Preparing Your Company for a Privacy Rebellion

transcript

A Complimentary LexisNexis® Webinar September 12, 2013

Jodi Daniels, Director of Privacy at Autotrader.com Usman Ghani, Managing Director of Infinium Strategy Group, Inc.

David F. Katz, Partner, Nelson Mullins Riley & Scarborough Dan Schroeder, Partner, Habif, Arogeti and Wynn, LLC

1 LexisNexis Webinar: Preparing Your Company for a Privacy Rebellion, September 12, 2013

About the Speakers

David F. Katz is a Partner in Nelson Mullins Riley & Scarborough's Atlanta office where he leads the Privacy and Information Security Practice Group. He counsels clients on the development, management, and oversight of privacy and compliance programs. He also assists them in developing policies and procedures, education strategies, implementation of auditing and monitoring controls, reviews of disciplinary and enforcement activities, and risk assessments. He speaks and writes on matters relating to technology, privacy and data security. His tweets can be followed on twitter @KatzFDavid.

About the Speakers

Usman Ghani, MBA, Managing Director of Infinium Strategy Group, Inc., has 15+ years of Enterprise Information Management (EIM) experience in several Fortune 500 companies. Usman has a Bachelor's of M.I.S. and a Master's in Business Administration from Emory University's Goizueta Business School. Usman has architected Customer 360 solutions for Fortune 20 companies and has extensive experience in Infinium's core competencies such as big data, business intelligence, master, meta, and reference data management. Usman's tweets can be followed at @TheDataCompany.

About the Speakers

Jodi R. Daniels, Director of Privacy at AutoTrader.com. Ms. Daniels focuses on consumer privacy and data protection conducting information privacy risk assessments and monitoring associated compliance efforts. She serves as liaison with product, marketing, information technology and advertising sales organization teams across AutoTrader.com and its subsidiaries. Ms. Daniels also works with legal counsel and management to ensure that the organization has and maintains appropriate privacy and confidentiality policies, notices and other materials reflecting current organization and legal practices and requirements. She earned both a Masters of Business Administration and a Bachelor of Business Administration with a concentration in Accounting from Emory University’s Goizueta Business School. She was a Forté Fellow based on her academic and professional merit while attaining her Executive MBA. She is also a Certified Public Accountant in Georgia. Ms. Daniels resides in Dunwoody, Georgia with her husband and two year old daughter.

About the Speakers

Dan Schroeder is the partner-in-charge of Habif, Arogeti & Wynne’s Information Assurance Services practice that serves leading technology based companies on a national and international basis. Dan has over twenty-five years experience in IT management and risk management functions in both internal roles at a Fortune 100 company and in client serving roles with leading CPA firms. The services Dan oversees include:

Service Organization Control (SOC) reporting that replaced SAS 70 Security and Privacy compliance risk management, e.g., ISO 27001, PCI, HIPAA/HITECH, EU Safe Harbor, and banking regulations Security assessments including vulnerability scanning and penetration testing Data management and assurance

Dan is the immediate ex-chairperson of the AICPA Information Technology Executive Committee (ITEC) and serves on the AICPA task forces for Privacy and for SOC Reporting, and is lead designer of the new AICPA SOC reporting school.

Road Map

• The Premise. • The Environment: Total Surveillance, Corporate Responsibility and

Transparency. • Overview of Data Gathering: What are Companies Doing with

Your Data? • Overview of Privacy Laws. • Understanding the Laws and Enforcement Authority Governing

Consumer Privacy. One Example for Self Regulation for OBA. • Responsibility of Companies in Collection and Use of PII from a

Security Perspective. • Overview of the Audit of Privacy and Security Controls. • Audits and Accountability of Information Standards and Practices. • Generally Accepted Privacy Principles (GAPP). • Recommended Take Aways.

The Environment: Total Surveillance. Corporate Responsibility and Transparency?

Single View of Customer

Golden Record

Infinium∞

Customer 360

“Big Data in a slide” by Infinium

Opportunistic Exploitation

Companies use Customer 360 to answer key questions

Privacy and Security of Personally Identifiable Information

Agencies Administering U.S. Privacy Laws

FTC Enforcement

Statutes Granting Enforcement Authority to the FTC

Consumer Marketing Communication Disclosures

Online Advertising

Mobile

Leading Cases

Triggers for FTC Complaints

Recent 2013 FTC Comments and Enforcement Actions

FTC on Mobile Marketing and Mobile Application Development

FTC's Recent Comments

DAA Self-Regulatory Principles

Principles for Online Behavioral Advertising

Principles for Multi-Site Data

Application of Principles to Mobile Environment

Website Operator/Publisher Implementation

Responsibility of Companies in Collection and use of PII from a Security Perspective

Common Security Weaknesses related to PII / PHI

Security Assurance Program for PII / PHI

Essential security best practices

AICPA Service Organization Control (SOC) Reports

SOC 2 Report Purpose

Generally Accepted Privacy Principles (GAPP)

Take Aways

Question and Answer Session

Thank You!

Jodi Daniels CPO

Jodi.daniels@autotrader.com Autotrader.com

Usman Ghani

Principal usman@infiniuminc.com

Infinium 404.695.3514

David F. Katz

Partner david.katz@nelsonmullins.com

Nelson Mullins Riley & Scarborough LLP 404.322.6122

Dan Schroeder, CPA, CIA, CISA, CIPP/IT, PCI-QSA

Partner-in-Charge - Information Assurance Services DAN.SCHROEDER@hawcpa.com

770.353.8379