SlideShare a Scribd company logo

EXPERT WEBINAR: Integrate Privacy into Business & Product, with Dr. Ann Cavoukian

Download as PPTX, PDF
Feroot
Feroot

Hear from Dr. Ann Cavoukian, world-renowned privacy expert, and Ivan Tsarynny, CEO and Co-founder of Feroot Privacy, and learn how you can make privacy a collective effort across your entire organization and an integral part of product, operations, sales and marketing. You will learn: - How to create a business case for privacy that's benefits-focused and persuasive - Best practices for giving customers more control over their data by integrating privacy with marketing & sales - New ways of streamlining processes and bridging data across departments - Strategies for creating a culture of privacy and a win-win business outcome - Frequently asked questions (and answers!)

Technology
1 of 101
5 Ways to Integrate Privacy into Your Business Strategy & Product | EXPERT WEBINAR SERIES Ivan Tsarynny Founder & CEO of Feroot Dr. Ann Cavoukian the Privacy by Design Centre of Excellence Wednesday, Dec. 5th, 2:00 PM (ET)
Lori Smith Webinar Host Marketing Manager, Feroot HELLO! Sandra Feng Q&A, Technical Support Privacy Expert-in-Training, Feroot
Optimize your Webinar Experience Raise Your Hand if… Can’t You Hear? Having Trouble? Chat your thoughts or questions Ask Questions, See Answers!
Part 1 ● The Foundational Principles of Privacy by Design ● Building the Business Case for Privacy ● 5 Ways to Minimize Risk ● Integrating Privacy into Marketing Part 2 ● Integrating Privacy into Operations Part 3 ● Your #1 Top Challenges & FAQs Agenda for today
Dr. Ann Cavoukian, PhD 3-term Information and Privacy Commissioner of Ontario, currently leading the Privacy by Design Centre of Excellence at Ryerson University. Featured Presenters Ivan Tsarynny Founder & CEO of Feroot, Member of GDPR Advisory Committee at Standard Council of Canada
[
LET’S DISPEL THE MYTHS
=PRIVACY SECRECY
=PRIVACY CONTROL
Privacy = Personal Control
Privacy is Essential to Freedom A Necessary Condition for Societal Prosperity and Well-Being ● Innovation, creativity, and the resultant prosperity of a society requires freedom; ● Privacy is the essence of freedom: Without privacy, individual human rights, property rights and civil liberties – the conceptual engines of innovation and creativity, could not exist in a meaningful manner; ● Surveillance is the antithesis of privacy: A negative consequence of surveillance is the usurpation of a person’s limited cognitive bandwidth, away from innovation and creativity.
The Decade of Privacy by Design
Adoption of “Privacy by Design” as an International Standard Full Article: http://www.science20.com/newswire/landmark_resolu tion_passed_preserve_future_privacy
The majority of privacy breaches remain unchallenged, unregulated ... unknown Regulatory compliance alone, is unsustainable as the sole model for ensuring the future of privacy Most privacy breaches remain undetected – as regulators, we only see the tip of the iceberg
Privacy by Design: Proactive in 40 Languages!
Get Rid of the Dated Win/Lose, Zero-Sum Models!
Positive-Sum Model: The Power of “And”
Privacy by Design:The 7 Foundational Principles
Operationalizing Privacy by Design
Letter from JIPDEC – May 28, 2014
GDPR: General Data Protection Regulation
E.U. General Data Protection Regulation
The Similarities Between PbD and the GDPR
The Similarities Between PbD and the GDPR
Privacy Commissioner of Canada: Annual Report https://www.priv.gc.ca/en/opc-actions-and- decisions/ar_index/201617/ar_201617/#heading-0-0-3-1 Sept. 21, 2017
https://www.ourcommons.ca/Content/Committee/421/E THI/Reports/RP9690701/ethirp12/ethirp12-e.pdf 42nd Parliament, First Session February, 2018
Privacy by Design Certification
Privacy by Design Certification
Canadian Companies Have Taken the Lead with PbD Certification
[
The Bottom Line
Cost of Taking the Reactive Approach
First “Privacy Marketplace” International Consumer Electronics Show, Las Vegas “ Privacy is a hot issue right now. It’s on everyone’s radar … Consumers asking about privacy – that was the big takeaway. These companies in the privacy marketplace, in large part aren’t advocates. They’re entrepreneurs looking to capitalize on market opportunity. They expect a larger privacy marketplace next year and for brands to incorporate “privacy” into their marketing… Anyone, everyone, can understand the need for privacy.” Victor Cocchia CEO, Vysk Speaking at CES: Jan, 2015
Guard Your Reputation
Pew Research Internet Project
Pew Research Internet Project • 75 percent will not buy a product from a company — no matter how great the products are — if they don’t trust the company to protect their data 2018 2014
The Online “Privacy Lie” Is Unraveling Joseph Turow and Michael Hennessy, University of Pennsylvania Nora Draper, University of New Hampshire Source: TechCrunch http://techcrunch.com/2015/06/06/the-online-privacy-lie-is-unraveling/
2014 Survey of Canadians on Privacy Office of the Privacy Commissioner of Canada
Trends and Challenges: Consumer Confidence People choose to give their business to firms with good “data hygiene” – new evidence suggests that consumers are seeking out companies that will protect their privacy.
Customers Value Privacy 75 per cent will not buy a product from a company — no matter how great the products are — if they don’t trust the company to protect their data Source: 2018 IBM, Harris Poll “ ”
Evaluating a company’s privacy practices is now part of his firm’s due diligence, especially when companies are storing customer data in cloud services. “ ” Steve Herrod of the VC firm, General Catalyst, IAPP, The Privacy Advisor Privacy Accelerates Sales & Investments
1. Accelerate Buying & Sales Cycles 2. Grow Customer Loyalty and Trust 3. Reduce Privacy Compliance Costs 4. Mitigate Penalties 5. Future-proof Your Defensibility and reduce Ligations and Enforcements with Strong Proof of Records The Business Case for Privacy
[
9,053,156,308 Data records lost or stolen since 2013
1.1 Billion Identities Stolen in 2016 - 2018
Only 4%of breaches were “Secure Breaches” - where encryption was used and the stolen data was rendered useless
