190 likes | 289 Views
Privacy Advisory Services … … A Best Practices, Integrated Approach. Insert Firm Name Here. CALIFORNIA SENATE PASSES CONSUMER PRIVACY BILLS. ChoicePoint Exposes Data of 145,000 People. PRIVACY IN THE NEWS. Data of More Than
E N D
Privacy Advisory Services … … A Best Practices, Integrated Approach Insert Firm Name Here
CALIFORNIA SENATE PASSES CONSUMER PRIVACY BILLS ChoicePoint Exposes Data of 145,000 People PRIVACYIN THE NEWS Data of More Than 670,000 Customers of Four Banks At Risk NUALA KELLY HIRED AS CHIEF PRIVACY OFFICER FOR OFFICE OF HOMELAND SECURITY Stolen Boeing Laptop has Personal Data on 161,000 Employees Breach of Credit Card Companies' Security Affects 40 Million Accounts
INFORMATIONTRENDS • Every day, companies collect, use,profile, disclose, andanalyze customerinformation… • Unfortunately, some of this information is: • Misused • Stolen • Abused • This has led to atrust gapamong customers.
INFORMATIONSTAKEHOLDER CONCERNS • Customers • Concerned with how and why their information is collected,used,disclosed, and retained • Want businesses to earn trust • Businesses • Trying to strike a balance between collectionand use of information • Concerned with reducing privacy risk of poor privacy practices • Want to leverage good privacy practices and retain trust of customers • Government • Taking increased action on growing concerns about privacy to: • Protect rights of citizens • Better manage its own data stores
GOVERNMENTS’RESPONSE • U.S. legislation • Gramm-Leach-Bliley Act (GLBA) • Health Insurance Portability and Accountability Act (HIPAA) • Children’s Online Privacy Protection Act (COPPA) • Controlling the Assault on Non-Solicited Pornography and Marketing Act (CAN SPAM) • Fair and Accurate Credit Transaction Act of 2003 (FACTA) • Other important laws, regulations, and guidelines • Privacy Act of 1974 • European Union Directive on Data Protection • OECD privacy guidelines • Personal Information, Protection and Electronic Documents Act (PIPEDA) in Canada • Privacy Online: A Report to Congress
SO WHERE ARE WE? • Privacy is increasingly in the news, particularly for violations. • Consumers are greatly concerned and want more control. • Businesses are trying to balance collection and use. • The Government is taking increased action.
PRIVACY: A DEFINITION PRIVACYencompasses the rights and obligations of individuals and organizations with respect to the… • Collection • Use • Disclosure, and • Retention …of personal information.
PERSONAL INFORMATION: WHAT IS IT? • Personal information is any information that is, or reasonably could be, attributable to a specific individual. The information can be either factual or subjective, and recorded in any form or even unrecorded. Some examples include: • Name, address, email address • Identification numbers • Credit records • Buying history • Employee records • Much of this information is sensitive and greater cause for concern.
BUSINESS RISKS • 60% of customers* say they have decided not to use a company because they weren't sure how their personal information would be used. • Litigation…FTC settlements: BJ’s Wholesale Club, Inc. settles charges that its failure to take appropriate security measures to protect the sensitive information of thousands of its customers was an unfair practice that violated federal law; Petco Animal Supplies Inc. settles charges that security flaws in its Web site violated privacy promises it made to its customers and violated federal law. • Poor privacy practices can damage brand, reputation, customer loyalty and satisfaction, market position, shareholder value, revenue and more *Source: 2004 Privacy & American Business survey
PRIVACY AS A COMPETITIVE ADVANTAGE • Companies are concerned with how their customers see them handling privacy concerns: • 100% of companies surveyed* have a privacy policy. • 100% of companies surveyed * report that privacy compliance is a significant regulatory concern for their company. • 95% of companies surveyed * monitor emerging state and federal privacy regulations. • However, only: • 62% of companies surveyed * monitor internal compliance with their privacy policy. • 49% of companies surveyed * have privacy policies that are easy to understand. • 19% of companies surveyed * have had an independent privacy audit conducted within the last two years. *Source: 2005 Benchmark Study of Corporate Privacy Practices co-released by the Ponemon Institute and Vontu, Inc.)
How can our firm help? • We provide a full range of services, including • Privacy strategic and business planning. • Privacy gap and risk analysis. • Benchmarking against the Generally Accepted Privacy Principles (GAPP). • Privacy policy design and implementation. • Performance measurement. • Independent verification of privacy controls.
GENERALLY ACCEPTED PRIVACY PRINCIPLESA Global Privacy Framework OVERALLPRIVACY OBJECTIVE Personal information is collected, used, retained, and disclosed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in Generally Accepted Privacy Principles issued by the AICPA/CICA.
Management Notice Choice and Consent Collection Use and Retention Access Disclosure Security Quality Monitoring and Enforcement GENERALLY ACCEPTED PRIVACY PRINCIPLES
The Generally Accepted Privacy Principles (A Global Framework) provide detailed privacy guidance! • The Framework contains criteria for each of the 10 Privacy Principles. • Each criterion’s illustrations and explanations are designed to enhance the understanding of the criteria. • Many criteria have additional considerations, such as good privacy practices and selected requirements of specific laws and regulations pertaining to a certain industry or country.
[Firm Name] & GENERALLY ACCEPTED PRIVACY PRINCIPLES HELP BRIDGE THE TRUST GAP [Your Firm Name]
WHAT DOES THIS MEAN? • Privacy is a RISK MANAGEMENT ISSUE. • Privacy can be used as a COMPETITIVE ADVANTAGE. • 56% of the companies surveyed* believe that safeguarding privacy has a direct positive impact on their company's brand or image in the marketplace. (source: 2005 Benchmark Study of Corporate Privacy Practices co-released by the Ponemon Institute and Vontu, Inc.)
Steps to Better Privacy Practices: • Designate an individual to be responsible for privacy. • Develop a business strategy. • Perform a risk assessment and gap analysis of controls and procedures. • Develop, design, and implement privacy initiatives. • Sustain and manage privacy processes.
CPA Privacy Advisory Services Your Trusted Adviser in Privacy [Insert Firm Name Here] [Insert Address] [Insert Phone No.] [Insert E-mail Address]