Consumer Privacy Laws  What is IT’s Responsibility? Managing Privacy Risk and Promoting Ethical Culture in the Digital Age
About Perficient Perficient is a leading information technology consulting firm serving clients throughout North America. ...
Fast Facts <ul><li>Founded in 1997 </li></ul><ul><li>Public, NASDAQ: PRFT </li></ul><ul><li>16 locations throughout the U....
Our Solutions
Agenda <ul><li>Why should you care?  </li></ul><ul><li>Consumer privacy laws today </li></ul><ul><li>Why are the requireme...
Privacy Laws - Why Should You Care? <ul><li>Businesses that responsibly  manage privacy  and educate their customers about...
What is Consumer Privacy? <ul><li>Consumer privacy, also known as customer privacy, involves the handling and protection o...
Consumer Privacy Requirements Today Multiple Standards and Regulations Need to be Considered
Privacy Laws and IT- Why Is It So Difficult? <ul><li>In the U.S. and globally there is no overarching privacy law. A compl...
For Example: MA201 CMR17 <ul><li>The law applies to any company anywhere in the world that “owns or licenses” personal inf...
<ul><li>Managing Privacy Challenges: </li></ul><ul><li>Changing Your Approach </li></ul>
Manage Commonality in Privacy Laws <ul><li>Satisfying regulatory requirements </li></ul><ul><li>Securing applications and ...
Management Challenges: Consumer Privacy Laws <ul><li>Management of privacy laws is generally classed as a business ethics ...
Operational Challenges: The Threat from Within <ul><li>Most security breaches happen from within: </li></ul><ul><li>52% of...
Why do violations occur? <ul><li>Unintentional data loss, due to employee negligence </li></ul><ul><li>Malware/spyware att...
The Negative Impact of Ethics Violations <ul><li>Government fines </li></ul><ul><li>Embarrassment </li></ul><ul><li>Brand ...
<ul><li>IT Security: </li></ul><ul><li>Frameworks vs. Cultures </li></ul>
Culture vs. Frameworks <ul><li>Ethics Culture: The informal and social systems that set the “norms” for employee behavior ...
Traditional IT Privacy Control Frameworks <ul><li>IT focused on privacy control frameworks - not building privacy controls...
Need for Integrated Consumer Privacy Platform Source: Open Compliance & Ethics Group Proactive risk and compliance managem...
How to Measure a Security Ethics Culture <ul><li>Focus on culture and use cultural metrics to track trends and patterns of...
Promoting a Privacy-Compliant Culture <ul><li>Increasing and promoting awareness and understanding of security policies an...
Consumer Privacy Compliance Portal <ul><li>Manage policies, audits, issues, CAPA, T&S and risk across all regulations from...
Manage all regulations and standards <ul><li>Ability to manage an unlimited number of gov’t standards, accreditations and ...
Contact Details <ul><li>Amy Shavor </li></ul><ul><li>Enterprise Content Management Compliance Practice </li></ul><ul><li>[...
<ul><li>Questions? </li></ul>
Follow Perficient Online Facebook.com/ Perficient Twitter.com/ Perficient Perficient.com/ SocialMedia Daily unique content...
Next Month: Achieve Budgeting and Forecasting Excellence with  Enterprise Performance Management Tuesday, June 29, 2010 12...
Upcoming SlideShare
Loading in …5
×

Managing Privacy Risk and Promoting Ethical Culture in the Digital Age

1,967 views
1,839 views

Published on

Businesses that responsibly manage privacy and educate their customers about their privacy practices benefit greatly - especially with regard to positive brand development.

