Jul
31
2015

August Spotlight – Live Demos, Data Privacy Asia Event

Computer keyboard webinar

Computer keyboard webinar

  • August 6, 10-11 a.m. PDT

Webinar – “30 Day Countdown Until DAA Mobile Enforcement: Are You Ready?”

Enforcement of the DAA Mobile Guidelines begins in September. Find out what this means for your business. Speakers include Lou Mastria, Executive Director of the Digital Advertising Alliance; Michael Signorelli, Partner, Venable LLP and Counsel, Digital Advertising Alliance; Helen Huang, Senior Product Manager at TRUSTe, and moderated by Kris Vann, J.D., Senior Product Marketing Manager at TRUSTe.

Register here.

 

  • August 13, 9 a.m. PDT

Webinar – “How Good Privacy Practices Can Help Prepare for a Data Breach”

TRUSTe offers this webinar as the first in our Fall/Winter Privacy Insight Series.

This webinar will examine the costs of a data breach occurring, the role of privacy and information governance in preparing for a possible breach. Attendees will also learn how to build an incident response plan to mitigate damages and to ensure that every relevant employee knows what to do in the event of a data breach. Speakers include Larry Ponemon, Chairman and Founder of the Ponemon Institute; Mary Westberg, Sr. Compliance Paralegal, SanDisk and Joanne Furtsch, Director of Product Policy, TRUSTe.

Register here.

Read the rest of this entry »

Jul
31
2015

End-of-Month-Recap: What You May Have Missed

Privacy

At the end of each month we’ll compiled a list featuring some of the most informative and interesting privacy blog posts to let you know what topics are driving the privacy agenda this month.

Privacy

This month on the blog we covered a wide array of privacy topics. We also shared the Privacy Ecosystem. This map showcases just some of the major players involved in the numerous facets of privacy. Inspired by the interest in the Privacy Ecosystem map, we decided to launch a weekly series profiling some of the leading organizations in the privacy space. Check out the list below for some of the most popular blog posts this month:

 

Celebrating Privacy as One of Our Freedoms  

Contributor and privacy expert Alexandra Ross wrote this reflective post about privacy as a fundamental freedom to coincide with the July 4th holiday in the U.S. Many people consider privacy a fundamental right even though its not expressly stated in the constitution. In fact, a recent TRUSTe survey shows that 45% of respondents think online privacy is more important than national security.

 

Coding for Privacy: A Conversation with TRUSTe’s Ken Okumura [Via TechBeacon]

 TRUSTe’s Vice President of Engineering Ken Okumura was interviewed for this article in TechBeacon in which he discusses all things privacy and security.

 

Privacy Risks of Mobile Applications

TRUSTe Senior Product Manager Helen Huang, CIPP/US, highlighted the importance of mobile privacy management. Considering at least half of Fortune 500 companies have a mobile application, privacy needs to be considered for these organizations’ apps as well as employee devices.

 

 Privacy Ecosystem Series

This month we launched the Privacy Ecosystem Series in which we profile organizations, companies or government agencies that are involved in the privacy space.

 

What else would you like to read about on the TRUSTe blog? Tell us in the comments.

 

Jul
29
2015

Google AdSense Policy Now Requires Publishers to Obtain Consent from EU Visitors

Obtaining Consent

Obtaining Consent

This week Google announced it will be implementing a new user consent policy. Essentially, this new policy requires all websites serving EU visitors, including those not based in the EU, to comply with the EU Cookie Directive. Google posted the notice on its official AdSense blog.

In 2009 an amendment to an existing EU directive (the so-called Cookie Directive) introduced a requirement that companies provide “clear and comprehensive information” to users about the types of tracking technologies used on websites, including a way for users to “consent” to any cookies which are not “strictly necessary” for the delivery of an online service. The majority of EU Member States have now adopted their own Cookie Laws implementing the requirements of the Cookie Directive.

Here’s what AdSense has to say about this new policy:

Why are we doing this?

European Union data protection authorities requested some changes to current practices for obtaining end user consents. It has always been Google’s policy to comply with privacy laws, so we’ve agreed to make certain changes affecting our own products and partners using Google products.

