This document discusses how privacy regulation may impact businesses in 2012. It provides a brief history of US privacy law and discusses the rise of privacy legislation at both the federal and state levels. With legislative inaction at the federal level, the FTC has taken a more aggressive stance in privacy enforcement. The document analyzes several proposed privacy bills and regulations that may be enacted in 2012, including bills addressing data breach notification, do not track, geolocation privacy, and revisions to COPPA. Businesses are advised to prepare for increased privacy regulation by taking a "privacy by design" approach.
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Financial Poise
There is no federal law governing privacy and data security applicable to all US citizens. Rather, individual states and regulatory agencies have created a patchwork of protections that may overlap in certain industries.
This webinar provides an overview of the many privacy and data security laws and regulations which may impact your business, from the state law protecting personal information to regulations covering the financial services industry to state breach notification laws.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/introduction-to-us-privacy-and-data-security-2020/
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Financial Poise
There is no federal law governing privacy and data security applicable to all US citizens. Rather, individual states and regulatory agencies have created a patchwork of protections that may overlap in certain industries.
This webinar provides an overview of the many privacy and data security laws and regulations which may impact your business, from the state law protecting personal information to regulations covering the financial services industry to state breach notification laws.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/introduction-to-us-privacy-and-data-security-2020/
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
The United States has no federal data security or privacy law covering all businesses or all U.S. citizens. Instead, federal agencies and individual states have created their own patchwork of laws and regulations which must be evaluated for their application to a business.
This webinar will help you navigate the overlapping and sometimes confusing system of laws and regulations which may impact your business, ranging from emerging state-level privacy legislation to the numerous data breach notification statutes to cybersecurity regulations with extraterritorial effect.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/introduction-to-us-privacy-and-data-security-regulations-and-requirements-2021/
Discussion of the main elements of the draft Data Protection Regulation: what difference will it make to industry practice and user rights to control their data?
IBM Smarter Commerce Florida 2014 The Furture of Privacy by Aurélie Pols & Bl...FLUZO
In a data driven economy, analysts must be concerned with how data is collected, processed and subsequently used to improve online customer experiences, during those moments that matter.
Unlocking Value & Controlling Risk by #MindYourPrivacy
Does your company adequately manage and control the Data Life Cycle? Are you aware of European Privacy fines? Did the Target security breach that emanated through a 3rd party worry you and make you wonder about where to start?
A general talk on privacy in early 2009, with quite a few slides summarizing the US National Research Council\'s report "Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment" that was issued in late 2008
Although cloud computing presents a compelling business case for companies looking to reduce spending, streamline processes, and increase accessibility, the very idea of trans-border data flows raises the hackles of privacy advocates all over the globe. In Canada, government and members of the public have expressed serious concern over the potential misuse of personal information gone offshore. Join Else for an overview of those concerns and what they might mean for your organization.
In this presentation, Catherine Coulter discusses the Federal Privacy Law and how this can affect your company. Touching on privacy in corporate transactions, Canada-USA cross border data transfers and the Federal Privacy Commissioner Guidelines, learn how to act if your organization finds itself in a breach situation.
What You Need To Know About Privacy - Now!Now Dentons
This presentation gives an update on Federal Privacy Law, privacy in corporate transactions, Canada-USA Cross-Border Data Transfers and federal privacy commissioner.
Census data segmented over time showing how the Hispanic populations of Orlando, Tampa/St. Petersburg and Miami/Ft. Lauderdale DMAs have become more diverse from 2000 to 2010 and into 2020. Specifically, the data shows how the share of the Cuban population is declining, even though the Cuban population continues to grow.
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
The United States has no federal data security or privacy law covering all businesses or all U.S. citizens. Instead, federal agencies and individual states have created their own patchwork of laws and regulations which must be evaluated for their application to a business.
This webinar will help you navigate the overlapping and sometimes confusing system of laws and regulations which may impact your business, ranging from emerging state-level privacy legislation to the numerous data breach notification statutes to cybersecurity regulations with extraterritorial effect.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/introduction-to-us-privacy-and-data-security-regulations-and-requirements-2021/
Discussion of the main elements of the draft Data Protection Regulation: what difference will it make to industry practice and user rights to control their data?
