Privacy Advisory Services A Best Practices, Integrated Approach - PowerPoint PPT Presentation

1 / 19
About This Presentation
Title:

Privacy Advisory Services A Best Practices, Integrated Approach

Description:

ChoicePoint Exposes Data of 145,000 People. NUALA KELLY HIRED ... was an unfair practice that violated federal law; Petco Animal Supplies Inc. ... – PowerPoint PPT presentation

Number of Views:71
Avg rating:3.0/5.0
Slides: 20
Provided by: Daniela189
Category:

less

Transcript and Presenter's Notes

Title: Privacy Advisory Services A Best Practices, Integrated Approach


1
Privacy Advisory Services A Best
Practices,
Integrated Approach
Insert Firm Name Here
2
PRIVACY IN THE NEWS
CALIFORNIA SENATE PASSES CONSUMER PRIVACY BILLS
ChoicePoint Exposes Data of 145,000 People
Data of More Than 670,000 Customers of Four
Banks At Risk
NUALA KELLY HIRED AS CHIEF PRIVACY OFFICER FOR
OFFICE OF HOMELAND SECURITY
Stolen Boeing Laptop has Personal Data on
161,000 Employees
Breach of Credit Card Companies' Security
Affects 40 Million Accounts
3
INFORMATION TRENDS
  • Every day, companies collect, use, profile,
    disclose, and analyze customer information
  • Unfortunately, some of this information is
  • Misused
  • Stolen
  • Abused
  • This has led to a trust gap among customers.

4
INFORMATION STAKEHOLDER CONCERNS
  • Customers
  • Concerned with how and why their information is
    collected, used, disclosed, and retained
  • Want businesses to earn trust
  • Businesses
  • Trying to strike a balance between collection
    and use of information
  • Concerned with reducing privacy risk of poor
    privacy practices
  • Want to leverage good privacy practices and
    retain trust of customers
  • Government
  • Taking increased action on growing concerns
    about privacy to
  • Protect rights of citizens
  • Better manage its own data stores

5
GOVERNMENTS RESPONSE
  • U.S. legislation
  • Gramm-Leach-Bliley Act (GLBA)
  • Health Insurance Portability and Accountability
    Act (HIPAA)
  • Childrens Online Privacy Protection Act (COPPA)
  • Controlling the Assault on Non-Solicited
    Pornography and Marketing Act (CAN SPAM)
  • Fair and Accurate Credit Transaction Act of 2003
    (FACTA)
  • Other important laws, regulations, and guidelines
  • Privacy Act of 1974
  • European Union Directive on Data Protection
  • OECD privacy guidelines
  • Personal Information, Protection and Electronic
    Documents Act (PIPEDA) in Canada
  • Privacy Online A Report to Congress

6
SO WHERE ARE WE?
  • Privacy is increasingly in the news, particularly
    for violations.
  • Consumers are greatly concerned and want more
    control.
  • Businesses are trying to balance collection and
    use.
  • The Government is taking increased action.

7
PRIVACY A DEFINITION
  • PRIVACY encompasses the rights and obligations
    of individuals and organizations with respect to
    the
  • Collection
  • Use
  • Disclosure, and
  • Retention
  • of personal information.

8
PERSONAL INFORMATION WHAT IS IT?
  • Personal information is any information that is,
    or reasonably could be, attributable to a
    specific individual. The information can be
    either factual or subjective, and recorded in any
    form or even unrecorded. Some examples include
  • Name, address, email address
  • Identification numbers
  • Credit records
  • Buying history
  • Employee records
  • Much of this information is sensitive and greater
    cause for concern.

9
Rights and Obligations
10
BUSINESS RISKS
  • 60 of customers say they have decided not to
    use a company because they weren't sure how their
    personal information would be used.
  • LitigationFTC settlements BJs Wholesale Club,
    Inc. settles charges that its failure to take
    appropriate security measures to protect the
    sensitive information of thousands of its
    customers was an unfair practice that violated
    federal law Petco Animal Supplies Inc. settles
    charges that security flaws in its Web site
    violated privacy promises it made to its
    customers and violated federal law.
  • Poor privacy practices can damage brand,
    reputation, customer loyalty and satisfaction,
    market position, shareholder value, revenue and
    more
  • Source 2004 Privacy American Business survey

11
PRIVACY AS A COMPETITIVE ADVANTAGE
  • Companies are concerned with how their customers
    see them handling privacy concerns
  • 100 of companies surveyed have a privacy
    policy.
  • 100 of companies surveyed report that privacy
    compliance is a significant regulatory concern
    for their company.
  • 95 of companies surveyed monitor emerging
    state and federal privacy regulations.
  • However, only
  • 62 of companies surveyed monitor internal
    compliance with their privacy policy.
  • 49 of companies surveyed have privacy policies
    that are easy to understand.
  • 19 of companies surveyed have had an
    independent privacy audit conducted within the
    last two years.
  • Source 2005 Benchmark Study of Corporate
    Privacy Practices co-released by the Ponemon
    Institute and Vontu, Inc.)

12
How can our firm help?
  • We provide a full range of services, including
  • Privacy strategic and business planning.
  • Privacy gap and risk analysis.
  • Benchmarking against the Generally Accepted
    Privacy Principles (GAPP).
  • Privacy policy design and implementation.
  • Performance measurement.
  • Independent verification of privacy controls.

13
GENERALLY ACCEPTED PRIVACY PRINCIPLESA Global
Privacy Framework
  • OVERALL PRIVACY OBJECTIVE
  • Personal information is collected, used,
    retained, and disclosed in conformity with the
    commitments in the entitys privacy notice and
    with criteria set forth in Generally Accepted
    Privacy Principles issued by the AICPA/CICA.

14
GENERALLY ACCEPTED PRIVACY PRINCIPLES
  • Management
  • Notice
  • Choice and Consent
  • Collection
  • Use and Retention
  • Access
  • Disclosure
  • Security
  • Quality
  • Monitoring and Enforcement

15
The Generally Accepted Privacy Principles (A
Global Framework) provide detailed privacy
guidance!
  • The Framework contains criteria for each of the
    10 Privacy Principles.
  • Each criterions illustrations and explanations
    are designed to enhance the understanding of the
    criteria.
  • Many criteria have additional considerations,
    such as good privacy practices and selected
    requirements of specific laws and regulations
    pertaining to a certain industry or country.

16
Firm Name GENERALLY ACCEPTED PRIVACY
PRINCIPLES HELP BRIDGE THE TRUST GAP
Your Firm Name
17
WHAT DOES THIS MEAN?
  • Privacy is a RISK MANAGEMENT ISSUE.
  • Privacy can be used as a COMPETITIVE ADVANTAGE.
  • 56 of the companies surveyed believe that
    safeguarding privacy has a direct positive impact
    on their company's brand or image in the
    marketplace.
  • (source 2005 Benchmark Study of Corporate
    Privacy Practices co-released by the Ponemon
    Institute and Vontu, Inc.)

18
Steps to Better Privacy Practices
  • Designate an individual to be responsible for
    privacy.
  • Develop a business strategy.
  • Perform a risk assessment and gap analysis of
    controls and procedures.
  • Develop, design, and implement privacy
    initiatives.
  • Sustain and manage privacy processes.

19
CPA Privacy Advisory Services
Your Trusted Adviser in Privacy
Insert Firm Name Here Insert Address Insert
Phone No. Insert E-mail Address
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Privacy Advisory Services A Best Practices, Integrated Approach" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!