$3.8 Million Global Average Total Cost of a Breach ( Poneman Institute – “The 2018 Cost of a Data Breach Study”)
● Data breaches are up 75% in two years, finds a report from the Information Commissioner (ICO) ● 52% of breaches are due to employee negligence and failed business processes ● 77% percent of respondents still lack a formal cybersecurity incident response plan (CSIRP) that is applied consistently across the organization, a figure that is largely unchanged from the previous year’s study. (Poneman Institute, 2018) Data Breaches
An Epidemic of Breaches
Data Breaches Continue...
Data Breaches Continue...
Identity Theft
Boards really want to understand the operational risk to their company, along with the plans for how one wants to handle risk and reduce the impact. “ ”
[
Data Minimization1
De-Identification2
Dispelling the Myths about De-Identification…
5 Standards on De-Identification, Taking a Risk-Based Approach, Cont’d.
5 Standards on De-Identification, Taking a Risk-Based Approach, Cont’d.
Do you have a Data Map?3
Privacy Impact Assessments (Intended to be an Analytical Process) 4
Data Breach Response5
[
Privacy and Marketing
“By adopting a privacy-by-design mentality, we can begin to transform ideas like these into best practices that have long-term benefits for both consumers and brands. Let's lead the way.” Privacy and Marketing
Three Key Points to Help Marketers
Key Takeaways from CMA Talk ❏ Evolve from fine print to more transparent disclosure strategies. ❏ Make privacy a positive part of the brand experience. ❏ Increase consumer trust right out of the gates. Privacy can be your competitive advantage. ❏ Be deliberate and proactive: lead with Privacy by Design rather than privacy by chance. ❏ Privacy is good for business!
Concluding Thoughts - Minimizing Risks
Contact Information @AnnCavoukian
Privacy by Design: The Global Privacy Framework Dr. Cavoukian is offering the definitive Privacy by Design Online Course at Ryerson University Should you wish to sign up for 2019 registration list, visit: https://www.ryerson.ca/pbdce/privacy-by-design-chang-school-course/
[
Privacy = Silos
GDPR = Policy, Process, and Product Changes
GDPR DSR – Data Subject Rights Framework
Legacy Processes Fulfilling GDPR Art. 12 to 23
Introducing PrivacyOps
PrivacyOps has one job: drive growth through a responsible use of data by embedding privacy controls into products and services.
PrivacyOps = Growth
Key Objective: Competitive Differentiation • What does privacy mean for my business? • What changes do we need to make?
[
Culture & Stakeholder Alignment Marketing Sales Operations HR Vision, Goals & Strategy IT 1
Data Mapping What Do We Have? • Assessment • Data Processing • Data Inventory • Data Mapping Consumer Data Database 2 Database Processor 1 Processor 2 Processor 4 Processor 4 2
Data Inventory Management (aka The Data map) Today: • Static • Manual • Error-prone Dynamic Data Inventory Management: • Easy • Automated • Accurate • Always-Up-to-Date Global Application Catalog 1. Comprehensive metadata registry 2. Centrally-managed applications 3. Unified privacy document management
Privacy UX (user-experience)3
Third-Party Vendor Management4
Get Started.5 “The first secret of getting ahead is getting started.”
Example of a Third Vendor Privacy Profile
PrivacyOps: Let’s Review the Concepts User-Centric Individuals can intuitively and easily exercise their rights via an up-to-date user-centric experience, and be assured that their rights are respected. Access Controls Privacy and Access controls are part of technology solutions. Automated Fulfilling privacy and access obligations is a routine and automated activity. Proof & Record Keeping Organizations are always prepared to demonstrate proof of privacy and access compliance Predict & Detect Privacy and Access controls systems detect, predict, and report non-compliant events. Intra-Organizational Privacy and Access natively operates across all departmental and intra- organizational boundaries without data and information silos.
Results in... Competitive Advantage Alignment & Harmonization Customer-Focused Product Changes Controls across the full data lifecycle flow
Thank You! Ivan Tsarynny CEO, Co-Founder FerootPrivacy @FerootPrivacy @Ivan_Tsarynny linkedin.com/company/feroot/ ivan@feroot.com
About Feroot Feroot is a PrivacyOps platform that helps operationalize privacy management across all departments and data silos. It helps organizations move from static data flow maps into a dynamic, continually updated, and accurate data registry.
[
Challenge #1 : Awareness across your organization 1. How do you get privacy awareness in all areas of the business? Especially Execs, Developers & Data Scientists? 2. What is the best practice to make sure everyone receives the right privacy training? 3. How do you ensure all staff know the rules & integrate privacy into their work habits?
Challenge #2 : Managing Decentralized Risks How do you improve visibility into controls across IT services and third-party vendors?
Challenge #3 : Competing Priorities, Getting Buy-in 1. How do you overcome cross-functional challenges of competing priorities? 2. How do you balance what can be done with what end users will actually adopt? 3. How do you get buy-in when there is next to no budget for education and certifications?
More Questions? Email: questions@feroot.com
Yes! You will receive a recording of this webinar and links to related resources.
Next Webinar: January 2019  Transparency Notices  Managing Consent  Data Mapping  Latest Policy Updates  Training Staff @FerootPrivacy
THANK YOU! questions@feroot.com @FerootPrivacy linkedin.com/company/feroot/ Tell us what you thought here: Link in Chat Box: https://feroot.typeform.com/to/jz5Iti

Recommended

EXPERT WEBINAR: GDPR One Year Later — What Can We Learn from Investigations a...
EXPERT WEBINAR: GDPR One Year Later — What Can We Learn from Investigations a...EXPERT WEBINAR: GDPR One Year Later — What Can We Learn from Investigations a...
EXPERT WEBINAR: GDPR One Year Later — What Can We Learn from Investigations a...Feroot
 
