Your SlideShare is downloading. ×
Presentation - gener8tor - Data Privacy, Security, and Rights 130627
Presentation - gener8tor - Data Privacy, Security, and Rights 130627
Presentation - gener8tor - Data Privacy, Security, and Rights 130627
Presentation - gener8tor - Data Privacy, Security, and Rights 130627
Presentation - gener8tor - Data Privacy, Security, and Rights 130627
Presentation - gener8tor - Data Privacy, Security, and Rights 130627
Presentation - gener8tor - Data Privacy, Security, and Rights 130627
Presentation - gener8tor - Data Privacy, Security, and Rights 130627
Presentation - gener8tor - Data Privacy, Security, and Rights 130627
Presentation - gener8tor - Data Privacy, Security, and Rights 130627
Presentation - gener8tor - Data Privacy, Security, and Rights 130627
Presentation - gener8tor - Data Privacy, Security, and Rights 130627
Presentation - gener8tor - Data Privacy, Security, and Rights 130627
Presentation - gener8tor - Data Privacy, Security, and Rights 130627
Presentation - gener8tor - Data Privacy, Security, and Rights 130627
Presentation - gener8tor - Data Privacy, Security, and Rights 130627
Presentation - gener8tor - Data Privacy, Security, and Rights 130627
Presentation - gener8tor - Data Privacy, Security, and Rights 130627
Presentation - gener8tor - Data Privacy, Security, and Rights 130627
Presentation - gener8tor - Data Privacy, Security, and Rights 130627
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Presentation - gener8tor - Data Privacy, Security, and Rights 130627

345

Published on

Data privacy, security and rights presentation given to the Gener8tor companies on June 27, 2013. Covering data privacy and data security rights issues relevant to startups and the evolution of the …

Data privacy, security and rights presentation given to the Gener8tor companies on June 27, 2013. Covering data privacy and data security rights issues relevant to startups and the evolution of the value of data.

