Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

EXPERT WEBINAR: Integrate Privacy into Business & Product, with Dr. Ann Cavoukian

566 views

Published on

Hear from Dr. Ann Cavoukian, world-renowned privacy expert, and Ivan Tsarynny, CEO and Co-founder of Feroot Privacy, and learn how you can make privacy a collective effort across your entire organization and an integral part of product, operations, sales and marketing.

You will learn:
- How to create a business case for privacy that's benefits-focused and persuasive
- Best practices for giving customers more control over their data by integrating privacy with marketing & sales
- New ways of streamlining processes and bridging data across departments
- Strategies for creating a culture of privacy and a win-win business outcome
- Frequently asked questions (and answers!)

Published in: Technology
  • Be the first to comment

EXPERT WEBINAR: Integrate Privacy into Business & Product, with Dr. Ann Cavoukian

  1. 1. 5 Ways to Integrate Privacy into Your Business Strategy & Product | EXPERT WEBINAR SERIES Ivan Tsarynny Founder & CEO of Feroot Dr. Ann Cavoukian the Privacy by Design Centre of Excellence Wednesday, Dec. 5th, 2:00 PM (ET)
  2. 2. Lori Smith Webinar Host Marketing Manager, Feroot HELLO! Sandra Feng Q&A, Technical Support Privacy Expert-in-Training, Feroot
  3. 3. Optimize your Webinar Experience Raise Your Hand if… Can’t You Hear? Having Trouble? Chat your thoughts or questions Ask Questions, See Answers!
  4. 4. Part 1 ● The Foundational Principles of Privacy by Design ● Building the Business Case for Privacy ● 5 Ways to Minimize Risk ● Integrating Privacy into Marketing Part 2 ● Integrating Privacy into Operations Part 3 ● Your #1 Top Challenges & FAQs Agenda for today
  5. 5. Dr. Ann Cavoukian, PhD 3-term Information and Privacy Commissioner of Ontario, currently leading the Privacy by Design Centre of Excellence at Ryerson University. Featured Presenters Ivan Tsarynny Founder & CEO of Feroot, Member of GDPR Advisory Committee at Standard Council of Canada
  6. 6. [
  7. 7. LET’S DISPEL THE MYTHS
  8. 8. =PRIVACY SECRECY
  9. 9. =PRIVACY CONTROL
  10. 10. Privacy = Personal Control
  11. 11. Privacy is Essential to Freedom A Necessary Condition for Societal Prosperity and Well-Being ● Innovation, creativity, and the resultant prosperity of a society requires freedom; ● Privacy is the essence of freedom: Without privacy, individual human rights, property rights and civil liberties – the conceptual engines of innovation and creativity, could not exist in a meaningful manner; ● Surveillance is the antithesis of privacy: A negative consequence of surveillance is the usurpation of a person’s limited cognitive bandwidth, away from innovation and creativity.
  12. 12. The Decade of Privacy by Design
  13. 13. Adoption of “Privacy by Design” as an International Standard Full Article: http://www.science20.com/newswire/landmark_resolu tion_passed_preserve_future_privacy
  14. 14. The majority of privacy breaches remain unchallenged, unregulated ... unknown Regulatory compliance alone, is unsustainable as the sole model for ensuring the future of privacy Most privacy breaches remain undetected – as regulators, we only see the tip of the iceberg
  15. 15. Privacy by Design: Proactive in 40 Languages!
  16. 16. Get Rid of the Dated Win/Lose, Zero-Sum Models!
  17. 17. Positive-Sum Model: The Power of “And”
  18. 18. Privacy by Design:The 7 Foundational Principles
  19. 19. Operationalizing Privacy by Design
  20. 20. Letter from JIPDEC – May 28, 2014
  21. 21. GDPR: General Data Protection Regulation
  22. 22. E.U. General Data Protection Regulation
  23. 23. The Similarities Between PbD and the GDPR
  24. 24. The Similarities Between PbD and the GDPR
  25. 25. Privacy Commissioner of Canada: Annual Report https://www.priv.gc.ca/en/opc-actions-and- decisions/ar_index/201617/ar_201617/#heading-0-0-3-1 Sept. 21, 2017
  26. 26. https://www.ourcommons.ca/Content/Committee/421/E THI/Reports/RP9690701/ethirp12/ethirp12-e.pdf 42nd Parliament, First Session February, 2018
  27. 27. Privacy by Design Certification
  28. 28. Privacy by Design Certification
  29. 29. Canadian Companies Have Taken the Lead with PbD Certification
  30. 30. [
  31. 31. The Bottom Line
  32. 32. Cost of Taking the Reactive Approach
