Cloud Privacy Update: What You Need to Know
-
Upload
act-on-software -
Category
Documents
-
view
78 -
download
1
Transcript of Cloud Privacy Update: What You Need to Know
Cloud Privacy Update:
What You Need To Know
David Fowler
July 24, 2012
Proprietary & Confidential
David FowlerChief Privacy & Deliverability Officer@ActOnSoftware
#AOWEB
Today’s Agenda
Data Breach Updates for 2012
How to Protect Your Brand
Commercial Email: State of the State
Reputation Resources: Tools You Can Use
Privacy Bill of Rights
Wrap Up
Proprietary & Confidential 3
Not a day seems to go by without an
announcement of a brand and a recent
data compromise.
Will yours be next?
Proprietary & Confidential 4
Q: $6.5 Billion
A: Data breach impact to U.S.
businesses
Proprietary & Confidential 5
Source: OTA
2011 Data Breach Highlights
558 breaches
126 million records
76% server exploits
92% avoidable
$318 cost per record
$7.2 million average cost of each breach
$6.5 billion impact to U.S. businesses
© 2012 All rights reserved. Online Trust Alliance (OTA)
Source: OTA
What do they have in common?
© 2012 All rights reserved. Online Trust Alliance (OTA)
© 2012 All rights reserved. Online Trust Alliance (OTA)
Why Care?
“We have spent over 12 years building
our reputation and trust. It is painful to
see us take so many steps back due to a
single incident.”
Zappos CEO, Tony Hsieh
© 2012 All rights reserved. Online Trust Alliance (OTA)
Why Care?
What has changed? Data driven economy – “Big Data”
Multi-Channel & blurring of on & off-line data
Evolving definitions of PII and coverage information
Complexity and dynamic regulatory environment
Reliance of service providers & cloud services
Shift from a PC centric to users with multiple devices
Increased sophistication of the cyber-criminal
© 2012 All rights reserved. Online Trust Alliance (OTA)
Data breaches, what are they after?
Organizations who store large amounts of customer data
are attractive targets for identity thieves
Data is the new currency for the dark side
Thieves target personal, financial and other PII:
Names and Addresses
Phone Number
Email Address
Social Security Numbers
Bank Account Numbers
Credit and Debit Card Numbers
Account Passwords
Security Questions and Answers
Proprietary & Confidential 11
Source: Zeta Interactive
Data breaches, how do they work?
Attacks can take many forms Phishing
Hacking
Malware
Hardware Theft
Exploiting of Accidental Release
Data Spill, Improper Disposal of Digital Assets, Other Accidents
Thieves use stolen data to victimize customers Financial Fraud - All Forms and Types
Use of Stolen Information to Commit Additional Crimes
Money Laundering
Criminal Impersonation, Stalking and Harassment
Terrorism
Proprietary & Confidential 12
Source: Zeta Interactive
What are the privacy laws?
Federal Laws
• FTC Act
• Sarbanes-Oxley
• HIPPA / COPPA
States Laws
• Breach Notifications
• Data Encryption
• SSN Protection
Local Laws
• Wireless Networks
International Laws
• EU Data Protection Directive / UK Cookie Tracking
Professional / Trade Protocols
Proprietary & Confidential 13
Source: Zeta Interactive
What are the impacts?
Proprietary & Confidential 14
IT Security audits and scrutiny
Infrastructure changes
Marketing & Communication PR & crisis management
Brand degradation & mistrust
Legal Government regulations
Government notifications
Class action lawsuits
Source: Zeta Interactive
Data breaches affect
every aspect of the
company:
Financial
Litigation
Business loss & focus
Stock devaluation
Identity protection
services & support
PR & Marketing activity
Protect your brand.
Technical security is a critical first step
Review all your potential internal loopholes
Conduct a comprehensive risk assessment
Identify threats
Analyze potential harm
Identify reasonable mitigation
Understand the legal landscape
Implement policies and procedures consistent with above
Develop a written information security program and incident
response
Periodically review the program to guard against new and evolving threats
Require your vendors to employ best security practices
Contractual language and penalties for non compliance
Make privacy a corporate mandate for adoption
Proprietary & Confidential 15
Tools you can use.
Seek guidance from your legal teams
Consider a third-party privacy seal for compliance
Register cousin domains that look like yours
• This will protect your brand online and avoid Phishing issues
Keys to consumer trust
• Notice: Say what you are going to do and do it
• Consent: Ask for permission
• Choice: Allow your customers options
Be transparent online - don’t hide your activities
Update your privacy policy regularly
Proprietary & Confidential 16
Commercial email state of the state
Email Deliverability = Brand Management
Brand Management = Email Reputation
Good Email Reputation = Better Deliverability
Better Deliverability = Builds Consumer TRUST
Better Consumer Trust = Drives Engagement
More aggressive filter implementation on ISP level
More streamlined industry organization/cooperation
Continued legal/privacy/technology issues remain
More informed clients as access to information is available
There are still No Guarantees for delivery to any inbox
Proprietary & Confidential 17
A word on reputation
Majority of deliverability issues are based on reputation
The data that affects reputation includes:
• Email authentication implementation
• Email volumes
• Complaint rates
• Hard bounce rates
• Spam trap hits
• Consumer engagement: clicks / opens / conversions
To protect reputation:
• Monitor the sends consistently
To repair reputation:
• Fix the problems data integrity / confirmed opt-in
Proprietary & Confidential 18
Reputation resources
Proprietary & Confidential 19
The Consumers Privacy Bill of Rights
Privacy Right Definition
Individual control A right to exercise control over what personal data companies
collect and how they use it.
Transparency A right to readable and accessible information about privacy
and security practices.
Respect for Context
A right to expect that companies will collect, use and
disclosure personal data in ways consistent with the context
where data was shared.
Security A right to secure and responsible handling of personal data.
Access and Accuracy A right to access and correct personal data in usable formats,
in a manner appropriate to data sensitivity.
Focused Collection A right to reasonable limits on the personal data that
companies collect and retain.
Accountability A right to have personal data handled by companies in a
manner that complies with the Consumer Privacy Bill of Rights.
Proprietary & Confidential 20
Wrap up
Data breaches will continue to evolve
Protect your brand online
Monitor your online reputation
Be proactive not reactive for your brand
• Have a plan and execute to it
Manage internal and external expectations
• Who do you do business with and do they COMPLY?
Obey the law• Understand what’s required of you and your online presence
Your online journey will be rewarding when you invest the time and resources
Proprietary & Confidential 21
Need Help?
Sign up for a demo
www.act-on.com
References
FTC Act
http://www.ftc.gov/ogc/ftcact.shtm
FTC Dot Com Disclosures
http://business.ftc.gov/documents/bus41-dot-com-disclosures-
information-about-online-advertising
Sarbanes Oxley
http://www.soxlaw.com/
TRUSTe
www.truste.org
Proprietary & Confidential 24