the new, new thing in privacy -- five things you should consider now * *connectedthinking...

The New, New Thing in Privacy-- Five Things You Should Consider Now*

*connectedthinking

Practitioner Roundtable at the Harvard Privacy Summer SymposiumAugust 20, 2008

PricewaterhouseCoopers Slide 2

Panelists

Lael Bellamy, Chief Counsel - IT, IP & PrivacyING Americas (formerly with The Home Depot)

Ann Waldo, Esq., Principal, Ann Waldo PLLC (formerly with Lenovo and Hoffmann-La Roche)

James Koenig, CIPP, Practice Leader, Privacy & Identity Theft, PricewaterhouseCoopers LLP, Former General Counsel, International Association of Privacy Professionals (Moderator)

Click to edit Master subtitle style

Ann Waldo, PLLC


Agenda

The New, New Thing in Privacy-- Five Things You Should Consider Now


Countdown


Countdown

5. Impact on Privacy Associated with a Slowdown in the Economy


What Directs and Trends in Down Economy

• Are Privacy and Business at a crossroad?

• Business goals versus maintenance of privacy.


Countdown


4. Global Expansion for New Markets, Operating Models

© 2008 PricewaterhouseCoopers

Global Expansion for Business, New Markets & Operations

Key Countries with Privacy Laws

Argentina, Armenia, Australia, Austria, Bahrain, Belgium, Botswana, Brazil, Bulgaria, Cameroon, Canada, Canada - Northwest Territories and Nunavut, Chile, Cote d'Ivoire, Croatia, Cyprus, Czech Republic, Denmark, Dubai, Egypt, Ethiopia, Finland, France, Germany, Ghana, Greece, Hong Kong, Hungary, Iceland, Ireland, Israel, Italy, Japan, Jordan, Kazakhstan, Kenya, Kuwait, Lebanon, Lithuania, Mauritius, Mexico, Morocco, Netherlands, New Zealand, Nigeria, Norway, Peru, Poland, Portugal, Qatar, Romania, Russia, Saudi Arabia, Singapore, South Africa, South Korea, Spain, Sweden, Switzerland, Taiwan, Tanzania, Thailand, Tunisia, Turkey, Uganda, Ukraine, United Arab Emirates, United Kingdom, United States, Uzbekistan, Zambia • Increasing in Number. The number and

diversity of subject matters and approaches has been increasing worldwide.


Countdown



3. New ID Theft Techniques


Identity Theft Has Become a Major Concern

Number one complaint to US FTC Impacts 4.6% of US per year 2006 survey, companies reported

ID Theft: 10% globally 9% in US 19% in India

$50+ billion in global annual losses 68.2% obtained off-line 50+% conducted by employees

and contractors Part-time and temporary workers

three times more likely to commitImpact. Higher theft risks: SSN, Driver's License Number, Credit Card Number, Health Insurance ID Number

Sources: (Javelin/BBB 1/06; Gartner 7/03; Experian-Gallup 8/05; FDIC 2/06; FTC 1/06; SMU 8/04)


Medical Identity Theft

Victims -- In 2005, an estimated 250,000 Americans were victims of medical ID theft, a 334% increase over 2001 (versus a 297% increase for all identity theft).

Profiles of Medical Identity Thieves• Individual desperately needing medical care• Health care professionals aiming to pad their income by filing fraudulent

claims/diagnosis• Organized crime rings stealing medical records and doctor billing codes

Monetizing Medical Identity Theft• Scheme. Medical ID numbers are exploited to fraudulently obtain health

services or prescription drugs• Value of a Record. Health records fetch $20 to $60 on the black market

(versus $50 to $100 for bank account records or 7 cents for stolen résumés)


Countdown




2. Health Care Information Breach Notifications and Issues of Mismanagement to Rise


Health Information – New Laws Driving Disclosures & Other Risks

US State Security Breach Statutes. State laws in US require notifying consumers in the event of a breach or mishandling of personal data (i.e., where an unauthorized third party is reasonably believed to have acquired unencrypted personal information). More than 40 states and territories in the US passed laws through 2008. California and Arkansas include health information.

Privacy Laws Overview – Genetic Information Nondiscrimination Act (GINA)• Genetic Information is defined as: Results of genetic tests (individual and his/her family

members) that provides information about an individual's family medical history (Family members include: Dependents, any first through fourth-degree relative of individual or individual's dependents, spouses, adopted children.

• Key Provisions• Prohibits Discrimination• Restricts Acquisition (e.g., request, require, or purchase) • Requires Confidentiality (e.g., safeguards must be in place to ensure proper

collection/maintenance as well as to protect files from unauthorized access).


Countdown




2. Health Care Information Breach Notifications and Issues of Mismanagement to Rise

• Class Actions and Litigation in Privacy


Privacy Class Actions and Litigation (and Enforcements)

Increased Regulator Focus on Data Protection Controls

• Damages Paid. In the last 3 years, over $375 million paid by companies in fines, penalties and class-action summaries.

• Expensive Class Actions. Plaintiffs bar has used privacy as a new, fruitful area:

- Recent settlements include:

• More than $60 million paid by a Fortune 500 retailer for inappropriately sharing customer information.

• $128 million reserved by another retailer in connection with a breach.

• What is next?

PricewaterhouseCoopers

Questions?

© 2008 PricewaterhouseCoopers LLP. All rights reserved. "PricewaterhouseCoopers" refers to PricewaterhouseCoopers LLP (a Delaware limited liability partnership) or, as the context requires, other member firms of PricewaterhouseCoopers International Ltd., each of which is a separate and independent legal entity. *connectedthinking is a trademark of PricewaterhouseCoopers LLP.

the new, new thing in privacy -- five things you should consider now * *connectedthinking...

Documents

pricewaterhousecoopers

countdown slide

pllc slide

privacy identity theft

maintenance of privacy

pricewaterhousecoopers

new thing

new id theft techniques