Data Privacy Security Breach Exercise€¦ · IAPP Summit Sessions Debrief • Session at which you presented • Session(s) attended where you learned something new • Comments
Post on 27-Jun-2020
2 Views
Preview:
Transcript
Quick Hits
IAPP KnowledgeNet DetroitMarch 19, 2014
Agenda• Debrief IAPP Summit sessions• Discuss IAPP Privacy Impact Assessment Tool• Reprise 2013 in Quick takes• Next meeting
2
IAPP Summit Sessions Debrief• Session at which you presented• Session(s) attended where you learned
something new• Comments from all as we proceed
3
Next meeting Topics and Logistics
5
2013 Reprise Quick Takes
6
Marketing
7
Behavioral Targeting1. iPhone Users Lose Privacy Lawsuit Against – unique ID
sent to app developers 2. Google to pay $17 million to states in Apple cookies
case – unauthorized cookie placement 3. Hulu Asks Judge To Dismiss Video Privacy Class-Action 4. Google Wins Dismissal of Suit Over Web Browser
Cookies5. Bed Bath & Beyond sued over using zip codes to
allegedly send unwanted junk mail
1.http://www.mediapost.com/publications/article/214346/iphone-users-lose-privacy-lawsuit-against-apple.html 2. http://www.macworld.com/article/2064581/google-to-pay-17-million-to-states-in-apple-cookies-case.html 3. http://www.mediapost.com/publications/article/210475/hulu-asks-judge-to-dismiss-video-privacy-class-act.html#ixzz2huSWOaZa 4. http://www.bloomberg.com/news/2013-10-09/google-wins-dismissal-of-suit-over-cookies-on-internet-browsers.html 5. http://www.boston.com/businessupdates/2013/03/21/bed-bath-beyond-sued-over-using-zip-codes-allegedly-send-unwanted-junk-mail/Vx1HtVgAkrMbBuwf037gKN/story.html
8
Mobile Apps1. Industry, consumer advocates agree to make it easier to
understand mobile app privacy policies2. FTC Issues Staff Report on Mobile Privacy Disclosures and
Announces Settlement with Social Networking Service for Mobile App Privacy Violations
3. Four Ways the FTC's New Privacy Rules Affect Mobile Banking Apps
4. WhatsApp Violates Privacy Laws Over Phone Numbers: Report
5. California AG Has Privacy Recommendations for Mobile Industry
1. http://www.washingtonpost.com/business/technology/industry-groups-agree-to-make-it-easier-to-know-what-data-is-getting-sucked-up-by-a-mobile-app/2013/07/25/8cbd91d6-f54b-11e2-81fa-8e83b3864c36_story.html 2http://www.huntonprivacyblog.com/2013/02/articles/ftc-issues-staff-report-on-mobile-privacy-disclosures-and-announces-settlement-with-social-networking-service-for-mobile-app-privacy-violations/ 3. ttp://www.americanbanker.com/issues/178_25/four-ways-ftc-new-privacy-rules-affect-mobile-banking-apps-1056466-1.html 4. http://www.reuters.com/article/2013/01/28/us-whatsapp-privacy-idUSBRE90R0T520130128 5. http://www.boston.com/businessupdates/2013/03/21/bed-bath-beyond-sued-over-using-zip-codes-allegedly-send-unwanted-junhttp://www.mercurynews.com/business/ci_22345237/california-ag-has-privacy-recommendations-mobile-industrymail/Vx1HtVgAkrMbBuwf037gKN/story.html
9
Geo-location Tracking1. Location Tracking: Now Coming to a Government,
Employer and Retailer Near You2. Their Apps Track You. Will Congress Track Them3. Tracking Shoppers Via Smartphones Is A Major
Invasion Of Privacy4. How stores use your phone’s WiFi to track your
shopping habits5. Retail Surveillance Is About To Make Your Online
Targeting Seem A Lot Less Creepy
