Title: Looking Ahead Privacy, Laws,
1Looking AheadPrivacy, Laws, Technology
- ____________________________________________
- J. Trevor Hughes
- International Association of Privacy
Professionals
2Emerging Regulatory Issues
- Privacy
- ID Theft
- SSNs
- Spam
- Telemarketing
- GLBA
- FCRA
- HIPAA
- Patriot Act
- Security
- The Ugly Stepchild
- A Look Ahead
- Emerging Technology
- Biometrics
- Data Fluidity
- Data Aggregation
3The Privacy Strata
Technology Standards
Self Regulatory Standards
The Rest of the World
US Government
SSNs
GLB
HIPPA
EUROPE
The States (Legislatures, DOIs and AGs)
Canada
4Show me the harm...
Harm to Public
5Identity Theft
- FTC Complaints
- 2000 31,000
- 2001 86,000
- 2002 162,000
- Top consumer fraud complaint in 2002
- 30 growth predicted going forward
- Average impact
- 1500
- 175 hours of clean up
- credit disruptions
- 42 of complaints involve credit card fraud
Identity theft coverage now available
6Social Security Numbers
- California
- Correspondence to residential addresses cannot
include a SSN - (Simitian bill) employers cannot use SSN for
purposes other than taxes - Feds
- Proposals to limit use as college ID
- Looking ahead
- Restrictions on the use of SSNs as internal
identifiers - May be used for verification of identity,
accessing medical files and credit reports - May not be used as an account number
7SPAM
- Hotmail 80 unsolicited bulk email
- 31 billion per day (2002)
- 60 billion per day(2006)
- Dial up concerns (EU local call problems)
- Work productivity/liability concerns
- Deliverability concerns
- Channel viability concerns (the 900 phenomenon)
8Will the Cure Kill Email?
- Legal Responses
- 26 states with anti-spam legislation
- Can Spam Act in Congress (expected to pass this
year) - EU opt-in requirements
- Tech Responses
- Blacklists
- Filtering by ISPs
- Solution providers
- Habeus
- Trusted Sender
- IronPort
- Brightmail
Aggressive filtering results in false
positives (legitimate email being blocked)
9(No Transcript)
10Employee Email Privacy
- Blurring of work/home boundaries
- 30 of ecommerce sales generated from the
workplace - Extensive use of company email for personal use
- Issue employer monitoring?
- European v. US approaches
11Telemarketing
- The must have legislation for every
up-and-coming AG - TCPA allows for single vendor opt-out
- FTCs 2001 gift to consumers a national do not
call registry (call Billy Tauzin) - Telemarketing will diminish as a sales vehicle
12Fair Credit Reporting Act
- Reauthorization in 2003
- Big issues
- Expand consumer privacy protections?
- Sunset state preemption?
- NAAG says YES!
- Business community says please, no!
- For insurers beware of scope creep in FCRA
reauthorization (Sen. Shelby GLBA did not go
far enough wants opt in for third party
transfers)
13Layered Privacy Notices
14Security
- The Ugly Stepchild of Privacy
15(No Transcript)
16(No Transcript)
17(No Transcript)
18(No Transcript)
19Security
- Security Audit
- Quickest, easiest way to get a snapshot of your
security issues - Develop a Security Portfolio
- Internet/Acceptable use policies
- E-mail policies
- Remote access policies
- Special access policies
- Data protection policies
- Firewall management policies
- Cost sensitive, appropriate architecture
- Reassess, Audit, Revise
Defense In Depth!
20Security
- Protect Internally and Externally
- IIS Survey (2000) 68 of attacks are internal
- Protect Network AND Data
- Data is usually the target of an attack, not the
network
21(No Transcript)
22(No Transcript)
23Security What to do?
- Standards Emerge!
- Data encryption to the column level
- Role-based access control to the row level
- Role-based access for DBAs
- Transaction auditability
- Pay now, or Pay Later!
24A look ahead...
25Emerging Dynamics
- Data Fluidity
- Personalization
- Persistent Surveillance
- Biometrics
- Data Aggregation
- Targeted messaging
- Geo Privacy
26Data Friction and Fluidity
FRICTION
FLUIDITY
Digital Data
Printing Press
Paper
Stone Tablets
Data Velocity
27Personalization
- As data becomes more fluid, personal targeting
becomes possible - Privacy issues prevail
- .NET (Microsoft), Liberty Alliance (Sun)
- Never entering your name, password, address and
credit card again - Do we really want this?
- The rise of GUIDs
28(No Transcript)
29Personlization Today
30(No Transcript)
31Data Fluidity for Healthcare
- Smart Cards
- Genome
- Entire Medical Record
- HIPAA code sets
- CRM across all lines/interaction points
- Single interface solutions for customers
32Biometrics Everywhere
- Biometric Attestations
- Faceprints, eyeprints, fingerprints, hand
geometry, voice recognition, vein patterns, gait
recognition, odor...
33Face Recognition
- 2001 Superbowl
- Airports
- Urban hot spots
- Business campus
34Iris/Fingerprint Recognition
- Airports (Vancouver and Toronto)
- Signatures
- High security buildings
35Persistent Surveillance
- Hes been idented on the Metro...
36Data Aggregation
Data Silos
Aggregation
Derivative Data
Meta Data
Inferred Data
Core Data
Personalization and Velocity
37(No Transcript)
38Geo Privacy
- e911
- Geo Targeted Wireless Services
- Smell that coffee? Come in for a cup!
39Lessons to be Learned
- Data Becomes Much More Fluid
- Data Management Becomes Much More Difficult
- Data Moves More Quickly
- Smart Companies will Harness the Power of Data
Fluidity to Reduce Costs and Improve Their Value
Propositions
40- The International Association of Privacy
Professionals - is the nations leading association for privacy
and security - professionals. It helps its members build and
maintain privacy - programs while effectively navigating rapidly
changing - regulatory and legal environments.
- Mission of IAPP
- To promote privacy programs and safeguards
their introduction, development and maintenance.
- To provide a forum for interaction and
information exchange for our members. - To create high quality educational opportunities
for those involved with privacy issues.
Phone 800-266-6501 www.privacyassociation.orgin
formation_at_privacyassociation.org
41- THANKS!
- J. Trevor Hughes
- jthughes_at_maine.rr.com
- 207 351 1500