Cloud Privacy

Cloud Privacy Update:

What You Need To Know

David Fowler

July 24, 2012

Proprietary & Confidential

David Fowler Chief Privacy & Deliverability Officer @ActOnSoftware

#AOWEB

Today’s Agenda

Data Breach Updates for 2012

How to Protect Your Brand

Commercial Email: State of the State

Reputation Resources: Tools You Can Use

Privacy Bill of Rights

Wrap Up

Proprietary & Confidential 3

Not a day seems to go by without an

announcement of a brand and a recent

data compromise.

Will yours be next?

Proprietary & Confidential 4

Q: $6.5 Billion

A: Data breach impact to U.S.

businesses

Proprietary & Confidential 5

Source: OTA

2011 Data Breach Highlights

558 breaches

126 million records

76% server exploits

92% avoidable

$318 cost per record

$7.2 million average cost of each breach

$6.5 billion impact to U.S. businesses

© 2012 All rights reserved. Online Trust Alliance (OTA)

Source: OTA

What do they have in common?

© 2012 All rights reserved. Online Trust Alliance (OTA)

© 2012 All rights reserved. Online Trust Alliance (OTA)

Why Care?

“We have spent over 12 years building

our reputation and trust. It is painful to

see us take so many steps back due to a

single incident.”

Zappos CEO, Tony Hsieh

© 2012 All rights reserved. Online Trust Alliance (OTA)

Why Care?

What has changed? Data driven economy – “Big Data”

Multi-Channel & blurring of on & off-line data

Evolving definitions of PII and coverage information

Complexity and dynamic regulatory environment

Reliance of service providers & cloud services

Shift from a PC centric to users with multiple devices

Increased sophistication of the cyber-criminal

© 2012 All rights reserved. Online Trust Alliance (OTA)

Data breaches, what are they after?

Organizations who store large amounts of customer data

are attractive targets for identity thieves

Data is the new currency for the dark side

Thieves target personal, financial and other PII:

Names and Addresses

Phone Number

Email Address

Social Security Numbers

Bank Account Numbers

Credit and Debit Card Numbers

Account Passwords

Security Questions and Answers

Proprietary & Confidential 11

Source: Zeta Interactive

Data breaches, how do they work?

Attacks can take many forms Phishing

Hacking

Malware

Hardware Theft

Exploiting of Accidental Release

Data Spill, Improper Disposal of Digital Assets, Other Accidents

Thieves use stolen data to victimize customers Financial Fraud - All Forms and Types

Use of Stolen Information to Commit Additional Crimes

Money Laundering

Criminal Impersonation, Stalking and Harassment

Terrorism

Proprietary & Confidential 12

Source: Zeta Interactive

What are the privacy laws?

Federal Laws

• FTC Act

• Sarbanes-Oxley

• HIPPA / COPPA

States Laws

• Breach Notifications

• Data Encryption

• SSN Protection

Local Laws

• Wireless Networks

International Laws

• EU Data Protection Directive / UK Cookie Tracking

Professional / Trade Protocols

Proprietary & Confidential 13

Source: Zeta Interactive

What are the impacts?

Proprietary & Confidential 14

IT Security audits and scrutiny

Infrastructure changes

Marketing & Communication PR & crisis management

Brand degradation & mistrust

Legal Government regulations

Government notifications

Class action lawsuits

Source: Zeta Interactive

Data breaches affect

every aspect of the

company:

Financial

Litigation

Business loss & focus

Stock devaluation

Identity protection

services & support

PR & Marketing activity

Protect your brand.

Technical security is a critical first step

Review all your potential internal loopholes

Conduct a comprehensive risk assessment

Identify threats

Analyze potential harm

Identify reasonable mitigation

Understand the legal landscape

Implement policies and procedures consistent with above

Develop a written information security program and incident

response

Periodically review the program to guard against new and evolving threats

Require your vendors to employ best security practices

Contractual language and penalties for non compliance

Make privacy a corporate mandate for adoption

Proprietary & Confidential 15

Tools you can use.

Seek guidance from your legal teams

Consider a third-party privacy seal for compliance

Register cousin domains that look like yours

• This will protect your brand online and avoid Phishing issues

Keys to consumer trust

• Notice: Say what you are going to do and do it

• Consent: Ask for permission

• Choice: Allow your customers options

Be transparent online - don’t hide your activities

Update your privacy policy regularly

Proprietary & Confidential 16

Commercial email state of the state

Email Deliverability = Brand Management

Brand Management = Email Reputation

Good Email Reputation = Better Deliverability

Better Deliverability = Builds Consumer TRUST

Better Consumer Trust = Drives Engagement

More aggressive filter implementation on ISP level

More streamlined industry organization/cooperation

Continued legal/privacy/technology issues remain

More informed clients as access to information is available

There are still No Guarantees for delivery to any inbox

Proprietary & Confidential 17

A word on reputation

Majority of deliverability issues are based on reputation

The data that affects reputation includes:

• Email authentication implementation

• Email volumes

• Complaint rates

• Hard bounce rates

• Spam trap hits

• Consumer engagement: clicks / opens / conversions

To protect reputation:

• Monitor the sends consistently

To repair reputation:

• Fix the problems data integrity / confirmed opt-in

Proprietary & Confidential 18

Reputation resources

Proprietary & Confidential 19

The Consumers Privacy Bill of Rights

Privacy Right Definition

Individual control A right to exercise control over what personal data companies

collect and how they use it.

Transparency A right to readable and accessible information about privacy

and security practices.

Respect for Context

A right to expect that companies will collect, use and

disclosure personal data in ways consistent with the context

where data was shared.

Security A right to secure and responsible handling of personal data.

Access and Accuracy A right to access and correct personal data in usable formats,

in a manner appropriate to data sensitivity.

Focused Collection A right to reasonable limits on the personal data that

companies collect and retain.

Accountability A right to have personal data handled by companies in a

manner that complies with the Consumer Privacy Bill of Rights.

Proprietary & Confidential 20

Wrap up

Data breaches will continue to evolve

Protect your brand online

Monitor your online reputation

Be proactive not reactive for your brand

• Have a plan and execute to it

Manage internal and external expectations

• Who do you do business with and do they COMPLY?

Obey the law • Understand what’s required of you and your online presence

Your online journey will be rewarding when you invest the time and resources

Proprietary & Confidential 21

Need Help?

Sign up for a demo

www.act-on.com

Thank You

David.Fowler@Act-On.com

Proprietary & Confidential 23

References

FTC Act

http://www.ftc.gov/ogc/ftcact.shtm

FTC Dot Com Disclosures

http://business.ftc.gov/documents/bus41-dot-com-disclosures-

information-about-online-advertising

Sarbanes Oxley

http://www.soxlaw.com/

TRUSTe

www.truste.org

Proprietary & Confidential 24