SlideShare a Scribd company logo

ClientAdvisoryNote - Obama's Privacy Action Plan

Debra Farber, JD, CISSP, CIPP/US, CIPT, CIPM
Debra Farber, JD, CISSP, CIPP/US, CIPT, CIPM
Government & Nonprofit
1 of 5
Download to read offline
CONTACT US US: 888.878.7830 www.truste.com | EU: +44 (0) 203 078 6495 www.truste.eu POWERING TRUST in the Data Economy The Obama Administration’s Action Plan for Protecting Consumer Privacy Understanding What This Means For Your Business February 2015 Prepared by Debra Farber, JD, CISSP, CIPP/US, CIPM, CIPT Sr. Consultant and Product Manager, TRUSTe In January, President Obama outlined a detailed plan to protect consumer privacy and combat identity theft through his remarks at the FTC, the NCCIC and the State of the Union Address. This plan includes a combination of proposed legislation, executive agency activities and industry participation. The broad contours of this plan are: 1. Introduce Federal Breach Notification Requirements. 2. Safeguard Student Data in the Classroom and Beyond. 3. Promote Innovation by Improving Consumers Confidence Online. 4. Support Public and Private Sector Initiatives to Tackle Emerging Privacy Issues. 5. Continue to Fight Identity Theft. This memorandum summarizes the three key new legislative proposals, the commitments to new and existing initiatives to tackle emerging privacy issues, and outlines six practical steps you can take to prepare for the proposed changes. Please note that this memorandum is intended as a general overview of the subject matter and cannot be regarded as legal advice. This is a summary and not a full analysis of how the Obama Administration’s proposals may affect your business.
2 CONTACT US US: 888.878.7830 www.truste.com | EU: +44 (0) 203 078 6495 www.truste.eu POWERING TRUST in the Data Economy 1. Introduce Federal Breach Notification Requirements The Personal Data Notification Protection Act: The first new piece of proposed legislation is highly timely in the wake of the Anthem security breach. It relates to the obligations of a business to let impacted individuals know when there has been a security breach. The Act would create a standardized federal breach notification requirement meaning that companies would no longer need to refer to each state’s breach notification requirements. However, there are some key additional elements which companies should be aware of: • The Act would establish a 30–day notification requirement from the discovery of a data breach. This means companies will need to have efficient means to do scope and root cause analysis to comply with the time requirements • There is no per se Safe Harbor for encryption, or for the unintentional, good faith acquisition by an employee. • The definition of Sensitive Personal Information is expanded to be closer to the European definition. • Reputational harm is recognized as an actual “injury” for purposes of standing and recovery (it used to be limited to pecuniary injury). • While notice to an individual isn’t always necessary (where there is no “reasonable risk of harm”) the risk analysis that a company must undertake to make such a determination has to be provided to the FTC • If you impact more than 5,000 people with your breach, you have to notify the media. 2. Safeguard Student Data in the Classroom and Beyond The Student Digital Privacy Act: The President proposed new legislation designed to provide teachers and parents with confidence that student data will be gathered and used responsibly, while enabling teaching and learning via the use of new technologies. At present, the bill has not been released to the public for analysis. However, the President’s remarks indicate the following: • The Act would prevent personal data collected in the educational context from being used except for educational purpose(s). Secondary uses would therefore be prohibited. • The Act would permit research initiatives aimed at improving student learning outcomes and efforts by companies to continuously improve the effectiveness of their learning technology products. • The Act would prevent companies from selling student data to third parties for purposes unrelated to the educational mission. • The Act would prevent companies from engaging in targeted advertising to students based on data collected in schools. New Commitments from the Private Sector to Help Enhance Privacy for Students • 75+ companies, led by the Future of Privacy Forum and the Software and Information Industry Association, have committed to protect student privacy by pledging to provide parents, teachers and kids with important protections against misuse of their data. • President Obama challenged other companies to also sign the pledge. New Tools from the Department of Education to Empower Educators Around the Country and Protect Students • The Department of Education’s (“DOE”) Privacy Technical Assurance Center (“PTAC”) will continue to expand its “one–stop” resource for education stakeholders to learn about data privacy, confidentiality, and security practices related to student–level longitudinal data systems and other uses of student data.
3 CONTACT US US: 888.878.7830 www.truste.com | EU: +44 (0) 203 078 6495 www.truste.eu POWERING TRUST in the Data Economy • The DOE issued new model terms of service for educational organizations that are subject to the Family Educational Rights and Privacy Act (“FERPA”) and the Protection of Pupil Rights Amendment (“PPRA”): Model Notification of Rights under FERPA for Elementary and Secondary Schools FERPA Model Notice for Directory Information Model Notification of Rights Under PPRA • The DOE has committed to strengthening its training for teachers to ensure that educational data are used appropriately and in accordance with educational missions. 3. Promote Innovation by Improving Consumer Confidence Online Enact Consumer Privacy Bill of Rights Legislation The Commerce Department announced that it has completed its public consultation on revised draft legislation that enshrines the principles contained in the administration’s 2012 Consumer Privacy Bill of Rights into law. Shortly, the administration will release its revised legislative proposal. Based on the White House report, we can expect the following contours to be a part of the proposed legislation: • Transparency: Not just privacy policies. Just–in–time notices, simplified language and mobile device optimized disclosures are all going to be important. • Respect for Context: Manage the expectation of the data subject. Secondary use is fine as long as it is expected. Still, that secondary use needs to be reasonable related to the originally agreed to use which was the basis for the collection in the first place. • Security: Consumers have a right to secure and responsible handling of personal data. • Access and Accuracy: Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data are inaccurate. • Focused Collection: Don’t collect more than you need, and don’t store it longer than you have to. This principle will be the hardest to balance the interest of the company in innovation and the individual in maintaining privacy. • Accountability: First, companies must have a process in place to comply with the rules. Second, enforcement will have teeth. • Co–Regulation: The model set out in the APEC Cross Border Privacy Rules System could get official recognition. 4. Support Public and Private Sector Initiatives to Tackle Emerging Privacy Issues Voluntary Code of Conduct for Smart Grid Customer Data Privacy • The Department of Energy and Federal Smart Grid Task Force released a new Data Privacy and Smart Grid Voluntary Code of Conduct (“VCC”) for utilities and third parties aimed at protecting electricity customer data, including energy usage data. • The VCC was developed to improve consumer awareness, choice and consent, and controls on access. • The VCC aims to: (1) encourage innovation while appropriately protecting the privacy and confidentiality of customer data and providing reliable, affordable electric and energy–related services; and (2) provide customers with appropriate access to their own customer data.
4 CONTACT US US: 888.878.7830 www.truste.com | EU: +44 (0) 203 078 6495 www.truste.eu POWERING TRUST in the Data Economy 5. Continue to Fight Identity Theft Identify and Prevent Identity Theft • Various credit industry giants are working to make credit reports available for free to 50% of all adult Americans with consumer credit cards. Note that this is already the law under FACTA. However, additional analytical tools are being developed to make the data more easily actionable. Those with access to this tool can help spot identity theft earlier on through their banks, card issuers or lenders. Make Federal Payments More Secure to Help Drive the Market Forward • President Obama issued an executive order in October 2014 that requires federal agencies to upgrade to more secure chip–and–PIN technology for credit and debit card transactions. Major private sector retailers have also committed to implement secure chip–and–PIN–compatible card terminals in stores across the country. Enhance the FTC’s Capability to Help Prevent Identity Theft • The Federal Trade Commission (“FTC”) is currently developing a “one–stop” resource for identity theft victims. The FTC plans to expand its information–sharing capabilities to ensure that federal investigators can regularly report evidence of stolen financial, and other information, to companies whose customers are directly affected.
5 CONTACT US US: 888.878.7830 www.truste.com | EU: +44 (0) 203 078 6495 www.truste.eu POWERING TRUST in the Data Economy Six Practical Steps to Prepare for the Proposed Changes 1. Engage the Board and C–Suite The current environment is demanding that businesses treat personal information as a valuable asset — both to the business and to the individual data subject. Privacy and security are no longer esoteric topics to be thought about by specialists. These are now Board and C–Suite issues which failure to address can generate real liability — for both the company and individual officers and directors of the company. 2. Prepare for changes to Data Breach Notification Requirements At a minimum, you will need to have the following components in place to deal with the requirements of any national security breach notification law: • Regular security and privacy audits • Security Incident Response process • Risk Assessment process • Crisis Communications process • Identified Executive Management responsible for these processes 3. Map Your Data Flows And Maintain A Data Inventory Critical to the functioning of the above processes will be resources to know what kind of data your business manages, and where/how that data gets managed. Even a high–level, role–based data inventory will be necessary to make any of the above processes be able to operate in an “event”. 4. Have An Independent Review Of Your Privacy Practices Having a third–party review and verify your company’s privacy program is necessary, both from an internal controls perspective, but also because of the benefit of outside expertise. In addition, if the third–party reviewer is a Certification or Trustmark Provider, once the Co–Regulatory provisions of the Privacy Bill of Rights are passed, companies who engage such providers will have an additional layer of insulation from direct regulatory scrutiny. 5. Work With Trusted Advisors To Stay Ahead Of Legislative Changes No company can keep on top of all the different nuances that could negatively impact the business. To do so would be overly distracting to the business at hand. Therefore, it is critical that businesses engage with experts whose job it is to keep up with all the rapid changes in the privacy space. This way the business can stay focused on its mission, and still have a reasonable level of confidence that it is managing its privacy risks while doing so. 6. Build Flexibility Into Your Privacy Program To Respond To Changes As the more substantive parts of the President’s proposal start to gain traction, your Privacy Program can be matured to include use restrictions, technology controls, and other elements which are used to implement the obligations that may arise out of whatever version of the Consumer Privacy Bill of Rights and the Student Digital Privacy Act impose. It is critical to have a framework, which your company can use to quickly build additional “modules” into a privacy program as new legislation is enacted.