What do you need to do?

If your websites are getting visitors from any of the countries in the European Union, you must comply with the EU user consent policy. We recommend you start working on a policy-compliant user consent mechanism today. There’s guidance from data protection authorities and IABs across Europe on what is required to comply with relevant laws; the IAB’s IAB Europe Guidance: Five Practical Steps to help companies comply with the E-Privacy Directive is a good place to start.

Read the rest of this entry »

Jul
24
2015

Latest Privacy Insight Series Webinar Addresses FTC Stance on Privacy, Security

FederalTradeCommission

FederalTradeCommission

The FTC is the leading privacy and security regulator in the U.S. says Daniel J. Solove, a professor at George Washington University Law School who runs a privacy and security training company called TeachPrivacy and organizes the The Privacy + Security Forum conference. Although there is hardly any case law, Solove noted in presenting this webinar, the FTC looms large in practice.

In 1998, only about 2% of websites had some form of privacy policy, now nearly every website has one.

“We’ve seen a huge rise in privacy policies,” Solove says.

In the late 1990s and early 2000s, a debate was raging about how personal information would be protected online. It was argued that self-regulation would work. As a result, companies began to self-regulate their privacy practices by creating their own policies.

Read the rest of this entry »

Jul
23
2015

Doubling Down on Privacy and Security [Video]

KevinTrilliPresentation

KevinTrilliPresentation

A data breach or regulatory investigation can have devastating consequences for an organization. Today, companies are collecting sensitive information of customers and employees alike and are looking for ways to systematically safeguard that information against the possibility of a costly breach.

Privacy professionals need a comprehensive strategy to address these privacy and security risks, but often don’t know where to begin. What are the unique characteristics of a privacy officer and how does their role fit alongside the IT, security and compliance teams?

TRUSTe’s Kevin Trilli, VP of Product recently presented a session titled “Doubling Down on Privacy and Security” at MetricStream’s GRC Summit where he outlined potential solutions to manage global privacy risk and compliance across the organization. Watch the video for an overview of key privacy challenges for the year and how you can prepare.

Jul
22
2015

Meet the Leading Players in the Privacy Ecosystem: Lou Mastria, Digital Advertising Alliance

Lou_blog

Over a hundred organizations are responsible for shaping the future of data privacy. In this new series we’ll profile some of the organizations that are helping to shape the massive privacy ecosystem through the eyes of the professionals that work there and learn more about their perspectives on privacy. 

Lou_blog

What is your organization’s role in the privacy ecosystem?

The Digital Advertising Alliance was created to give consumers better information and control over the use of data for interest-based advertising. The DAA sets and enforces standards for the advertising ecosystem through our Self-Regulatory Principles for Interest Based Advertising, and we give consumers simple access to information about and control over data collection use for interest-based ads through the blue “Your Ad Choices” icon on ads, sites and increasingly apps.

By doing so, we provide a robust self-regulatory regime that strengthens the ad-supported digital ecosystem and helps drive innovations in the delivery of online and mobile content and services. Originally founded by six trade associations in the United States, DAA has expanded through parallel sister organizations to 34 nations in 26 languages.

The DAA icon, in particular, provides an intuitive and ubiquitous ad marker and links that supplement privacy policies. From this icon, consumers are given enhanced notice and reliable access to choice controls.

The DAA Icon is now served globally more than 1 trillion times per month, and the DAA choice pages receive an average of 10 million unique visitors per year. TRUSTe is one of two “approved providers” of DAA programs in the U.S. – providing a turnkey solution for brands, agencies, publishers and ad tech firms to consider for DAA Principles implementation.

 

What key goals/issues is your organization focused on tackling?

Our goal is a consistent user experience – no matter what screen the consumer may be using. We are working to create that consistent framework on devices (DAA’s Consumer Choice Page, Consumer Choice Page for Mobile Web, and AppChoices for cross-app data collection choice) so we can continue to build trustworthy experiences for consumers and companies to rely on with regard to online data collection and advertising.