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,967
On SlideShare
0
From Embeds
0
Number of Embeds
12
Actions
Shares
0
Downloads
14
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • This is essentially our Mission Statement for customer-facing communications. It speaks first to our positioning as an IT consulting firm and second to our mission to “help clients implement business-driven IT solutions” that deliver business value in the form of integrated business processes, etc.
  • … the fast facts about Perficient that help position us as a rapidly growing, successful IT services firm with sufficient scale to handle large projects while being more flexible and responsive, based on our size relative to the large players. This slide is to provide “the facts” which are typically required in many “first meetings” and to help position our competitive differentiation, which is addressed directly in the next slide.
  • This is essentially our Mission Statement for customer-facing communications. It speaks first to our positioning as an IT consulting firm and second to our mission to “help clients implement business-driven IT solutions” that deliver business value in the form of integrated business processes, etc.
  • Managing Privacy Risk and Promoting Ethical Culture in the Digital Age

    1. 1. Consumer Privacy Laws What is IT’s Responsibility? Managing Privacy Risk and Promoting Ethical Culture in the Digital Age
    2. 2. About Perficient Perficient is a leading information technology consulting firm serving clients throughout North America. We help clients implement business-driven technology solutions that integrate business processes, improve worker productivity, increase customer loyalty and create a more agile enterprise to better respond to new business opportunities.
    3. 3. Fast Facts <ul><li>Founded in 1997 </li></ul><ul><li>Public, NASDAQ: PRFT </li></ul><ul><li>16 locations throughout the U.S. & Canada: </li></ul><ul><ul><li>Chicago, Cincinnati, Cleveland, Columbus, Dallas, Denver, Detroit, Fairfax, Houston, Indianapolis, Minneapolis, New Orleans, Philadelphia, San Jose, St. Louis and Toronto </li></ul></ul><ul><li>1,100+ employees </li></ul><ul><li>Dedicated solution practices </li></ul><ul><li>Served 400+ clients in past 12 months </li></ul><ul><li>Alliance partnerships with major technology vendors </li></ul><ul><li>Multiple vendor/industry technology and growth awards </li></ul>
    4. 4. Our Solutions
    5. 5. Agenda <ul><li>Why should you care? </li></ul><ul><li>Consumer privacy laws today </li></ul><ul><li>Why are the requirements difficult to manage? </li></ul><ul><li>Changing your approach- look for the commonality </li></ul><ul><li>Building a management framework </li></ul><ul><li>Promoting a privacy law compliance culture </li></ul><ul><li>Merging framework and culture </li></ul><ul><li>Questions </li></ul>
    6. 6. Privacy Laws - Why Should You Care? <ul><li>Businesses that responsibly manage privacy and educate their customers about their privacy practices benefit greatly - especially with regard to positive brand development. </li></ul><ul><li>68 percent of all consumers &quot;consider the privacy protections of a company before they will do business with that company, especially in industries that handle their most sensitive information.&quot; </li></ul><ul><ul><li>83 percent of all respondents said that they will &quot;stop doing business entirely with a company if they hear or read that a company is using its customers' information in a way they consider to be improper. &quot; </li></ul></ul><ul><li>You can never make your customers feel too secure. </li></ul>
    7. 7. What is Consumer Privacy? <ul><li>Consumer privacy, also known as customer privacy, involves the handling and protection of sensitive personal information that individuals provide in the course of everyday transactions. This involves the exchange or use of data electronically or by any other means, including telephone, fax, written correspondence, and even direct word of mouth . </li></ul>
    8. 8. Consumer Privacy Requirements Today Multiple Standards and Regulations Need to be Considered
    9. 9. Privacy Laws and IT- Why Is It So Difficult? <ul><li>In the U.S. and globally there is no overarching privacy law. A complex arrangement of federal laws and even more complex state laws govern the use of personal information in different industries and contexts. All of these laws touch IT in a direct or indirect way </li></ul><ul><li>Depending on the geographic location, breaches are handled in different ways </li></ul><ul><li>Other regulators are increasingly involved in enforcing the rules in regard to privacy information </li></ul><ul><li>These laws are often vague, impractical and expensive to manage </li></ul>