Recommended

Intellectual Property Law In Internet
Intellectual Property Law In InternetIntellectual Property Law In Internet
Intellectual Property Law In Internetguesta5c32a
 
Tangible Data Protection White Paper
Tangible Data Protection White PaperTangible Data Protection White Paper
Tangible Data Protection White PaperNick Banbury
 
IT law : the middle kingdom between east and West
IT law : the middle kingdom between east and WestIT law : the middle kingdom between east and West
IT law : the middle kingdom between east and WestLilian Edwards
 
Appraising Nigeria’s new Federal Competition and Consumer Protection Act thro...
Appraising Nigeria’s new Federal Competition and Consumer Protection Act thro...Appraising Nigeria’s new Federal Competition and Consumer Protection Act thro...
Appraising Nigeria’s new Federal Competition and Consumer Protection Act thro...DikeIbegbulemLLMNig
 
Vietnam – Information Technology – 2015
Vietnam – Information Technology – 2015Vietnam – Information Technology – 2015
Vietnam – Information Technology – 2015Dr. Oliver Massmann
 
A DESCRIPTIVE STUDY ON E-GOVERNANCE
A DESCRIPTIVE STUDY ON E-GOVERNANCEA DESCRIPTIVE STUDY ON E-GOVERNANCE
A DESCRIPTIVE STUDY ON E-GOVERNANCEijcsity
 
Net neutrality by Mitesh Kumar
Net neutrality by Mitesh KumarNet neutrality by Mitesh Kumar
Net neutrality by Mitesh KumarMitesh Kumar
 
Regulators on the Move – Recent Treasury and Comptroller Actions: How They Af...
Regulators on the Move – Recent Treasury and Comptroller Actions: How They Af...Regulators on the Move – Recent Treasury and Comptroller Actions: How They Af...
Regulators on the Move – Recent Treasury and Comptroller Actions: How They Af...Winston & Strawn LLP
 

