Embed Size (px)
DESCRIPTION
U.S. Rules on Privacy and Data Security. Organization for International Investment General Counsel Conference October 16, 2009. FTC Overview. Broad consumer protection mandate Section 5 of the FTC Act prohibits “unfair or deceptive acts or practices in or affecting commerce” - PowerPoint PPT Presentation
Citation preview
Federal Trade Commission
U.S. Rules on Privacy and Data Security
Organization for International Investment
General Counsel Conference
October 16, 2009
FTC Overview Broad consumer protection mandate
• Section 5 of the FTC Act prohibits “unfair or deceptive acts or practices in or affecting commerce”
• Jurisdiction over a wide variety of entities (excluding banks, common carriers, and non-profits)
Privacy and data security a major consumer protection priority
FTC Overview Multi-pronged approach for protecting
consumers:• Law enforcement• Outreach to consumers and
businesses• Policy initiatives, including working
with industry to establish meaningful self-regulatory standards
FTC Enforcement Standard is reasonableness Process-oriented approach that
emphasizes identifying and mitigating risks
There is no one size fits all solution – take into account the size and complexity of the business operations and the sensitivity of the information at stake
Outsourcing Businesses subject to U.S. laws that
outsource personal information retain responsibility for ensuring that there are reasonable procedures in place to safeguard that information.• This responsibility is the same whether the
service provider is located within the U.S. or offshore.
Self-regulation Recent examples:
• Online behavioral advertising principles
• Self-regulatory initiative in APEC region to establish a framework for ensuring accountability for cross-border data transfers
Case study: Cloud Computing NIST definition:
“a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”
Case study: Cloud Computing
Consumer uses of cloud computing:• Email, social networking, online
gaming, shopping Growing enterprise use of cloud
computing:• Software as a service, platform as a
service, infrastructure as a service• Private clouds, public clouds, hybrid
clouds, community clouds
Case study: Cloud Computing
Legal issues:• Compliance with various data security
laws (GLB, HIPAA, state breach notification laws)
• Due diligence and oversight of service providers
• Contractual issues over data, security issues
FTC Privacy Roundtables Series of day-long public roundtables
to explore privacy challenges posed by new technologies and business practices• First roundtable: December 7, 2009
Washington, D.C. Topics to be explored include online
behavioral advertising and cloud computing