IBM Smarter Commerce Florida 2014 The Furture of Privacy by Aurélie Pols & Bl...FLUZO
In a data driven economy, analysts must be concerned with how data is collected, processed and subsequently used to improve online customer experiences, during those moments that matter.
Unlocking Value & Controlling Risk by #MindYourPrivacy
Does your company adequately manage and control the Data Life Cycle? Are you aware of European Privacy fines? Did the Target security breach that emanated through a 3rd party worry you and make you wonder about where to start?
A general talk on privacy in early 2009, with quite a few slides summarizing the US National Research Council\'s report "Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment" that was issued in late 2008
Although cloud computing presents a compelling business case for companies looking to reduce spending, streamline processes, and increase accessibility, the very idea of trans-border data flows raises the hackles of privacy advocates all over the globe. In Canada, government and members of the public have expressed serious concern over the potential misuse of personal information gone offshore. Join Else for an overview of those concerns and what they might mean for your organization.
In this presentation, Catherine Coulter discusses the Federal Privacy Law and how this can affect your company. Touching on privacy in corporate transactions, Canada-USA cross border data transfers and the Federal Privacy Commissioner Guidelines, learn how to act if your organization finds itself in a breach situation.
What You Need To Know About Privacy - Now!Now Dentons
This presentation gives an update on Federal Privacy Law, privacy in corporate transactions, Canada-USA Cross-Border Data Transfers and federal privacy commissioner.
Census data segmented over time showing how the Hispanic populations of Orlando, Tampa/St. Petersburg and Miami/Ft. Lauderdale DMAs have become more diverse from 2000 to 2010 and into 2020. Specifically, the data shows how the share of the Cuban population is declining, even though the Cuban population continues to grow.
Marketingafdelingen zijn onvoldoende toegespitst op de kansen die data biedt. Oorzaken? De huidige technische infrastructuur en de talent gap. Marketingafdelingen snakken naar data minded marketeers die data kunnen omzetten naar informatie en de juiste vragen weten te stellen. Dit blijkt uit de ‘DM Barometer - De marketeer in 2015’, een initiatief van DDMA, Online Marketing Group en Tijdschrift voor Marketing.
DM Barometer - Social marketing, puberaal of volwassen?DDMA
Anno 2015 is social marketing zijn puberstreken verloren. Social is niet langer in het beheer van de stagiaire, de budgetten zitten in de lift en social dient een duidelijk doel in de marketingmix: bereiken, converseren en zelfs een beetje converteren. Dit blijkt uit de ‘DM Barometer – Social marketing, puberaal of volwassen?’, een initiatief van DDMA Commissie Social, Online Marketing Group en Tijdschrift voor Marketing.
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Diana Maier
No matter what kind of law practice you have, you need to comply with privacy laws generally and lawyers' ethical duties with respect to privacy, specifically. In this presentation, legal ethics counsel Sarah Banola (Cooper, White and Cooper, LLP) and employment and privacy attorney Diana Maier (Law Offices of Diana Maier) deliver a primer on privacy law and teach you the key areas of privacy law and associated ethical obligations.
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...Kenneth Riley
Following the adoption of GDPR in the European Union, the United States has seen their own privacy regulatory landscape evolve and develop. Beginning in California and expanding to Nevada, Maine, and beyond, ensuing organizational and technical compliance with these stringent regulations has become a priority for many organizations. These regulations have come with additional reputational and regulatory risk (e.g. fines), increased consumer rights, and an enhanced focus on how companies use data as a commodity. This webinar will unpack the key complexities surrounding those regulations, speak to how technology advancements can assist in compliance and overall privacy program maturity, and discuss how Internal Audit can prepare for and drive a proactive approach to privacy.
TechWeek Chicago 2012 was great success. Packed room with entrepreneurs eager to understand legal issues facing their business. If you were unable to attend, here is my portion of the presentation.
When Past Performance May Be Indicative of Future Results - The Legal Implica...Jason Haislmaier
Presentation to the ABA Cyberspace Law Committee 2014 Winter Meeting in Denver, CO. Bruce Antley and Jason Haislmaier. Covering legal issues in location based services and the use of predictive analytics.