EXPERT WEBINAR: Convergence of Cybersecurity & Privacy with Herjavec Group
EXPERT WEBINAR: Convergence of Cybersecurity & Privacy with Herjavec GroupEXPERT WEBINAR: Convergence of Cybersecurity & Privacy with Herjavec Group
EXPERT WEBINAR: Convergence of Cybersecurity & Privacy with Herjavec GroupFeroot
 
PrivacyOps Framework
PrivacyOps FrameworkPrivacyOps Framework
PrivacyOps FrameworkFeroot
 
Feroot Smart Technology Privacy Summit: The Connected Car — Understanding the...
Feroot Smart Technology Privacy Summit: The Connected Car — Understanding the...Feroot Smart Technology Privacy Summit: The Connected Car — Understanding the...
Feroot Smart Technology Privacy Summit: The Connected Car — Understanding the...Feroot
 
Feroot Smart Technology Privacy Summit: Fiduciary Finesse & Cybersecurity — W...
Feroot Smart Technology Privacy Summit: Fiduciary Finesse & Cybersecurity — W...Feroot Smart Technology Privacy Summit: Fiduciary Finesse & Cybersecurity — W...
Feroot Smart Technology Privacy Summit: Fiduciary Finesse & Cybersecurity — W...Feroot
 
Feroot Smart Technology Privacy Summit: Privacy, Facial Recognition & Intelli...
Feroot Smart Technology Privacy Summit: Privacy, Facial Recognition & Intelli...Feroot Smart Technology Privacy Summit: Privacy, Facial Recognition & Intelli...
Feroot Smart Technology Privacy Summit: Privacy, Facial Recognition & Intelli...Feroot
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 

Recommended

EXPERT WEBINAR: GDPR One Year Later — What Can We Learn from Investigations a...
EXPERT WEBINAR: GDPR One Year Later — What Can We Learn from Investigations a...EXPERT WEBINAR: GDPR One Year Later — What Can We Learn from Investigations a...
EXPERT WEBINAR: GDPR One Year Later — What Can We Learn from Investigations a...Feroot
 
EXPERT WEBINAR: Convergence of Cybersecurity & Privacy with Herjavec Group
EXPERT WEBINAR: Convergence of Cybersecurity & Privacy with Herjavec GroupEXPERT WEBINAR: Convergence of Cybersecurity & Privacy with Herjavec Group
EXPERT WEBINAR: Convergence of Cybersecurity & Privacy with Herjavec GroupFeroot
 
PrivacyOps Framework
PrivacyOps FrameworkPrivacyOps Framework
PrivacyOps FrameworkFeroot
 
Feroot Smart Technology Privacy Summit: The Connected Car — Understanding the...
Feroot Smart Technology Privacy Summit: The Connected Car — Understanding the...Feroot Smart Technology Privacy Summit: The Connected Car — Understanding the...
Feroot Smart Technology Privacy Summit: The Connected Car — Understanding the...Feroot
 
Feroot Smart Technology Privacy Summit: Fiduciary Finesse & Cybersecurity — W...
Feroot Smart Technology Privacy Summit: Fiduciary Finesse & Cybersecurity — W...Feroot Smart Technology Privacy Summit: Fiduciary Finesse & Cybersecurity — W...
Feroot Smart Technology Privacy Summit: Fiduciary Finesse & Cybersecurity — W...Feroot
 
Feroot Smart Technology Privacy Summit: Privacy, Facial Recognition & Intelli...
Feroot Smart Technology Privacy Summit: Privacy, Facial Recognition & Intelli...Feroot Smart Technology Privacy Summit: Privacy, Facial Recognition & Intelli...
Feroot Smart Technology Privacy Summit: Privacy, Facial Recognition & Intelli...Feroot
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 

More Related Content

Recently uploaded

Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 

Recently uploaded (20)

Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 

Featured

Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Applitools
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at WorkGetSmarter
 

Featured (20)

Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 

EXPERT WEBINAR: Integrate Privacy into Business & Product, with Dr. Ann Cavoukian