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
345
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. 1 Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP Copyright 2013 BryanCave LLP June 27, 2013 Jason Haislmaier jason.haislmaier@bryancave.com Data Privacy, Security, Rights Copyright 2013 Jason D. Haislmaier Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP This presentation is intended for general informational purposes only and should not be construed as legal advice or legal opinion on any specific facts or circumstances, nor is it intended to address specific legal compliance issues that may arise in particular circumstances. Please consult counsel concerning your own situation and any specific legal questions you may have. The thoughts and opinions expressed in this presentation are those of the individual presenters and do not necessarily reflect the official or unofficial thoughts or opinions of their employers. For further information regarding this presentation, please contact the presenter(s) listed in the presentation. Unless otherwise noted, all original content in this presentation is licensed under the Creative Commons Creative Commons Attribution-Share Alike 3.0 United States License available at: http://creativecommons.org/licenses/by-sa/3.0/us.
  • 2. 2 Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP Data Privacy Security Rights Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP Increasing importance Increasing value Data
  • 3. 3 Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP Data as Property Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP What “rights” protect data?
  • 4. 4 Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP No specific comprehensive legal protection for data or databases in the US Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP Trademarks Branding and Identity Patents Ideas and Inventions Trade Secrets “Know-How” Copyrights Creative Expressions
  • 5. 5 Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP Data Rights • No specific comprehensive protections under US law • Limited protections may be available through traditional IP laws – Copyright – Trade secret – Contract – Other legal theories (but generally limited) • Growing data privacy and security protections are also shaping rights in data – General purpose laws – Industry-specific federal laws – State data security and privacy laws – Increasing federal (and state) enforcement actions In General Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP Traditional IP laws provide limited and inconsistent protections Data Rights
  • 6. 6 Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP Other sources of protection. . . Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP ?Data Rights Data Privacy Data Security Copyright Trade Secret Contract Industry Practice State Law FTC Action
  • 7. 7 Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP Contracts Terms of Service Privacy Policy Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP • Emerging as a primary form of protection for data • Permit broad protection, potentially even over data and databases not subject to traditional IP protection • Limited to the entities bound by the contract • Even where traditional IP protection is not available, contracts have become critical to obtaining and clarifying rights in data – Each form of IP has its own rules regarding ownership – Left to applicable law, ownership is often (very) unclear – At best this leaves the potential for confusion – Assignments and licenses are preferred to clarify these rights • Industry expectations have risen with the rising value of data – Contracts required to evidence adequate rights in transactions involving data – Not unlike rights in software itself Contracts Contract Rights in Data
  • 8. 8 Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP Data Privacy Data Security Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP No specific comprehensive data privacy or data security legislation in the US
  • 9. 9 Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP Established Standards Growing Expectations Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP “Promises” not just Policies Compliance
  • 10. 10 Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP Jon Leibowitz Chairman of the FTC Speaking on the settlement “Facebook is obligated to keep the promises about privacy that it makes to its hundreds of millions of users.” Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP Jon Leibowitz Chairman of the FTC Speaking on the settlement “Innovation does not have to come at the expense of consumer privacy.”
  • 11. 11 Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP Speaking on the settlement “We've made a bunch of mistakes.” Mark Zuckerberg CEO of Facebook Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP • State consumer protection statutes – All 50 states – Prohibitions on “unfair or deceptive” trade practices • Data breach notification statutes – At least 46 states (DC and various US territories) – Notification of state residents (and perhaps regulators) affected by unauthorized access to sensitive personal information • Data safeguards statutes – (Significant) minority of states – Safeguards to secure consumer information from unauthorized access • Data privacy statutes – Online privacy policies covering use and sharing of consumer information – Use of personal information for direct marketing purposes Growing Array of Relevant State Laws Data Privacy and Security
  • 12. 12 Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP • EU Data Protection Directive (95/46/EC) • Regulates the processing of personal data of EU subjects – Broad scope of “personal data” – Restricts processing unless stated conditions are met – Prohibits transfer to countries not offering adequate levels of protection • Requires the member countries to pass consistent laws (more or less) • US Department of Commerce-negotiated “Safe Harbor Principles” enable transfers to US companies – Self-certification regime – Allows US companies to register as compliant – FTC oversight • Proposed overhaul in the works (announced Jan. 25, 2012) Longstanding Comprehensive EU Regulations Data Privacy and Security Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP • Consumer credit - Fair Credit Reporting Act (FCRA) • Financial services - Gramm Leach Bliley Act (GLBA) • Healthcare providers - Health Insurance Portability and Accountability Act (HIPAA) • Children (under 13) - Children’s Online Privacy Protection Act (COPPA) • Video content - Video Privacy Protection Act • Others statutes covering education, payment processing, etc. Industry-specific Federal Statutes Data Privacy and Security
  • 13. 13 Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP Federal Trade Commission Act (15 U.S.C. 41, et seq) “Unfair or deceptive acts or practices” Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP • Trend toward increasing enforcement – More than 45 actions to date – More than 25 in the last 6 years – Many more investigated but not brought • Covering largely electronically stored data and information • Targeting data security as well as data privacy • Increasing trend toward mobile data privacy and security Increasing Activity FTC Enforcement Actions
  • 14. 14 Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP Emerging Models For Compliance FTC Enforcement Actions Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP • 20 year term • Cease misrepresentations regarding practices for information security, privacy, confidentiality, and integrity • Conduct assessment of reasonably-foreseeable, material security risks • Establish comprehensive written information security and privacy program • Designate employee(s) to coordinate and be accountable for the program • Implement employee training • Conduct biennial independent third party security and privacy assessments • Implement multiple record-keeping requirements • Implement regular testing, monitoring, and assessment • Undergo periodic reporting and compliance requirements • Impose requirements on service providers Legislation by Consent Decree FTC Enforcement Actions
  • 15. 15 Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP Not just enforcement. . . Standards Best practices Codes of Conduct Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP Mobile Applications
  • 16. 16 Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP • FTC report on Children’s Mobile App’s and Privacy (Feb. 16, 2012) – Large number of apps (75%) targeted at children (under 13) – Apps did not provide good privacy disclosures – Will conduct additional COPPA compliance reviews over the next 6 months • FCRA Warning letters (Feb. 2012) – FTC sent letters to marketers of 6 mobile apps – Warned that apps may violate Fair Credit Reporting Act (FCRA) – If apps provide a consumer report, must comply with FCRA requirements • FTC Dot Com Disclosures Workshop (May 30, 2012) – New guidance for advertisers on disclosures in the online and mobile environment – Focus on advancements and developments since the FTC issued its “Dot Com Disclosures” guidelines for online advertising disclosure (released in 2000) – Emphasis on the notion that consumer protection laws apply equally to online and mobile marketers Lots of Activity
  • 17. 17 Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP • The mobile market is not different from the Internet • General “guidelines” or “principles” for mobile app developers – Tell the Truth About What Your App Can Do – Disclose Key Information Clearly and Conspicuously – Build Privacy Considerations in From the Start – Offer Choices that are Easy to Find and Easy to Use – Honor Your Privacy Promises – Protect Kids’ Privacy – Collect Sensitive Information Only with Consent – Keep User Data Secure • Acknowledges there can be no “one-size-fits-all” approach • But also states that the laws apply to all companies FTC Guide To Marketing Mobile Apps Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP What Should You Do?
  • 18. 18 Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP Make each use of data A knowing (and compliant) use of data Know your data
  • 19. 19 Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP You ?
  • 20. 20 Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP • We are in an era of increasing data value • Increasing value means greater focus on data rights • We do not have the benefit of strong and comprehensive laws to match • Data “rights” are defined through an increasingly broad array of sources – Traditional IP rights, – Contract protections – Growing data privacy and data security obligations • Understand the protections, understand the inconsistencies • Appreciate the growing standards and expectations • Issues relating to data will only continue to increase (transactions and litigation) Lessons Learned Closing Thoughts Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP Copyright 2013 BryanCave LLP Thank You. Jason Haislmaier jason.haislmaier@bryancave.com @haislmaier http://www.linkedin.com/in/haislmaier

×