This document summarizes key points from a presentation on cloud privacy updates and what businesses need to know. It discusses the growing issue of data breaches, providing statistics on the number of breaches and records compromised in 2011. It outlines how brands can protect themselves by implementing technical security measures, conducting risk assessments, and complying with relevant privacy laws. The presentation also reviews tools and resources available to businesses to monitor their online reputation and ensure email marketing compliance.

1. Cloud Privacy Update:
What You Need To Know
David Fowler
July 24, 2012
Proprietary & Confidential

2. David Fowler
Chief Privacy & Deliverability
Officer
@ActOnSoftware
#AOWEB

3. Today’s Agenda
 Data Breach Updates for 2012
 How to Protect Your Brand
 Commercial Email: State of the State
 Reputation Resources: Tools You Can Use
 Privacy Bill of Rights
 Wrap Up
Proprietary & Confidential 3

4. Not a day seems to go by without an
announcement of a brand and a recent
data compromise.
Will yours be next?
Proprietary & Confidential 4

5. Q: $6.5 Billion
A: Data breach impact to U.S.
businesses
Source: OTA
Proprietary & Confidential 5

6. 2011 Data Breach Highlights
558 breaches
126 million records
76% server exploits
92% avoidable
$318 cost per record
$7.2 million average cost of each breach
$6.5 billion impact to U.S. businesses
Source: OTA
© 2012 All rights reserved. Online Trust Alliance (OTA)

7. What do they have in common?
© 2012 All rights reserved. Online Trust Alliance (OTA)

8. © 2012 All rights reserved. Online Trust Alliance (OTA)

9. Why Care?
“We have spent over 12 years building
our reputation and trust. It is painful to
see us take so many steps back due to a
single incident.”
Zappos CEO, Tony Hsieh
© 2012 All rights reserved. Online Trust Alliance (OTA)

10. Why Care?
What has changed?
 Data driven economy – “Big Data”
 Multi-Channel & blurring of on & off-line data
 Evolving definitions of PII and coverage information
 Complexity and dynamic regulatory environment
 Reliance of service providers & cloud services
 Shift from a PC centric to users with multiple devices
 Increased sophistication of the cyber-criminal
© 2012 All rights reserved. Online Trust Alliance (OTA)

11. Data breaches, what are they after?
 Organizations who store large amounts of customer data
are attractive targets for identity thieves
 Data is the new currency for the dark side
 Thieves target personal, financial and other PII:
 Names and Addresses
 Phone Number
 Email Address
 Social Security Numbers
 Bank Account Numbers
 Credit and Debit Card Numbers
 Account Passwords
 Security Questions and Answers
Source: Zeta Interactive
Proprietary & Confidential 11

12. Data breaches, how do they work?
 Attacks can take many forms
 Phishing
 Hacking
 Malware
 Hardware Theft
 Exploiting of Accidental Release
 Data Spill, Improper Disposal of Digital Assets, Other Accidents
 Thieves use stolen data to victimize customers
 Financial Fraud - All Forms and Types
 Use of Stolen Information to Commit Additional Crimes
 Money Laundering
 Criminal Impersonation, Stalking and Harassment
 Terrorism
Source: Zeta Interactive
Proprietary & Confidential 12

13. What are the privacy laws?
Federal Laws
• FTC Act
• Sarbanes-Oxley
• HIPPA / COPPA
States Laws
• Breach Notifications
• Data Encryption
• SSN Protection
Local Laws
• Wireless Networks
International Laws
• EU Data Protection Directive / UK Cookie Tracking
Professional / Trade Protocols
Source: Zeta Interactive
Proprietary & Confidential 13

14. What are the impacts?
Data breaches affect
every aspect of the  IT
 Security audits and scrutiny
company:
 Infrastructure changes
 Financial
 Litigation  Marketing & Communication
 PR & crisis management
 Business loss & focus
 Brand degradation & mistrust
 Stock devaluation
 Identity protection
 Legal
 Government regulations
services & support  Government notifications
 PR & Marketing activity  Class action lawsuits
Source: Zeta Interactive
Proprietary & Confidential 14

15. Protect your brand.
 Technical security is a critical first step
 Review all your potential internal loopholes
 Conduct a comprehensive risk assessment
 Identify threats
 Analyze potential harm
 Identify reasonable mitigation
 Understand the legal landscape
 Implement policies and procedures consistent with above
 Develop a written information security program and incident
response
 Periodically review the program to guard against new and evolving threats
 Require your vendors to employ best security practices
 Contractual language and penalties for non compliance
 Make privacy a corporate mandate for adoption
Proprietary & Confidential 15

16. Tools you can use.
Seek guidance from your legal teams
Consider a third-party privacy seal for compliance
Register cousin domains that look like yours
• This will protect your brand online and avoid Phishing issues
Keys to consumer trust
• Notice: Say what you are going to do and do it
• Consent: Ask for permission
• Choice: Allow your customers options
Be transparent online - don’t hide your activities
Update your privacy policy regularly
Proprietary & Confidential 16

17. Commercial email state of the state
 Email Deliverability = Brand Management
 Brand Management = Email Reputation
 Good Email Reputation = Better Deliverability
 Better Deliverability = Builds Consumer TRUST
 Better Consumer Trust = Drives Engagement
 More aggressive filter implementation on ISP level
 More streamlined industry organization/cooperation
 Continued legal/privacy/technology issues remain
 More informed clients as access to information is available
 There are still No Guarantees for delivery to any inbox
Proprietary & Confidential 17

18. A word on reputation
Majority of deliverability issues are based on reputation
The data that affects reputation includes:
• Email authentication implementation
• Email volumes
• Complaint rates
• Hard bounce rates
• Spam trap hits
• Consumer engagement: clicks / opens / conversions
To protect reputation:
• Monitor the sends consistently
To repair reputation:
• Fix the problems data integrity / confirmed opt-in
Proprietary & Confidential 18

19. Reputation resources
Proprietary & Confidential 19

20. The Consumers Privacy Bill of Rights
Privacy Right Definition
A right to exercise control over what personal data companies
Individual control
collect and how they use it.
A right to readable and accessible information about privacy
Transparency
and security practices.
A right to expect that companies will collect, use and
Respect for Context disclosure personal data in ways consistent with the context
where data was shared.
Security A right to secure and responsible handling of personal data.
A right to access and correct personal data in usable formats,
Access and Accuracy
in a manner appropriate to data sensitivity.
A right to reasonable limits on the personal data that
Focused Collection
companies collect and retain.
A right to have personal data handled by companies in a
Accountability
manner that complies with the Consumer Privacy Bill of Rights.
Proprietary & Confidential 20

21. Wrap up
Data breaches will continue to evolve
Protect your brand online
Monitor your online reputation
Be proactive not reactive for your brand
• Have a plan and execute to it
Manage internal and external expectations
• Who do you do business with and do they COMPLY?
Obey the law
• Understand what’s required of you and your online presence
Your online journey will be rewarding when you invest the time and resources
Proprietary & Confidential 21

22. Need Help?
Sign up for a demo
www.act-on.com

23. Thank You
David.Fowler@Act-On.com
Proprietary & Confidential 23

24. References
 FTC Act
 http://www.ftc.gov/ogc/ftcact.shtm
 FTC Dot Com Disclosures
 http://business.ftc.gov/documents/bus41-dot-com-disclosures-
information-about-online-advertising
 Sarbanes Oxley
 http://www.soxlaw.com/
 TRUSTe
 www.truste.org
Proprietary & Confidential 24