  • 1. 5 Ways to Integrate Privacy into Your Business Strategy & Product | EXPERT WEBINAR SERIES Ivan Tsarynny Founder & CEO of Feroot Dr. Ann Cavoukian the Privacy by Design Centre of Excellence Wednesday, Dec. 5th, 2:00 PM (ET)
  • 2. Lori Smith Webinar Host Marketing Manager, Feroot HELLO! Sandra Feng Q&A, Technical Support Privacy Expert-in-Training, Feroot
  • 3. Optimize your Webinar Experience Raise Your Hand if… Can’t You Hear? Having Trouble? Chat your thoughts or questions Ask Questions, See Answers!
  • 4. Part 1 ● The Foundational Principles of Privacy by Design ● Building the Business Case for Privacy ● 5 Ways to Minimize Risk ● Integrating Privacy into Marketing Part 2 ● Integrating Privacy into Operations Part 3 ● Your #1 Top Challenges & FAQs Agenda for today
  • 5. Dr. Ann Cavoukian, PhD 3-term Information and Privacy Commissioner of Ontario, currently leading the Privacy by Design Centre of Excellence at Ryerson University. Featured Presenters Ivan Tsarynny Founder & CEO of Feroot, Member of GDPR Advisory Committee at Standard Council of Canada
  • 6. [
  • 11. Privacy is Essential to Freedom A Necessary Condition for Societal Prosperity and Well-Being ● Innovation, creativity, and the resultant prosperity of a society requires freedom; ● Privacy is the essence of freedom: Without privacy, individual human rights, property rights and civil liberties – the conceptual engines of innovation and creativity, could not exist in a meaningful manner; ● Surveillance is the antithesis of privacy: A negative consequence of surveillance is the usurpation of a person’s limited cognitive bandwidth, away from innovation and creativity.
  • 12. The Decade of Privacy by Design
  • 13. Adoption of “Privacy by Design” as an International Standard Full Article: http://www.science20.com/newswire/landmark_resolu tion_passed_preserve_future_privacy
  • 14. The majority of privacy breaches remain unchallenged, unregulated ... unknown Regulatory compliance alone, is unsustainable as the sole model for ensuring the future of privacy Most privacy breaches remain undetected – as regulators, we only see the tip of the iceberg
  • 15. Privacy by Design: Proactive in 40 Languages!
  • 16. Get Rid of the Dated Win/Lose, Zero-Sum Models!
  • 17. Positive-Sum Model: The Power of “And”
  • 18. Privacy by Design:The 7 Foundational Principles
  • 20. Letter from JIPDEC – May 28, 2014
  • 21. GDPR: General Data Protection Regulation
  • 22. E.U. General Data Protection Regulation
  • 23. The Similarities Between PbD and the GDPR
  • 24. The Similarities Between PbD and the GDPR
  • 25. Privacy Commissioner of Canada: Annual Report https://www.priv.gc.ca/en/opc-actions-and- decisions/ar_index/201617/ar_201617/#heading-0-0-3-1 Sept. 21, 2017
  • 27. Privacy by Design Certification
  • 28. Privacy by Design Certification
  • 29. Canadian Companies Have Taken the Lead with PbD Certification
  • 30. [
  • 31.
  • 33. Cost of Taking the Reactive Approach
  • 34. First “Privacy Marketplace” International Consumer Electronics Show, Las Vegas “ Privacy is a hot issue right now. It’s on everyone’s radar … Consumers asking about privacy – that was the big takeaway. These companies in the privacy marketplace, in large part aren’t advocates. They’re entrepreneurs looking to capitalize on market opportunity. They expect a larger privacy marketplace next year and for brands to incorporate “privacy” into their marketing… Anyone, everyone, can understand the need for privacy.” Victor Cocchia CEO, Vysk Speaking at CES: Jan, 2015
  • 37. Pew Research Internet Project • 75 percent will not buy a product from a company — no matter how great the products are — if they don’t trust the company to protect their data 2018 2014
  • 38. The Online “Privacy Lie” Is Unraveling Joseph Turow and Michael Hennessy, University of Pennsylvania Nora Draper, University of New Hampshire Source: TechCrunch http://techcrunch.com/2015/06/06/the-online-privacy-lie-is-unraveling/
  • 39. 2014 Survey of Canadians on Privacy Office of the Privacy Commissioner of Canada
  • 40. Trends and Challenges: Consumer Confidence People choose to give their business to firms with good “data hygiene” – new evidence suggests that consumers are seeking out companies that will protect their privacy.
  • 41. Customers Value Privacy 75 per cent will not buy a product from a company — no matter how great the products are — if they don’t trust the company to protect their data Source: 2018 IBM, Harris Poll “ ”
  • 42. Evaluating a company’s privacy practices is now part of his firm’s due diligence, especially when companies are storing customer data in cloud services. “ ” Steve Herrod of the VC firm, General Catalyst, IAPP, The Privacy Advisor Privacy Accelerates Sales & Investments
  • 43. 1. Accelerate Buying & Sales Cycles 2. Grow Customer Loyalty and Trust 3. Reduce Privacy Compliance Costs 4. Mitigate Penalties 5. Future-proof Your Defensibility and reduce Ligations and Enforcements with Strong Proof of Records The Business Case for Privacy
  • 44. [
  • 45. 9,053,156,308 Data records lost or stolen since 2013
  • 47. Only 4%of breaches were “Secure Breaches” - where encryption was used and the stolen data was rendered useless
  • 48. $3.8 Million Global Average Total Cost of a Breach ( Poneman Institute – “The 2018 Cost of a Data Breach Study”)
