Continuing Education Course 1: "Privacy and Security Compliance Overview"
(Room Nautilus Suite)
15 Nov 16
9:30 AM
-
11:00 AM
Tracks:
Continuing Education
Approved for 1 CompTIA CEU: A+; 1 GIAC CPE
1. US Privacy/Security Introduction
a. What are “privacy” and “security”?
b. Sources of legal protections and obligations include: personal injury law; specific statutes, regulations, and executive orders; and contract
c. Sources of legal concerns
i. Data’s legal life cycle: Creation/collection, use/processing, storage, sharing/transfer, destruction
ii. Risk and relationships (internal, data subjects, enforcing bodies, greater public) must be managed at each stage to ensure compliance with legal requirements
2. Obligations to protect data
a. Special protections in commerce – privacy and security in telecom, credit reporting, banking, and e-commerce
i. Sources of law and enforcing agencies
ii. Types of protected information
iii. Restrictions and obligations in collection, use, storage, distribution, and destruction
b. Special protections in employment – privacy concerns in the employee lifecycle from interview to end of employment
i. Sources of law and enforcing agencies
ii. Types of protected information
iii. Restrictions and obligations in collection, use, distribution, storage, and destruction
c. Special protections in healthcare
i. Sources of law and enforcing agencies
ii. Types of protected information
iii. Restrictionsandobligationsincollection,use,distribution,storage,and destruction
d. Special considerations for defense contractors
i. Government procurement obligations, generally
ii. Recent update to DFARS
iii. Compliance issues and guidance from international sources or US treaties
3. Compliance issues in international work
a. US Export Controls
i. Control lists
ii. Wassenaar Arrangement and recent restrictions on security research
b. Asia
i. APEC Privacy Framework
ii. Trans Pacific Partnership
c. Europe
i. Charter of Fundamental Rights, Data Protection Directive and Right of Erasure
ii. EU-US Privacy Shield (formerly Safe Harbor)
4. How mobile computing is spurring change in the law
a. Legal implications of BYOD risk factors
b. More mobile, comprehensive technology creates a need for comprehensive regulation
c. Apple vs FBI and beyond – the unresolved debate over privacy and security compliance obligations
5. How and when to seek out help from legal
a. Prevention and risk assessment
i. Create policies and procedures to ensure compliance
ii. Develop training on internal policies and procedures
iii. Review contracts, warranties, and other materials with outside parties
b. Periodic review
i. Regular review of policies and procedures for currentness
ii. Interim review of impact of case law and new laws/ regs/ rules/ guidance on operations
c. Incident response
i. ATTORNEY-CLIENT PRIVILEGE
ii. Compliance with mandatory notice requirements
iii. Coordination with internal business units and outside consultants