 

How have your organization’s goals/focus changed over the years to address evolving technologies or challenges?

The DAA constantly monitors changes in technology, consumer attitudes and behavior, and advertising ecosystem practices to ensure our program adapts to those shifts in a technology-neutral manner.

For example, we recently issued mobile guidance to show marketers how to apply DAA Principles for interest-based advertising and multi-site data (including cross-app) collection in the mobile environment. The guidance served to identify responsibilities of both first parties and third parties for enhanced notice and control, addressing specific data categories such as cross-app data, and providing a higher level of consent with regard to precise location data and personal directory data. These responsibilities will be enforced by our two U.S. enforcement partners – Council of Better Business Bureau’s Advertising Self-Regulation Council and Direct Marketing Association – beginning September 1, 2015. Both CBBB and DMA are independent enforcers of these precepts in the marketplace.

Another example is the video area, where DAA is close to announcing ad marker specifications for video interest-based ads.

  Read the rest of this entry »

Jul
16
2015

Privacy Risks of Mobile Applications

mobile app

mobile app

This post first appeared in TRUSTe’s Technology Blog on July 14th, 2015

By Helen Huang, Sr. Product Manager, TRUSTe, CIPP/US

Mobile application privacy management is now more important than ever—at least half of Fortune 500 companies have internal mobile applications. But managing mobile application privacy risk goes beyond the applications on your employees’ devices. As companies’ presence, products, and services increasingly shift into the mobile space, mobile privacy is drawing increasing attention—both internally and from the Federal Trade Commission. In particular, the healthcare industry had the highest privacy payout in 2014, and the FTC and FDA’s additional scrutiny into wellness and health services should increase management’s focus on improving mobile application development tools and processes.

Product managers in different business units in different companies often develop mobile applications within a single global organization. Adding to this complexity, companies often leverage outsourced mobile developers, putting mobile applications still another step away from the oversight of the privacy officer.

Read the rest of this entry »

Jul
15
2015

Meet the Leading Players in the Privacy Ecosystem: Jules Polonetsky, Future of Privacy Forum

Jules Blog

Over a hundred organizations are responsible for shaping the future of data privacy. In this new series we’ll profile some of the organizations that are helping to shape the massive privacy ecosystem through the eyes of the professionals that work there and learn more about their perspectives on privacy.

Jules Blog

What is your organization’s role in the privacy ecosystem?

The Future of Privacy Forum (FPF) is supported by the privacy leaders of more than 100 companies, as well as a number of leading foundations. Our mission is to advance responsible data practices. FPF focuses on new technologies or new data uses where there are benefits to consumers and society. We seek to support the development of new technology by ensuring that privacy risks and concerns are addressed. We do this by publishing law review articles, writing white papers, developing best practices or codes of conduct, or by convening industry, advocates and policymakers to think through challenging issues.

 

What key goals/issues is your organization focused on tackling?

FPF is working on a range of big data and internet of things related issues, including benefit/risk analysis, sensitive data, de-identification and data use for good. We have published or helped develop best practices or codes for student data, location data, connected cars, beacons, ad tech and wearables. In each of these areas, we seek to be a centrist privacy voice, supporting innovation but ready to take seriously the concerns of consumers, advocates and policymakers.

 

How has your organization’s focus changed over the years to address evolving technologies or challenges?

When FPF launched, our time was dominated by online advertising and marketing issues. Over the past 8 years, data and technology have permeated every sector of business and every segment of consumer life. The agenda today is about smart cars, smart cities, always on technologies, drones, facial recognition and more. But at the end of the day, the basic concepts are the same: who is tracking, why are they tracking, what controls exist to stop either collection or use?

Looking ahead – what are the most important data privacy issues/concerns you think need to be addressed by the industry and/or government legislation?

The privacy debate is moving away from issues of notice and choice to concerns about fairness and discrimination and civil rights. Critics worry about product testing that can be considered “human subject research” and the debate is often about the ethics of data use. It’s no surprise that FPF has a philosopher joining us next year to work on social media tracking and other issues.

Read the rest of this entry »

Older posts «