One of the biggest challenges in managing privacy programs in North America is recognizing and reconciling the significant data implications between the United States and Canada that apply to otherwise similar products and services. Attendees will learn key differences, helpful similarities, and strategies for managing a comprehensive approach to privacy, including what to do with a cross-border data breach.
This is a sample supplier security requirements and expectations.
This is a sample intel enhanced data security assessment form.
This program will focus on effective information security and data privacy assessment programs for third-party vendors—including practical tips for effectively assessing information security practices and procedures of third-party vendors, such as law firms and other professional consultants — from the pros and cons of using industry-standard questionnaires to determining when onsite reviews are appropriate and how to handle subcontractors. We will also highlight key, and common, sticking points in negotiating data privacy and information security terms in vendor agreements and provide options and sample language for successfully resolving them, distinguishing as applicable between US negotiations and negotiations where either the customer or the vendor has substantial operations in Europe or Asia.
This an outline for the AM16 session entitled "Getting the Board on Board: Explaining Privacy and Security Risks to the Board (When the “If” Becomes “When”)"
For many companies, the potential of big data is clouded by uncertainty as to how programs should be designed and maintained to avoid legal and regulatory risk. This is especially true because the concept of what constitutes consumer harm – in the field of privacy generally but especially with regard to big data analytics – is rapidly evolving. This InfoPAK provides an overview of legal and regulatory considerations businesses should contemplate when developing programs that rely on big data coupled with tools that help apply those legal and regulatory considerations to real world situations.
While this paper highlights the shortfalls of Australia’s privacy law regime in light of the IoT, lawmakers should not impulsively and unnecessarily restrict these technologies.
Bring your own device (“BYOD”) is an organizational policy that allows employees to use their own mobile devices to access the organization’s information, including personal data collected by the organization in Hong Kong. For the purpose of this leaflet, personal data collected by an organization is referred to as “organization-collected personal data.”
Take a short introductory quiz and learn 12 Dos and Don't for a company's outbound calling practices under the US Telephone Consumer Protection Act (TCPA).
This is a sample written information security policy to create effective administrative, technical and physical safeguards for the protection of personal information.