Jul
24
2015

Latest Privacy Insight Series Webinar Addresses FTC Stance on Privacy, Security

FederalTradeCommission

FederalTradeCommission

The FTC is the leading privacy and security regulator in the U.S. says Daniel J. Solove, a professor at George Washington University Law School who runs a privacy and security training company called TeachPrivacy and organizes the The Privacy + Security Forum conference. Although there is hardly any case law, Solove noted in presenting this webinar, the FTC looms large in practice.

In 1998, only about 2% of websites had some form of privacy policy, now nearly every website has one.

“We’ve seen a huge rise in privacy policies,” Solove says.

In the late 1990s and early 2000s, a debate was raging about how personal information would be protected online. It was argued that self-regulation would work. As a result, companies began to self-regulate their privacy practices by creating their own policies.

Read the rest of this entry »

Jul
23
2015

Doubling Down on Privacy and Security [Video]

KevinTrilliPresentation

KevinTrilliPresentation

A data breach or regulatory investigation can have devastating consequences for an organization. Today, companies are collecting sensitive information of customers and employees alike and are looking for ways to systematically safeguard that information against the possibility of a costly breach.

Privacy professionals need a comprehensive strategy to address these privacy and security risks, but often don’t know where to begin. What are the unique characteristics of a privacy officer and how does their role fit alongside the IT, security and compliance teams?

TRUSTe’s Kevin Trilli, VP of Product recently presented a session titled “Doubling Down on Privacy and Security” at MetricStream’s GRC Summit where he outlined potential solutions to manage global privacy risk and compliance across the organization. Watch the video for an overview of key privacy challenges for the year and how you can prepare.

Jul
22
2015

Meet the Leading Players in the Privacy Ecosystem: Lou Mastria, Digital Advertising Alliance

Lou_blog

Over a hundred organizations are responsible for shaping the future of data privacy. In this new series we’ll profile some of the organizations that are helping to shape the massive privacy ecosystem through the eyes of the professionals that work there and learn more about their perspectives on privacy. 

Lou_blog

What is your organization’s role in the privacy ecosystem?

The Digital Advertising Alliance was created to give consumers better information and control over the use of data for interest-based advertising. The DAA sets and enforces standards for the advertising ecosystem through our Self-Regulatory Principles for Interest Based Advertising, and we give consumers simple access to information about and control over data collection use for interest-based ads through the blue “Your Ad Choices” icon on ads, sites and increasingly apps.

By doing so, we provide a robust self-regulatory regime that strengthens the ad-supported digital ecosystem and helps drive innovations in the delivery of online and mobile content and services. Originally founded by six trade associations in the United States, DAA has expanded through parallel sister organizations to 34 nations in 26 languages.

The DAA icon, in particular, provides an intuitive and ubiquitous ad marker and links that supplement privacy policies. From this icon, consumers are given enhanced notice and reliable access to choice controls.

The DAA Icon is now served globally more than 1 trillion times per month, and the DAA choice pages receive an average of 10 million unique visitors per year. TRUSTe is one of two “approved providers” of DAA programs in the U.S. – providing a turnkey solution for brands, agencies, publishers and ad tech firms to consider for DAA Principles implementation.

 

What key goals/issues is your organization focused on tackling?

Our goal is a consistent user experience – no matter what screen the consumer may be using. We are working to create that consistent framework on devices (DAA’s Consumer Choice Page, Consumer Choice Page for Mobile Web, and AppChoices for cross-app data collection choice) so we can continue to build trustworthy experiences for consumers and companies to rely on with regard to online data collection and advertising.

 

How have your organization’s goals/focus changed over the years to address evolving technologies or challenges?

The DAA constantly monitors changes in technology, consumer attitudes and behavior, and advertising ecosystem practices to ensure our program adapts to those shifts in a technology-neutral manner.

