Embed Size (px)
Citation preview
1
Changing Face of Privacy in 2012
October 15, 20124:30
Vanessa Taylor, CIPP/USRisk & Compliance Manager
NASBA
1
Key Points
• PII Defined: Changing Face of Privacy
• Drivers of Change
• Challenges/Opportunities
• Education, Training & Awareness
• Summary for GRC
October 2012 Vanessa Taylor, CIPP/US - Risk & Compliance NASBA 2
2
What is “Privacy” to You?
October 2012 3Vanessa Taylor, CIPP/US - Risk & Compliance NASBA
Privacy Definition
• Webster – “freedom from unauthorized intrusion”
• Wikipedia – “the ability of an individual or group to seclude themselves or information about themselves”
• 50+ Laws/50+ Countries
• IAPP Analysis of Statutory Definitions (2011)– Source: The Changing Meaning of “Personal Data”
by William Baker & Anthony Matyjaszewski
October 2012 4Vanessa Taylor, CIPP/US - Risk & Compliance NASBA
3
Drivers Of Change
October 2012 5Vanessa Taylor, CIPP/US - Risk & Compliance NASBA
Drivers of Change
October 2012 6Vanessa Taylor, CIPP/US - Risk & Compliance NASBA
4
Drivers of Change
October 2012 7Vanessa Taylor, CIPP/US - Risk & Compliance NASBA
Drivers of Change
October 2012 Vanessa Taylor, CIPP/US - Risk & Compliance NASBA 8
5
Drivers of Change
October 2012 9Vanessa Taylor, CIPP/US - Risk & Compliance NASBA
10
6
www.theinternetofthings.eu
October 2012 11Vanessa Taylor, CIPP/US - Risk & Compliance NASBA
October 2012 12Vanessa Taylor, CIPP/US - Risk & Compliance NASBA
7
From 2011 to 2020
• Cisco predicts by 2020 there will be 50 billion “things” connected.
Cisco Infographic –Inventorspot
• Intel predicts by 2020 there will be 31 billion “things” connected.
Intel Infographic –BitRebels
October 2012 13Vanessa Taylor, CIPP/US - Risk & Compliance NASBA
October 2012 Vanessa Taylor, CIPP/US - Risk & Compliance NASBA 14
Challenges/Opportunities
8
Total breaches reported as of October 9, 2012:
324
Total reported records exposed:
9,429,809
October 2012 Vanessa Taylor, CIPP/US - Risk & Compliance NASBA 15
Challenges/Opportunities
Credit: Identity Theft Resource Center
Challenges/Opportunities
Source: www.identitytheft.info as of October 11, 2012
Source: Carnegie Mellon Cylab
October 2012 Vanessa Taylor, CIPP/US - Risk & Compliance NASBA 16
9
October 2012 Vanessa Taylor, CIPP/US - Risk & Compliance NASBA 17
Challenges/Opportunities
Global Payments – 1.5 Million Consumers
Yahoo – 400k passwords
Wyndham – 600,00 Credit Card Numbers
LinkedIn – 6.5 Million Passwords
Zappos – 24M People Colleges – UNC, Nebraska, Tampa, and more
Healthcare – Utah, Emory, SC, Howard, St Joseph, Memorial, Kansas, Arkansas, and more
Vanessa Taylor, CIPP/US - Risk & Compliance NASBA 18
10
Privacy & GRC
• Questions/Answers:
– Why? (reasons, risks, requirements)
– Who? (organization involvement)
– What? (what could go wrong?)
– How Much? (dollars, resources, time, etc.)
• Education, Awareness, Communication
• Monitoring
October 2012 19Vanessa Taylor, CIPP/US - Risk & Compliance NASBA
October 2012 Vanessa Taylor, CIPP/US - Risk & Compliance NASBA 20
11
October 2012 Vanessa Taylor, CIPP/US - Risk & Compliance NASBA 21
ManagersSupport Personnel
Directors
Executives
Entry Level
IT
HR
Finance
Ops
Mkt
October 2012 Vanessa Taylor, CIPP/US - Risk & Compliance NASBA 22
12
How Much?
October 2012 Vanessa Taylor, CIPP/US - Risk & Compliance NASBA 23
Take Action/Plan
October 2012 Vanessa Taylor, CIPP/US - Risk & Compliance NASBA 24
13
Education/Awareness
October 2012 Vanessa Taylor, CIPP/US - Risk & Compliance NASBA 25
Privacy GRC
From OCEG article “Moving Privacy from In Place to Enhanced”
– “…Privacy must be run like a business.”
– Efforts must be “Formalized, repeatable, and monitored.”
– “…incrementally improve [in order to] keep up with increasingly complex and pervasive rules and risks that affect use of personal information…”
October 2012 Vanessa Taylor, CIPP/US - Risk & Compliance NASBA 26
14
Questions
Vanessa Taylor
Risk & Compliance
NASBA
October 2012 27
Sources• IAPP – www.privacyassociation.org
• Privacy by Design – privacybydesign.ca
• Privacy Rights Clearinghouse – www.privacyrights.org
• Internet Security Alliance
• Panda Security – The Cyber‐crime Black Market – www.pandasecurity.com
• Federal Trade Commission – www.ftc.gov
• Internet Crime Complaint Center – www.ic3.gov
• Internet of Things – www.theinternetofthings.eu
• PCI Security Standards Council – www.pcisecuritystandards.org
• Open Compliance & Ethics Group – www.oceg.org
• www.reputation.com
• www.privacyguidance.com/eTips.html
• www.informationshield.com/intprivacylaws.html
• Statistics
– www.datalossdb.org
– http://www.identitytheft.info/
– http://www.idtheftcenter.org/artman2/publish/lib_survey/Breaches_2012.shtml
– www.cylab.cmu.edu
October 2012 Vanessa Taylor, CIPP/US - Risk & Compliance NASBA 28
15
Articles• http://www.infosecisland.com/blogview/21513‐How‐Mobile‐Apps‐are‐Invading‐Your‐
Privacy‐An‐Infographic.html
• http://www.youtube.com/watch?v=cvDFHgTHth0
• http://www.cmswire.com/cms/social‐business/social‐media‐sees‐enterprise‐growth‐lacks‐policies‐013580.php
• http://mashable.com/2011/01/20/black‐hat‐hacking‐stats/
• http://mashable.com/2012/01/10/facebook‐profile‐safety/
• http://www.networkworld.com/community/node/73842
• http://www.networkworld.com/community/blog/eff‐americans‐may‐not‐realize‐it‐many‐are‐face‐recognition‐database‐now
• http://www.oceg.org/resource/privacy‐and‐grc‐technology
• http://www.crn.com/slide‐shows/security/240004223/the‐biggest‐data‐breaches‐of‐2012‐so‐far.htm;jsessionid=rpekNtbUQwnM5tsrF3x9Yw**.ecappj01?pgno=1
• http://www.nytimes.com/2012/08/12/sunday‐review/bruce‐schneier‐an‐avatar‐of‐digital‐distrust.html?_r=2
• http://www.marketplace.org/topics/tech/buying‐coffee‐and‐giving‐some‐privacy
• http://tech.fortune.cnn.com/2012/08/01/iphone/
• http://web.townsendsecurity.com/bid/58669/Protecting‐PII‐Passwords‐Bank‐Accounts‐and‐Email‐Addresses?utm_source=Townsend+Security&utm_campaign=56a1315f64‐August_2012_Newsletter8_13_2012&utm_medium=email
October 2012 Vanessa Taylor, CIPP/US - Risk & Compliance NASBA 29