All levels of society rely upon information technology systems. Network operations are pervasive and impact nearly every aspect of our society. The desire of companies to collect, use, store, and secure information about customers, employees, and other individuals is a requirement of the new economy. It is no wonder that the prevalence of electronic communications and a growing dependency on cyber structures and operations also create potential vulnerabilities to cyberattacks. It is critical to preserve information systems and address and prevent weaknesses in cyber protection efforts. This webinar examines the means for companies to reach data goals ethically, efficiently and legally. The panel will also discuss the evolving regulatory approaches of the European Union, United States Federal government and significant developments in U.S. state regimes, including California. Best practices and model comprehensive privacy and cybersecurity policies are discussed. And, data breach response and related litigation, including class action litigation issues and fiduciary duty violations under corporate law, are discussed.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/data-privacy-compliance-2021/
Explores:
1. Introduction to Privacy Regimes in the United States and Abroad
2. Mobile Applications and Devices
3. Lawful Collection and Use of “Big Data”
4. International Privacy and Cross-Border Data Transfers
5. Data Security Requirements and Data Breach Response
6. IT Outsourcing and the Cloud
7. Recent Developments and Emerging Issues
Data Privacy and Security in the Digital age Ukraine - Patrick BellUBA-komitet
Зустріч в рамках Комітету АПУ з питань телекомунікацій, інформаційних технологій та Інтернету з юристом з США Патріком М. Беллом щодо обговорення питань конфіденційності та безпеки даних, 26.07.2017, м.Київ
De DDMA Dialogue Challenge is een cursus (7 dagdelen) voor marketeers die dialoogmarketing als visie willen exploreren en de mogelijkheden van dialoogmarketing willen ervaren.
DDMA Dialogue Challenge 2012 - Presentatie Social - Michiel van Galen FinchlineDDMA
De DDMA Dialogue Challenge is een cursus (7 dagdelen) voor marketeers die dialoogmarketing als visie willen exploreren en de mogelijkheden van dialoogmarketing willen ervaren.
De DDMA Dialogue Challenge is een cursus (7 dagdelen) voor marketeers die dialoogmarketing als visie willen exploreren en de mogelijkheden van dialoogmarketing willen ervaren.
De DDMA Dialogue Challenge is een cursus (7 dagdelen) voor marketeers die dialoogmarketing als visie willen exploreren en de mogelijkheden van dialoogmarketing willen ervaren.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw business
1. How Will Privacy Regulation Impact
Your Business In 2012?
Daniel T. Rockey, Esq., CIPP
Holme, Roberts & Owen LLP
San Francisco
2. Legal Disclaimer
This presentation is intended for general informational purposes only and should
not be construed as legal advice or legal opinion on any specific facts or
circumstances, nor is it intended to address specific legal compliance issues that
may arise in particular circumstances. Please consult counsel concerning your own
situation and any specific legal questions you may have.
The thoughts and opinions expressed in this presentation are those of the individual
presenters and do not necessarily reflect the official or unofficial thoughts or
opinions of their employers.
For further information regarding this presentation, please contact the presenter(s)
listed in the presentation.
Unless otherwise noted, all original content in this presentation is licensed under the
Creative Commons Attribution-Share Alike 3.0 United States License available at:
http://creativecommons.org/licenses/by-sa/3.0/us.
3. How Will Privacy Regulation Impact
Your Business In 2012?
I. Brief History of US Privacy Law
II. A Flurry of Proposed US Privacy
Legislation
III. Legislative Vacuum = More Aggressive
FTC
IV. New COPPA Rules: What To Expect
V. Privacy Litigation On The Rise
VI. How To Prepare: Privacy By Design
4. The Right to Privacy: US
• No Right of Privacy in US Constitution
• Nevertheless, a right has been implied from the 4th
Amendment and general protections for life, liberty, etc.
(Penumbral Theory)
• “The Right to Privacy,” Harvard Law Review, Brandeis
(1890)
– “The common law secures to each individual the right of
determining, ordinarily, to what extent his thoughts, sentiments,
and emotions shall be communicated to others.”
• Olmstead v. United States, 277 U.S. 438, 478-9 (1928)
(Brandeis, dissenting)
– Defined the right of privacy as the “right to be left alone.”
5. The Right to Privacy: US
• Historically, right to privacy = right to be free from
intrusion in one’s home
– Rowan v. United States Post Office Dep’t, 397 U.S. 728
(1970) (upholding Do Not Mail because ‘‘[t]o hold less
would tend to license a form of trespass and would make
hardly more sense than to say that a radio or television
viewer may not twist the dial to cut off an offensive...
communication... entering his home.’’)