    10. 10. For Example: MA201 CMR17 <ul><li>The law applies to any company anywhere in the world that “owns or licenses” personal information—whether stored in electronic or paper form—about Massachusetts residents. Personal information is defined as a person’s first and last name, or first initial and last name in combination with any of the following: Social Security Number; driver’s license or state-issued I.D. card numbers; financial account numbers; and credit or debit card numbers. </li></ul><ul><li>At the heart of the law is the requirement that companies develop a comprehensive Written Information Security Program (WISP) that contains technical, administrative, and physical safeguards that take into account the size and nature of their business; the amount of resources available; the amount of stored data; and the risk of identity theft. These safeguards must also be consistent with existing state and federal regulations for protection of personal information “of a similar character,” such as the Health Insurance Portability and Accountability Act, and the Gramm-Leach Bliley Act. </li></ul>
    11. 11. <ul><li>Managing Privacy Challenges: </li></ul><ul><li>Changing Your Approach </li></ul>
    12. 12. Manage Commonality in Privacy Laws <ul><li>Satisfying regulatory requirements </li></ul><ul><li>Securing applications and database </li></ul><ul><li>Protecting privacy-related information </li></ul><ul><li>Creating policies & procedures in relation to regulatory requirements </li></ul><ul><li>Ensuring staff is trained on policies and procedures </li></ul><ul><li>Passing internal and external audits </li></ul><ul><li>Notifying clients when violations occur </li></ul>
    13. 13. Management Challenges: Consumer Privacy Laws <ul><li>Management of privacy laws is generally classed as a business ethics issue </li></ul><ul><li>Generally managed between IT/Compliance/Legal/Internal Audit departments </li></ul><ul><li>Generally there is no single person/job role to lead ethics compliance </li></ul><ul><li>Main challenges in managing compliance is low staff and budgets </li></ul><ul><li>From a business user perspective, most companies inform employees of corporate ethics via a code of conduct but little else </li></ul>
    14. 14. Operational Challenges: The Threat from Within <ul><li>Most security breaches happen from within: </li></ul><ul><li>52% of the breaches were accidental </li></ul><ul><li>19% deliberate </li></ul><ul><li>26% Equal Combination </li></ul><ul><li>Whether accidental or deliberate, the cost to the organization is the same. </li></ul>
    15. 15. Why do violations occur? <ul><li>Unintentional data loss, due to employee negligence </li></ul><ul><li>Malware/spyware attacks </li></ul><ul><li>Excessive privilege/access rights </li></ul><ul><li>Deliberate information security policy violations </li></ul><ul><li>Unauthorized access to systems and confidential information </li></ul><ul><li>Data loss through external attacks by former employees </li></ul><ul><li>Exposure through provisioning and de-provisioning delays </li></ul><ul><li>Media loss and theft exposing confidential information </li></ul><ul><li>Unintentional threats from shortcuts around security policies </li></ul><ul><li>System vulnerabilities exposing confidential information </li></ul><ul><li>Internal fraud for financial gain </li></ul>
    16. 16. The Negative Impact of Ethics Violations <ul><li>Government fines </li></ul><ul><li>Embarrassment </li></ul><ul><li>Brand damage </li></ul><ul><li>Employee turnover </li></ul><ul><li>Litigation </li></ul><ul><li>Negative work environment </li></ul><ul><li>Custodial sentences/Personal financial fines </li></ul><ul><li>Loss of business contracts </li></ul><ul><li>Lost customers </li></ul>
    17. 17. <ul><li>IT Security: </li></ul><ul><li>Frameworks vs. Cultures </li></ul>
    18. 18. Culture vs. Frameworks <ul><li>Ethics Culture: The informal and social systems that set the “norms” for employee behavior that tells employees how things really work in that organization </li></ul><ul><li>In companies where a strong business ethics culture is evident, employees are much more likely to report violations </li></ul><ul><li>Ethics culture has a stronger impact within a corporation than the formal ethics and compliance programs </li></ul><ul><li>Management needs to set the example and tone for the entire organization </li></ul><ul><li>30 People were fired from Cedars - Sinai Hospital in the days following Michael Jackson’s death for illegally trying to access his medical records </li></ul>