1https://www.privacyassociation.org/publications/location_tracking_now_coming_to_a_government_employer_and_retailer_near_you 2 http://www.nytimes.com/2013/01/06/technology/legislation-would-regulate-tracking-of-cellphone-users.html?ref=technology&_r=03http://newyork.cbslocal.com/2013/07/28/schumer-tracking-shoppers-via-smartphones-is-a-major-invasion-of-privacy/ 4. http://www.washingtonpost.com/blogs/the-switch/wp/2013/10/19/how-stores-use-your-phones-wifi-to-track-your-shopping-habits/ 5. http://www.mediapost.com/publications/article/196878/retail-surveillance-is-about-to-make-your-online-t.html#axzz2PLVWplvY
10
Facial Recognition1. I See You: The Databases That Facial-Recognition Apps
Need to Survive2. Privacy and Facial Recognition Technology-multi-
stakeholder process round two3. Feds schedule eight public meetings to examine facial
recognition and privacy4. How brands are using facial recognition to transform
marketing5. When Stores, and Credit Firms, Watch You Shop
1http://www.theatlantic.com/technology/archive/2014/01/i-see-you-the-databases-that-facial-recognition-apps-need-to-survive/283294/2http://www.ntia.doc.gov/blog/2013/privacy-and-facial-recognition-technology 3http://www.gsnmagazine.com/node/39378?c=access_control_identification 4. http://www.washingtonpost.com/business/on-it/how-brands-are-using-facial-recognition-to-transform-marketing/2013/04/15/dcf3a7da-a483-11e2-bd52-614156372695_story.html 5. http://www.marketplace.org/topics/business/when-stores-and-credit-firms-watch-you-shop
11
Do Not Track1. Dataium Settles Browser History Sniffing Charges2. DoNotTrackMe browser extension creates 'disposable'
data for privacy3. Do Not Track effort at a crossroads4. W3C Do Not Track in Limbo5. DMA Places Focus on ‘Do Not Track’ – Making Case for
Self-Regulation
1http://www.informationweek.com/security/compliance/dataium-settles-browser-history-sniffing-charges/d/d-id/1112817?f_src=informationweek_gnews2http://www.pcworld.com/article/2066280/browser-extension-creates-disposable-data-for-privacy.html 3. http://thehill.com/blogs/hillicon-valley/technology/326855-this-week-in-tech-do-not-track-effort-at-a-crossroads#ixzz2huYlMMId 4. https://www.privacyassociation.org/publications/w3c_do_not_track_in_limbo 5. http://www.aboutads.info/blog/dma-places-focus-%E2%80%98do-not-track%E2%80%99-%E2%80%93-making-case-self-regulation
12
Children1. Another California Based Mobile App Developer
Settles with New Jersey AG’s Office Over Child Privacy Violation Allegations
2. FTC Hands Down New Online Privacy Rules for Children
3. COPPA and Signaling
1 https://www.huntonprivacyblog.com/2013/12/articles/another-california-based-mobile-app-developer-settles-new-jersey-ags-office-child-privacy-violation-allegations/2. http://thehill.com/blogs/regwatch/1465-pending-regs/277507-ftc-hands-down-new-online-privacy-rules-for-children#ixzz2IAiStTnO3. https://techatftc.wordpress.com/2013/01/02/coppa-and-signaling/
13
California1. Guidelines to Healthcare Industry on Medical
Identity Theft2. California Amends Online Privacy Policy Law to Require
Tracking Disclosures – AB3703. California Expands Online Privacy Law to Bolster
Protection for Minors – AB 5684. New hope for Do Not Track as California enacts ad
disclosure law
1. https://www.privacyassociation.org/resource_center/guidelines_to_healthcare_industry_on_medical_identity_theft 2. http://www.huntonprivacyblog.com/2013/09/articles/california-amends-online-privacy-policy-law-to-require-tracking-disclosures/3 http://www.huntonprivacyblog.com/2013/09/articles/california-expands-online-privacy-law-to-bolster-protection-for-minors/ 4. http://www.theverge.com/2013/9/30/4789078/new-hope-for-do-not-track-as-california-enacts-ad-disclosure-law
14
Social Media1. Yahoo Sued for Eavesdropping on E-Mail Communications
With Non-Yahoo Users2. Facebook Hit With New Privacy Lawsuit Over Message
