Your SlideShare is downloading. ×
Ten Steps to Help Avoid a Major  Privacy or Security Headache
Ten Steps to Help Avoid a Major  Privacy or Security Headache
Ten Steps to Help Avoid a Major  Privacy or Security Headache
Ten Steps to Help Avoid a Major  Privacy or Security Headache
Ten Steps to Help Avoid a Major  Privacy or Security Headache
Ten Steps to Help Avoid a Major  Privacy or Security Headache
Ten Steps to Help Avoid a Major  Privacy or Security Headache
Ten Steps to Help Avoid a Major  Privacy or Security Headache
Ten Steps to Help Avoid a Major  Privacy or Security Headache
Ten Steps to Help Avoid a Major  Privacy or Security Headache
Ten Steps to Help Avoid a Major  Privacy or Security Headache
Ten Steps to Help Avoid a Major  Privacy or Security Headache
Ten Steps to Help Avoid a Major  Privacy or Security Headache
Ten Steps to Help Avoid a Major  Privacy or Security Headache
Ten Steps to Help Avoid a Major  Privacy or Security Headache
Ten Steps to Help Avoid a Major  Privacy or Security Headache
Ten Steps to Help Avoid a Major  Privacy or Security Headache
Ten Steps to Help Avoid a Major  Privacy or Security Headache
Ten Steps to Help Avoid a Major  Privacy or Security Headache
Ten Steps to Help Avoid a Major  Privacy or Security Headache
Ten Steps to Help Avoid a Major  Privacy or Security Headache
Ten Steps to Help Avoid a Major  Privacy or Security Headache
Ten Steps to Help Avoid a Major  Privacy or Security Headache
Ten Steps to Help Avoid a Major  Privacy or Security Headache
Ten Steps to Help Avoid a Major  Privacy or Security Headache
Ten Steps to Help Avoid a Major  Privacy or Security Headache
Ten Steps to Help Avoid a Major  Privacy or Security Headache
Ten Steps to Help Avoid a Major  Privacy or Security Headache
Ten Steps to Help Avoid a Major  Privacy or Security Headache
Ten Steps to Help Avoid a Major  Privacy or Security Headache
Ten Steps to Help Avoid a Major  Privacy or Security Headache
Ten Steps to Help Avoid a Major  Privacy or Security Headache
Ten Steps to Help Avoid a Major  Privacy or Security Headache
Ten Steps to Help Avoid a Major  Privacy or Security Headache
Ten Steps to Help Avoid a Major  Privacy or Security Headache
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Ten Steps to Help Avoid a Major Privacy or Security Headache

519

Published on

"Learn from others' mistakes to avoid making your own" …

"Learn from others' mistakes to avoid making your own"

