• Share
  • Email
  • Embed
  • Like
  • Private Content
Cloud Privacy

Cloud Privacy



Learn about Data Breach Updates for 2012, how to protect your brand, commercial emailing, reputation resources, and the privacy bill of rights

Learn about Data Breach Updates for 2012, how to protect your brand, commercial emailing, reputation resources, and the privacy bill of rights



Total Views
Views on SlideShare
Embed Views



1 Embed 1

http://www.pinterest.com 1



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Cloud Privacy Cloud Privacy Presentation Transcript

    • Cloud Privacy Update: What You Need To Know David Fowler July 24, 2012Proprietary & Confidential
    • David FowlerChief Privacy & DeliverabilityOfficer@ActOnSoftware #AOWEB
    • Today’s Agenda Data Breach Updates for 2012 How to Protect Your Brand Commercial Email: State of the State Reputation Resources: Tools You Can Use Privacy Bill of Rights Wrap UpProprietary & Confidential 3
    • Not a day seems to go by without an announcement of a brand and a recent data compromise. Will yours be next?Proprietary & Confidential 4
    • Q: $6.5 Billion A: Data breach impact to U.S. businesses Source: OTAProprietary & Confidential 5
    • 2011 Data Breach Highlights558 breaches126 million records76% server exploits92% avoidable$318 cost per record$7.2 million average cost of each breach$6.5 billion impact to U.S. businesses Source: OTA © 2012 All rights reserved. Online Trust Alliance (OTA)
    • What do they have in common? © 2012 All rights reserved. Online Trust Alliance (OTA)
    • © 2012 All rights reserved. Online Trust Alliance (OTA)
    • Why Care?“We have spent over 12 years buildingour reputation and trust. It is painful tosee us take so many steps back due to asingle incident.”Zappos CEO, Tony Hsieh © 2012 All rights reserved. Online Trust Alliance (OTA)
    • Why Care?What has changed? Data driven economy – “Big Data” Multi-Channel & blurring of on & off-line data Evolving definitions of PII and coverage information Complexity and dynamic regulatory environment Reliance of service providers & cloud services Shift from a PC centric to users with multiple devices Increased sophistication of the cyber-criminal © 2012 All rights reserved. Online Trust Alliance (OTA)
    • Data breaches, what are they after? Organizations who store large amounts of customer data are attractive targets for identity thieves  Data is the new currency for the dark side Thieves target personal, financial and other PII:  Names and Addresses  Phone Number  Email Address  Social Security Numbers  Bank Account Numbers  Credit and Debit Card Numbers  Account Passwords  Security Questions and Answers Source: Zeta Interactive Proprietary & Confidential 11
    • Data breaches, how do they work? Attacks can take many forms  Phishing  Hacking  Malware  Hardware Theft  Exploiting of Accidental Release Data Spill, Improper Disposal of Digital Assets, Other Accidents Thieves use stolen data to victimize customers  Financial Fraud - All Forms and Types  Use of Stolen Information to Commit Additional Crimes  Money Laundering  Criminal Impersonation, Stalking and Harassment  Terrorism Source: Zeta Interactive Proprietary & Confidential 12
    • What are the privacy laws?Federal Laws • FTC Act • Sarbanes-Oxley • HIPPA / COPPAStates Laws • Breach Notifications • Data Encryption • SSN ProtectionLocal Laws • Wireless NetworksInternational Laws • EU Data Protection Directive / UK Cookie TrackingProfessional / Trade Protocols Source: Zeta InteractiveProprietary & Confidential 13
    • What are the impacts?Data breaches affectevery aspect of the  IT  Security audits and scrutinycompany:  Infrastructure changes  Financial  Litigation  Marketing & Communication  PR & crisis management  Business loss & focus  Brand degradation & mistrust  Stock devaluation  Identity protection  Legal  Government regulations services & support  Government notifications  PR & Marketing activity  Class action lawsuits Source: Zeta InteractiveProprietary & Confidential 14
    • Protect your brand. Technical security is a critical first step  Review all your potential internal loopholes Conduct a comprehensive risk assessment  Identify threats  Analyze potential harm  Identify reasonable mitigation  Understand the legal landscape  Implement policies and procedures consistent with above Develop a written information security program and incident response  Periodically review the program to guard against new and evolving threats Require your vendors to employ best security practices  Contractual language and penalties for non compliance Make privacy a corporate mandate for adoptionProprietary & Confidential 15
    • Tools you can use.Seek guidance from your legal teamsConsider a third-party privacy seal for complianceRegister cousin domains that look like yours • This will protect your brand online and avoid Phishing issuesKeys to consumer trust • Notice: Say what you are going to do and do it • Consent: Ask for permission • Choice: Allow your customers optionsBe transparent online - don’t hide your activitiesUpdate your privacy policy regularlyProprietary & Confidential 16
    • Commercial email state of the state Email Deliverability = Brand Management Brand Management = Email Reputation Good Email Reputation = Better Deliverability Better Deliverability = Builds Consumer TRUST Better Consumer Trust = Drives Engagement More aggressive filter implementation on ISP level More streamlined industry organization/cooperation Continued legal/privacy/technology issues remain More informed clients as access to information is available There are still No Guarantees for delivery to any inboxProprietary & Confidential 17
    • A word on reputationMajority of deliverability issues are based on reputationThe data that affects reputation includes: • Email authentication implementation • Email volumes • Complaint rates • Hard bounce rates • Spam trap hits • Consumer engagement: clicks / opens / conversionsTo protect reputation: • Monitor the sends consistentlyTo repair reputation: • Fix the problems data integrity / confirmed opt-inProprietary & Confidential 18
    • Reputation resourcesProprietary & Confidential 19
    • The Consumers Privacy Bill of Rights Privacy Right Definition A right to exercise control over what personal data companiesIndividual control collect and how they use it. A right to readable and accessible information about privacyTransparency and security practices. A right to expect that companies will collect, use andRespect for Context disclosure personal data in ways consistent with the context where data was shared.Security A right to secure and responsible handling of personal data. A right to access and correct personal data in usable formats,Access and Accuracy in a manner appropriate to data sensitivity. A right to reasonable limits on the personal data thatFocused Collection companies collect and retain. A right to have personal data handled by companies in aAccountability manner that complies with the Consumer Privacy Bill of Rights.Proprietary & Confidential 20
    • Wrap upData breaches will continue to evolveProtect your brand onlineMonitor your online reputationBe proactive not reactive for your brand • Have a plan and execute to itManage internal and external expectations • Who do you do business with and do they COMPLY?Obey the law • Understand what’s required of you and your online presenceYour online journey will be rewarding when you invest the time and resources Proprietary & Confidential 21
    • Need Help?Sign up for a demo www.act-on.com
    • Thank You David.Fowler@Act-On.comProprietary & Confidential 23
    • References FTC Act  http://www.ftc.gov/ogc/ftcact.shtm FTC Dot Com Disclosures  http://business.ftc.gov/documents/bus41-dot-com-disclosures- information-about-online-advertising Sarbanes Oxley  http://www.soxlaw.com/ TRUSTe  www.truste.orgProprietary & Confidential 24