Recommended

Intellectual Property Law In Internet
Intellectual Property Law In InternetIntellectual Property Law In Internet
Intellectual Property Law In Internetguesta5c32a
 
Tangible Data Protection White Paper
Tangible Data Protection White PaperTangible Data Protection White Paper
Tangible Data Protection White PaperNick Banbury
 
IT law : the middle kingdom between east and West
IT law : the middle kingdom between east and WestIT law : the middle kingdom between east and West
IT law : the middle kingdom between east and WestLilian Edwards
 
Appraising Nigeria’s new Federal Competition and Consumer Protection Act thro...
Appraising Nigeria’s new Federal Competition and Consumer Protection Act thro...Appraising Nigeria’s new Federal Competition and Consumer Protection Act thro...
Appraising Nigeria’s new Federal Competition and Consumer Protection Act thro...DikeIbegbulemLLMNig
 
Vietnam – Information Technology – 2015
Vietnam – Information Technology – 2015Vietnam – Information Technology – 2015
Vietnam – Information Technology – 2015Dr. Oliver Massmann
 
A DESCRIPTIVE STUDY ON E-GOVERNANCE
A DESCRIPTIVE STUDY ON E-GOVERNANCEA DESCRIPTIVE STUDY ON E-GOVERNANCE
A DESCRIPTIVE STUDY ON E-GOVERNANCEijcsity
 
Net neutrality by Mitesh Kumar
Net neutrality by Mitesh KumarNet neutrality by Mitesh Kumar
Net neutrality by Mitesh KumarMitesh Kumar
 
Regulators on the Move – Recent Treasury and Comptroller Actions: How They Af...
Regulators on the Move – Recent Treasury and Comptroller Actions: How They Af...Regulators on the Move – Recent Treasury and Comptroller Actions: How They Af...
Regulators on the Move – Recent Treasury and Comptroller Actions: How They Af...Winston & Strawn LLP
 
The Development of e-Government in Uganda
The Development of e-Government in UgandaThe Development of e-Government in Uganda
The Development of e-Government in UgandaCommonwealth Telecommunications Organisation
 
Intro to e gov
Intro to e gov Intro to e gov
Intro to e gov Hardini_HD
 
A Government Framework to Address Identity, Trust and Security in e-Governmen...
A Government Framework to Address Identity, Trust and Security in e-Governmen...A Government Framework to Address Identity, Trust and Security in e-Governmen...
A Government Framework to Address Identity, Trust and Security in e-Governmen...Arab Federation for Digital Economy
 
Reasons For E Government
Reasons For E GovernmentReasons For E Government
Reasons For E GovernmentAlbert Poghosyan
 
19 July 2012 - Loc-poi overview v2
19 July 2012 - Loc-poi overview v2 19 July 2012 - Loc-poi overview v2
19 July 2012 - Loc-poi overview v2 Timothy Holborn
 
Final paper by Lokman Hossain of Experiential Network project 03-12-2016
Final paper by Lokman Hossain of Experiential Network project 03-12-2016Final paper by Lokman Hossain of Experiential Network project 03-12-2016
Final paper by Lokman Hossain of Experiential Network project 03-12-2016Lokman Hossin
 
Bribery Act 2010 Webinar 19 May 2011 Final
Bribery Act 2010 Webinar 19 May 2011 FinalBribery Act 2010 Webinar 19 May 2011 Final
Bribery Act 2010 Webinar 19 May 2011 FinalKate Graham
 
Data Privacy
Data PrivacyData Privacy
Data PrivacyHome
 
eGovt & Better Governance for Hong Kong (Eng)
eGovt & Better Governance for Hong Kong (Eng)eGovt & Better Governance for Hong Kong (Eng)
eGovt & Better Governance for Hong Kong (Eng)SC Leung
 
March 2013 Australian Centre Liberal Arts
March 2013 Australian Centre Liberal Arts March 2013 Australian Centre Liberal Arts
March 2013 Australian Centre Liberal Arts Timothy Holborn
 
cwai submission 3
cwai submission 3cwai submission 3
cwai submission 3Construction Workers Alliance Ireland
 
E gov(korea)
E gov(korea)E gov(korea)
E gov(korea)Hai Nguyen
 
Ericsson ConsumerLab: Personal Information Economy
Ericsson ConsumerLab: Personal Information Economy Ericsson ConsumerLab: Personal Information Economy
Ericsson ConsumerLab: Personal Information Economy Ericsson Slides
 
Ec2009 ch07 e government e-learning e-supply chains collaborative commerce an...
Ec2009 ch07 e government e-learning e-supply chains collaborative commerce an...Ec2009 ch07 e government e-learning e-supply chains collaborative commerce an...
Ec2009 ch07 e government e-learning e-supply chains collaborative commerce an...Nuth Otanasap
 
e-Governance Implementation In Ebonyi State Nigeria: Challenges and Prospects
e-Governance Implementation In Ebonyi State Nigeria: Challenges and Prospectse-Governance Implementation In Ebonyi State Nigeria: Challenges and Prospects
e-Governance Implementation In Ebonyi State Nigeria: Challenges and ProspectsEditor IJCATR
 
ICT for fighting Corruption
ICT for fighting CorruptionICT for fighting Corruption
ICT for fighting CorruptionDeris Stiawan
 
Application domain
Application domainApplication domain
Application domainnajmifarha6
 
e-Government introduction
e-Government introductione-Government introduction
e-Government introductionMuhammad Farooq
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsFinancial Poise
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
 
Joint ad trade letter to ag becerra re ccpa 1.31.2019
Joint ad trade letter to ag becerra re ccpa 1.31.2019Joint ad trade letter to ag becerra re ccpa 1.31.2019
Joint ad trade letter to ag becerra re ccpa 1.31.2019Greg Sterling
 
Internet security and privacy issues
Internet security and privacy issuesInternet security and privacy issues
Internet security and privacy issuesJagdeepSingh394
 