– Mainstream Mktg. Servs. v. FTC, 358 F. 3d 1228, 1238
(10th Cir. 2004) (upholding Do Not Call: “the State’s
interest in protecting the well-being, tranquility, and
privacy of the home is certainly of the highest order in a
free and civilized society.”
6. Congress Begins to Recognize Right of
Privacy in Information
• Fair Credit Reporting Act of 1970 (granted limited right to
access, dispute and correct credit information; limits on
sharing of credit info)
• Electronic Communications Privacy Act of 1986 (restricts
intercepts of electronic communications, stored data)
• Video Privacy Protection Act of 1988 (prohibits video
service providers from disclosing rental or purchase info)
• Drivers Privacy Protection Act of 1994 (prohibits DMV
from sharing motor vehicle data with marketers w/o consent)
7. Targeted Approach: Health and Financial
Data
• HIPAA (1996) (requires express consent to share
health data other than for treatment, payment or
healthcare operations) (ARRA & HiTech)
• Gramm-Leach-Bliley (1999) (applies to financial
institutions; requires notice to share w/ affiliates; for
3rd parties, must allow opt-out)
• Fair and Accurate Credit Transactions Act of
2003 (added Affiliate Marketing Rule to FCRA-
requires notice and opt-out to share “eligibility
information,” including “personal characteristics or
mode of living”)
8. Regulation of Online Data Collection
• Children’s Online Privacy Protection Act
of 1998 (COPPA)
– Marks new era of privacy regulation
– For the first time, limits collection of online
data for marketing purposes
– Relatively non-controversial, but creates a
slippery slope
9. Following COPPA, Period of Legislative
Inactivity, Emphasis On Self-Regulation
• Tremendous technological growth, legislative
inactivity = marketing bad apples
• Direct marketing industry creates strong self-
regulatory model to stave off regulation
• DMA Guidelines for Ethical Business Practice
• IAB: Interactive Advertising Privacy Principles
• NAI: Self-Regulatory Code of Conduct and
Enforcement Procedure
• Third Party Certification Programs E.g.,
10. EU Adopts Comprehensive Privacy
Scheme
• EU jumps in head first
– EU Data Protection Directive (95/46/EC)
– EU Privacy Directive (2002/58/EC)
• Express recognition of right of privacy in personal data
• Comprehensive, rather than piecemeal approach
• But extremely burdensome restrictions on business,
marketing industry
– EU “Cookie Rules” (2009/136/EC)
• Prior consent for cookies
11. 2008 – 2010: Begins bi-partisan push
toward privacy legislation
• High profile privacy snafus (e.g. Facebook,
Rapleaf) lead to calls for Congressional action
• Handful of bills introduced, but garner little
traction (Boucher/Stearns)
• Self-regulatory efforts instrumental in keeping
legislation at bay
• But momentum builds in 2010
12. Meanwhile, Legislative Inactivity Leads to
Aggressive Enforcement by FTC
• High profile FTC enforcement
actions
– COPPA (Sony BMG; Mrs. Fields)
– Data security/data disposal (CVS; TJ Maxx)
– Deceptive data collection (Sears “My SHC”)
– FTC Endorsement/Blogger Rules (Ann Taylor)
13. Meanwhile, Legislative Inactivity Leads to
Aggressive Enforcement by FTC
• FTC Saber-Rattling (Leibowitz)
– 2007: "The marketplace alone may not be able to solve all
problems inherent in behavioral marketing.”
– 2010: "I think opt-in generally protects consumers' privacy
better than opt-out, under most circumstances. . . .
I don't think it undermines a company's ability to
get the information it needs to advertise back to
consumers.”
– 2010: Report on Online Behavioral Marketing
• Endorsed Do-Not-Track
• Opt-in for Sensitive Data
• Precise geolocation data
14. Federal Inactivity Also Leads to Patchwork of
State Data Security Laws
• Dozens of states enact data breach
legislation
• California enacts OPPA, require
privacy policy for any business
collecting data from Californians
• Mass., Minnesota, Nevada data
security laws (encryption, WISP)
15. 2011: Year of Federal Privacy Legislation?