Scanning3. Google Accused in Suit Again of Violating Privacy Policy 4. Facebook, Zynga Users Try to Revive Privacy Claims on
Appeal5. Court Grants Final Approval To Class Action Settlement Over
AOL's 2006 Anonymization Failure; Big Data Precursor Settles For Millions
1. http://www.bna.com/yahoo-sued-eavesdropping-n17179877668/ 2. http://www.mediapost.com/publications/article/218023/facebook-hit-with-new-privacy-lawsuit-over-message.html 3 http://www.bloomberg.com/news/2014-01-17/google-violated-privacy-policy-users-say-in-new-complaint-1-.html4http://www.businessweek.com/news/2014-01-17/facebook-zynga-users-seek-to-revive-privacy-claims-on-appeal5http://www.mondaq.com/unitedstates/x/243962/Data+Protection+Privacy/Court+Grants+Final+Approval+To+Class+Action+Settlement+Over+AOLs+2006+Anonymization+Failure+Big+Data+Precursor+Settles+For+Millions
15
The Internet of Things1. Most People Are Cool with 'Smart Toilets' That
Share Their Personal Data2. LG promises firmware update will fix smart TV
privacy snafu3. Can We Adapt to the Internet of Things? 4. Smart Homes: Our Next Digital Privacy Nightmare 5. Disruptions: At Odds Over Privacy Challenges of
Wearable Computing2. http://crave.cnet.co.uk/televisions/lg-promises-firmware-update-will-fix-smart-tv-privacy-snafu-50012828/3 https://www.privacyassociation.org/privacy_perspectives/post/can_we_adapt_to_the_internet_of_things 4 http://readwrite.com/2013/03/18/smart-homes-our-next-digital-privacy-nightmare5 http://bits.blogs.nytimes.com/2013/05/26/disruptions-at-odds-over-privacy-challenges-of-wearable-computing/
16
Health Care1. The spread of mobile telephones opens new possibilities for
delivering healthcare services cheaply and effectively to more people, but data privacy rules have failed to keep pace LG promises firmware update will fix smart TV privacy snafu
2. FDA Issues Guidance on Medical Device Cybersecurity Smart Homes: Our Next Digital Privacy Nightmare
3. Online Campaign For 23andMe Violated Ad Privacy Code, BBB Says
4. Poking Holes in Genetic Privacy5. Accord Aims to Create Trove of Genetic Data
1. http://www.trust.org/item/20130625074016-vba1w/?source=hpeditorial2. https://www.privacyassociation.org/privacy_tracker/post/fda_issues_guidance_on_medical_device_cybersecurity 3 http://www.mediapost.com/publications/article/213917/online-campaign-for-23andme-violates-ad-privacy-co.html4 http://www.nytimes.com/2013/06/18/science/poking-holes-in-the-privacy-of-dna.html?pagewanted=all&_r=0 5 http://www.nytimes.com/2013/06/06/health/global-partners-agree-on-sharing-trove-of-genetic-data.html?pagewanted=all&_r=2&%27&
17
HIPAA1. Court ruling in lost PHI case muddies HIPAA waters
– lost encrypted hard drive w/o confirmation of access
2. HHS Releases Model Notices of Privacy Practices 3. HIPAA omnibus changes to notice of privacy
practices for PHI4. HHS Issues Final HIPAA Omnibus Rule 5. HIPAA Update Tightens Data Breach Liability Risks
for IT Companies1 http://www.mhealthnews.com/news/court-ruling-lost-phi-case-muddies-hipaa-waters2. http://www.huntonprivacyblog.com/2013/09/articles/hhs-releases-model-notices-of-privacy-practices/3 http://healthitsecurity.com/2013/05/21/hipaa-omnibus-changes-to-notice-of-privacy-practices-for-phi/4 https://www.privacyassociation.org/publications/2012_01_18_hhs_issues_final_hipaa_omnibus_rule5 http://www.eweek.com/security/hipaa-update-tightens-data-breach-liability-risks-for-it-companies/
18
DNA1. Privacy Experts: Supreme Court Ruling on DNA
Swabs Could Lead to Big Brother Scenario HHS Releases Model Notices of Privacy Practices
