Your SlideShare is downloading. ×
0
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Presentation Material (Powerpoint)
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Presentation Material (Powerpoint)

220

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
220
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Looking Ahead Privacy, Laws, & Technology ____________________________________________ J. Trevor Hughes International Association of Privacy Professionals
  • 2. Emerging Regulatory Issues <ul><li>Privacy </li></ul><ul><ul><li>ID Theft </li></ul></ul><ul><ul><li>SSNs </li></ul></ul><ul><ul><li>Spam </li></ul></ul><ul><ul><li>Telemarketing </li></ul></ul><ul><ul><li>GLBA </li></ul></ul><ul><ul><li>FCRA </li></ul></ul><ul><ul><li>HIPAA </li></ul></ul><ul><ul><li>Patriot Act </li></ul></ul><ul><li>Security </li></ul><ul><ul><li>The Ugly Stepchild </li></ul></ul><ul><li>A Look Ahead </li></ul><ul><ul><li>Emerging Technology </li></ul></ul><ul><ul><li>Biometrics </li></ul></ul><ul><ul><li>Data Fluidity </li></ul></ul><ul><ul><li>Data Aggregation </li></ul></ul>
  • 3. The Privacy Strata Technology Standards Self Regulatory Standards US Government SSNs GLB HIPPA The States (Legislatures, DOIs and AGs) The Rest of the World EUROPE Canada
  • 4. Show me the harm... Harm to Public Marketing Telemarketing SPAM Identity Theft
  • 5. Identity Theft <ul><li>FTC Complaints: </li></ul><ul><ul><li>2000: 31,000 </li></ul></ul><ul><ul><li>2001: 86,000 </li></ul></ul><ul><ul><li>2002: 162,000 </li></ul></ul><ul><ul><li>Top consumer fraud complaint in 2002 </li></ul></ul><ul><ul><li>30% growth predicted going forward </li></ul></ul><ul><li>Average impact: </li></ul><ul><ul><li>$1500 </li></ul></ul><ul><ul><li>175 hours of clean up </li></ul></ul><ul><ul><li>credit disruptions </li></ul></ul><ul><li>42% of complaints involve credit card fraud </li></ul>Identity theft coverage now available
  • 6. Social Security Numbers <ul><li>California: </li></ul><ul><ul><li>Correspondence to residential addresses cannot include a SSN </li></ul></ul><ul><ul><li>(Simitian bill) employers cannot use SSN for purposes other than taxes </li></ul></ul><ul><li>Feds: </li></ul><ul><ul><li>Proposals to limit use as college ID </li></ul></ul><ul><li>Looking ahead: </li></ul><ul><ul><li>Restrictions on the use of SSNs as internal identifiers </li></ul></ul><ul><ul><ul><li>May be used for verification of identity, accessing medical files and credit reports </li></ul></ul></ul><ul><ul><ul><li>May not be used as an account number </li></ul></ul></ul>
  • 7. SPAM <ul><li>Hotmail – 80% unsolicited bulk email </li></ul><ul><li>31 billion per day (2002) </li></ul><ul><li>60 billion per day(2006) </li></ul><ul><li>Dial up concerns (EU local call problems) </li></ul><ul><li>Work productivity/liability concerns </li></ul><ul><li>Deliverability concerns </li></ul><ul><li>Channel viability concerns (the “900” phenomenon) </li></ul>
  • 8. Will the Cure Kill Email? <ul><li>Legal Responses: </li></ul><ul><ul><li>26 states with anti-spam legislation </li></ul></ul><ul><ul><li>Can Spam Act in Congress (expected to pass this year) </li></ul></ul><ul><ul><li>EU opt-in requirements </li></ul></ul><ul><li>Tech Responses </li></ul><ul><ul><li>Blacklists </li></ul></ul><ul><ul><li>Filtering by ISPs </li></ul></ul><ul><ul><li>Solution providers </li></ul></ul><ul><ul><ul><li>Habeus </li></ul></ul></ul><ul><ul><ul><li>Trusted Sender </li></ul></ul></ul><ul><ul><ul><li>IronPort </li></ul></ul></ul><ul><ul><ul><li>Brightmail </li></ul></ul></ul>Aggressive filtering results in “false positives” ( legitimate email being blocked )
  • 9.  
  • 10. Employee Email Privacy <ul><li>Blurring of work/home boundaries </li></ul><ul><li>30% of ecommerce sales generated from the workplace </li></ul><ul><li>Extensive use of company email for personal use </li></ul><ul><li>Issue: employer monitoring? </li></ul><ul><li>European v. US approaches </li></ul>
  • 11. Telemarketing <ul><li>The “must have” legislation for every up-and-coming AG </li></ul><ul><li>TCPA – allows for single vendor opt-out </li></ul><ul><li>FTC’s 2001 gift to consumers: a national do not call registry (call Billy Tauzin) </li></ul><ul><li>Telemarketing will diminish as a sales vehicle </li></ul>
  • 12. Fair Credit Reporting Act <ul><li>Reauthorization in 2003 </li></ul><ul><li>Big issues: </li></ul><ul><ul><li>Expand consumer privacy protections? </li></ul></ul><ul><ul><li>Sunset state preemption? </li></ul></ul><ul><ul><ul><li>NAAG says “YES!” </li></ul></ul></ul><ul><ul><ul><li>Business community says “please, no!” </li></ul></ul></ul><ul><li>For insurers: beware of scope creep in FCRA reauthorization (Sen. Shelby – GLBA did not go far enough; wants opt in for third party transfers) </li></ul>