More Related Content

What's hot

Intro to e gov
Intro to e gov Intro to e gov
Intro to e gov Hardini_HD
 
A Government Framework to Address Identity, Trust and Security in e-Governmen...
A Government Framework to Address Identity, Trust and Security in e-Governmen...A Government Framework to Address Identity, Trust and Security in e-Governmen...
A Government Framework to Address Identity, Trust and Security in e-Governmen...Arab Federation for Digital Economy
 
19 July 2012 - Loc-poi overview v2
19 July 2012 - Loc-poi overview v2 19 July 2012 - Loc-poi overview v2
19 July 2012 - Loc-poi overview v2 Timothy Holborn
 
Final paper by Lokman Hossain of Experiential Network project 03-12-2016
Final paper by Lokman Hossain of Experiential Network project 03-12-2016Final paper by Lokman Hossain of Experiential Network project 03-12-2016
Final paper by Lokman Hossain of Experiential Network project 03-12-2016Lokman Hossin
 
Bribery Act 2010 Webinar 19 May 2011 Final
Bribery Act 2010 Webinar 19 May 2011 FinalBribery Act 2010 Webinar 19 May 2011 Final
Bribery Act 2010 Webinar 19 May 2011 FinalKate Graham
 
Data Privacy
Data PrivacyData Privacy
Data PrivacyHome
 
eGovt & Better Governance for Hong Kong (Eng)
eGovt & Better Governance for Hong Kong (Eng)eGovt & Better Governance for Hong Kong (Eng)
eGovt & Better Governance for Hong Kong (Eng)SC Leung
 
March 2013 Australian Centre Liberal Arts
March 2013 Australian Centre Liberal Arts March 2013 Australian Centre Liberal Arts
March 2013 Australian Centre Liberal Arts Timothy Holborn
 
Ericsson ConsumerLab: Personal Information Economy
Ericsson ConsumerLab: Personal Information Economy Ericsson ConsumerLab: Personal Information Economy
Ericsson ConsumerLab: Personal Information Economy Ericsson Slides
 
Ec2009 ch07 e government e-learning e-supply chains collaborative commerce an...
Ec2009 ch07 e government e-learning e-supply chains collaborative commerce an...Ec2009 ch07 e government e-learning e-supply chains collaborative commerce an...
Ec2009 ch07 e government e-learning e-supply chains collaborative commerce an...Nuth Otanasap
 
e-Governance Implementation In Ebonyi State Nigeria: Challenges and Prospects
e-Governance Implementation In Ebonyi State Nigeria: Challenges and Prospectse-Governance Implementation In Ebonyi State Nigeria: Challenges and Prospects
e-Governance Implementation In Ebonyi State Nigeria: Challenges and ProspectsEditor IJCATR
 
ICT for fighting Corruption
ICT for fighting CorruptionICT for fighting Corruption
ICT for fighting CorruptionDeris Stiawan
 
Application domain
Application domainApplication domain
Application domainnajmifarha6
 
e-Government introduction
e-Government introductione-Government introduction
e-Government introductionMuhammad Farooq
 

What's hot (18)

The Development of e-Government in Uganda
The Development of e-Government in UgandaThe Development of e-Government in Uganda
The Development of e-Government in Uganda
 
Intro to e gov
Intro to e gov Intro to e gov
Intro to e gov
 
A Government Framework to Address Identity, Trust and Security in e-Governmen...
A Government Framework to Address Identity, Trust and Security in e-Governmen...A Government Framework to Address Identity, Trust and Security in e-Governmen...
A Government Framework to Address Identity, Trust and Security in e-Governmen...
 
Reasons For E Government
Reasons For E GovernmentReasons For E Government
Reasons For E Government
 
19 July 2012 - Loc-poi overview v2
19 July 2012 - Loc-poi overview v2 19 July 2012 - Loc-poi overview v2
19 July 2012 - Loc-poi overview v2
 
Final paper by Lokman Hossain of Experiential Network project 03-12-2016
Final paper by Lokman Hossain of Experiential Network project 03-12-2016Final paper by Lokman Hossain of Experiential Network project 03-12-2016
Final paper by Lokman Hossain of Experiential Network project 03-12-2016
 
Bribery Act 2010 Webinar 19 May 2011 Final
Bribery Act 2010 Webinar 19 May 2011 FinalBribery Act 2010 Webinar 19 May 2011 Final
Bribery Act 2010 Webinar 19 May 2011 Final
 
Data Privacy
Data PrivacyData Privacy
Data Privacy
 
eGovt & Better Governance for Hong Kong (Eng)
eGovt & Better Governance for Hong Kong (Eng)eGovt & Better Governance for Hong Kong (Eng)
eGovt & Better Governance for Hong Kong (Eng)
 
March 2013 Australian Centre Liberal Arts
March 2013 Australian Centre Liberal Arts March 2013 Australian Centre Liberal Arts
March 2013 Australian Centre Liberal Arts
 
cwai submission 3
cwai submission 3cwai submission 3
cwai submission 3
 
E gov(korea)
E gov(korea)E gov(korea)
E gov(korea)
 
Ericsson ConsumerLab: Personal Information Economy
Ericsson ConsumerLab: Personal Information Economy Ericsson ConsumerLab: Personal Information Economy
Ericsson ConsumerLab: Personal Information Economy
 
Ec2009 ch07 e government e-learning e-supply chains collaborative commerce an...
Ec2009 ch07 e government e-learning e-supply chains collaborative commerce an...Ec2009 ch07 e government e-learning e-supply chains collaborative commerce an...
Ec2009 ch07 e government e-learning e-supply chains collaborative commerce an...
 
e-Governance Implementation In Ebonyi State Nigeria: Challenges and Prospects
e-Governance Implementation In Ebonyi State Nigeria: Challenges and Prospectse-Governance Implementation In Ebonyi State Nigeria: Challenges and Prospects
e-Governance Implementation In Ebonyi State Nigeria: Challenges and Prospects
 
ICT for fighting Corruption
ICT for fighting CorruptionICT for fighting Corruption
ICT for fighting Corruption
 