  • 49. ● Data breaches are up 75% in two years, finds a report from the Information Commissioner (ICO) ● 52% of breaches are due to employee negligence and failed business processes ● 77% percent of respondents still lack a formal cybersecurity incident response plan (CSIRP) that is applied consistently across the organization, a figure that is largely unchanged from the previous year’s study. (Poneman Institute, 2018) Data Breaches
  • 50. An Epidemic of Breaches
  • 54. Boards really want to understand the operational risk to their company, along with the plans for how one wants to handle risk and reduce the impact. “ ”
  • 55. [
  • 58. Dispelling the Myths about De-Identification…
  • 59.
  • 60. 5 Standards on De-Identification, Taking a Risk-Based Approach, Cont’d.
  • 61. 5 Standards on De-Identification, Taking a Risk-Based Approach, Cont’d.
  • 62. Do you have a Data Map?3
  • 63. Privacy Impact Assessments (Intended to be an Analytical Process) 4
  • 65. [
  • 67. “By adopting a privacy-by-design mentality, we can begin to transform ideas like these into best practices that have long-term benefits for both consumers and brands. Let's lead the way.” Privacy and Marketing
  • 68. Three Key Points to Help Marketers
  • 69. Key Takeaways from CMA Talk ❏ Evolve from fine print to more transparent disclosure strategies. ❏ Make privacy a positive part of the brand experience. ❏ Increase consumer trust right out of the gates. Privacy can be your competitive advantage. ❏ Be deliberate and proactive: lead with Privacy by Design rather than privacy by chance. ❏ Privacy is good for business!
  • 70. Concluding Thoughts - Minimizing Risks
  • 72. Privacy by Design: The Global Privacy Framework Dr. Cavoukian is offering the definitive Privacy by Design Online Course at Ryerson University Should you wish to sign up for 2019 registration list, visit: https://www.ryerson.ca/pbdce/privacy-by-design-chang-school-course/
  • 73. [
  • 75. GDPR = Policy, Process, and Product Changes
  • 76. GDPR DSR – Data Subject Rights Framework
  • 77. Legacy Processes Fulfilling GDPR Art. 12 to 23
  • 79. PrivacyOps has one job: drive growth through a responsible use of data by embedding privacy controls into products and services.
  • 81. Key Objective: Competitive Differentiation • What does privacy mean for my business? • What changes do we need to make?
  • 82. [
  • 83. Culture & Stakeholder Alignment Marketing Sales Operations HR Vision, Goals & Strategy IT 1
  • 84. Data Mapping What Do We Have? • Assessment • Data Processing • Data Inventory • Data Mapping Consumer Data Database 2 Database Processor 1 Processor 2 Processor 4 Processor 4 2
  • 85. Data Inventory Management (aka The Data map) Today: • Static • Manual • Error-prone Dynamic Data Inventory Management: • Easy • Automated • Accurate • Always-Up-to-Date Global Application Catalog 1. Comprehensive metadata registry 2. Centrally-managed applications 3. Unified privacy document management
  • 88. Get Started.5 “The first secret of getting ahead is getting started.”
  • 89. Example of a Third Vendor Privacy Profile
  • 90. PrivacyOps: Let’s Review the Concepts User-Centric Individuals can intuitively and easily exercise their rights via an up-to-date user-centric experience, and be assured that their rights are respected. Access Controls Privacy and Access controls are part of technology solutions. Automated Fulfilling privacy and access obligations is a routine and automated activity. Proof & Record Keeping Organizations are always prepared to demonstrate proof of privacy and access compliance Predict & Detect Privacy and Access controls systems detect, predict, and report non-compliant events. Intra-Organizational Privacy and Access natively operates across all departmental and intra- organizational boundaries without data and information silos.
  • 92. Thank You! Ivan Tsarynny CEO, Co-Founder FerootPrivacy @FerootPrivacy @Ivan_Tsarynny linkedin.com/company/feroot/ ivan@feroot.com
  • 93. About Feroot Feroot is a PrivacyOps platform that helps operationalize privacy management across all departments and data silos. It helps organizations move from static data flow maps into a dynamic, continually updated, and accurate data registry.
  • 94. [
  • 95. Challenge #1 : Awareness across your organization 1. How do you get privacy awareness in all areas of the business? Especially Execs, Developers & Data Scientists? 2. What is the best practice to make sure everyone receives the right privacy training? 3. How do you ensure all staff know the rules & integrate privacy into their work habits?
  • 96. Challenge #2 : Managing Decentralized Risks How do you improve visibility into controls across IT services and third-party vendors?
  • 97. Challenge #3 : Competing Priorities, Getting Buy-in 1. How do you overcome cross-functional challenges of competing priorities? 2. How do you balance what can be done with what end users will actually adopt? 3. How do you get buy-in when there is next to no budget for education and certifications?
  • 99. Yes! You will receive a recording of this webinar and links to related resources.
  • 100. Next Webinar: January 2019  Transparency Notices  Managing Consent  Data Mapping  Latest Policy Updates  Training Staff @FerootPrivacy
  • 101. THANK YOU! questions@feroot.com @FerootPrivacy linkedin.com/company/feroot/ Tell us what you thought here: Link in Chat Box: https://feroot.typeform.com/to/jz5Iti

