from Facebook Graph Search and Social Ads
How to Hide Your Page "Likes" from Facebook Graph Search and Social Ads
 
Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...
Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...
Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...
 
Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...
Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...
Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)
 
Three Easy Steps To Basic Privacy/Security on Facebook
Three Easy Steps To Basic Privacy/Security on FacebookThree Easy Steps To Basic Privacy/Security on Facebook
Three Easy Steps To Basic Privacy/Security on Facebook
 
Cross Border Ediscovery vs. EU Data Protection at LegalTech West Coast
Cross Border Ediscovery vs. EU Data Protection at LegalTech West Coast Cross Border Ediscovery vs. EU Data Protection at LegalTech West Coast
Cross Border Ediscovery vs. EU Data Protection at LegalTech West Coast
 
Facebook New Changes 2011
Facebook New Changes 2011Facebook New Changes 2011
Facebook New Changes 2011
 

Último

VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Roomdivyansh0kumar0
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyEthan lee
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...anilsa9823
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.Aaiza Hassan
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Serviceritikaroy0888
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesDipal Arora
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Delhi Call girls
 
Catalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfCatalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfOrient Homes
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Lviv Startup Club
 
Socio-economic-Impact-of-business-consumers-suppliers-and.pptx
Socio-economic-Impact-of-business-consumers-suppliers-and.pptxSocio-economic-Impact-of-business-consumers-suppliers-and.pptx
Socio-economic-Impact-of-business-consumers-suppliers-and.pptxtrishalcan8
 
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurVIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurSuhani Kapoor
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxAndy Lambert
 
Catalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdf
Catalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdfCatalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdf
Catalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdfOrient Homes
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetDenis Gagné
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...lizamodels9
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdfRenandantas16
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitHolger Mueller
 

Último (20)

VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 
Catalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfCatalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdf
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
 
Socio-economic-Impact-of-business-consumers-suppliers-and.pptx
Socio-economic-Impact-of-business-consumers-suppliers-and.pptxSocio-economic-Impact-of-business-consumers-suppliers-and.pptx
Socio-economic-Impact-of-business-consumers-suppliers-and.pptx
 
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurVIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
 
Catalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdf
Catalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdfCatalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdf
Catalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdf
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst Summit
 

