Cloud Privacy


Published on

Learn about Data Breach Updates for 2012, how to protect your brand, commercial emailing, reputation resources, and the privacy bill of rights

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Cloud Privacy

  1. 1. Cloud Privacy Update: What You Need To Know David Fowler July 24, 2012Proprietary & Confidential
  2. 2. David FowlerChief Privacy & DeliverabilityOfficer@ActOnSoftware #AOWEB
  3. 3. Today’s Agenda Data Breach Updates for 2012 How to Protect Your Brand Commercial Email: State of the State Reputation Resources: Tools You Can Use Privacy Bill of Rights Wrap UpProprietary & Confidential 3
  4. 4. Not a day seems to go by without an announcement of a brand and a recent data compromise. Will yours be next?Proprietary & Confidential 4
  5. 5. Q: $6.5 Billion A: Data breach impact to U.S. businesses Source: OTAProprietary & Confidential 5
  6. 6. 2011 Data Breach Highlights558 breaches126 million records76% server exploits92% avoidable$318 cost per record$7.2 million average cost of each breach$6.5 billion impact to U.S. businesses Source: OTA © 2012 All rights reserved. Online Trust Alliance (OTA)
  7. 7. What do they have in common? © 2012 All rights reserved. Online Trust Alliance (OTA)
  8. 8. © 2012 All rights reserved. Online Trust Alliance (OTA)
  9. 9. Why Care?“We have spent over 12 years buildingour reputation and trust. It is painful tosee us take so many steps back due to asingle incident.”Zappos CEO, Tony Hsieh © 2012 All rights reserved. Online Trust Alliance (OTA)
  10. 10. Why Care?What has changed? Data driven economy – “Big Data” Multi-Channel & blurring of on & off-line data Evolving definitions of PII and coverage information Complexity and dynamic regulatory environment Reliance of service providers & cloud services Shift from a PC centric to users with multiple devices Increased sophistication of the cyber-criminal © 2012 All rights reserved. Online Trust Alliance (OTA)
  11. 11. Data breaches, what are they after? Organizations who store large amounts of customer data are attractive targets for identity thieves  Data is the new currency for the dark side Thieves target personal, financial and other PII:  Names and Addresses  Phone Number  Email Address  Social Security Numbers  Bank Account Numbers  Credit and Debit Card Numbers  Account Passwords  Security Questions and Answers Source: Zeta Interactive Proprietary & Confidential 11
  12. 12. Data breaches, how do they work? Attacks can take many forms  Phishing  Hacking  Malware  Hardware Theft  Exploiting of Accidental Release Data Spill, Improper Disposal of Digital Assets, Other Accidents Thieves use stolen data to victimize customers  Financial Fraud - All Forms and Types  Use of Stolen Information to Commit Additional Crimes  Money Laundering  Criminal Impersonation, Stalking and Harassment  Terrorism Source: Zeta Interactive Proprietary & Confidential 12
  13. 13. What are the privacy laws?Federal Laws • FTC Act • Sarbanes-Oxley • HIPPA / COPPAStates Laws • Breach Notifications • Data Encryption • SSN ProtectionLocal Laws • Wireless NetworksInternational Laws • EU Data Protection Directive / UK Cookie TrackingProfessional / Trade Protocols Source: Zeta InteractiveProprietary & Confidential 13
  14. 14. What are the impacts?Data breaches affectevery aspect of the  IT  Security audits and scrutinycompany:  Infrastructure changes  Financial  Litigation  Marketing & Communication  PR & crisis management  Business loss & focus  Brand degradation & mistrust  Stock devaluation  Identity protection  Legal  Government regulations services & support  Government notifications  PR & Marketing activity  Class action lawsuits Source: Zeta InteractiveProprietary & Confidential 14
  15. 15. Protect your brand. Technical security is a critical first step  Review all your potential internal loopholes Conduct a comprehensive risk assessment  Identify threats  Analyze potential harm  Identify reasonable mitigation  Understand the legal landscape  Implement policies and procedures consistent with above Develop a written information security program and incident response  Periodically review the program to guard against new and evolving threats Require your vendors to employ best security practices  Contractual language and penalties for non compliance Make privacy a corporate mandate for adoptionProprietary & Confidential 15
  16. 16. Tools you can use.Seek guidance from your legal teamsConsider a third-party privacy seal for complianceRegister cousin domains that look like yours • This will protect your brand online and avoid Phishing issuesKeys to consumer trust • Notice: Say what you are going to do and do it • Consent: Ask for permission • Choice: Allow your customers optionsBe transparent online - don’t hide your activitiesUpdate your privacy policy regularlyProprietary & Confidential 16
  17. 17. Commercial email state of the state Email Deliverability = Brand Management Brand Management = Email Reputation Good Email Reputation = Better Deliverability Better Deliverability = Builds Consumer TRUST Better Consumer Trust = Drives Engagement More aggressive filter implementation on ISP level More streamlined industry organization/cooperation Continued legal/privacy/technology issues remain More informed clients as access to information is available There are still No Guarantees for delivery to any inboxProprietary & Confidential 17
  18. 18. A word on reputationMajority of deliverability issues are based on reputationThe data that affects reputation includes: • Email authentication implementation • Email volumes • Complaint rates • Hard bounce rates • Spam trap hits • Consumer engagement: clicks / opens / conversionsTo protect reputation: • Monitor the sends consistentlyTo repair reputation: • Fix the problems data integrity / confirmed opt-inProprietary & Confidential 18
  19. 19. Reputation resourcesProprietary & Confidential 19
  20. 20. The Consumers Privacy Bill of Rights Privacy Right Definition A right to exercise control over what personal data companiesIndividual control collect and how they use it. A right to readable and accessible information about privacyTransparency and security practices. A right to expect that companies will collect, use andRespect for Context disclosure personal data in ways consistent with the context where data was shared.Security A right to secure and responsible handling of personal data. A right to access and correct personal data in usable formats,Access and Accuracy in a manner appropriate to data sensitivity. A right to reasonable limits on the personal data thatFocused Collection companies collect and retain. A right to have personal data handled by companies in aAccountability manner that complies with the Consumer Privacy Bill of Rights.Proprietary & Confidential 20
  21. 21. Wrap upData breaches will continue to evolveProtect your brand onlineMonitor your online reputationBe proactive not reactive for your brand • Have a plan and execute to itManage internal and external expectations • Who do you do business with and do they COMPLY?Obey the law • Understand what’s required of you and your online presenceYour online journey will be rewarding when you invest the time and resources Proprietary & Confidential 21
  22. 22. Need Help?Sign up for a demo
  23. 23. Thank You David.Fowler@Act-On.comProprietary & Confidential 23
  24. 24. References FTC Act  FTC Dot Com Disclosures  information-about-online-advertising Sarbanes Oxley  TRUSTe  www.truste.orgProprietary & Confidential 24