1. ONLINE PRIVACY REGS
DO THEY AFFECT YOU?
AAO 2019, Tech Pav
Randall Wong, M.D.
Grant Wong, MS III

2. Financial Disclosure
• I have the following financial interests or relationships to
disclose:
• Co-Founder:
• Medical Marketing Enterprises, LLC
• Sunrise Hosting Services, LLC
• RussandRandy.com

3. Randall Wong, M.D.
• Ophthalmologist
• Online Marketing
• Medical Marketing Enterprises, LLC
• Healthcare & Medical Internet Marketing
• SEO
• Reputation Management
• Sunrise Hosting Services, LLC
• Managed website hosting (virtual IT)

4. Goals
• GDPR
• Privacy
• HTTPS

5. GDPR
Data can not be stored on publicly accessible spreadsheets
or unprotected documents. (Google, Dropbox, etc.)
Data can no longer be collected without explicit permission.
Data can no longer be collected without a detailed
description of how and what it will be used.
Users must have an easy way to withdraw consent and
have their data erased.
Organizations must have clear processes to
detect, report and investigate data breaches.

6. GDPR – General Data Protection Reg
• May 25, 2018
• Applies to any organization that collects and stores
personal data on European (EU) users on websites.
• Aimed at protecting personal data of EU residents
• 4% of global revenue
• $ 24 million
• € 20 million

7. Does Your Website
• Collect personal data
• Attract visitors from EU?
• Examples:
• Comments
• Contact Forms
• Opt In
• Analytics
• Security Tools/Plugins

8. Privacy - Data
• Name
• Phone
• Address
• IP address
• Cookie History
• Health/Mental Data
• Racial/Cultural/Ethnic
• Political Opinions
• Sexual Orientation

9. Checklist
• HTTPS
• Create cookie policy
• Privacy policy – how do you collect and protect user data
• Prove consent from users – keep records
• Avoid pre-ticked boxes on sign-up forms
• Opt-in vs. opt-out
• Easy option to withdraw consent and remove data

10. Checklist
• Website content and inquiry forms must use SSL
• Analytics must be GDPR compliant
• Pseudonymization/anonymization - Database must store
information by account name only and not by account
information
• This list is not complete nor necessarily accurate

11. What Can You Do?
• All forms and website requests  opt-in
• Easy opt out with instructions
• Cookie alert banner
• Update privacy policy and terms of use to use GDPR
terminology
• Block EU traffic?

12. Cookie Alert Banner
• This site uses cookies to analyze traffic and for ad
measurement purposes

13. Cookies
• Tiny files sent to your browser to allow a website to
remember your preferences to present you with
customized web pages.
• Examples
• Shopping preferences

14. HTTPS
• HyperText Transfer Protocol Secure
• Created due to lack of Security
• Insures security between website (server) and browser
• Data/Communications are encrypted
• Prevents “Man-in-the-Middle” Attacks
• HTTPS – Deals only with communications between your
computer and a website.

15. Man In the Middle
HTTP

17. HTTPS – Encrypted and Secure

18. SSL – Secure Socket Layer
• A certificate issued to allow the HTTPS designation to
your URL
• SSL allows HTTP -- HTTPS

19. Why Need SSL
• Protect privacy
• Credit Card information
• Websites with eCommerce
• Personal information
• Shopping history
• Browsing history
• Information you receive is as intended
• SEO – without HTTPS you don’t rank as well

20. #1 Reason you need HTTPS
• Chrome 62 - SEO
• Websites without HTTPS are going to be flagged as “Not
Secure”

21. Site is Not Secure
• Not Trusted
• Affects Your Brand
• Outdated
• Website not trusted
• Business not trusted
• Hosting Company
• Purchase SSL
• Renewable
• Free

22. “Safety and Security….Trust”

23. To Your Success!
Randall V. Wong
Randall.V.Wong@gmail.com