Policy Implications: Privacy, Security and Liability Big Data in Telecom. June TIA 2012: INSIDE THE NETWORK Dallas TX

Transcription

1 Policy Implications: Privacy, Security and Liability Big Data in Telecom June TIA 2012: INSIDE THE NETWORK Dallas TX

2 Who We Are Leading trade association in support of information and communications technology (ICT) Approx. 500 member companies TIA Members Goals Drive broadband deployment and adoption Facilitate spread of ICT Backbone of broadband industry Supply products and services used in provision of broadband and broadband-enabled applications

3 Privacy & Security Distinguish between the two concerns Privacy Intentional use of personal information Security- Protecting personal information from unauthorized use.

4 Security Breach Notification Laws CA law: a state agency, or a person or business that conducts business in California, that owns or licenses computerized data that includes personal information, as defined, to disclose in specified ways, any breach of the security of the data, as defined, to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person 46 states have breach notification law: Most follow the basic tenets of California's original law: Companies must immediately disclose a data breach to customers, usually in writing. Some states have considered third party liability

5 OECD Privacy Principles Notice data subjects should be given notice when their data is being collected; Purpose data should only be used for the purpose stated and not for any other purposes; Consent data should not be disclosed without the data subject s consent; Security collected data should be kept secure from any potential abuses; Disclosure data subjects should be informed as to who is collecting their data; Access data subjects should be allowed to access their data and make corrections to any inaccurate data; and Accountability data subjects should have a method available to them to hold data collectors accountable for following the above principles

6 US PRIVACY RULES There is no single source of privacy law in the U.S. Existing privacy laws have generally focused on regulating the use of sensitive information, rather than attempting to dictate how consumer records are maintained.

7 Major US Sector Laws Focused on Sensitive Use: Telecom Customer Information (CPNI) Health Insurance Portability and Accountability Act (HIPAA). Fair Credit Reporting (FCRA) Children's Online Privacy Protection (COPA) Buckley Amendment (FERPA) Video Privacy Protection (VPPA)

8 Federal Trade Commission The FTC, ( Federal Trade Commission Act, 15 U.S.C. 45) provides general oversight for much of the collection, use, and sharing of consumer information for most businesses through application of Section 5 of the FTC Act, which prohibits unfair or deceptive acts or practices.

9 FTC s Role Voluntary Privacy Commitment are Enforceable Company Privacy Policies Industry Self-regulation Network Advertising Initiative Online Privacy Alliance Mobile Marketing Association Code of Conduct Self-Regulatory Principles for Online Behavioral Advertising Best Practices and Guidelines for Location- Based Services. Mobile Privacy Principles

10 EU Data Protection Directive Personal data are defined as "any information relating to an identified or identifiable natural person. This definition is meant to be very broad. Data processing limited to: a) legitimate interests, b) purpose for which the data are disclosed, c) Data subject has access right to access him d) Limitation on data retention

11 EU Privacy Rule & US Personal data may only be transferred to third countries if that country provides an adequate level of protection. Some exceptions to this rule are provided, for instance when the controller himself can guarantee that the recipient will comply with the data protection rules.

12 Chief Privacy Officers A senior level executive within a business or organization who is responsible for managing the risks and business impacts of privacy laws and policies. The CPO position is relatively new and was created to respond to both consumer concern over the use of personal information, including medical data and financial information, and laws and regulations. Helps organizations anticipate privacy problems

13 Contact Information Mark Uncapher, Director, Regulatory and Government Affairs TIA