From Privacy and Security session at Internet Summit 2010. This is the legal perspective of the 3 part session. This presentation was given by Elizabeth Johnson from Poyner Spruill LLP in Raleigh NC.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
519
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Ten Steps to Help Avoid a Major Privacy or Security Headache Learn from others' mistakes to avoid making your own Elizabeth Johnson ejohnson@poyners.com 919.783.2971 These materials have been prepared by Poyner Spruill LLP for informational purposes only and are not legal advice. This information is not intended to create, and receipt of it does not constitute, a lawyer-client relationship.
  • 2. Headache # 1: Over-promising in your website privacy notice
  • 3. Examples of FTC Enforcement • Life Is Good Retail, Inc. – “We are committed to maintaining our customers’ privacy. … All information is kept in a secure file and is used to tailor our communications with you.” • Twitter – “Twitter is very concerned about safeguarding the confidentiality of your personally identifiable information.” Also repeatedly represented that tweets could be kept private • Mandatory risk assessment, implementation of information security program, third party audits every other year for 10 or 20 years
  • 4. Rx # 1: Update your website privacy notice with an eye to legal risk • Don’t over-promise!!! • Incorporate legal requirements − International − Federal − State • Anticipate unforeseen disclosures − Security breaches − Government requests
  • 5. Headache # 2: Failure to implement a comprehensive security program
  • 6. Some Examples of the FTC’s Allegations • Using shared user IDs and passwords • Storing and transmitting personal information in clear text • Failure to require strong passwords • Employees storing passwords within email accounts • Failure to provide a company email system • Failure to block users after certain number of failed log-ins • Allowing customers to store their user credentials in a vulnerable format in cookies on their computers • Failure to use intrusion detection systems
  • 7. Rx # 2: Implement a reasonable security program • Take into account – Laws and regulations, both state and federal – Case law and FTC enforcement actions – Contracts • WRITE IT DOWN!!!
  • 8. Headache # 3: Failure to disclose your use of tracking features Members of Congress are just as confused as this guy!
  • 9. Rx # 3: Clearly describe your tracking • Describe your use of tracking features – Website privacy notice – Pop-ups and tag lines – Use of tracking icon • FTC’s Self-Regulatory Principles for Online Behavioral Advertising – Self-regulatory, but anticipate enforcement • Understand the application of international law • Beware of class action lawsuits
  • 10. Headache # 4: Failing to disclose disclosures
  • 11. Rx # 4: Disclose information sharing practices • Describe disclosures in privacy notice – Stated broadly to treat unforeseen circumstances • Revisit and update the notice frequently to capture changes in business model • Require others to abide by your privacy notice – Service providers – Apps – Advertisers • Sanction disobedience – Facebook requiring deletion of data collected by apps to date
  • 12. Headache # 5: User-generated content • Defamation/Libel • “Cyberbullying”/ harassment • Infliction of emotional distress • Publication of private facts/ invasion of privacy • Hostile work environment/ discrimination/etc.
  • 13. Rx # 5: Prohibit problem material and review content • Strong terms of use • Review content − Front end v. back end − In whole v. in part − Guidelines for employees
  • 14. Headache # 6: Employees doing dumb stuff online
  • 15. Social Media Risks • FTC’s Guide Concerning the Use of Endorsements and Testimonials in Advertising • Security breach • NLRB lawsuit • Stored Communications Act liability Ban all use of social media?
  • 16. How Powerful Is Twitter? Conan O’Brien “I had a show. Then I had a different show. Now I have a Twitter account.”
  • 17. Twitter Popularity • Conan O’Brien - #76 with 1.8M+ followers (just prior to premier of TBS show) • More popular than Larry King, John McCain and Nick Jonas • But less popular that “$#*! My Dad Says” - #75 – “I’m 29. I live with my 74-year-old dad. He is awesome. I just write down s*** that he says.”
  • 18. Rx # 6: Mitigate risk with a well-crafted policy • Understand ALL the legal risks and requirements when drafting the policy • Train employees • Monitor their posts (but watch out for SCA) • Communicate risks to management • Don’t let privacy and security risks keep you from engaging in the business of social media
  • 19. Headache # 7: Breaches happen • 46 states require breach notification • More than 500 million records affected • Average cost of a breach is more than $6.7M • Notice due in as little as 10 days
  • 20. Rx # 7: Plan for it now • Develop a response plan – Reporting – Escalation – Evaluation • Identify a response team • Consider outside support team – Lawyers – Security consultants – Credit monitoring
  • 21. Headache # 8: Service provider screw-ups • Ponemon graph? -- Ponemon Institute
  • 22. Ouch! -- Ponemon Institute
  • 23. Rx # 8: Diligence and strong contracts
  • 24. Headache # 9: FTC Initiatives and Enforcement
  • 25. Examples of FTC Initiatives • Self-Regulatory Principles for Online Behavioral Advertising • Endorsement Guides adapted to social media • Privacy and security enforcement – Unfair and deceptive trade practices • Do-Not-Track Registry • COPPA • Broader regulatory authority? • Monetary penalties?
  • 26. Rx # 9: Pay attention and get involved
  • 27. Headache # 10: Can you guess who??? The Honorable Judge Oscar Magi
  • 28. Rx # 10: Block all content from Italy
  • 29. Elizabeth Johnson Poyner Spruill LLP ejohnson@poyners.com 919-783-2971

×