Ripped from the Headlines: Cautionary Tales from the Annals of Data Privacy

  • 1. FEBRUARY 4 – 6, 2014 / THE HILTON NEW YORK Ripped from the Headlines: Cautionary Tales from the Annals of Data Privacy Monique Altheim Principal, The Law Office Monique Altheim Dori Anne Kuchinsky Assistant General Counsel, Litigation & Global Privacy W.R. Grace & Co. Kamal Patheja Legal Director Global Software Licensing DHL Albert M. Raymond Head of U.S. Privacy & Social Media Compliance TD Bank
  • 2. Target and Neimans and Snapchat, Oh My! The Year in Data Privacy • Privacy Jeopardy:  The Rules  The Categories  The Prizes LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 3. EU-U.S. Safe Harbor and the “Snowden Effect” Poll Question: The FTC recently announced settlements with 12 U.S. companies for Safe Harbor violations. The violation charged was: a) Allowing the NSA to access EU data transferred under Safe Harbor b) Using Safe Harbor to justify transfers to inadequate countries c) Falsely claiming they had current Safe Harbor certifications d) None of the above LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 4. Social Media Security Fails in 2013 LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 5. Associated Press Twitter Account Hack April 2013 • The Associated Press' Twitter account was hacked. • Moments later, the Syrian Electronic Army claimed responsibility for the attack. LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 6. Associated Press Twitter Account Hack • The message spread quickly, with Twitter users immediately wondering if the account had been hacked. • The Associated Press’ clarified the tweet was a fake a shortly thereafter. LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 7. Associated Press Twitter Account Hack The Syrian Electronic Army, an organization that supports Syrian President Bashar al-Assad, tweeted: LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 8. Associated Press Twitter Account Hack Real Repercussions LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 9. Associated Press Twitter Account Hack Poll Question: Which of these ‘strong’ passwords should have the Associated Press used to protect its Twitter account? a) b) c) d) Password Qwerty Abc123 Muj@hideen2# LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 10. Chrysler Social Media Faux Pas LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 11. Chrysler Social Media Faux Pas LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 12. Chrysler Social Media Faux Pas LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 13. Chrysler Social Media Faux Pas Poll Question: If your vendor causes a security or privacy event for you, what could be your recourse? a) b) c) d) Legal action Nothing. Your vendor’s action are your own Depends on the contract Run over someone with a Chrysler 300 Hemi LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 14. Burger King’s Twitter Account Hijacked LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 15. Burger King’s Twitter Account Hijacked LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 16. Burger King’s Twitter Account Hijacked • The account was hacked by an unknown group, which changed the company’s logo and profile name to McDonald’s. It then started tweeting offensive messages, along with a message the company was “bought out” by McDonald’s. • After nearly an hour and a half of “tasteless” tweets filled with drug references and obscenities, Twitter finally suspended the account. • Afterwards, Burger King actually gained almost 30,000 followers after the incident!  300% in conversations on BK site (450,000 tweets!) LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 17. Burger King’s Twitter Account Hijacked LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 18. Burger King’s Twitter Account Hijacked LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 19. Burger King’s Twitter Account Hijacked LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 20. Burger King’s Twitter Account Hijacked LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 21. Burger King’s Twitter Account Hijacked Poll Question: What do you suppose is the biggest risk from having your SM account hijacked? a) b) c) d) Brand risk Reputation risk Both A & B Loss of the formula for ‘secret sauce’ LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 22. Lessons Learned? Poor Pwd Management: The companies didn’t know who had access to the account or to the passwords. If the same password can be used across multiple accounts, that’s poor password management. Newsflash!: Passwords need to be changed on a periodic basis. Weakest Link: Any system can be compromised with enough time and effort. Many ways into the crown jewels exist including phishing, smishing, social engineering, software, or applications. Inside Job: Malcontent employees (current or former) who have/had access to the passwords make it difficult to know if the account truly was hacked or if it was an a rogue employee. Many social media accounts are not tied to Active Directory or LDAP systems. Vendor Management: If you lack the skills inside the organization to run your SM site, you may rely on an external firm. Burger King and Chrysler were both highly dependent on external agencies to manage and control their Twitter accounts. Improper governance and oversight led to epic Social Media Fails# LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 23. Location, Location, Location- Why it REALLY Matters