• Building Effective Strategies To Promote Responsibility Accountability Choice
Transparency Innovation Consumer Expectations and Safeguards Act (“BEST
PRACTICES” Act) (H.R. 611) Rush (D-IL) (2/10/2011)
• The Do Not Track Me Online Act of 2011 (H.R. 654) Speier (D-CA) (2/11/2011)
• The Financial Information Privacy Act of 2011 (H.R. 653) Speier (D-CA)
(2/11/2011)
• Commercial Privacy Bill of Rights Act of 2011 (S. 799) John Kerry (D-MA) and
John McCain (R-AZ) (4/12/2011)
• Consumer Privacy Protection Act of 2011 (H.R. 1528) Stearns (R-FL) Matheson
(D-UT) (4/13/2011)
• Data Accountability and Trust Act (H.R. 1701) Bobby L. Rush (D-IL) (5/4/2011)
• Do-Not-Track Online Act of 2011 (S. 913) Rockefeller (D-WV) (5/9/2011)
• Data Accountability and Trust Act of 2011 (H.R. 1841) Stearns (R-FL) and
(5/11/2011)
• Do Not Track Kids Act of 2011 (H.R. 1895) Markey (D-MA) Barton (R-TX)
(5/13/2011)
16. 2011: Year of Data Privacy Legislation?
• Electronic Communications Privacy Act Amendments Act of 2011 (S. 1011) Leahy
(D-VT) (5/17/2011)
• Personal Data Privacy and Security Act of 2011 (S.1151) Leahy (D-VT), Franken
(D-Minn.) and Schumer (D-N.Y.) (5/17/2011)
• Geolocation Privacy and Surveillance ("GPS") Act (S. 1212) and (H.R.2168)
Wyden (D-OR) and Chaffetz (R-Utah) (6/15/2011)
• Data Security and Breach Notification Act (S. 1207) Pryor (D-AR) and Rockefeller
(D-WV) (6/15/2011)
• Location Privacy Protection Act of 2011 (S. 1223) Franken (D-MN) and
Blumenthal (D-CT) (6/16/2011)
• Secure and Fortify (SAFE) Data Act (H.R. 2577) Bono Mack (R-CA) (7/8/2011)
• Proposed amendment to Video Privacy Protection A ct (HR 2471) Goodlatte
(7/8/2011)
• Data Breach Notification Act of 2011 (S. 1408) Feinstein (D-CA) (7/22/2011)
• Protecting Children From Internet Pornographers Act of 2011 (H.R. 1981) Smith
(R-TX) (5/25/2011)
• Personal Data Protection and Breach Accountability Act of 2011 (S.1535)
Blumenthal (D-CT) (9/8/2011)
17. 2011: Year of Data Privacy
Legislation?
• Nineteen Bills introduced
• Partisan gridlock over budget
• Zero bills enacted into law
• What does this mean for marketers?
19. 2011: Year of Data Privacy
Legislation?
• Continued uncertainty
• But some trends are clear
20. Legislation to Watch: Data Privacy
• Consumer Privacy Protection Act of 2011
(H.R. 1528) Stearns (R-FL) Matheson (D-UT)
– PII includes IP address plus traditional PII
– Prior notice/opt-out required for use “unrelated to
a transaction” or upon material change to policy
– Allows FTC approved safe harbors
– No private right of action/no state AG
– Preempts state law
21. Legislation to Watch: Data Privacy
• Commercial Privacy Bill of Rights Act of 2011 (S.
799) John Kerry (D-MA) and John McCain (R-AZ)
– PII includes unique identifiers, biometric and precise
geolocation
– Notice and Opt-out/Opt-in for sensitive data/third party
transfer if material change
– 1st party marketing/site optimization not unauthorized use
– FTC security rules
– No private right of action
– Federal preemption of state laws
– Safe harbors
22. Legislation to Watch: Data Breach
• Personal Data Privacy and Security Act of 2011
(S.1151) Leahy (D-VT), Franken (D-Minn.) and
Schumer (D-N.Y.)
– Data security/accuracy requirements for data
brokers (PII on 10,000 persons, excludes
FCRA/HIPAA/GLB regulated entities)
– Breach notification w/ FTC safe harbor exemption
– Preempts state law
– No Private Right of Action
– Scraping safe harbor (amends CFAA)
23. Legislation to Watch: Data Breach
• Data Breach Notification Act of 2011 (S.