Editor's Notes

  1. Hi everyone, and welcome to Feroot’s Expert Webinar Series. In today’s webinar we are very excited to have Dr. Ann Cavoukian with us and we will be discussing how to Integrate Privacy into your Business Strategy & Product Thank you for joining!
  2. Before we get started, I’d like to introduce myself – my name is Lori Smith, I’m the webinar host today, you’ll be hearing me throughout. And on technical support and managing our chat, Q&A, is Sandra Feng
  3. If you do have any questions, sound issues, or just want to say a friendly hello, we encourage you to use the bar along the bottom of your screen to chat with us. Let’s test it out now, raise your hand if you can hear me okay? Raise your hand if any of you attended the Smart Technology Summit we hosted with Ann others this September?
  4. Our agenda today is really ambitious, so get comfortable, settle in and be prepared to learn a lot. And we really hope you can all stay till the end of the webinar, because, we’ve taken all your challenges that you shared with us in registration, and turned those into 3 key themes, that Ann and Ivan will address specifically. And if we don’t have time for Q&A in the webinar, we do still encourage you to ask questions in the chat box, and we’ll follow up with you individually after the webinar.
  5. Now, I am pleased to introduce our featured presenters. We are honored to have Dr. Ann Cavoukian with us today. Dr. Cavoukian is recognized as one of the world’s leading privacy experts and served an unprecedented three terms as the Information & Privacy Commissioner of Ontario, Canada. It was there that Ann created Privacy by Design, which has since been recognized an international standard and translated into 40 different languages across the world. Presently, Ann is the Distinguished Expert-in-Residence, leading the Privacy by Design Centre of Excellence at Ryerson University. She is also the author of two books, “The Privacy Payoff: How Successful Businesses Build Customer Trust” and “Who Knows: Safeguarding Your Privacy in a Networked World”. Joining Ann on today’s webinar is our very own Ivan Tsarynny. For the last few years, Ivan has centered his path on helping companies turn privacy compliance from a liability into a competitive advantage. He is a member of the GDPR Advisory Committee at the Standard Council of Canada, where he is dedicated to helping companies and organizations build a cohesive standard for privacy management. Ivan is also a serial entrepreneur and is currently, the CEO and Co-founder of Feroot Privacy, an Enterprise Privacy-as-a-Service Software Platform. Welcome Ann and Ivan! [Say Hello] Ann, I’m now going to hand over the controls to you.
  6. Add 2018 Stat.
  7. Add 2018 Stat.
  8. Potentially remove this slide?
  9. Ivan Transition:
  10. Steve Herrod of the VC firm, General Catalyst, told The Privacy Advisor that evaluating a company’s privacy practices is now part of his firm’s due diligence, especially when companies are storing customer data in cloud services. Find the Refference link.
  11. Look for 2018 stats
  12. update stats or take out talk about employee negligence - how to prevent this. # of Data Breaches: https://www.kroll.com/en-us/intelligence-center/press-releases/data-breach-reports-to-information-commissioner Poneman: Cost of a Data Breach https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=55017055USEN Source 77%: https://www.ibm.com/account/reg/us-en/signup?formid=urx-32352&ce=ISM0484&ct=SWG&cmp=IBMSocial&cm=h&cr=Security&ccy=US&cm_mc_uid=91526739692115438007052&cm_mc_sid_50200000=30046091543800705248&cm_mc_sid_52640000=57289621543800705265
  13. Update stats or take out
  14. Show most recent one with Mariott
  15. Show most recent one with Mariott
  16. FAQ here: how do you implement these.
  17. Thank you so much Ann! Great information. Again, if you have questions, please throw them into the chat box or Q&A, we’ll do our best to answer them. Now I’d like to introduce Ivan Tsarynny, who is going to show us in the next 10-15 minutes how to integrate privacy into your product and operations. Click to next slide. Ivan, take it away. Click to
  18. In many organisations, business, operations, legal, and IT tend to work in isolation. This is especially true of transformation, privacy, and IT-based projects, wherein the business quickly defines requirements, then throws them “over the wall” to operations or cross-functional teams. These teams implement the requirement, only to be find out unanticipated roadblocks. Your answers to our challenges also indicate similar results Privacy is not getting integrated across the organization. It’s important, but usually off on it’s own Coming in at the eleventh hour or as an afterthought. Increases chances of risk! In the Data Driven age – Privacy needs to work throughout the full data lifecycle in Marketing, Sales, Customer Service, HR, Finance and other organizational boundaries to drive growth. We call this Privacy Operations. Why is alignment so important? In many organisations, business, operations, legal, and IT tend to work in isolation. This is especially true of transformation, privacy, and IT-based projects, wherein the business quickly defines requirements, then throws them “over the wall” to operations or cross-functional teams. These teams implement the requirement, only to be find out unanticipated roadblocks. This is one of the most common examples of lack of alignment. For successful programs, the path to ROI is secured with a real partnership across all of the stakeholders from business to legal, privacy, marketing, sales, HR, and IT departments working together towards a common goal. This goal and vision should be discussed, agreed and clearly documented. Image Source: http://www.virtual.co.nz/index.php?n=Insights.TheCurseOfSilosSlownessAndSmall-ThinkingInLargeMatureOrganisations
  19. In many organisations, business, operations, legal, and IT tend to work in isolation. This is especially true of transformation, privacy, and IT-based projects, wherein the business quickly defines requirements, then throws them “over the wall” to operations or cross-functional teams. These teams implement the requirement, only to be find out unanticipated roadblocks. Your answers to our challenges also indicate similar results Privacy is not getting integrated across the organization. It’s important, but usually off on it’s own Coming in at the eleventh hour or as an afterthought. Increases chances of risk! In the Data Driven age – Privacy needs to work throughout the full data lifecycle in Marketing, Sales, Customer Service, HR, Finance and other organizational boundaries to drive growth. We call this Privacy Operations. Why is alignment so important? In many organisations, business, operations, legal, and IT tend to work in isolation. This is especially true of transformation, privacy, and IT-based projects, wherein the business quickly defines requirements, then throws them “over the wall” to operations or cross-functional teams. These teams implement the requirement, only to be find out unanticipated roadblocks. This is one of the most common examples of lack of alignment. For successful programs, the path to ROI is secured with a real partnership across all of the stakeholders from business to legal, privacy, marketing, sales, HR, and IT departments working together towards a common goal. This goal and vision should be discussed, agreed and clearly documented. Image Source: http://www.virtual.co.nz/index.php?n=Insights.TheCurseOfSilosSlownessAndSmall-ThinkingInLargeMatureOrganisations
  20. Customer data comes with responsibility. There are numerous regulations governing privacy in the world, including GDPR, PIPEDA, DPA, HIPAA, PIPA, CCPA. While compliance with these laws is clearly one of the drivers of Privacy Management Programs, it is only the baseline for our approach to privacy.
  21. Today’s privacy operating model was conceived during the era of fax machines and was continually updated with new requirements from the onset of transformation into the digital economy. As a result of this, ongoing management of privacy obligations became very complex. Many stakeholder touch-points must be routinely coordinated in order to process requests effectively and to be documented for compliance and legal purposes. Although most large companies have spent hundreds of thousands, if not millions, of dollars preparing for GDPR and other privacy regulations, our study found that most organizations are not yet ready to manage their processes effectively or efficiently and, as such, they leave themselves at risk of non-compliance.  
  22. After interviewing many data privacy, governance, access rights, cybersecurity, IT operations, enterprise planning, marketing, sales, and customer success experts across a wide variety of industries. We used this data to create the definitive Privacy Operations framework – PrivacyOps. PrivacyOps is a new department that manages the full cycle of data operations across customer, employee, and back-office lifecycles. PrivacyOps leaders provide key stakeholders (customers, employees, and partners) the means—through an automated, user-centric, and always up-to-date experience—to intuitively, easily and respectfully exercise their privacy and data access rights. It will help you stay on top of risks in a decentralized environment