  • 24. US vs. EU Conflict with respect to Personal Data* • EU: everything is prohibited unless expressly permitted by law • US: everything is permitted unless expressly prohibited by law *Art. 2 Directive 95/46/EC: “Personal data" means any information relating to an identified or identifiable natural person ("data subject"). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 25. Incident #1- Dude - Where’s My Data? Data LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 26. Incident #1 Poll Question: Which of the following is Personal Data? a) b) c) d) e) Car registration plate Work email address Employee number Employee status on corporate live chat system All of the above LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 27. Incident #1 Poll Question: Which of the following is NOT an adequate way of transferring Personal Data to a third party company outside of the EEA? a) b) c) d) e) Model Clauses Safe Harbor registration White Listed Countries Binding Corporate Rules None of the above LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 28. Incident #1- Dude - Where’s My Data? • DPDHL UK entity engaged with UK supplier to acquire a claims handling system • The solution involved the hosting of claims related information of DPDHL employees • Contract governed by English law • Contract provides for DPDHL providing personal data to supplier in UK • Contract completed ready for sign off • DPDHL Legal enquire as to supplier’s server location • “Oops, forgot to tell you”: Data to be hosted in US! By a third party! • 3 months later we sign off the deal after arduous negotiations surrounding the data protection provisions – supplier did not see what the big deal was for DPDHL! LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 29. Incident #2- Show Me the Data! DATA ! LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 30. Incident #2 Poll Question: Which of the following is deemed valid consent for the purposes of transferring Personal Data? a) Data subject’s waiver in the form of posting of same Personal Data to social media b) A formal consent form signed by the company’s CEO authorizing the transfer of employee Personal Data c) A formal consent form signed by an administrative assistant authorizing transfer of his/her personal data d) An email by CEO authorizing transfer of his/her personal data e) None of the above LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 31. Incident #2 Poll Question: Which of the following is true? a) E-discovery rules override the EU Data Protection Directive b) EU Data Protection Directive overrides E-discovery rules c) The EU Data Protection Directive can be ignored by US Company only doing business in the US d) Companies can select which privacy regime to follow based on country of registration e) None of the above LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 32. Incident #2- Show Me the Data! • US based employee seconded to Germany • The new role never transpired • Employee sought reinstatement to her original role in US • Old role filled!!! • Employee commenced proceedings in US against DPDHL alleging wrongful termination and harassment • Plaintiff produced altered emails • DHL had to collect emails from executives and non-executives in Germany to disprove P’s allegations • US litigators barred by EU Data Protection from collecting data LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 33. Incident #2- Show Me the Data! • DPDHL had to implement adequate measures which included:  Giving German employees an opportunity to consult with DPDHL Data Protection Officers  DPDHL Officers consulting with German Worker’s Council  US lawyers to disclose data needed, where it would be sent to and how it would be used  US lawyers had to obtain consent from each custodian, subject to refusal or withdrawal  EU employees to self-collect  Data subject to protective order  Then and only then data could be used in litigation LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 34. Lessons Learned? • From the outset ask suppliers about server locations and DR sites • Quiz your business folk on the type of data to be processed/hosted/stored • In any litigation matter be mindful of any European aspects to the case • Seek Local legal advice on national law issues • The EU Directive has been implemented by all EU members in their local legislation with varying degrees of formality e.g. Germany compared to UK LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 35. Privacy Enforcement in the U.S. LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 36. Oregon Woman Awarded $18.6 MILLION Over Equifax Credit Report Mix-Up July 2013 (Reduced to $ 1.62 Million in Appeal on January 29, 2014) LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 37. FTC Collects $3.5 Million From TeleCheck For Failing To Investigate Disputes Or Correct Errors January 16, 2014 LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 38. FTC Expands FCRA Coverage to Mobile Industry – Criminal Records Search Apps January 10, 2013 LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 39. FCRA Poll Question: A consumer reporting agency falls under the FCR Act, if it sells consumer reports to: a) Banks, Insurance Companies, Employers and Consumers b) Banks, Insurance Companies, Employers and for Other Business Purposes c) Banks, Insurance Companies, Employers, Marketers, and Dating Sites d) All of the above LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 40. FTC Announces First Settlement Involving Privacy and the "Internet of Things" – The TRENDnet Case September 2013 LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 41. Section 5 (a) of the FTC Act Poll Question: A company has an obligation under section 5 (a) of the FTC Act to provide reasonable security for its PII: a) b) c) d) Always Only if there is risk of substantial damage Only if it promises to do so Never LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 42. WellPoint Pays HHS $1.7 Million for Leaving Information Accessible Over Internet July 2013 LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 43. HIPPA Poll Question: The following entities must comply with HIPAA Privacy and Security Rules: a) Law firms that handle PHI from insurance companies, hospitals or health care providers b) Webmd.com and Patientslikeme.com c) H.R. departments d) All of the above LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 44. Lessons Learned? • Data Brokers and App Developers: If you quack like a duck…you are a duck. Regardless of your ToS, if you act as a consumer reporting agency, you need to be compliant with the FCRA requirements to avoid steep fines from the FTC and law suits from wronged consumers. • Companies under jurisdiction of FTC: Say what you mean and mean what you say in your privacy policies. Don’t make promises you will not keep, lest the FTC will accuse you of deceptive practices under Section 5 (a) FTCA. If you handle sensitive data, the breach of which may result in substantial damage, you must have a data security program in place, lest the FTC will accuse you of unfair practices under Section 5(a) FTCA. • All companies processing PH data from HIPAA “covered entities”: As “business associates” you must comply with HIPAA Privacy and Security Rules as well. HHS/FTC are after you! LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014
  • 45. Questions? LEGALTECH NEW YORK / FEBRUARY 4 – 6, 2014