Application domain
Application domainApplication domain
Application domain
 
e-Government introduction
e-Government introductione-Government introduction
e-Government introduction
 

Similar to ClientAdvisoryNote - Obama's Privacy Action Plan

Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsFinancial Poise
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
 
Joint ad trade letter to ag becerra re ccpa 1.31.2019
Joint ad trade letter to ag becerra re ccpa 1.31.2019Joint ad trade letter to ag becerra re ccpa 1.31.2019
Joint ad trade letter to ag becerra re ccpa 1.31.2019Greg Sterling
 
Internet security and privacy issues
Internet security and privacy issuesInternet security and privacy issues
Internet security and privacy issuesJagdeepSingh394
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Financial Poise
 
FTC Protecting Info A Guide For Business Powerpoint
FTC Protecting Info A Guide For Business PowerpointFTC Protecting Info A Guide For Business Powerpoint
FTC Protecting Info A Guide For Business PowerpointBucacci Business Solutions
 
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...Symantec
 
Data protection & security breakfast briefing master slides 28 june-final
Data protection & security breakfast briefing master slides 28 june-finalData protection & security breakfast briefing master slides 28 june-final
Data protection & security breakfast briefing master slides 28 june-finalDr. Donald Macfarlane
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalData Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalDr. Donald Macfarlane
 
Legal issues of domain names & trademarks
Legal issues of domain names & trademarksLegal issues of domain names & trademarks
Legal issues of domain names & trademarksMatt Siltala
 
Privacy and Civil Liberties
Privacy and Civil LibertiesPrivacy and Civil Liberties
Privacy and Civil LibertiesUpekha Vandebona
 
Privacy issues in data analytics
Privacy issues in data analyticsPrivacy issues in data analytics
Privacy issues in data analyticsshekharkanodia
 
Data Breaches
Data BreachesData Breaches
Data Breachessstose
 
Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Lumension
 
Data breach protection from a DB2 perspective
Data breach protection from a DB2 perspectiveData breach protection from a DB2 perspective
Data breach protection from a DB2 perspectiveCraig Mullins
 
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceCorporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceFinancial Poise
 
Enforcement and Litigation Trends and Developments in Privacy and Data Security
Enforcement and Litigation Trends and Developments in Privacy and Data Security Enforcement and Litigation Trends and Developments in Privacy and Data Security
Enforcement and Litigation Trends and Developments in Privacy and Data Security Richik Sarkar
 

Similar to ClientAdvisoryNote - Obama's Privacy Action Plan (20)

Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and Requirements
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
 
Joint ad trade letter to ag becerra re ccpa 1.31.2019
Joint ad trade letter to ag becerra re ccpa 1.31.2019Joint ad trade letter to ag becerra re ccpa 1.31.2019
Joint ad trade letter to ag becerra re ccpa 1.31.2019
 
Internet security and privacy issues
Internet security and privacy issuesInternet security and privacy issues
Internet security and privacy issues
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
 
FTC Protecting Info A Guide For Business Powerpoint
FTC Protecting Info A Guide For Business PowerpointFTC Protecting Info A Guide For Business Powerpoint
FTC Protecting Info A Guide For Business Powerpoint
 
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
 
Data protection & security breakfast briefing master slides 28 june-final
Data protection & security breakfast briefing master slides 28 june-finalData protection & security breakfast briefing master slides 28 june-final
Data protection & security breakfast briefing master slides 28 june-final
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalData Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
 
Legal issues of domain names & trademarks
Legal issues of domain names & trademarksLegal issues of domain names & trademarks
Legal issues of domain names & trademarks
 
Privacy and Civil Liberties
Privacy and Civil LibertiesPrivacy and Civil Liberties
Privacy and Civil Liberties
 
How to Protect Your Data
How to Protect Your DataHow to Protect Your Data
How to Protect Your Data
 
Privacy issues in data analytics
Privacy issues in data analyticsPrivacy issues in data analytics
Privacy issues in data analytics
 
Data Breaches
Data BreachesData Breaches
Data Breaches
 
GPDR_Get-Data-Protection-Right
GPDR_Get-Data-Protection-RightGPDR_Get-Data-Protection-Right
GPDR_Get-Data-Protection-Right
 
Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?
 
Data breach protection from a DB2 perspective
Data breach protection from a DB2 perspectiveData breach protection from a DB2 perspective
Data breach protection from a DB2 perspective
 
Cybersecurity and Data Privacy Whistleblower Protections
Cybersecurity and Data Privacy Whistleblower ProtectionsCybersecurity and Data Privacy Whistleblower Protections
Cybersecurity and Data Privacy Whistleblower Protections
 
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceCorporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
 
Enforcement and Litigation Trends and Developments in Privacy and Data Security
Enforcement and Litigation Trends and Developments in Privacy and Data Security Enforcement and Litigation Trends and Developments in Privacy and Data Security
Enforcement and Litigation Trends and Developments in Privacy and Data Security
 

Recently uploaded

productionpost-productiondiary-240320114322-5004daf6.pptx
productionpost-productiondiary-240320114322-5004daf6.pptxproductionpost-productiondiary-240320114322-5004daf6.pptx
productionpost-productiondiary-240320114322-5004daf6.pptxHenryBriggs2
 
2024: The FAR, Federal Acquisition Regulations - Part 27
2024: The FAR, Federal Acquisition Regulations - Part 272024: The FAR, Federal Acquisition Regulations - Part 27
2024: The FAR, Federal Acquisition Regulations - Part 27JSchaus & Associates
 
Cunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile Service
Cunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile ServiceCunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile Service
Cunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile ServiceHigh Profile Call Girls
 
Precarious profits? Why firms use insecure contracts, and what would change t...
Precarious profits? Why firms use insecure contracts, and what would change t...Precarious profits? Why firms use insecure contracts, and what would change t...
Precarious profits? Why firms use insecure contracts, and what would change t...ResolutionFoundation
 
