Policy Implications: Privacy, Security and Liability Big Data in Telecom. June 7 2012 TIA 2012: INSIDE THE NETWORK Dallas TX



Similar documents
Privacy Law Basics and Best Practices

Data, Privacy, Cookies and the FTC in Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller

The Fair Credit Reporting Act (FCRA) and the Fair Debt Collection Practices Act (FDCPA)

Protecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00)

Guidelines on Data Protection. Draft. Version 3.1. Published by

Privacy Risk Assessments

BUSINESS ASSOCIATE AGREEMENT

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. rny@crlaw.com Phone: (336)

H 6191 SUBSTITUTE A AS AMENDED ======= LC02663/SUB A/2 ======= STATE OF RHODE ISLAND IN GENERAL ASSEMBLY JANUARY SESSION, A.D.

Business Associate Agreement

Introduction. Contact rate Promise rate Kept rate and payment size Regulatory compliance Sustained ability to collect - 2 -

APPENDIX A that is not acceptable. Arbitration settled by arbitration arbitration shall be held in New Jersey substantive law of New Jersey

Pulmonary Associates of Richmond, Inc. Notice of Privacy Practices Page 1 of 6

Information Security Policy

SaaS. Business Associate Agreement

RUTGERS POLICY. Responsible Office: RBHS Office of Ethics, Compliance & Corporate Integrity

(1) regulate the storage, retention, transmission, and security measures for credit card, debit card, and other payment-related data;

Business Associate Agreement

HIPAA Business Associate Contract. Definitions

The HR Skinny: Effectively managing international employee data flows

Online Lead Generation: Data Security Best Practices

Department of Defense DIRECTIVE

Regulatory Update with a Touch of HIPAA

PRIVACY AND INFORMATION SECURITY INCIDENT REPORTING

2015 NMSBA SCHOOL LAW CONFERENCE

Article 29 Working Party Issues Opinion on Cloud Computing

BUSINESS ASSOCIATE AGREEMENT BETWEEN AND COMMISSION ON ACCREDITATION, AMERICAN PSYCHOLOGICAL ASSOCIATION

THE CITY UNIVERSITY OF NEW YORK FERPA RELEASE FORM PERMISSION FOR ACCESS TO EDUCATIONAL RECORDS

Notice of Privacy Practices. Human Resources Division Employees Benefits Section

BUSINESS ASSOCIATE AGREEMENT

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

Global Privacy Japan Sets its Rules for Personal Data

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) BUSINESS ASSOCIATE AGREEMENT

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN

California State University, Sacramento INFORMATION SECURITY PROGRAM

Health Sciences Compliance Plan

HIPAA BUSINESS ASSOCIATE AGREEMENT

Data Breach Reporting: Summary of Governing Bodies with Reporting Requirements in the United States

Re: Big Data Request for Information

There are three sections to HIPAA the Privacy Rule, the Security Rule, and the Transaction Rule.

May 2 1,2009. Re: DHS Data Privacy and Integrity Advisory Committee White Paper on DHS Information Sharing and Access Agreements

Merthyr Tydfil County Borough Council. Data Protection Policy

IAPP PRIVACY ACADEMY

BUSINESS ASSOCIATE ADDENDUM

S 0134 SUBSTITUTE B ======== LC000486/SUB B/2 ======== S T A T E O F R H O D E I S L A N D

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

ACCG Identity Theft Prevention Program. ACCG 50 Hurt Plaza, Suite 1000 Atlanta, Georgia (404) (404)

River Valley Therapy & Sports Medicine, Inc. Notice of Privacy Practices

Genworth Life Insurance Company Genworth Life Insurance Company of New York NOTICE OF PRIVACY PRACTICES

SUBJECT: Identity Theft / Patient Misidentification POLICY NUMBER: Page 1 of 16 GENERATED BY: Integrity Compliance Office APPROVED BY:

GENOA, a QoL HEALTHCARE COMPANY, LLC WEBSITE PRIVACY POLICY

Notice of Privacy Practices

How To Respond To The Nti'S Request For Comment On Big Data And Privacy

Privacy Impact Assessment

Accounting for Disclosure Requirements Summary of Changes Included in the Proposed Rule 76 Federal Register May 31, 2011

M&T BANK CANADIAN PRIVACY POLICY

HIPAA Privacy and Security Rules: A Refresher. Marilyn Freeman, RHIA California Area HIPAA Coordinator California Area HIM Consultant

NOTICE OF PRIVACY PRACTICES

BUSINESS ASSOCIATE AGREEMENT ( BAA )

Transcription:

Policy Implications: Privacy, Security and Liability Big Data in Telecom June 7 2012 TIA 2012: INSIDE THE NETWORK Dallas TX

Who We Are Leading trade association in support of information and communications technology (ICT) Approx. 500 member companies TIA Members Goals Drive broadband deployment and adoption Facilitate spread of ICT Backbone of broadband industry Supply products and services used in provision of broadband and broadband-enabled applications

Privacy & Security Distinguish between the two concerns Privacy Intentional use of personal information Security- Protecting personal information from unauthorized use.

Security Breach Notification Laws CA law: a state agency, or a person or business that conducts business in California, that owns or licenses computerized data that includes personal information, as defined, to disclose in specified ways, any breach of the security of the data, as defined, to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person 46 states have breach notification law: Most follow the basic tenets of California's original law: Companies must immediately disclose a data breach to customers, usually in writing. http://www.ncsl.org/issues-research/telecom/security-breachnotification-laws.aspx Some states have considered third party liability

OECD Privacy Principles Notice data subjects should be given notice when their data is being collected; Purpose data should only be used for the purpose stated and not for any other purposes; Consent data should not be disclosed without the data subject s consent; Security collected data should be kept secure from any potential abuses; Disclosure data subjects should be informed as to who is collecting their data; Access data subjects should be allowed to access their data and make corrections to any inaccurate data; and Accountability data subjects should have a method available to them to hold data collectors accountable for following the above principles

US PRIVACY RULES There is no single source of privacy law in the U.S. Existing privacy laws have generally focused on regulating the use of sensitive information, rather than attempting to dictate how consumer records are maintained.

Major US Sector Laws Focused on Sensitive Use: Telecom Customer Information (CPNI) Health Insurance Portability and Accountability Act (HIPAA). Fair Credit Reporting (FCRA) Children's Online Privacy Protection (COPA) Buckley Amendment (FERPA) Video Privacy Protection (VPPA)

Federal Trade Commission The FTC, ( Federal Trade Commission Act, 15 U.S.C. 45) provides general oversight for much of the collection, use, and sharing of consumer information for most businesses through application of Section 5 of the FTC Act, which prohibits unfair or deceptive acts or practices.

FTC s Role Voluntary Privacy Commitment are Enforceable Company Privacy Policies Industry Self-regulation Network Advertising Initiative Online Privacy Alliance Mobile Marketing Association Code of Conduct Self-Regulatory Principles for Online Behavioral Advertising Best Practices and Guidelines for Location- Based Services. Mobile Privacy Principles

EU Data Protection Directive Personal data are defined as "any information relating to an identified or identifiable natural person. This definition is meant to be very broad. Data processing limited to: a) legitimate interests, b) purpose for which the data are disclosed, c) Data subject has access right to access him d) Limitation on data retention

EU Privacy Rule & US Personal data may only be transferred to third countries if that country provides an adequate level of protection. Some exceptions to this rule are provided, for instance when the controller himself can guarantee that the recipient will comply with the data protection rules.

Chief Privacy Officers A senior level executive within a business or organization who is responsible for managing the risks and business impacts of privacy laws and policies. The CPO position is relatively new and was created to respond to both consumer concern over the use of personal information, including medical data and financial information, and laws and regulations. Helps organizations anticipate privacy problems

Contact Information Mark Uncapher, Director, Regulatory and Government Affairs TIA 202.346.3244 muncapher@tiaonline.org

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information