Looking Ahead Privacy, Laws, - PowerPoint PPT Presentation

About This Presentation
Title:

Looking Ahead Privacy, Laws,

Description:

Looking Ahead. Privacy, Laws, & Technology. J. Trevor Hughes ... THANKS! J. Trevor Hughes. jthughes_at_maine.rr.com. 207 351 1500 ... – PowerPoint PPT presentation

Number of Views:48
Avg rating:3.0/5.0
Slides: 42
Provided by: jtrevor
Category:
Tags: ahead | hughes | laws | looking | net | privacy

less

Transcript and Presenter's Notes

Title: Looking Ahead Privacy, Laws,


1
Looking AheadPrivacy, Laws, Technology
  • ____________________________________________
  • J. Trevor Hughes
  • International Association of Privacy
    Professionals

2
Emerging Regulatory Issues
  • Privacy
  • ID Theft
  • SSNs
  • Spam
  • Telemarketing
  • GLBA
  • FCRA
  • HIPAA
  • Patriot Act
  • Security
  • The Ugly Stepchild
  • A Look Ahead
  • Emerging Technology
  • Biometrics
  • Data Fluidity
  • Data Aggregation

3
The Privacy Strata
Technology Standards
Self Regulatory Standards
The Rest of the World
US Government
SSNs
GLB
HIPPA
EUROPE
The States (Legislatures, DOIs and AGs)
Canada
4
Show me the harm...
Harm to Public
5
Identity Theft
  • FTC Complaints
  • 2000 31,000
  • 2001 86,000
  • 2002 162,000
  • Top consumer fraud complaint in 2002
  • 30 growth predicted going forward
  • Average impact
  • 1500
  • 175 hours of clean up
  • credit disruptions
  • 42 of complaints involve credit card fraud

Identity theft coverage now available
6
Social Security Numbers
  • California
  • Correspondence to residential addresses cannot
    include a SSN
  • (Simitian bill) employers cannot use SSN for
    purposes other than taxes
  • Feds
  • Proposals to limit use as college ID
  • Looking ahead
  • Restrictions on the use of SSNs as internal
    identifiers
  • May be used for verification of identity,
    accessing medical files and credit reports
  • May not be used as an account number

7
SPAM
  • Hotmail 80 unsolicited bulk email
  • 31 billion per day (2002)
  • 60 billion per day(2006)
  • Dial up concerns (EU local call problems)
  • Work productivity/liability concerns
  • Deliverability concerns
  • Channel viability concerns (the 900 phenomenon)

8
Will the Cure Kill Email?
  • Legal Responses
  • 26 states with anti-spam legislation
  • Can Spam Act in Congress (expected to pass this
    year)
  • EU opt-in requirements
  • Tech Responses
  • Blacklists
  • Filtering by ISPs
  • Solution providers
  • Habeus
  • Trusted Sender
  • IronPort
  • Brightmail

Aggressive filtering results in false
positives (legitimate email being blocked)
9
(No Transcript)
10
Employee Email Privacy
  • Blurring of work/home boundaries
  • 30 of ecommerce sales generated from the
    workplace
  • Extensive use of company email for personal use
  • Issue employer monitoring?
  • European v. US approaches

11
Telemarketing
  • The must have legislation for every
    up-and-coming AG
  • TCPA allows for single vendor opt-out
  • FTCs 2001 gift to consumers a national do not
    call registry (call Billy Tauzin)
  • Telemarketing will diminish as a sales vehicle

12
Fair Credit Reporting Act
  • Reauthorization in 2003
  • Big issues
  • Expand consumer privacy protections?
  • Sunset state preemption?
  • NAAG says YES!
  • Business community says please, no!
  • For insurers beware of scope creep in FCRA
    reauthorization (Sen. Shelby GLBA did not go
    far enough wants opt in for third party
    transfers)

13
Layered Privacy Notices
14
Security
  • The Ugly Stepchild of Privacy

15
(No Transcript)
16
(No Transcript)
17
(No Transcript)
18
(No Transcript)
19
Security
  • Security Audit
  • Quickest, easiest way to get a snapshot of your
    security issues
  • Develop a Security Portfolio
  • Internet/Acceptable use policies
  • E-mail policies
  • Remote access policies
  • Special access policies
  • Data protection policies
  • Firewall management policies
  • Cost sensitive, appropriate architecture
  • Reassess, Audit, Revise

Defense In Depth!
20
Security
  • Protect Internally and Externally
  • IIS Survey (2000) 68 of attacks are internal
  • Protect Network AND Data
  • Data is usually the target of an attack, not the
    network

21
(No Transcript)
22
(No Transcript)
23
Security What to do?
  • Standards Emerge!
  • Data encryption to the column level
  • Role-based access control to the row level
  • Role-based access for DBAs
  • Transaction auditability
  • Pay now, or Pay Later!

24
A look ahead...
25
Emerging Dynamics
  • Data Fluidity
  • Personalization
  • Persistent Surveillance
  • Biometrics
  • Data Aggregation
  • Targeted messaging
  • Geo Privacy

26
Data Friction and Fluidity
FRICTION
FLUIDITY
Digital Data
Printing Press
Paper
Stone Tablets
Data Velocity
27
Personalization
  • As data becomes more fluid, personal targeting
    becomes possible
  • Privacy issues prevail
  • .NET (Microsoft), Liberty Alliance (Sun)
  • Never entering your name, password, address and
    credit card again
  • Do we really want this?
  • The rise of GUIDs

28
(No Transcript)
29
Personlization Today
  • Hello John Anderton...

30
(No Transcript)
31
Data Fluidity for Healthcare
  • Smart Cards
  • Genome
  • Entire Medical Record
  • HIPAA code sets
  • CRM across all lines/interaction points
  • Single interface solutions for customers

32
Biometrics Everywhere
  • Biometric Attestations
  • Faceprints, eyeprints, fingerprints, hand
    geometry, voice recognition, vein patterns, gait
    recognition, odor...

33
Face Recognition
  • 2001 Superbowl
  • Airports
  • Urban hot spots
  • Business campus

34
Iris/Fingerprint Recognition
  • Airports (Vancouver and Toronto)
  • Signatures
  • High security buildings

35
Persistent Surveillance
  • Hes been idented on the Metro...

36
Data Aggregation
Data Silos
Aggregation
Derivative Data
Meta Data
Inferred Data
Core Data
Personalization and Velocity
37
(No Transcript)
38
Geo Privacy
  • e911
  • Geo Targeted Wireless Services
  • Smell that coffee? Come in for a cup!

39
Lessons to be Learned
  • Data Becomes Much More Fluid
  • Data Management Becomes Much More Difficult
  • Data Moves More Quickly
  • Smart Companies will Harness the Power of Data
    Fluidity to Reduce Costs and Improve Their Value
    Propositions

40
  • The International Association of Privacy
    Professionals
  • is the nations leading association for privacy
    and security
  • professionals. It helps its members build and
    maintain privacy
  • programs while effectively navigating rapidly
    changing
  • regulatory and legal environments.
  • Mission of IAPP
  • To promote privacy programs and safeguards
    their introduction, development and maintenance. 
  • To provide a forum for interaction and
    information exchange for our members.
  • To create high quality educational opportunities
    for those involved with privacy issues.

Phone 800-266-6501 www.privacyassociation.orgin
formation_at_privacyassociation.org
41
  • THANKS!
  • J. Trevor Hughes
  • jthughes_at_maine.rr.com
  • 207 351 1500
Write a Comment
User Comments (0)
About PowerShow.com