  33. 33. First “Privacy Marketplace” International Consumer Electronics Show, Las Vegas “ Privacy is a hot issue right now. It’s on everyone’s radar … Consumers asking about privacy – that was the big takeaway. These companies in the privacy marketplace, in large part aren’t advocates. They’re entrepreneurs looking to capitalize on market opportunity. They expect a larger privacy marketplace next year and for brands to incorporate “privacy” into their marketing… Anyone, everyone, can understand the need for privacy.” Victor Cocchia CEO, Vysk Speaking at CES: Jan, 2015
  34. 34. Guard Your Reputation
  35. 35. Pew Research Internet Project
  36. 36. Pew Research Internet Project • 75 percent will not buy a product from a company — no matter how great the products are — if they don’t trust the company to protect their data 2018 2014
  37. 37. The Online “Privacy Lie” Is Unraveling Joseph Turow and Michael Hennessy, University of Pennsylvania Nora Draper, University of New Hampshire Source: TechCrunch http://techcrunch.com/2015/06/06/the-online-privacy-lie-is-unraveling/
  38. 38. 2014 Survey of Canadians on Privacy Office of the Privacy Commissioner of Canada
  39. 39. Trends and Challenges: Consumer Confidence People choose to give their business to firms with good “data hygiene” – new evidence suggests that consumers are seeking out companies that will protect their privacy.
  40. 40. Customers Value Privacy 75 per cent will not buy a product from a company — no matter how great the products are — if they don’t trust the company to protect their data Source: 2018 IBM, Harris Poll “ ”
  41. 41. Evaluating a company’s privacy practices is now part of his firm’s due diligence, especially when companies are storing customer data in cloud services. “ ” Steve Herrod of the VC firm, General Catalyst, IAPP, The Privacy Advisor Privacy Accelerates Sales & Investments
  42. 42. 1. Accelerate Buying & Sales Cycles 2. Grow Customer Loyalty and Trust 3. Reduce Privacy Compliance Costs 4. Mitigate Penalties 5. Future-proof Your Defensibility and reduce Ligations and Enforcements with Strong Proof of Records The Business Case for Privacy
  43. 43. [
  44. 44. 9,053,156,308 Data records lost or stolen since 2013
  45. 45. 1.1 Billion Identities Stolen in 2016 - 2018
  46. 46. Only 4%of breaches were “Secure Breaches” - where encryption was used and the stolen data was rendered useless
  47. 47. $3.8 Million Global Average Total Cost of a Breach ( Poneman Institute – “The 2018 Cost of a Data Breach Study”)
  48. 48. ● Data breaches are up 75% in two years, finds a report from the Information Commissioner (ICO) ● 52% of breaches are due to employee negligence and failed business processes ● 77% percent of respondents still lack a formal cybersecurity incident response plan (CSIRP) that is applied consistently across the organization, a figure that is largely unchanged from the previous year’s study. (Poneman Institute, 2018) Data Breaches
  49. 49. An Epidemic of Breaches
  50. 50. Data Breaches Continue...
  51. 51. Data Breaches Continue...
  52. 52. Identity Theft
  53. 53. Boards really want to understand the operational risk to their company, along with the plans for how one wants to handle risk and reduce the impact. “ ”
  54. 54. [
  55. 55. Data Minimization1
  56. 56. De-Identification2
  57. 57. Dispelling the Myths about De-Identification…
  58. 58. 5 Standards on De-Identification, Taking a Risk-Based Approach, Cont’d.
  59. 59. 5 Standards on De-Identification, Taking a Risk-Based Approach, Cont’d.
  60. 60. Do you have a Data Map?3
  61. 61. Privacy Impact Assessments (Intended to be an Analytical Process) 4
  62. 62. Data Breach Response5
  63. 63. [
  64. 64. Privacy and Marketing
  65. 65. “By adopting a privacy-by-design mentality, we can begin to transform ideas like these into best practices that have long-term benefits for both consumers and brands. Let's lead the way.” Privacy and Marketing
  66. 66. Three Key Points to Help Marketers
  67. 67. Key Takeaways from CMA Talk ❏ Evolve from fine print to more transparent disclosure strategies. ❏ Make privacy a positive part of the brand experience. ❏ Increase consumer trust right out of the gates. Privacy can be your competitive advantage. ❏ Be deliberate and proactive: lead with Privacy by Design rather than privacy by chance. ❏ Privacy is good for business!