For example, we recently issued mobile guidance to show marketers how to apply DAA Principles for interest-based advertising and multi-site data (including cross-app) collection in the mobile environment. The guidance served to identify responsibilities of both first parties and third parties for enhanced notice and control, addressing specific data categories such as cross-app data, and providing a higher level of consent with regard to precise location data and personal directory data. These responsibilities will be enforced by our two U.S. enforcement partners – Council of Better Business Bureau’s Advertising Self-Regulation Council and Direct Marketing Association – beginning September 1, 2015. Both CBBB and DMA are independent enforcers of these precepts in the marketplace.

Another example is the video area, where DAA is close to announcing ad marker specifications for video interest-based ads.

  Read the rest of this entry »

Jul
16
2015

Privacy Risks of Mobile Applications

mobile app

mobile app

This post first appeared in TRUSTe’s Technology Blog on July 14th, 2015

By Helen Huang, Sr. Product Manager, TRUSTe, CIPP/US

Mobile application privacy management is now more important than ever—at least half of Fortune 500 companies have internal mobile applications. But managing mobile application privacy risk goes beyond the applications on your employees’ devices. As companies’ presence, products, and services increasingly shift into the mobile space, mobile privacy is drawing increasing attention—both internally and from the Federal Trade Commission. In particular, the healthcare industry had the highest privacy payout in 2014, and the FTC and FDA’s additional scrutiny into wellness and health services should increase management’s focus on improving mobile application development tools and processes.

Product managers in different business units in different companies often develop mobile applications within a single global organization. Adding to this complexity, companies often leverage outsourced mobile developers, putting mobile applications still another step away from the oversight of the privacy officer.

Read the rest of this entry »

Jul
15
2015

Meet the Leading Players in the Privacy Ecosystem: Jules Polonetsky, Future of Privacy Forum

Jules Blog

Over a hundred organizations are responsible for shaping the future of data privacy. In this new series we’ll profile some of the organizations that are helping to shape the massive privacy ecosystem through the eyes of the professionals that work there and learn more about their perspectives on privacy.

Jules Blog

What is your organization’s role in the privacy ecosystem?

The Future of Privacy Forum (FPF) is supported by the privacy leaders of more than 100 companies, as well as a number of leading foundations. Our mission is to advance responsible data practices. FPF focuses on new technologies or new data uses where there are benefits to consumers and society. We seek to support the development of new technology by ensuring that privacy risks and concerns are addressed. We do this by publishing law review articles, writing white papers, developing best practices or codes of conduct, or by convening industry, advocates and policymakers to think through challenging issues.

 

What key goals/issues is your organization focused on tackling?

FPF is working on a range of big data and internet of things related issues, including benefit/risk analysis, sensitive data, de-identification and data use for good. We have published or helped develop best practices or codes for student data, location data, connected cars, beacons, ad tech and wearables. In each of these areas, we seek to be a centrist privacy voice, supporting innovation but ready to take seriously the concerns of consumers, advocates and policymakers.

 

How has your organization’s focus changed over the years to address evolving technologies or challenges?

When FPF launched, our time was dominated by online advertising and marketing issues. Over the past 8 years, data and technology have permeated every sector of business and every segment of consumer life. The agenda today is about smart cars, smart cities, always on technologies, drones, facial recognition and more. But at the end of the day, the basic concepts are the same: who is tracking, why are they tracking, what controls exist to stop either collection or use?

Looking ahead – what are the most important data privacy issues/concerns you think need to be addressed by the industry and/or government legislation?

The privacy debate is moving away from issues of notice and choice to concerns about fairness and discrimination and civil rights. Critics worry about product testing that can be considered “human subject research” and the debate is often about the ethics of data use. It’s no surprise that FPF has a philosopher joining us next year to work on social media tracking and other issues.

Read the rest of this entry »

Jul
15
2015

Companies: Mitigate Damages from Data Breach with Automated Privacy Assessments

Digitalization of Physical World & its Implications

PrivacyKeyboardCloseUp

The well-known saying, “Prepare for the worst, hope for the best” is a good one to keep in mind when it comes to handling privacy and security. The smartest executives prepare their companies for worst-case scenarios such as data breaches or loss of information before they actually happen. Being proactive can spare your company from possible reputational damage and regulatory fines down the road.