    19. 19. Traditional IT Privacy Control Frameworks <ul><li>IT focused on privacy control frameworks - not building privacy controls culture </li></ul><ul><li>Traditionally focused on IT infrastructure only </li></ul><ul><ul><li>Administrative </li></ul></ul><ul><ul><li>Technical </li></ul></ul><ul><ul><li>Physical </li></ul></ul><ul><li>Policy control, training and skills monitoring, auditing and regulatory compliance done through legal, HR, and other departments and not integrated with IT frameworks </li></ul><ul><li>Compliance tends to siloed by regulatory requirement </li></ul><ul><li>Stronger IT focus on external breaches or deliberate fraud </li></ul>
    20. 20. Need for Integrated Consumer Privacy Platform Source: Open Compliance & Ethics Group Proactive risk and compliance management Why? <ul><li>ROI: </li></ul><ul><li>Compliance simplification </li></ul><ul><li>Operational efficiencies </li></ul><ul><li>Breeds stronger culture </li></ul>Benefits? <ul><li>Eliminate silos </li></ul><ul><li>Enable consistency </li></ul><ul><li>Improve quality </li></ul><ul><li>Reduce enterprise risk </li></ul><ul><li>Increase ROI / Benefits </li></ul>
    21. 21. How to Measure a Security Ethics Culture <ul><li>Focus on culture and use cultural metrics to track trends and patterns of misconduct, reporting, retaliation, openness and accountability </li></ul><ul><li>Employee’s exposure to circumstances that invite misconduct </li></ul><ul><li>Employee’s recognition of those situations as misconduct </li></ul><ul><li>Pressure to compromise the standards of the organization </li></ul><ul><li>Preparedness of employees to respond to these situations </li></ul>
    22. 22. Promoting a Privacy-Compliant Culture <ul><li>Increasing and promoting awareness and understanding of security policies and procedures </li></ul><ul><li>Higher visibility in monitoring and enforcement of policies </li></ul><ul><li>Risk planning, assessment and mitigation </li></ul><ul><li>Effective non-compliance resolution management </li></ul><ul><li>Tightening of access and control privileges </li></ul><ul><li>Faster updating of access privileges </li></ul><ul><li>Implementing electronic signatures </li></ul><ul><li>Integration into business systems to eliminate silos and minimize exposure to private information </li></ul>
    23. 23. Consumer Privacy Compliance Portal <ul><li>Manage policies, audits, issues, CAPA, T&S and risk across all regulations from a single view </li></ul><ul><li>Scheduler for all related activities </li></ul><ul><li>Real-time work items and reporting </li></ul>Tools Available to Help …
    24. 24. Manage all regulations and standards <ul><li>Ability to manage an unlimited number of gov’t standards, accreditations and link back to all aspects of eGRC </li></ul><ul><li>Reduce prep time for inspections and audits by as much as 80% </li></ul>Reference back to standards & regulations Link back to associated compliance activities Quick access to external sites relevant to consumer privacy Ability to request acknowledgements that policies were read & understood
    25. 25. Contact Details <ul><li>Amy Shavor </li></ul><ul><li>Enterprise Content Management Compliance Practice </li></ul><ul><li>[email_address] </li></ul><ul><li>210-845-9297 </li></ul>
    26. 26. <ul><li>Questions? </li></ul>
    27. 27. Follow Perficient Online Facebook.com/ Perficient Twitter.com/ Perficient Perficient.com/ SocialMedia Daily unique content about content management, user experience, portals and other enterprise information technology solutions across a variety of industries.
    28. 28. Next Month: Achieve Budgeting and Forecasting Excellence with Enterprise Performance Management Tuesday, June 29, 2010 12:00 – 1: 00PM CST Budgeting is often a manual process driven by spreadsheets that are error-prone, static, and generally speaking, not collaborative. The result is a static budget that becomes irrelevant as soon as the new fiscal year begins. A more nimble response is needed for constantly changing market conditions. Planning needs to be a continuous, flexible exercise, based on rolling forecasts. Through the careful application of best practices and the use an automated Enterprise Performance Management system, intelligent enterprises can reap the benefits of flexible budgeting, accurate forecasting, and dynamic planning.

    ×