the new, new thing in privacy -- five things you should consider now * *connectedthinking...
Post on 19-Dec-2015
222 Views
Preview:
TRANSCRIPT
The New, New Thing in Privacy-- Five Things You Should Consider Now*
*connectedthinking
Practitioner Roundtable at the Harvard Privacy Summer SymposiumAugust 20, 2008
PricewaterhouseCoopers Slide 2
Panelists
Lael Bellamy, Chief Counsel - IT, IP & PrivacyING Americas (formerly with The Home Depot)
Ann Waldo, Esq., Principal, Ann Waldo PLLC (formerly with Lenovo and Hoffmann-La Roche)
James Koenig, CIPP, Practice Leader, Privacy & Identity Theft, PricewaterhouseCoopers LLP, Former General Counsel, International Association of Privacy Professionals (Moderator)
Click to edit Master subtitle style
Ann Waldo, PLLC
PricewaterhouseCoopers Slide 3
Agenda
The New, New Thing in Privacy-- Five Things You Should Consider Now
PricewaterhouseCoopers Slide 4
Countdown
PricewaterhouseCoopers Slide 5
Countdown
5. Impact on Privacy Associated with a Slowdown in the Economy
PricewaterhouseCoopers Slide 6
What Directs and Trends in Down Economy
• Are Privacy and Business at a crossroad?
• Business goals versus maintenance of privacy.
PricewaterhouseCoopers Slide 7
Countdown
5. Impact on Privacy Associated with a Slowdown in the Economy
4. Global Expansion for New Markets, Operating Models
Slide 8© 2008 PricewaterhouseCoopers
Global Expansion for Business, New Markets & Operations
Key Countries with Privacy Laws
Argentina, Armenia, Australia, Austria, Bahrain, Belgium, Botswana, Brazil, Bulgaria, Cameroon, Canada, Canada - Northwest Territories and Nunavut, Chile, Cote d'Ivoire, Croatia, Cyprus, Czech Republic, Denmark, Dubai, Egypt, Ethiopia, Finland, France, Germany, Ghana, Greece, Hong Kong, Hungary, Iceland, Ireland, Israel, Italy, Japan, Jordan, Kazakhstan, Kenya, Kuwait, Lebanon, Lithuania, Mauritius, Mexico, Morocco, Netherlands, New Zealand, Nigeria, Norway, Peru, Poland, Portugal, Qatar, Romania, Russia, Saudi Arabia, Singapore, South Africa, South Korea, Spain, Sweden, Switzerland, Taiwan, Tanzania, Thailand, Tunisia, Turkey, Uganda, Ukraine, United Arab Emirates, United Kingdom, United States, Uzbekistan, Zambia • Increasing in Number. The number and
diversity of subject matters and approaches has been increasing worldwide.
PricewaterhouseCoopers Slide 9
Countdown
5. Impact on Privacy Associated with a Slowdown in the Economy
4. Global Expansion for New Markets, Operating Models
3. New ID Theft Techniques
PricewaterhouseCoopers Slide 10
Identity Theft Has Become a Major Concern
Number one complaint to US FTC Impacts 4.6% of US per year 2006 survey, companies reported
ID Theft: 10% globally 9% in US 19% in India
$50+ billion in global annual losses 68.2% obtained off-line 50+% conducted by employees
and contractors Part-time and temporary workers
three times more likely to commitImpact. Higher theft risks: SSN, Driver's License Number, Credit Card Number, Health Insurance ID Number
Sources: (Javelin/BBB 1/06; Gartner 7/03; Experian-Gallup 8/05; FDIC 2/06; FTC 1/06; SMU 8/04)
PricewaterhouseCoopers Slide 11
Medical Identity Theft
Victims -- In 2005, an estimated 250,000 Americans were victims of medical ID theft, a 334% increase over 2001 (versus a 297% increase for all identity theft).
Profiles of Medical Identity Thieves• Individual desperately needing medical care• Health care professionals aiming to pad their income by filing fraudulent
claims/diagnosis• Organized crime rings stealing medical records and doctor billing codes
Monetizing Medical Identity Theft• Scheme. Medical ID numbers are exploited to fraudulently obtain health
services or prescription drugs• Value of a Record. Health records fetch $20 to $60 on the black market
(versus $50 to $100 for bank account records or 7 cents for stolen résumés)
PricewaterhouseCoopers Slide 12
Countdown
5. Impact on Privacy Associated with a Slowdown in the Economy
4. Global Expansion for New Markets, Operating Models
3. New ID Theft Techniques
2. Health Care Information Breach Notifications and Issues of Mismanagement to Rise
PricewaterhouseCoopers Slide 13
Health Information – New Laws Driving Disclosures & Other Risks
US State Security Breach Statutes. State laws in US require notifying consumers in the event of a breach or mishandling of personal data (i.e., where an unauthorized third party is reasonably believed to have acquired unencrypted personal information). More than 40 states and territories in the US passed laws through 2008. California and Arkansas include health information.
Privacy Laws Overview – Genetic Information Nondiscrimination Act (GINA)• Genetic Information is defined as: Results of genetic tests (individual and his/her family
members) that provides information about an individual's family medical history (Family members include: Dependents, any first through fourth-degree relative of individual or individual's dependents, spouses, adopted children.
• Key Provisions• Prohibits Discrimination• Restricts Acquisition (e.g., request, require, or purchase) • Requires Confidentiality (e.g., safeguards must be in place to ensure proper
collection/maintenance as well as to protect files from unauthorized access).
PricewaterhouseCoopers Slide 14
Countdown
5. Impact on Privacy Associated with a Slowdown in the Economy
4. Global Expansion for New Markets, Operating Models
3. New ID Theft Techniques
2. Health Care Information Breach Notifications and Issues of Mismanagement to Rise
• Class Actions and Litigation in Privacy
PricewaterhouseCoopers Slide 15
Privacy Class Actions and Litigation (and Enforcements)
Increased Regulator Focus on Data Protection Controls
• Damages Paid. In the last 3 years, over $375 million paid by companies in fines, penalties and class-action summaries.
• Expensive Class Actions. Plaintiffs bar has used privacy as a new, fruitful area:
- Recent settlements include:
• More than $60 million paid by a Fortune 500 retailer for inappropriately sharing customer information.
• $128 million reserved by another retailer in connection with a breach.
• What is next?
Slide 16PricewaterhouseCoopers
Questions?
© 2008 PricewaterhouseCoopers LLP. All rights reserved. "PricewaterhouseCoopers" refers to PricewaterhouseCoopers LLP (a Delaware limited liability partnership) or, as the context requires, other member firms of PricewaterhouseCoopers International Ltd., each of which is a separate and independent legal entity. *connectedthinking is a trademark of PricewaterhouseCoopers LLP.
top related