[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Control, and Compliance Issues
1 like269 views
This document summarizes a webinar on data privacy presented by Bob Siegel of Privacy Ref, Inc. and Olga Kurts of DocEx, Inc. hosted by AIIM. The webinar addressed how 53% of data breaches are caused by human error and system glitches due to negligence, bad practices, access control issues, and non-compliance. It discussed how to build an effective privacy program through policy, compliance, training, and operational privacy processes. It also provided recommendations on how organizations can address contributing factors like negligence, bad practices, access control issues, and non-compliance through approaches like effective policies, awareness programs, access reviews, and a centralized compliance program.
![[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Control, and Compliance Issues](https://image.slidesharecdn.com/20170920-aiimwebinar-v3ss-170921161624/85/Webinar-Slides-Data-Privacy-Solving-Negligence-Bad-Practices-Access-Control-and-Compliance-Issues-2-320.jpg)
![[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Control, and Compliance Issues](https://image.slidesharecdn.com/20170920-aiimwebinar-v3ss-170921161624/85/Webinar-Slides-Data-Privacy-Solving-Negligence-Bad-Practices-Access-Control-and-Compliance-Issues-21-320.jpg)
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Control, and Compliance Issues
- 9. Underwri(en by: Presented by: Contribu(ng factors Organiza(onal Individuals Negligence No guidance IneffecQve training/awareness IneffecQve controls Doing “the right thing” Bad PracQces Ignoring requirements Immature privacy program No consequences Access Control Unfe(ered access AddiQve access Compliance “Ignorance is bliss” “The business units own compliance”
- 14. Underwri(en by: Presented by: Addressing the contribu(ng factors Organiza(onal Factors Mi(ga(on Approaches Negligence No guidance IneffecQve training/awareness IneffecQve controls Polices, standards, etc. AcQve awareness program EffecQve controls Bad PracQces Ignoring requirements Immature privacy program No consequences Data / requirements inventory GAPP analysis Documented enforcement Access Control Unfe(ered access AddiQve access HR / Security coordinaQon Quarterly access reviews Compliance “Ignorance is bliss” “The business units own compliance” Privacy by Design Privacy Impact Assessments Central compliance program Hybrid privacy program structure
- 15. Underwri(en by: Presented by: Ques(ons? Bob Siegel § E: Bob.Siegel@PrivacyRef.com § W: www.privacyref.com § T: 888-470-1528 x801 § D: 508-474-5125 § Tw: @PrivacyRef
- 17. KNOW YOUR THREAT MODELS & THEIR IMPACTS SENSITIVE DATA PHI, PIFI, PII Research Reports Clinical Data Mergers & Acquisitions Regulatory Affairs Legal Briefs Corporate Communications Internal Risks Data stored inside your firewall in various applications. Sensitive data can be shared through system-to- system, or human-to- human, or through system-to-human interactions. External Risks Sharing data externally with your partners, customers, regulators, etc. Sensitive data moves out of your firewall. Cloud applications will send your data outside the firewall, manually or automatically. Regulations & Compliance Regulatory compliance and violations (e.g. GDPR, NIST, GLBA, Privacy Shield, Communications Act, etc.) can be expensive for your company even without any breaches.
- 18. A SMALL MN LAW FIRM CHALLENGES Proof of Receipt Proof of receipts, downloads, views, prints, and forwards. Opposition (e.g. pro-se) claims briefings not received. Confidential matter details forwarded to third parties without proper authority or notifications. Business Impact: Prolonged case resolution, judge mandates lengthy process, added cost for client. Access Control Grant/revoke access, control expiration, comprehensive audit report. Attorneys and team members changes on matters still retains access to case materials. Managing multiple copies and versions of confidential documents in multiple places while being shared. Business Impact: Potential data breach, compliance violation. Explicit Consent Record explicit consent. Some family and intellectual property matters required explicit consent management on various matters. Business Impact: Better and more simplified records management. Secure yet Simple High security yet easy to use. Users include partners, paralegals, junior associates, opposing counsel, and clients. Business Impact: Consolidation of several smaller solutions. There are siloed solutions for each of these challenges in the market.
- 19. A SaaS solution for external communications of sensitive content. Create Templates 1. Understand case types, requirements, challenges. 2. Using subset of 100+ features, build three templates Friendly Experience 3. Enable complex policies and security 4. Make is simple for all users Track & Control 5. Complete access control 6. Record all actions 7. Record by recipients, documents, locations, and total history Track & Control 5. Complete access control 6. Record all actions 7. Record by recipients, documents, locations, and total history 8. Drill down further 9. Download proof-of- compliance
- 20. KNOW YOUR THREAT MODEL SENSITIVE DATA PHI, PIFI, PII Research Reports Clinical Data Mergers & Acquisitions Regulatory Affairs Legal Briefs Corporate Communications More Features Bates Numbering Water Marks Service Levels Geo Location Rules Live Analytics Proactive Alerts Additional Security (e.g. BYOK, multi- factor authentication) Additional Resources General Information: https://www.DocEx.com Selected Product Videos: https://www.DocEx.com/videos White Papers: https://www.DocEx.com/whitepapers Contact Us: contact@DocEx.com More Use- cases International Trade Corporate Development Business Development Compliance with GDPR, NIST, GLBA, Privacy Act, etc. Clinical Trials, Safety Reports Research Collaboration Investor/analyst reporting