  23. PrivacyOps creates benefits for the marketing, sales, customer services, HR, finance and other business areas, because PrivacyOps aligns a company around customer data. When applied effectively, this can lead to dramatically improved critical business metrics, including conversion rates, referrals, customer retention, and revenues. And have a compounding effect on every part of your business, from the efficiency of managing sensitive data to lowering risks of breaches, penalties and litigations, and increasing customer loyalty. Update image: Marketing, Sales, Service Delivery, Customer Retention, Operations (Back-office)
  24. PrivacyOps has one primary objective: transform an organization’s privacy perspective away from risk avoidance and towards opportunity-seeking and competitive differentiation.
  25. Culture and Stakeholder Alignment Step 1 – Align Your Team around Documented Privacy Goals   No stakeholder alignment = no results.   For successful programs, the path to ROI is secured with a real partnership across all of the stakeholders from business to legal, privacy, marketing, sales, HR, and IT departments working together towards a common goal. This goal and vision should be discussed, agreed and clearly documented. Action: One vision The first step is to engage and include all the relevant stakeholders and have full participation and alignment across all stakeholder groups. This vision should be articulated within commonly accepted business terms that are already part of your established culture and business practice.   3 steps to getting your stakeholders aligned   1. Identify your stakeholders.  First, make a list of the stakeholders for your project. Be specific - find out precise names and titles. We categorize using these seven types: The Sponsor: This is the person with real skin in the game, they will either get the recognition or take the fall. Financial decision-makers:  These are the people who decide whether your project gets funded. Strategic decision-makers: These are the people who have a problem that your project is expected to solve. Mobilizers and Champions: These are the people you can count on for moving things forward to evangelize the importance of the project. Blockers:  these people don’t have official power, but they can intentionally or unintentionally stop the project in its tracks. Influencers: These people have valuable opinions and insight to consider. Doers or Implementers: These are the people who execute parts of or the entire project. They have very specific knowledge, action items, and are accountable for deliverables.   2. Get them involved. Alignment is about getting stakeholders to participate, support, and execute the project. They should feel invested and committed. Proper communication is critical to ensure all stakeholders are involved in an engaged and supportive way. Everyone needs to be aware of your project objectives and updated on project progress. Some stakeholders will be more involved than others, but don’t underestimate the value and importance of stakeholders with less participation.   3. Objections are needs or concerns in disguise. Nurture communication and understanding between stakeholders to avoid surprise roadblocks later. Keep in mind that needs are likely changing as the project progresses. The more you know about stakeholders’ concerns, the better you can address them. Regularly pause, re-assess, and align.
  26. What Do You Have? Step 2 – Data Mapping As Ann mentioned, Data mapping is the first critical element in an organization’s privacy compliance process and will also greatly reduces risks associated with unauthorized personal information handling.   A successful data mapping exercise will help an organization answer these questions with confidence and will provide customers with the information that they expect concerning their personal data and its usage. Complete and maintain an accurate Data Processing Map. Review agreements with all vendors to cover all GDPR applicable articles. Compile and maintain an inventory of vendors. Implement a programmatic approach to managing vendor data-chain. Implement technologies to support vendor audits and SAR fulfillment compliance. Include vendor escalation processes and embed remediation plans.  
  27. PrivacyOps has one primary objective: transform an organization’s privacy perspective away from risk avoidance and towards opportunity-seeking and competitive differentiation.
  28. Step 4 – What do Consent and Information Notices, Disclosures, and Controls mean in the context of GDPR?   GDPR states that Consent must be freely given, specific, informed and unambiguous. you should always get advice from your legal counsel.   Recommended action: Collect consent and maintain proof of collected consent unless you are relying on processing data being done under other lawful proposes. Step 4 – GDPR Requires Changes to how your Products and Services functions Key requirements Legally valid for processing data Identify each third party and their usage of personal data Retain records Ability for users to revoke consent Obtaining Consent Give customers the choice and the ability to obtains consent and revoke consent as easily as they gave it Managing Consent Respect your customer’s choice and manage data restrictions downstream to third parties Collecting Data Tell users the intent of data collection and what data you will collect Processing Data Process Data in a way that is consistent with user privacy expectations   Plain language notices Clear retention and deletion policies User controls for retention and deletion Limit data processing based on the intended purpose Third country and third party sub-processor disclosure Breach notification readiness Audit readiness   This is not enough   Full Transparency upon consent collection   Traditional Customer Experience
  29. Use Amity or Citada Here’s how a mature vendor would look like. Step 5 – Third-Party Sub-Processor Vendor Management   every data controller should review how it handles data and its relationship with its providers, and how data processors manage their own vendors/processors, and how GDPR subject rights will be enforced across the entire data processing chain. How can third-party vendors (processors) support data controllers in responding to SARs? In many cases, the initial contact from subject comes directly to the controller or the data processor. However, the data processor is not responsible for responding to the SAR by default. Action: Initiate SAR fulfilment and record keeping processes. Data controllers and data processors need to prepare to handle SARs in a coordinated and prepared manner. At the start of the data collection, data processors should provide clear information notices that will inform the subject of their rights under GDPR. Organizations should be able to provide confirmation as to purpose, location, extent, duration of data processing, and confirmation of the data retention period. The data processor should manage personal data in a way to ensure that information can be identified quickly and easily. The data controller and processor should establish an approach to respond to any SAR easily and preferably in an automated fashion. Training of all staff on how a SAR process is done. FAQ section on the processor’s website relating to SARs. A self-serve portal for SARs. Agreement between the data controller and processors. This includes contractual provisions with the data controller on how SARs are to be handled, and immediate communication from data controller to processors to inform them of the SAR, to fulfill the request and keep auditable records of all steps.
  30. Use Amity or Citada Here’s how a mature vendor would look like. Step 5 – Third-Party Sub-Processor Vendor Management   every data controller should review how it handles data and its relationship with its providers, and how data processors manage their own vendors/processors, and how GDPR subject rights will be enforced across the entire data processing chain. How can third-party vendors (processors) support data controllers in responding to SARs? In many cases, the initial contact from subject comes directly to the controller or the data processor. However, the data processor is not responsible for responding to the SAR by default. Action: Initiate SAR fulfilment and record keeping processes. Data controllers and data processors need to prepare to handle SARs in a coordinated and prepared manner. At the start of the data collection, data processors should provide clear information notices that will inform the subject of their rights under GDPR. Organizations should be able to provide confirmation as to purpose, location, extent, duration of data processing, and confirmation of the data retention period. The data processor should manage personal data in a way to ensure that information can be identified quickly and easily. The data controller and processor should establish an approach to respond to any SAR easily and preferably in an automated fashion. Training of all staff on how a SAR process is done. FAQ section on the processor’s website relating to SARs. A self-serve portal for SARs. Agreement between the data controller and processors. This includes contractual provisions with the data controller on how SARs are to be handled, and immediate communication from data controller to processors to inform them of the SAR, to fulfill the request and keep auditable records of all steps.