  68. 68. Concluding Thoughts - Minimizing Risks
  69. 69. Contact Information @AnnCavoukian
  70. 70. Privacy by Design: The Global Privacy Framework Dr. Cavoukian is offering the definitive Privacy by Design Online Course at Ryerson University Should you wish to sign up for 2019 registration list, visit: https://www.ryerson.ca/pbdce/privacy-by-design-chang-school-course/
  71. 71. [
  72. 72. Privacy = Silos
  73. 73. GDPR = Policy, Process, and Product Changes
  74. 74. GDPR DSR – Data Subject Rights Framework
  75. 75. Legacy Processes Fulfilling GDPR Art. 12 to 23
  76. 76. Introducing PrivacyOps
  77. 77. PrivacyOps has one job: drive growth through a responsible use of data by embedding privacy controls into products and services.
  78. 78. PrivacyOps = Growth
  79. 79. Key Objective: Competitive Differentiation • What does privacy mean for my business? • What changes do we need to make?
  80. 80. [
  81. 81. Culture & Stakeholder Alignment Marketing Sales Operations HR Vision, Goals & Strategy IT 1
  82. 82. Data Mapping What Do We Have? • Assessment • Data Processing • Data Inventory • Data Mapping Consumer Data Database 2 Database Processor 1 Processor 2 Processor 4 Processor 4 2
  83. 83. Data Inventory Management (aka The Data map) Today: • Static • Manual • Error-prone Dynamic Data Inventory Management: • Easy • Automated • Accurate • Always-Up-to-Date Global Application Catalog 1. Comprehensive metadata registry 2. Centrally-managed applications 3. Unified privacy document management
  84. 84. Privacy UX (user-experience)3
  85. 85. Third-Party Vendor Management4
  86. 86. Get Started.5 “The first secret of getting ahead is getting started.”
  87. 87. Example of a Third Vendor Privacy Profile
  88. 88. PrivacyOps: Let’s Review the Concepts User-Centric Individuals can intuitively and easily exercise their rights via an up-to-date user-centric experience, and be assured that their rights are respected. Access Controls Privacy and Access controls are part of technology solutions. Automated Fulfilling privacy and access obligations is a routine and automated activity. Proof & Record Keeping Organizations are always prepared to demonstrate proof of privacy and access compliance Predict & Detect Privacy and Access controls systems detect, predict, and report non-compliant events. Intra-Organizational Privacy and Access natively operates across all departmental and intra- organizational boundaries without data and information silos.
  89. 89. Results in... Competitive Advantage Alignment & Harmonization Customer-Focused Product Changes Controls across the full data lifecycle flow
  90. 90. Thank You! Ivan Tsarynny CEO, Co-Founder FerootPrivacy @FerootPrivacy @Ivan_Tsarynny linkedin.com/company/feroot/ ivan@feroot.com
  91. 91. About Feroot Feroot is a PrivacyOps platform that helps operationalize privacy management across all departments and data silos. It helps organizations move from static data flow maps into a dynamic, continually updated, and accurate data registry.
  92. 92. [
  93. 93. Challenge #1 : Awareness across your organization 1. How do you get privacy awareness in all areas of the business? Especially Execs, Developers & Data Scientists? 2. What is the best practice to make sure everyone receives the right privacy training? 3. How do you ensure all staff know the rules & integrate privacy into their work habits?
  94. 94. Challenge #2 : Managing Decentralized Risks How do you improve visibility into controls across IT services and third-party vendors?
  95. 95. Challenge #3 : Competing Priorities, Getting Buy-in 1. How do you overcome cross-functional challenges of competing priorities? 2. How do you balance what can be done with what end users will actually adopt? 3. How do you get buy-in when there is next to no budget for education and certifications?
  96. 96. More Questions? Email: questions@feroot.com
  97. 97. Yes! You will receive a recording of this webinar and links to related resources.
  98. 98. Next Webinar: January 2019  Transparency Notices  Managing Consent  Data Mapping  Latest Policy Updates  Training Staff @FerootPrivacy
  99. 99. THANK YOU! questions@feroot.com @FerootPrivacy linkedin.com/company/feroot/ Tell us what you thought here: Link in Chat Box: https://feroot.typeform.com/to/jz5Iti

×