1408) Feinstein (D-CA)
– Narrow focus on data breach notification
– Safe harbor exemption from notification
requirement if company conducts risk assessment
and is able to demonstrate to the Federal Trade
Commission that there is no significant risk of
harm to individuals affected by a security breach
– No private right of action
24. Legislation to Watch: Do Not Track
• The Do Not Track Me Online Act of 2011
(H.R. 654) Speier
– Requires FTC to create Do Not Track rules
– Includes IP address and persistent identifiers
– Doesn’t preempt tougher state laws
• Do-Not-Track Online Act of 2011 (S. 913)
Rockefeller
– Requires FTC to create Do Not Track
– Leaves to FTC to determine covered info
– No state law preemption
25. Legislation to Watch: Geolocation
• Geolocation Privacy and Surveillance ("GPS") Act
(S. 1212) and (H.R.2168) Wyden (D-OR) and
Chaffetz (R-Utah)
– Prohibits interception of geolocation info without
prior consent (parental exception)
– Creates private right of action for damages/profits
• Location Privacy Protection Act of 2011 (S. 1223)
Franken (D-MN) and Blumenthal (D-CT)
– Prohibits collection of geolocation info w/o
express affirmative consent
– Private right of action for damages/punitives
26. Legislation to Watch in 2012
• Do Not Track Kids Act of 2011 (H.R. 1895) Markey
(D-MA) Barton (R-TX)
– Expressly extends COPPA to mobile applications
– Prohibits site, mobile app from “using, disclosing or
compiling” data on children or minors (13 to 17 yrs) for
targeted marketing purposes or geolocation w/o express
affirmative consent
– No collection of any data from minors without adopting
Digital Marketing Bill of Rights for Teens
• Fair Information Practices Principles established by this Act;
• “balances the ability of minors to participate in the digital media
culture with the governmental and industry obligation to ensure that
such operators do not subject minors to unfair and deceptive
surveillance, data collection, or behavioral profiling.”
27. Legislation to Watch: VPPA
• Amendment to Video Privacy Protection Act
(HR 2471) Goodlatte
– Netflix/Facebook exemption from VPPA
– Authorizes one-time durable consent to share data
re videos
28. What to expect in 2012: Supercookies
• Chairs of Bi-Partisan House Privacy Caucus request
FTC investigation into “supercookies” (9/27/2011)
– Barton (R-TX) and Markey (D-Mass) call for investigation,
say violates § 5 of FTC Act
– Barton: “I think supercookies should be outlawed because
their existence eats away at consumer choice and privacy.”
29. What to expect in 2012: COPPA Rules
• FTC announces proposed revisions to COPPA
Rules (9/15/2011)
– Definitions
– Notice
– Parental consent
– Confidentiality and Security of Children’s
Personal Information
– Safe Harbor Programs
• Data minimization requirement
30. What to expect in 2012: Revision to
COPPA Rules
• Definitions
– Expands definition of “personal information” to include:
• IP addresses
• customer numbers held in cookies, and
• geolocation information.
31. What to expect in 2012: Revision to
COPPA Rules
• Notice
– Streamlines notice content requirement (moves away from
more disclosure is better mantra)
• 3 defined categories of information
– Requires all operators of an online service or website to
provide contact information
• Ad networks
• Analytics providers
• Other content providers
32. What to expect in 2012: Revision to
COPPA Rules
• Parental Consent
– Proposes eliminating the “email plus” method of
obtaining parental consent.
– Website operators could seek FTC approval of
alternate consent mechanisms.
– Goal: allow for new forms of consent as the
technology evolves, and encourage innovation in
obtaining verifiable consent (e.g. text message;
scanned parental signature, credit card)
33. What to expect in 2012: Revision to
COPPA Rules
• Confidentiality and security of
children’s personal information
– Must ensure that service providers/third parties
have reasonable procedures to maintain the
confidentiality, security and integrity of such
personal information.
