The document outlines the concepts of privacy and personally identifiable information (PII), including the significance of sensitive PII and various privacy laws such as the Children’s Online Privacy Protection Act. It provides a seven-step framework for privacy management that includes assessing, planning, drafting, implementing, disclosing, growing, and revisiting privacy practices. Additionally, it highlights general privacy tips and the importance of compliance with both national and international regulations.

1. THE ABC’s of
PRIVACY &
SECURITY

2. Disclaimer
Lawyers

3. what is privacy?

6. Personally Identifiable Information (PII)

7. “Personally identifiable information” is information
that identifies a particular person. “Pii” includes:
!
•
•
•
•
•
•
•
•
•
•
•
•
•
Full name;
National identification number;
IP address;
Vehicle registration plate number;
Driver’s license number;
Face;
Fingerprints;
Handwriting;
Credit card numbers;
Digital identity;
Date of birth;
Birthplace; and
Genetic information.

8. Sensitive PII
!
•
•
•
•
•
•
•
•
Information on Medical or Health Condition;
Financial Information;
Racial or Ethnic Origin;
Political Opinion;
Religious or Philosophical Beliefs;
Trade Union Membership;
Sexual Preference; and
Information Related to Criminal Offenses or
Convictions.

9. Digital Data Privacy law is complicated.

10. Nationwide legislation is industry specific.

11. General Accepted Privacy Principles
(GAPPs)

12. General Accepted Privacy Principles
(GAPPs)
!
1. Notice
2. Consent
3. Use, Retention and Disposal
4. Monitoring and Enforcement

13. California
!
Do Not Track
!
Data Breach Notification
!
No Surprises Approach to Mobile from the AG’s
Office
!
Digital “Eraser” Law for Minors
!
!
!
!
!

14. privacy law abroad.
international compliance.

15. Main Principles of the EU-US Safe Harbor
!
1. Notice
2. Choice
3. Onward Transfer
4. Access
5. Security
6. Data Integrity
7. Enforcement

16. kidz online.
yes, different rules apply.

17. Children’s Online Privacy Protection Act
!
Requires websites to get parental consent before
collecting or sharing info for children under 13.
!
Enforced by the Federal Trade Commission.
!
Applies to commercial websites and other online
services.
!
!
!

18. getting prepped
Privacy Management in Seven Steps

19. Seven Steps for Privacy Management
!
1.
2.
3.
4.
5.
6.
7.
Assess
Plan
Draft
Implement
Disclose
Grow
Rinse & Repeat
!
!
!
!

20. Seven Steps for Privacy Management
!
Assess
!
!
!
!

21. Conducting an assessment on privacy and data
security.

22. type
Audit:
amount
use
intake

23. Seven Steps for Privacy Management
!
Plan
!
!
!
!

24. Seven Steps for Privacy Management
!
Draft
!
!
!
!

25. What Your Privacy Policy Should Say
!
!
!
!

26. What Your Privacy Policy Should Say
!
How Data is Collected and Stored
!
!

27. What Your Privacy Policy Should Say
!
Choice & Consent
!
!

28. What Your Privacy Policy Should Say
!
Data Retention
!
!

29. What Your Privacy Policy Should Say
!
Redress of Grievances
!
!

30. What Your Privacy Policy Should Say
!
Mobile Application Disclosure & Disclaimer
!
!

31. Seven Steps for Privacy Management
!
Implement
!
!
!
!

32. What Your Team Should Know
!
Where the Privacy Policy is located
!
!

33. What They Should Know
!
What kind of data you should collect
!
!

34. What They Should Know
!
How to handle basic customer privacy concerns
!
!

35. Seven Steps for Privacy Management
!
Disclose
!
!
!
!

36. Seven Steps for Privacy Management
!
Grow
!
!
!
!

37. Seven Steps for Privacy Management
!
Rinse & Repeat
!
!
!
!

38. Avoiding the “Oh, crap.”
General Privacy Tips

39. Where Trouble Arises
!
Failing to respond to a complaint from the public
!

40. Where Trouble Arises
!
Don’t over-promise
!

41. Where Trouble Arises
!
When in doubt, talk to your risk management or
legal teams

42. Where Trouble Arises
!
Appropriate account access minimizes liability

43. Where Trouble Arises
!
Use common sense

45. We just scratched the surface.

46. ?

47. Lawyer
Christina Gagnier
@gagnier
gagnier@gamallp.com
gamallp.com

48. THE ABC’s of
PRIVACY &
SECURITY