  31. Use Amity or Citada Here’s how a mature vendor would look like. Step 5 – Third-Party Sub-Processor Vendor Management   every data controller should review how it handles data and its relationship with its providers, and how data processors manage their own vendors/processors, and how GDPR subject rights will be enforced across the entire data processing chain. How can third-party vendors (processors) support data controllers in responding to SARs? In many cases, the initial contact from subject comes directly to the controller or the data processor. However, the data processor is not responsible for responding to the SAR by default. Action: Initiate SAR fulfilment and record keeping processes. Data controllers and data processors need to prepare to handle SARs in a coordinated and prepared manner. At the start of the data collection, data processors should provide clear information notices that will inform the subject of their rights under GDPR. Organizations should be able to provide confirmation as to purpose, location, extent, duration of data processing, and confirmation of the data retention period. The data processor should manage personal data in a way to ensure that information can be identified quickly and easily. The data controller and processor should establish an approach to respond to any SAR easily and preferably in an automated fashion. Training of all staff on how a SAR process is done. FAQ section on the processor’s website relating to SARs. A self-serve portal for SARs. Agreement between the data controller and processors. This includes contractual provisions with the data controller on how SARs are to be handled, and immediate communication from data controller to processors to inform them of the SAR, to fulfill the request and keep auditable records of all steps.
  32. PrivacyOps leaders provide key stakeholders (customers, employees, and partners) the means—through an automated, user-centric, and always up-to-date experience—to intuitively, easily and respectfully exercise their privacy and data access rights. Privacy and Access controls systems detect, predict, and report non-compliant events; they operate across all departmental and intra-organizational boundaries; and they are always prepared to demonstrate proof of privacy and access compliance. Individuals can intuitively and easily exercise their rights via an up-to-date user-centric experience, and be assured that their rights are respected. Privacy and Access controls are part of technology solutions. Fulfilling privacy and access obligations is a routine and automated activity. Privacy and Access controls systems detect, predict, and report non-compliant events. Privacy and Access natively operates across all departmental and intra-organizational boundaries without data and information silos. Organizations are always prepared to demonstrate proof of privacy and access compliance.
  33. PrivacyOps is a new organizational model that increases competitive advantage and regulatory compliance through measurable improvements of operational effectiveness and efficiency across information and data lifecycles.   PrivacyOps unifies the key silos of privacy and access management across the information silos such as customer information, medical records, employee data, back-office operations, and other organizational silos.   PrivacyOps unifies privacy operations across all functional areas, freeing them up to focus on their immediate key business objectives. PrivacyOps unifies privacy and access operations and transforms it into a smoothly operating machine. PrivacyOps provides harmonization, simplification, alignment, and focus that will provide privacy compliance and ultimately a competitive advantage by increasing customer trust; and helps increase core metrics like conversion rates, referrals, customer retention, and revenues. 1 - Harmonization and Alignment PrivacyOps aligns departments and their stakeholders. This ensures privacy initiatives have a measurable business impact. When an organization is aligned, it generates more revenue at a reduced cost, and brings new data-driven products to the market.   2 – Customer-focused Product and Service Changes GDPR and other privacy regulations require changes to policies, operations, and products, not just for compliance reasons but also to foster user trust. The PrivacyOps framework enables organizations to operationalize privacy effectively, achieve proper consent management, maintain accurate data inventorization, and augment user transparency, and privacy controls.   3 - Removing Overhead Helps Focus Operations on the Key Objectives PrivacyOps assumes operational and technical privacy overheads that allow marketing, sales, customer service, HR, and other departments to focus on their core goals, objectives, and KPIs. 4 - Planning and Operations PrivacyOps helps to identify and remove roadblocks. It works with the concept of accountability, careful planning, and the implementation of privacy operational controls across the full data lifecycle flow and across departmental, organizational, franchise and other enterprise boundaries. These benefits transform privacy from a risk avoidance function into a business that increases, revenue and market share.
  34. Feroot Global Privacy Database allows you to quickly and efficiently manage third-party vendors across applications, both dynamically and automatically. No more chasing down vendors for their latest privacy agreements. No more updating stale spreadsheets. Enter information once, connect to third-party party vendors, and everything from consent management to documentation flows appropriately and continually to the key stakeholders. Your organization will save time, resources, and money, and avoid the tedious task of updating data flow charts every time a new vendor is added to your tech stack.   Feroot Privacy platform helps implement PrivacyOps frameworks that will unify, automate and coordinate all aspects of GDPR Subject Access Request compliance obligations. Feroot effectively manages all stakeholder touch-points and supports an organization’s ability to process requests efficiently and to document responses for compliance and legal purposes.
  35. Feroot Global Privacy Database allows you to quickly and efficiently manage third-party vendors across applications, both dynamically and automatically. No more chasing down vendors for their latest privacy agreements. No more updating stale spreadsheets. Enter information once, connect to third-party party vendors, and everything from consent management to documentation flows appropriately and continually to the key stakeholders. Your organization will save time, resources, and money, and avoid the tedious task of updating data flow charts every time a new vendor is added to your tech stack.   Feroot Privacy platform helps implement PrivacyOps frameworks that will unify, automate and coordinate all aspects of GDPR Subject Access Request compliance obligations. Feroot effectively manages all stakeholder touch-points and supports an organization’s ability to process requests efficiently and to document responses for compliance and legal purposes. CLICK TO NEXT SLIDE
  36. Amazing, thank you Ivan and Ann. Some great information there. And now, we’d like to specifically address the challenges you shared with us.
  37. Challenge #1: Building awareness across your organization. This was a very common theme and issue for everyone. Ann, in two mins or less, what do you recommend to help everyone stay on the same page when it comes to privacy, knowing what to share, not share, what the strategy is, the rules etc.?
  38. Challenge #2 - Managing Decentralized Risks. Ivan, this one is for you. When the data, consent etc is everywhere…across applications and devices, how do you improve visibility into controls and across third-parties?
  39. Okay and last challenge before we take some questions. Getting buy-in when there are competing priorities. Ann, Ivan — what do you recommend people say here— how do you convince others or your execs that privacy is a top priority for business?
  40. And it looks like we have time or 1 or 2 quick questions from the audience. 1. 2. OR Okay, it looks like we’ve run out of time for more questions, but we will get back to you! In the meantime, keep em coming. Email us questions@feroot.com If there is something you really want to know, we have a community of experts we can tap into for the answers and we will get back to you.
  41. Great, thank you everyone. We will follow up with a recording tomorrow as well as some links to resources.
  42. And stay tuned for our next webinar in January 2019 on Best Practices for Transparency Notices, Managing Consent, Data Mapping and more.
  43. Thank you again, have a great day. Follow us on twitter, linkedin or email us at questions@feroot.com And if you have some feedback for us, we’re popping in the link to the survey in the chat.