It’s not just reputational damage a company should consider if such a breach was to occur but according to new data, the total cost of breaches is increasing and negatively affecting the bottom lines of multiple organizations.

To avoid this mess, more companies are becoming aware of the value of planning ahead. TRUSTe has now made the planning process easier by introducing new data breach assessment templates for use with Assessment Manager – a SaaS-based solution for conducting privacy assessments and PIAs. By leveraging this solution, organizations can quickly and efficiently gain the information they need to effectively manage a data breach.

The Incident Response Plan Preparedness and Data Breach Notification Requirements Assessments provide a step-by-step process in developing a data breach response plan. Read more about these solutions in our latest press release.

Have any questions? Ask us in the comments.

Jul
09
2015

Coding for Privacy: A Conversation with TRUSTe’s Ken Okumura [Via TechBeacon]

Privacy_ecosystem

This profile was first published on TechBeacon.com

Privacy_ecosystem

By Robert L. Mitchell

Vice President of Engineering Ken Okumura manages engineering and operations infrastructure at TRUSTe, a provider of technology products and services that business customers use to manage their data privacy practices. His security-focused career track has also included roles at Qualys, Inc., Postini, and Verisign, where he was one of the first employees hired. Okumura spoke with TechBeacon Chief Editor Robert L. Mitchell about developing apps with privacy in mind, tackling the talent shortage, and how hosting an engineering group in the Philippines has helped create a stronger, more cohesive team.

TechBeacon: What role does software engineering play in your business?

Ken Okumura: Providing the technology to streamline the workflow necessary to accomplish best privacy practices is where software engineering comes into play. Also, the services-oriented nature of what we do allows us to provide the infrastructure necessary to deploy this at scale.

TB: You have a background in security and privacy. What do software developers most often get wrong when it comes to security?

KO: It’s simple things like front-end data entry, where users are allowed to insert executable statements into fields that were not intended for such use, resulting in SQL injection attacks. Developers should be doing checks on the front end to prevent this, assuming that the front end didn’t catch it, and doing checks on the back end as well. People don’t always put in the necessary measures to protect against these types of things.

TB: Why should developers focus on building in privacy when creating new software?

KO: There need to be assurances that data is handled in a safe and responsible manner. Today, an exchange of information with someone in a face-to-face transaction is very different from exchanging that same information on a form on a website. That should not be the case. That same level of trust needs to be online as well. Because of the speed at which information proliferates online, it is even more important to safeguard that information. When you read about the latest security or privacy breach in the news, it should remind you that safeguarding privacy is more important today than ever before.

TB: What path did you take that led you to become vice president of engineering?

KO: I started out as a software engineer and eventually ended up on the management track. Although I enjoyed designing software systems and writing code, bridging the gap between the needs of the business and building systems to satisfy those requirements were better served when I moved into a management role. I am still able to roll up my sleeves and solve challenging technological problems, but at the same time I interact more closely with customers to ensure that their requirements are met.

Read the rest of this entry »

Jul
08
2015

New Privacy Ecosystem Blog Series

EcosystemMap

Privacy Ecosystem map updated

We’re excited to announce the launch a new blog series that will profile the leading organizations in the privacy ecosystem. From industry organizations to government and regulatory agencies to industry analysts – the privacy ecosystem series will take a deep dive into the specific functions of each entity from an insider’s point-of-view.

We recently shared the Privacy Ecosystem map on our blog. Although this map is by no way comprehensive, it should give you an idea of some of the organizations we plan to cover.

This series will replace our popular “Meet TRUSTe” blog series that ran every Wednesday for the first half of 2015 and introduced you to the TRUSTe team. You can always re-read posts in this series by visiting http://www.truste.com/blog/category/meet-truste/

Let us know what questions you’d like to ask these organizations.

Older posts «