High Class Call Girls Mumbai Tanvi 9910780858 Independent Escort Service Mumbai
High Class Call Girls Mumbai Tanvi 9910780858 Independent Escort Service MumbaiHigh Class Call Girls Mumbai Tanvi 9910780858 Independent Escort Service Mumbai
High Class Call Girls Mumbai Tanvi 9910780858 Independent Escort Service Mumbaisonalikaur4
 
High Class Call Girls Bangalore Komal 7001305949 Independent Escort Service B...
High Class Call Girls Bangalore Komal 7001305949 Independent Escort Service B...High Class Call Girls Bangalore Komal 7001305949 Independent Escort Service B...
High Class Call Girls Bangalore Komal 7001305949 Independent Escort Service B...narwatsonia7
 
Jewish Efforts to Influence American Immigration Policy in the Years Before t...
Jewish Efforts to Influence American Immigration Policy in the Years Before t...Jewish Efforts to Influence American Immigration Policy in the Years Before t...
Jewish Efforts to Influence American Immigration Policy in the Years Before t...yalehistoricalreview
 
history of 1935 philippine constitution.pptx
history of 1935 philippine constitution.pptxhistory of 1935 philippine constitution.pptx
history of 1935 philippine constitution.pptxhellokittymaearciaga
 
2024: The FAR, Federal Acquisition Regulations - Part 26
2024: The FAR, Federal Acquisition Regulations - Part 262024: The FAR, Federal Acquisition Regulations - Part 26
2024: The FAR, Federal Acquisition Regulations - Part 26JSchaus & Associates
 
VIP High Profile Call Girls Gorakhpur Aarushi 8250192130 Independent Escort S...
VIP High Profile Call Girls Gorakhpur Aarushi 8250192130 Independent Escort S...VIP High Profile Call Girls Gorakhpur Aarushi 8250192130 Independent Escort S...
VIP High Profile Call Girls Gorakhpur Aarushi 8250192130 Independent Escort S...Suhani Kapoor
 
(怎样办)Sherbrooke毕业证本科/硕士学位证书
(怎样办)Sherbrooke毕业证本科/硕士学位证书(怎样办)Sherbrooke毕业证本科/硕士学位证书
(怎样办)Sherbrooke毕业证本科/硕士学位证书mbetknu
 
VIP Call Girls Doodh Bowli ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With R...
VIP Call Girls Doodh Bowli ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With R...VIP Call Girls Doodh Bowli ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With R...
VIP Call Girls Doodh Bowli ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With R...Suhani Kapoor
 
Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...
Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...
Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...ankitnayak356677
 
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdf
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdfYHR Fall 2023 Issue (Joseph Manning Interview) (2).pdf
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdfyalehistoricalreview
 
(官方原版办理)BU毕业证国外大学毕业证样本
(官方原版办理)BU毕业证国外大学毕业证样本(官方原版办理)BU毕业证国外大学毕业证样本
(官方原版办理)BU毕业证国外大学毕业证样本mbetknu
 
(办)McGill毕业证怎么查学位证书
(办)McGill毕业证怎么查学位证书(办)McGill毕业证怎么查学位证书
(办)McGill毕业证怎么查学位证书mbetknu
 
Enhancing Indigenous Peoples' right to self-determination in the context of t...
Enhancing Indigenous Peoples' right to self-determination in the context of t...Enhancing Indigenous Peoples' right to self-determination in the context of t...
Enhancing Indigenous Peoples' right to self-determination in the context of t...Christina Parmionova
 
Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…
Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…
Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…nishakur201
 

Recently uploaded (20)

productionpost-productiondiary-240320114322-5004daf6.pptx
productionpost-productiondiary-240320114322-5004daf6.pptxproductionpost-productiondiary-240320114322-5004daf6.pptx
productionpost-productiondiary-240320114322-5004daf6.pptx
 
2024: The FAR, Federal Acquisition Regulations - Part 27
2024: The FAR, Federal Acquisition Regulations - Part 272024: The FAR, Federal Acquisition Regulations - Part 27
2024: The FAR, Federal Acquisition Regulations - Part 27
 
Cunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile Service
Cunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile ServiceCunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile Service
Cunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile Service
 
Hot Sexy call girls in Palam Vihar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Palam Vihar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Palam Vihar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Palam Vihar🔝 9953056974 🔝 escort Service
 
Precarious profits? Why firms use insecure contracts, and what would change t...
Precarious profits? Why firms use insecure contracts, and what would change t...Precarious profits? Why firms use insecure contracts, and what would change t...
Precarious profits? Why firms use insecure contracts, and what would change t...
 
High Class Call Girls Mumbai Tanvi 9910780858 Independent Escort Service Mumbai
High Class Call Girls Mumbai Tanvi 9910780858 Independent Escort Service MumbaiHigh Class Call Girls Mumbai Tanvi 9910780858 Independent Escort Service Mumbai
High Class Call Girls Mumbai Tanvi 9910780858 Independent Escort Service Mumbai
 
High Class Call Girls Bangalore Komal 7001305949 Independent Escort Service B...
High Class Call Girls Bangalore Komal 7001305949 Independent Escort Service B...High Class Call Girls Bangalore Komal 7001305949 Independent Escort Service B...
High Class Call Girls Bangalore Komal 7001305949 Independent Escort Service B...
 
Jewish Efforts to Influence American Immigration Policy in the Years Before t...
Jewish Efforts to Influence American Immigration Policy in the Years Before t...Jewish Efforts to Influence American Immigration Policy in the Years Before t...
Jewish Efforts to Influence American Immigration Policy in the Years Before t...
 