  • 13. Layered Privacy Notices
  • 14. Security The Ugly Stepchild of Privacy
  • 15.  
  • 16.  
  • 17.  
  • 18.  
  • 19. Security <ul><li>Security Audit </li></ul><ul><ul><li>Quickest, easiest way to get a snapshot of your security issues </li></ul></ul><ul><li>Develop a “Security Portfolio” </li></ul><ul><ul><li>Internet/Acceptable use policies </li></ul></ul><ul><ul><li>E-mail policies </li></ul></ul><ul><ul><li>Remote access policies </li></ul></ul><ul><ul><li>Special access policies </li></ul></ul><ul><ul><li>Data protection policies </li></ul></ul><ul><ul><li>Firewall management policies </li></ul></ul><ul><ul><li>Cost sensitive, appropriate architecture </li></ul></ul><ul><li>Reassess, Audit, Revise </li></ul>Defense In Depth!
  • 20. Security <ul><li>Protect Internally and Externally </li></ul><ul><ul><li>IIS Survey (2000) – 68% of attacks are internal </li></ul></ul><ul><li>Protect Network AND Data </li></ul><ul><ul><li>Data is usually the target of an attack, not the “network” </li></ul></ul>
  • 21.  
  • 22.  
  • 23. Security – What to do? <ul><li>Standards Emerge! </li></ul><ul><ul><li>Data encryption to the column level </li></ul></ul><ul><ul><li>Role-based access control to the row level </li></ul></ul><ul><ul><li>Role-based access for DBAs </li></ul></ul><ul><ul><li>Transaction auditability </li></ul></ul><ul><li>Pay now, or Pay Later! </li></ul>
  • 24. A look ahead...
  • 25. Emerging Dynamics <ul><li>Data Fluidity </li></ul><ul><ul><li>Personalization </li></ul></ul><ul><ul><li>Persistent Surveillance </li></ul></ul><ul><ul><li>Biometrics </li></ul></ul><ul><li>Data Aggregation </li></ul><ul><ul><li>Targeted messaging </li></ul></ul><ul><li>Geo Privacy </li></ul>
  • 26. Data Friction and Fluidity FRICTION FLUIDITY Stone Tablets Paper Printing Press Digital Data Data Velocity
  • 27. Personalization <ul><li>As data becomes more fluid, personal targeting becomes possible </li></ul><ul><li>Privacy issues prevail </li></ul><ul><li>.NET (Microsoft), Liberty Alliance (Sun) </li></ul><ul><ul><li>Never entering your name, password, address and credit card again </li></ul></ul><ul><li>Do we really want this? </li></ul><ul><li>The rise of GUIDs </li></ul>
  • 28.  
  • 29. Personlization Today Hello John Anderton...
  • 30.  
  • 31. Data Fluidity for Healthcare <ul><li>Smart Cards </li></ul><ul><ul><li>Genome </li></ul></ul><ul><ul><li>Entire Medical Record </li></ul></ul><ul><li>HIPAA code sets </li></ul><ul><li>CRM across all lines/interaction points </li></ul><ul><li>Single interface solutions for customers </li></ul>
  • 32. Biometrics Everywhere <ul><li>Biometric Attestations </li></ul><ul><ul><li>Faceprints, eyeprints, fingerprints, hand geometry, voice recognition, vein patterns, gait recognition, odor... </li></ul></ul>
  • 33. Face Recognition <ul><li>2001 Superbowl </li></ul><ul><li>Airports </li></ul><ul><li>Urban hot spots </li></ul><ul><li>Business campus </li></ul>
  • 34. Iris/Fingerprint Recognition <ul><li>Airports (Vancouver and Toronto) </li></ul><ul><li>Signatures </li></ul><ul><li>High security buildings </li></ul>
  • 35. Persistent Surveillance <ul><li>“ He’s been idented on the Metro...” </li></ul>
  • 36. Data Aggregation Data Silos Aggregation Core Data Inferred Data Meta Data Derivative Data Personalization and Velocity
  • 37.  
  • 38. Geo Privacy <ul><li>e911 </li></ul><ul><li>Geo Targeted Wireless Services </li></ul><ul><ul><li>“ Smell that coffee? Come in for a cup!” </li></ul></ul>
  • 39. Lessons to be Learned <ul><li>Data Becomes Much More Fluid </li></ul><ul><li>Data Management Becomes Much More Difficult </li></ul><ul><li>Data Moves More Quickly </li></ul><ul><li>Smart Companies will Harness the Power of Data Fluidity to Reduce Costs and Improve Their Value Propositions </li></ul>
  • 40. <ul><li>The International Association of Privacy Professionals </li></ul><ul><li>is the nation’s leading association for privacy and security </li></ul><ul><li>professionals. It helps its members build and maintain privacy </li></ul><ul><li>programs while effectively navigating rapidly changing </li></ul><ul><li>regulatory and legal environments. </li></ul><ul><li>Mission of IAPP </li></ul><ul><ul><li>To promote privacy programs and safeguards – their introduction, development and maintenance.  </li></ul></ul><ul><ul><li>To provide a forum for interaction and information exchange for our members. </li></ul></ul><ul><ul><li>To create high quality educational opportunities for those involved with privacy issues. </li></ul></ul>Phone: 800-266-6501 www.privacyassociation.org [email_address]
  • 41. <ul><li>THANKS! </li></ul><ul><ul><ul><li>J. Trevor Hughes </li></ul></ul></ul><ul><ul><ul><li>[email_address] </li></ul></ul></ul><ul><ul><ul><li>207 351 1500 </li></ul></ul></ul>

×