2. Police can collect DNA from arrestees, court says HHS Issues Final HIPAA Omnibus Rule
1 http://www.usnews.com/news/articles/2013/06/04/privacy-experts-supreme-court-ruling-on-dna-swabs-could-lead-to-big-brother-scenario2. http://www.boston.com/news/nation/washington/2013/06/03/court-police-can-take-dna-swabs-from-arrestees/ydXPxGEPtmmYwo2B2n0wrK/story.html
19
HR1. BYOD Became the 'New Normal' in 2013HHS
Releases Model Notices of Privacy Practices 2. Layoffs, terminations, resignations -- here's how not
to get burned when employees leave with their devices HHS Issues Final HIPAA Omnibus Rule
3. Is there a BYOD escape clause at your company?4. Bosses May Use Social Media to Discriminate
Against Job Seekers
1 http://news.idg.no/cw/art.cfm?id=7CF46A2C-ACCB-44BD-D80C82196E2CA87E2. http://www.infoworld.com/d/consumerization-of-it/byod-blues-what-do-when-employees-leave-2209933 http://www.zdnet.com/is-there-a-byod-escape-clause-at-your-company-7000013616/4 http://online.wsj.com/news/articles/SB10001424052702303755504579208304255139392?tesla=y
20
Litigation1. HTC America Settles FTC Charges It Failed to Secure Millions
of Mobile Devices Shipped to Consumers - settlement requires HTC America to develop and release software patches to fix vulnerabilities found in millions of HTC devices.
2. Remember When Path Stole All Of Its Users Contacts? App to Pay FTC $800,000. – data collection
3. Netflix Finalizes $9 Million Privacy Settlement - requires Netflix to stop linking former subscribers' names with their movie-viewing history
4. Obama Signs Netflix-Backed Amendment to Video Privacy Law
5. SCOTUS to hear phone search case –cellphone w/o warrant1 http://ftc.gov/opa/2013/02/htc.shtm2. http://blogs.forbes.com/kashmirhill/3 http://www.mediapost.com/publications/article/196486/netflix-finalizes-9-million-privacy-settlement.html#ixzz2OUCjm3Bf4 http://news.cnet.com/8301-1023_3-57563408-93/obama-signs-netflix-backed-amendment-to-video-privacy-law/5 http://www.politico.com/story/2014/01/supreme-court-cellphone-search-cases-102329.html#ixzz2rjVAayY6
21
Regulatory Actions1. The SEC’s Cybersecurity Guidelines: A Potential Game-
Changer for How Companies Disclose Risks of Cybersecurity Breaches
2. FTC Settles with Twelve Companies Falsely Claiming to Comply with International Safe Harbor Privacy Framework
3. FTC v. Wyndham: Round4. Aaron's Rent-To-Own Chain Settles FTC Charges That it
Enabled Computer Spying by Franchisees5. FTC Staff Revises Online Advertising Disclosure Guidelines1 https://www.privacyassociation.org/publications/2013_01_22_the_secs_cybersecurity_guidelines_a_potential_game_changer_for2. http://www.ftc.gov/news-events/press-releases/2014/01/ftc-settles-twelve-companies-falsely-claiming-comply3 https://www.privacyassociation.org/publications/ftc_v._wyndham_round_one4 http://www.ftc.gov/opa/2013/10/aarons.shtm5 http://www.ftc.gov/opa/2013/03/dotcom.shtm
22
Regulatory Actions-FCRA1. TeleCheck to Pay $3.5 Million for Fair Credit
Reporting Act Violations 2. FTC Settlement Targets Mobile App Background
Checks 3. Kmart Settles FCRA Class Action for $3 Million 4. FTC Settlement Targets Mobile App Background
Checks 1 http://www.ftc.gov/news-events/press-releases/2014/01/telecheck-pay-35-million-fair-credit-reporting-act-violations2. http://www.huntonprivacyblog.com/2013/01/articles/ftc-settlement-targets-mobile-app-background-checks/#more-38653 http://www.huntonprivacyblog.com/2013/02/articles/kmart-settles-fcra-class-action-for-3-million/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PrivacyInformationSecurityLawBlog+%28Privacy+%26+Information+Security+Law+Blog%294 .http://www.huntonprivacyblog.com/2013/01/articles/ftc-settlement-targets-mobile-app-background-checks/#more-3865