34. What to expect in 2012: Revision to
COPPA Rules
• Safe harbor programs
– Additional detail required for safe harbors
– Would require approved safe harbor programs to
report on oversight of operators
– Annual audits of members
35. Common Threads
• National data breach legislation likely
• Privacy legislation less likely but possible
– Likely to be just-in-time notice and opt-out
– Opt-in/express affirmative consent for sensitive
data
– Likely self-regulatory safe harbors
– May prohibit supercookies (flash cookies,
HTML5)
– Likely to adopt simplified disclosure regime
– Unlikely to adopt Do Not Track
36. FTC Enforcement Actions: Mobile
• FTC announces first privacy enforcement
action involving mobile apps
– Broken Thumbs developed iPhone apps targeted to
“younger girls,” “nostalgic adults” (Emily’s Girls World,
Emily’s Dress Up)
– Apps encouraged girls to email “Emily” their comments,
submit “shout outs” to friends and family, ask Emil’s
advice, and share “embarrassing” “blush” stories
– Allowed children to publicly post information on message
boards
– BT also collected thousands of email addresses from
children
37. FTC Enforcement Actions: Mobile
• FTC alleged violations of COPPA Rule (16
C.F.R. Part 312) despite App Store TOS
– Sued both BT and President/56% owner
– Failed to provide notice in app as to what info
they collect, how they use it, disclosure practices
– Failed to provide required “direct notice” to
parents
– Failed to obtain “verifiable parental consent”
before collecting persona information from
children
38. FTC Enforcement Actions: Mobile
• Consent Judgment
– $50,000 civil penalty
– Deletion of all previously collected data
– Injunction against further violations
– Compliance reporting, record-keeping
requirements
39. FTC Enforcement Actions: Google
FTC v. Google, Inc.
– FTC charged that by auto enrolling in Google
Buzz, Google treated data inconsistently with prior
promises, privacy policy
– Also, failed to comply with EU safe harbor
– Consent judgment:
• Compliance program
• Self-audits and reporting (20 years)
40. FTC Enforcement Actions: Text Messages
• FTC v. Phil Flora (9/29/2011)
– Defendant sent thousands of unsolicited text
messages
– FTC did not bring under TCPA (not using
“automatic telephone dialing system?)
– Instead, alleged that SMS messages are subject to
CAN-SPAM
– Consent judgment
41. Litigation Developments
IMS Health v. Sorrell (6/23/2011):
• Vermont law prohibited pharmacies from providing doctor
prescribing data to pharmceutical companies for detailing
• SCT held law unconstitutional
• Law was a content-based and speaker-based restraint on free
speech, requiring “heightened” constitutional scrutiny
42. IMS Health v. Sorrell: Deathknell for Do
Not Track?
Probably Not:
– Vermont law concerned commercial speech (not patient
privacy)
– Permitted data sharing for purposes other than marketing
(sought to limit disfavored opinions)
– Speculative benefit
• Do Not Track seeks to regulate personal privacy
• Arguably content/opinion neutral
• Precedent: COPPA, HIPAA, FCRA
43. What to Expect in 2012: EU Cookie Rules
EU to begin Enforcing 2009 Cookie
Rules
– Require prior notice and consent
– France: browser settings not enough. Consent
without reference to specific use ineffective
• Browser finger printing?
44. Privacy Litigation: Lots of it but little to
show for it
In re Google Buzz User Privacy Litigation, Case No.
5:10-CV-00672-JW (N.D. Cal.) (Sept. 03, 2010)
– Google sets aside $8.5 million for privacy organizations
– Google makes changes "to the Google Buzz user interface
that clarify Google Buzz's operation and users' options
regarding Google Buzz"
– Google agrees to disseminate "wider public education
about the privacy aspects of Google Buzz."
45. Privacy Litigation
In re Apple iPhone litigation (9/20/2011)
– Class alleged that Apple permitted apps developers
to collect/disseiminate for marketing purposes data
from users without notice/consent
– Judge Koh held that class had not alleged injury-
in-fact; i.e. actual damages (Article III standing)
46. How to Prepare for 2012
Don’t Wait and See:
– Privacy by Design
• Must analyze data inflows and use at outset of project
• Secure personal data (encryption for mobile devices and
in transmission
– Say what you do and do what you say
– Participate in safe harbor
– Stay tuned
47. How Will Privacy Regulation Impact
Your Business In 2012?
Daniel T. Rockey, Esq., CIPP
Holme, Roberts & Owen LLP
San Francisco
48. How Will Privacy Regulation Impact
Your Business In 2012?
Daniel T. Rockey, Esq., CIPP
Holme, Roberts & Owen LLP
San Francisco