Preparing Your Company for a Privacy Rebellion

Preparing Your Company for a Privacy Rebellion

A Complimentary LexisNexis® Webinar September 12, 2013

Jodi Daniels, Director of Privacy at Autotrader.com Usman Ghani, Managing Director of Infinium Strategy Group, Inc.

David F. Katz, Partner, Nelson Mullins Riley & Scarborough Dan Schroeder, Partner, Habif, Arogeti and Wynn, LLC

1 LexisNexis Webinar: Preparing Your Company for a Privacy Rebellion, September 12, 2013

About the Speakers

David F. Katz is a Partner in Nelson Mullins Riley & Scarborough's Atlanta office where he leads the Privacy and Information Security Practice Group. He counsels clients on the development, management, and oversight of privacy and compliance programs. He also assists them in developing policies and procedures, education strategies, implementation of auditing and monitoring controls, reviews of disciplinary and enforcement activities, and risk assessments. He speaks and writes on matters relating to technology, privacy and data security. His tweets can be followed on twitter @KatzFDavid.


About the Speakers

Usman Ghani, MBA, Managing Director of Infinium Strategy Group, Inc., has 15+ years of Enterprise Information Management (EIM) experience in several Fortune 500 companies. Usman has a Bachelor's of M.I.S. and a Master's in Business Administration from Emory University's Goizueta Business School. Usman has architected Customer 360 solutions for Fortune 20 companies and has extensive experience in Infinium's core competencies such as big data, business intelligence, master, meta, and reference data management. Usman's tweets can be followed at @TheDataCompany.

http://www.infiniuminc.com/services.html




About the Speakers

Jodi R. Daniels, Director of Privacy at AutoTrader.com. Ms. Daniels focuses on consumer privacy and data protection conducting information privacy risk assessments and monitoring associated compliance efforts. She serves as liaison with product, marketing, information technology and advertising sales organization teams across AutoTrader.com and its subsidiaries. Ms. Daniels also works with legal counsel and management to ensure that the organization has and maintains appropriate privacy and confidentiality policies, notices and other materials reflecting current organization and legal practices and requirements. She earned both a Masters of Business Administration and a Bachelor of Business Administration with a concentration in Accounting from Emory University’s Goizueta Business School. She was a Forté Fellow based on her academic and professional merit while attaining her Executive MBA. She is also a Certified Public Accountant in Georgia. Ms. Daniels resides in Dunwoody, Georgia with her husband and two year old daughter.


About the Speakers

Dan Schroeder is the partner-in-charge of Habif, Arogeti & Wynne’s Information Assurance Services practice that serves leading technology based companies on a national and international basis. Dan has over twenty-five years experience in IT management and risk management functions in both internal roles at a Fortune 100 company and in client serving roles with leading CPA firms. The services Dan oversees include:

Service Organization Control (SOC) reporting that replaced SAS 70 Security and Privacy compliance risk management, e.g., ISO 27001, PCI, HIPAA/HITECH, EU Safe Harbor, and banking regulations Security assessments including vulnerability scanning and penetration testing Data management and assurance

Dan is the immediate ex-chairperson of the AICPA Information Technology Executive Committee (ITEC) and serves on the AICPA task forces for Privacy and for SOC Reporting, and is lead designer of the new AICPA SOC reporting school.


Road Map

• The Premise. • The Environment: Total Surveillance, Corporate Responsibility and

Transparency. • Overview of Data Gathering: What are Companies Doing with

Your Data? • Overview of Privacy Laws. • Understanding the Laws and Enforcement Authority Governing

Consumer Privacy. One Example for Self Regulation for OBA. • Responsibility of Companies in Collection and Use of PII from a

Security Perspective. • Overview of the Audit of Privacy and Security Controls. • Audits and Accountability of Information Standards and Practices. • Generally Accepted Privacy Principles (GAPP). • Recommended Take Aways.


The Environment: Total Surveillance. Corporate Responsibility and Transparency?


The Environment: Total Surveillance. Corporate Responsibility and Transparency?


Single View of Customer


Golden Record

Infinium∞


Customer 360


“Big Data in a slide” by Infinium


Opportunistic Exploitation


Companies use Customer 360 to answer key questions


Privacy and Security of Personally Identifiable Information


Privacy and Security of Personally Identifiable Information


Agencies Administering U.S. Privacy Laws


FTC Enforcement


Statutes Granting Enforcement Authority to the FTC


Consumer Marketing Communication Disclosures


Online Advertising


Mobile


Leading Cases


Leading Cases


Leading Cases


Triggers for FTC Complaints


Recent 2013 FTC Comments and Enforcement Actions


FTC on Mobile Marketing and Mobile Application Development


FTC's Recent Comments


DAA Self-Regulatory Principles


DAA Self-Regulatory Principles


Principles for Online Behavioral Advertising








Principles for Multi-Site Data


Application of Principles to Mobile Environment


Website Operator/Publisher Implementation








Responsibility of Companies in Collection and use of PII from a Security Perspective


Common Security Weaknesses related to PII / PHI


Security Assurance Program for PII / PHI


Essential security best practices


AICPA Service Organization Control (SOC) Reports


SOC 2 Report Purpose


Generally Accepted Privacy Principles (GAPP)


Generally Accepted Privacy Principles (GAPP)


Take Aways


Take Aways


Take Aways


Take Aways


Question and Answer Session

Thank You!

Jodi Daniels CPO

[email protected] Autotrader.com

Usman Ghani

Principal [email protected]

Infinium 404.695.3514

David F. Katz

Partner [email protected]

Nelson Mullins Riley & Scarborough LLP 404.322.6122

Dan Schroeder, CPA, CIA, CISA, CIPP/IT, PCI-QSA

Partner-in-Charge - Information Assurance Services [email protected]

770.353.8379