23
Regulatory Actions - FCC1. Federal Court Rules All Debt-Collection Calls Exempt
from TCPA2. Reminder: October 16 Is the Effective Date for the FCC’s
Written Consent Rule for Prerecorded Telemarketing Calls and Autodialed Telemarketing to Cellphones
3. Robocalling and Wireless Numbers: Understanding the Regulatory Landscape
4. FCC cites robocallers for illegal campaign calls to cellphones
1 http://www.insidearm.com/daily/debt-collection-news/debt-collection/federal-court-rules-all-debt-collection-calls-exempt-from-tcpa/2. http://www.privacyandsecuritymatters.com/2013/10/reminder-october-16-is-the-effective-date-for-the-fccs-written-consent-rule-for-prerecorded-telemarketing-calls-and-autodialed-telemarketing-to-cellphones/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+PrivacyAndSecurityMattersBlog+%28Privacy+and+Security+Matters+Blog%293 http://apps.americanbar.org/buslaw/blt/content/2013/05/article-01-smith.shtml?goback=.gde_1243587_member_246503759 4http://www.washingtonpost.com/business/technology/fcc-cites-robocallers-for-illegal-campaign-messages-to-cellphones/2013/03/15/f0014f32-8dac-11e2-9838-d62f083ba93f_story.html
24
Drones-States-FAA1. FAA Issues Privacy Rules for Drone Sites2. FBI Uses Drones in Domestic Surveillance, Mueller
Says3. Can state laws protect you from being watched by
drones4. Idaho restricts drone use by police agencies amid
privacy concerns FTC Staff Revises Online Advertising Disclosure Guidelines
1 http://www.courthousenews.com/2013/11/20/63093.htm2. http://www.bloomberg.com/news/2013-06-19/fbi-uses-drones-in-domestic-sureillance-mueller-says.html 3 http://www.washingtonpost.com/blogs/wonkblog/wp/2013/06/18/can-state-laws-protect-you-from-being-watched-by-drones/ 4 http://www.chicagotribune.com/news/sns-rt-us-usa-drones-idahobre93b03s-20130411,0,1216395.story
25
Motor Vehicles1. AAA urges 'consumer rights' to protect car data2. Feds: No Warrant Needed to Track Your Car With a
GPS Device3. Car Black Boxes: Privacy Nightmare or a Safety
Measure?4. Privacy and the Car of the Future: Cars Talking to
Each Other and to Infrastructure
1 http://www.usatoday.com/story/driveon/2014/01/21/aaa-car-data/4727723/2. http://www.wired.com/threatlevel/2013/03/gps-warrant-requirement/3. http://www.latimes.com/business/autos/la-fi-hy-advocates-say-car-black-boxes-could-become-a-privacy-nightmare-20130215,0,5120489.story4 http://blogs.computerworld.com/privacy/21571/privacy-and-car-future-cars-talking-each-other-and-infrastructure
26
International1. Google/Mosley case a reminder to review your
online privacy policies2. Google Fined $1.2 Million by Spain’s Privacy
Watchdog 3. THE NETHERLANDS—Dutch DPA Gets Power To Fine1 http://www.techrepublic.com/blog/web-designer/google-mosley-case-a-reminder-to-review-your-online-privacy-policies/2. http://www.bloomberg.com/news/2013-12-19/google-fined-1-2-million-by-spain-s-privacy-watchdog.html3 https://www.privacyassociation.org/publications/the_netherlands_dutch_dpa_gets_power_to_fine
27
International1. New EU rules to curb transfer of data to US after
Edward Snowden revelations2. U.S. to EU: Don’t scapegoat Safe Harbor over NSA3. Commission Gives U.S. 13 Ways To Save Safe Harbor4. The Plain Truth About Safe Harbor5. Treacherous Waters: What the World Would Look
Like Without Safe Harbor