9953330565 Low Rate Call Girls In Adarsh Nagar Delhi NCR
9953330565 Low Rate Call Girls In Adarsh Nagar Delhi NCR9953330565 Low Rate Call Girls In Adarsh Nagar Delhi NCR
9953330565 Low Rate Call Girls In Adarsh Nagar Delhi NCR
 
history of 1935 philippine constitution.pptx
history of 1935 philippine constitution.pptxhistory of 1935 philippine constitution.pptx
history of 1935 philippine constitution.pptx
 
2024: The FAR, Federal Acquisition Regulations - Part 26
2024: The FAR, Federal Acquisition Regulations - Part 262024: The FAR, Federal Acquisition Regulations - Part 26
2024: The FAR, Federal Acquisition Regulations - Part 26
 
VIP High Profile Call Girls Gorakhpur Aarushi 8250192130 Independent Escort S...
VIP High Profile Call Girls Gorakhpur Aarushi 8250192130 Independent Escort S...VIP High Profile Call Girls Gorakhpur Aarushi 8250192130 Independent Escort S...
VIP High Profile Call Girls Gorakhpur Aarushi 8250192130 Independent Escort S...
 
(怎样办)Sherbrooke毕业证本科/硕士学位证书
(怎样办)Sherbrooke毕业证本科/硕士学位证书(怎样办)Sherbrooke毕业证本科/硕士学位证书
(怎样办)Sherbrooke毕业证本科/硕士学位证书
 
VIP Call Girls Doodh Bowli ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With R...
VIP Call Girls Doodh Bowli ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With R...VIP Call Girls Doodh Bowli ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With R...
VIP Call Girls Doodh Bowli ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With R...
 
Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...
Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...
Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...
 
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdf
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdfYHR Fall 2023 Issue (Joseph Manning Interview) (2).pdf
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdf
 
(官方原版办理)BU毕业证国外大学毕业证样本
(官方原版办理)BU毕业证国外大学毕业证样本(官方原版办理)BU毕业证国外大学毕业证样本
(官方原版办理)BU毕业证国外大学毕业证样本
 
(办)McGill毕业证怎么查学位证书
(办)McGill毕业证怎么查学位证书(办)McGill毕业证怎么查学位证书
(办)McGill毕业证怎么查学位证书
 
Enhancing Indigenous Peoples' right to self-determination in the context of t...
Enhancing Indigenous Peoples' right to self-determination in the context of t...Enhancing Indigenous Peoples' right to self-determination in the context of t...
Enhancing Indigenous Peoples' right to self-determination in the context of t...
 
Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…
Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…
Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…
 