1 http://www.theguardian.com/world/2013/oct/17/eu-rules-data-us-edward-snowden2. http://www.politico.com/story/2013/11/us-european-union-safe-harbor-nsa-99495.html#ixzz2l80LoWxs3 https://www.privacyassociation.org/publications/commission_gives_u.s._13_ways_to_save_safe_harbor14. https://www.privacyassociation.org/privacy_perspectives/post/the_plain_truth_about_safe_harbor5. https://www.privacyassociation.org/privacy_tracker/post/treacherous_waters_what_the_world_would_look_like_without_safe_harbor
28
International - Cookies1. French Data Protection Authority Issues Guidance
on Cookie Consent and Expiration2. Cookie-replacement tracking technology would be
subject to same 'cookie law' rules, says ICO3. Italian DPA Releases Rules on Spam and
Viral Marketing4. A Guide to the Spanish Cookie Guidance5. Informed users’ default browser settings can signal
consent to cookies in Poland 1 https://www.huntonprivacyblog.com/2013/12/articles/french-data-protection-authority-issues-guidance-cookie-consent-expiration/2. http://www.out-law.com/en/articles/2013/november/cookie-replacement-tracking-technology-would-be-subject-to-same-cookie-law-rules-says-ico/3 https://www.privacyassociation.org/publications/italy_italian_dpa_releases_rules_on_spam_and_viral_marketing4. https://www.privacyassociation.org/publications/a_guide_to_the_spanish_cookie_guidance5. http://www.out-law.com/en/articles/2013/april/informed-users-default-browser-settings-can-signal-consent-to-cookies-in-poland-/
29
International - China1. Peoples Bank of China Issues Administrative
Measures for Credit Reference Agencies2. State Post Bureau of China Releases Draft
Normative Rules Involving Personal Information Protection for Public Comment
3. Recent Data Breach Events in China4. Evolving Chinese Regulations Both Expand and
Restrict Access to Corporate Information5. China to Enforce First Privacy Protection Standard1 https://www.huntonprivacyblog.com/2013/12/articles/peoples-bank-china-issues-administrative-measures-credit-reference-agencies/2. https://www.huntonprivacyblog.com/2013/12/articles/state-post-bureau-china-releases-draft-normative-rules-involving-personal-information-protection-public-comment/3 https://www.huntonprivacyblog.com/2013/12/articles/recent-data-breach-events-china/4. http://www.huntonprivacyblog.com/2013/09/articles/evolving-chinese-regulations-both-expand-and-restrict-access-to-corporate-information/5. http://news.xinhuanet.com/english/china/2013-01/21/c_132117408.htm
30
International - Asia1. Malaysian Data Protection Law Takes Effect2. Malaysia's Data Privacy Act Slow to Take Off3. New data protection guidelines issued for
businesses operating in Singapore
1 https://www.huntonprivacyblog.com/2013/11/articles/malaysian-data-protection-law-takes-effect/2. http://www.zdnet.com/my/malaysias-data-privacy-act-slow-to-take-off-7000010827/3 http://www.out-law.com/en/articles/2013/september/new-data-protection-guidelines-issued-for-businesses-operating-in-singapore-/
31
International1. South Africa: The Protection Of Personal
Information Bill – Time To Comply! 2. UN advances Internet privacy resolution3. OECD Issues Updated Privacy Guidelines4. Germany Lobbies for UN Online Privacy Charter5. House Creates Privacy Working Group
1http://www.mondaq.com/x/264480/Data%20Protection%20Privacy/The%20Protection%20of%20Personal%20Information%20Bill%20time%20to%20comply2. http://www.miamiherald.com/2013/11/26/3780690/un-advances-internet-privacy-rights.html#storylink=cpy3 http://www.huntonprivacyblog.com/2013/09/articles/oecd-issues-updated-privacy-guidelines/4. http://abcnews.go.com/Technology/wireStory/germany-lobbies-online-privacy-charter-197563245. http://www.broadcastingcable.com/article/494855-House_Creates_Privacy_Working_Group.php
32
top related