ClientAdvisoryNote - Obama's Privacy Action Plan

  • 1. CONTACT US US: 888.878.7830 www.truste.com | EU: +44 (0) 203 078 6495 www.truste.eu POWERING TRUST in the Data Economy The Obama Administration’s Action Plan for Protecting Consumer Privacy Understanding What This Means For Your Business February 2015 Prepared by Debra Farber, JD, CISSP, CIPP/US, CIPM, CIPT Sr. Consultant and Product Manager, TRUSTe In January, President Obama outlined a detailed plan to protect consumer privacy and combat identity theft through his remarks at the FTC, the NCCIC and the State of the Union Address. This plan includes a combination of proposed legislation, executive agency activities and industry participation. The broad contours of this plan are: 1. Introduce Federal Breach Notification Requirements. 2. Safeguard Student Data in the Classroom and Beyond. 3. Promote Innovation by Improving Consumers Confidence Online. 4. Support Public and Private Sector Initiatives to Tackle Emerging Privacy Issues. 5. Continue to Fight Identity Theft. This memorandum summarizes the three key new legislative proposals, the commitments to new and existing initiatives to tackle emerging privacy issues, and outlines six practical steps you can take to prepare for the proposed changes. Please note that this memorandum is intended as a general overview of the subject matter and cannot be regarded as legal advice. This is a summary and not a full analysis of how the Obama Administration’s proposals may affect your business.
  • 2. 2 CONTACT US US: 888.878.7830 www.truste.com | EU: +44 (0) 203 078 6495 www.truste.eu POWERING TRUST in the Data Economy 1. Introduce Federal Breach Notification Requirements The Personal Data Notification Protection Act: The first new piece of proposed legislation is highly timely in the wake of the Anthem security breach. It relates to the obligations of a business to let impacted individuals know when there has been a security breach. The Act would create a standardized federal breach notification requirement meaning that companies would no longer need to refer to each state’s breach notification requirements. However, there are some key additional elements which companies should be aware of: • The Act would establish a 30–day notification requirement from the discovery of a data breach. This means companies will need to have efficient means to do scope and root cause analysis to comply with the time requirements • There is no per se Safe Harbor for encryption, or for the unintentional, good faith acquisition by an employee. • The definition of Sensitive Personal Information is expanded to be closer to the European definition. • Reputational harm is recognized as an actual “injury” for purposes of standing and recovery (it used to be limited to pecuniary injury). • While notice to an individual isn’t always necessary (where there is no “reasonable risk of harm”) the risk analysis that a company must undertake to make such a determination has to be provided to the FTC • If you impact more than 5,000 people with your breach, you have to notify the media. 2. Safeguard Student Data in the Classroom and Beyond The Student Digital Privacy Act: The President proposed new legislation designed to provide teachers and parents with confidence that student data will be gathered and used responsibly, while enabling teaching and learning via the use of new technologies. At present, the bill has not been released to the public for analysis. However, the President’s remarks indicate the following: • The Act would prevent personal data collected in the educational context from being used except for educational purpose(s). Secondary uses would therefore be prohibited. • The Act would permit research initiatives aimed at improving student learning outcomes and efforts by companies to continuously improve the effectiveness of their learning technology products. • The Act would prevent companies from selling student data to third parties for purposes unrelated to the educational mission. • The Act would prevent companies from engaging in targeted advertising to students based on data collected in schools. New Commitments from the Private Sector to Help Enhance Privacy for Students • 75+ companies, led by the Future of Privacy Forum and the Software and Information Industry Association, have committed to protect student privacy by pledging to provide parents, teachers and kids with important protections against misuse of their data. • President Obama challenged other companies to also sign the pledge. New Tools from the Department of Education to Empower Educators Around the Country and Protect Students • The Department of Education’s (“DOE”) Privacy Technical Assurance Center (“PTAC”) will continue to expand its “one–stop” resource for education stakeholders to learn about data privacy, confidentiality, and security practices related to student–level longitudinal data systems and other uses of student data.
  • 3. 3 CONTACT US US: 888.878.7830 www.truste.com | EU: +44 (0) 203 078 6495 www.truste.eu POWERING TRUST in the Data Economy • The DOE issued new model terms of service for educational organizations that are subject to the Family Educational Rights and Privacy Act (“FERPA”) and the Protection of Pupil Rights Amendment (“PPRA”): Model Notification of Rights under FERPA for Elementary and Secondary Schools FERPA Model Notice for Directory Information Model Notification of Rights Under PPRA • The DOE has committed to strengthening its training for teachers to ensure that educational data are used appropriately and in accordance with educational missions. 3. Promote Innovation by Improving Consumer Confidence Online Enact Consumer Privacy Bill of Rights Legislation The Commerce Department announced that it has completed its public consultation on revised draft legislation that enshrines the principles contained in the administration’s 2012 Consumer Privacy Bill of Rights into law. Shortly, the administration will release its revised legislative proposal. Based on the White House report, we can expect the following contours to be a part of the proposed legislation: • Transparency: Not just privacy policies. Just–in–time notices, simplified language and mobile device optimized disclosures are all going to be important. • Respect for Context: Manage the expectation of the data subject. Secondary use is fine as long as it is expected. Still, that secondary use needs to be reasonable related to the originally agreed to use which was the basis for the collection in the first place. • Security: Consumers have a right to secure and responsible handling of personal data. • Access and Accuracy: Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data are inaccurate. • Focused Collection: Don’t collect more than you need, and don’t store it longer than you have to. This principle will be the hardest to balance the interest of the company in innovation and the individual in maintaining privacy. • Accountability: First, companies must have a process in place to comply with the rules. Second, enforcement will have teeth. • Co–Regulation: The model set out in the APEC Cross Border Privacy Rules System could get official recognition. 4. Support Public and Private Sector Initiatives to Tackle Emerging Privacy Issues Voluntary Code of Conduct for Smart Grid Customer Data Privacy • The Department of Energy and Federal Smart Grid Task Force released a new Data Privacy and Smart Grid Voluntary Code of Conduct (“VCC”) for utilities and third parties aimed at protecting electricity customer data, including energy usage data. • The VCC was developed to improve consumer awareness, choice and consent, and controls on access. • The VCC aims to: (1) encourage innovation while appropriately protecting the privacy and confidentiality of customer data and providing reliable, affordable electric and energy–related services; and (2) provide customers with appropriate access to their own customer data.
  • 4. 4 CONTACT US US: 888.878.7830 www.truste.com | EU: +44 (0) 203 078 6495 www.truste.eu POWERING TRUST in the Data Economy 5. Continue to Fight Identity Theft Identify and Prevent Identity Theft • Various credit industry giants are working to make credit reports available for free to 50% of all adult Americans with consumer credit cards. Note that this is already the law under FACTA. However, additional analytical tools are being developed to make the data more easily actionable. Those with access to this tool can help spot identity theft earlier on through their banks, card issuers or lenders. Make Federal Payments More Secure to Help Drive the Market Forward • President Obama issued an executive order in October 2014 that requires federal agencies to upgrade to more secure chip–and–PIN technology for credit and debit card transactions. Major private sector retailers have also committed to implement secure chip–and–PIN–compatible card terminals in stores across the country. Enhance the FTC’s Capability to Help Prevent Identity Theft • The Federal Trade Commission (“FTC”) is currently developing a “one–stop” resource for identity theft victims. The FTC plans to expand its information–sharing capabilities to ensure that federal investigators can regularly report evidence of stolen financial, and other information, to companies whose customers are directly affected.
  • 5. 5 CONTACT US US: 888.878.7830 www.truste.com | EU: +44 (0) 203 078 6495 www.truste.eu POWERING TRUST in the Data Economy Six Practical Steps to Prepare for the Proposed Changes 1. Engage the Board and C–Suite The current environment is demanding that businesses treat personal information as a valuable asset — both to the business and to the individual data subject. Privacy and security are no longer esoteric topics to be thought about by specialists. These are now Board and C–Suite issues which failure to address can generate real liability — for both the company and individual officers and directors of the company. 2. Prepare for changes to Data Breach Notification Requirements At a minimum, you will need to have the following components in place to deal with the requirements of any national security breach notification law: • Regular security and privacy audits • Security Incident Response process • Risk Assessment process • Crisis Communications process • Identified Executive Management responsible for these processes 3. Map Your Data Flows And Maintain A Data Inventory Critical to the functioning of the above processes will be resources to know what kind of data your business manages, and where/how that data gets managed. Even a high–level, role–based data inventory will be necessary to make any of the above processes be able to operate in an “event”. 4. Have An Independent Review Of Your Privacy Practices Having a third–party review and verify your company’s privacy program is necessary, both from an internal controls perspective, but also because of the benefit of outside expertise. In addition, if the third–party reviewer is a Certification or Trustmark Provider, once the Co–Regulatory provisions of the Privacy Bill of Rights are passed, companies who engage such providers will have an additional layer of insulation from direct regulatory scrutiny. 5. Work With Trusted Advisors To Stay Ahead Of Legislative Changes No company can keep on top of all the different nuances that could negatively impact the business. To do so would be overly distracting to the business at hand. Therefore, it is critical that businesses engage with experts whose job it is to keep up with all the rapid changes in the privacy space. This way the business can stay focused on its mission, and still have a reasonable level of confidence that it is managing its privacy risks while doing so. 6. Build Flexibility Into Your Privacy Program To Respond To Changes As the more substantive parts of the President’s proposal start to gain traction, your Privacy Program can be matured to include use restrictions, technology controls, and other elements which are used to implement the obligations that may arise out of whatever version of the Consumer Privacy Bill of Rights and the Student Digital Privacy Act impose. It is critical to have a framework, which your company can use to quickly build additional “modules” into a privacy program as new legislation is enacted.