/
INFORMATION PRIVACY:  OPENING DOORS FOR IG AND RIM PROFESSIONALS INFORMATION PRIVACY:  OPENING DOORS FOR IG AND RIM PROFESSIONALS

INFORMATION PRIVACY: OPENING DOORS FOR IG AND RIM PROFESSIONALS - PowerPoint Presentation

lindy-dunigan
lindy-dunigan . @lindy-dunigan
Follow
372 views
Uploaded On 2018-11-21

INFORMATION PRIVACY: OPENING DOORS FOR IG AND RIM PROFESSIONALS - PPT Presentation

tRIANGLE arma chapter Thursday FEBRUARY 1 2018 Presented by brett wise crm cipt cippus igp cip TODAYS OBJECTIVES After todays presentation you should have a better understanding of InformationData Privacy at a high level ID: 732086

rim privacy laws information privacy rim information laws data security regulations retention oecd act disposition state opportunities field concept

Share:

Link:

Embed:

Download Presentation from below link

Download Presentation The PPT/PDF document "INFORMATION PRIVACY: OPENING DOORS FOR ..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.


Presentation Transcript

Slide1

INFORMATION PRIVACY: OPENING DOORS FOR IG AND RIM PROFESSIONALS

tRIANGLE arma chapter

Thursday, FEBRUARY 1, 2018

Presented by brett wise, crm cipt cipp/us igp cipSlide2

TODAY’S OBJECTIVES

After today’s presentation, you should have a better understanding of:

Information/Data Privacy (at a high level)

The relationship between the fields of IG/RIM and Privacy

The role of Retention in RIM and Privacy’s relationship

How technology and laws/regulations can impact both Privacy and RIM

The importance of Information Security to Privacy and RIM

Professional opportunities for IG/RIM practitioners created by the increased focus on the field of Privacy, including requisite skillsSlide3

ABOUT THE PRESENTATION

We won’t cover an in-depth review of Privacy, RIM or IG

No Deep Diving!

However, please feel free to reach out to me anytime

And… the Presentation will have discussions and prizes!Slide4

WHAT IS PRIVACY?

Privacy

is “the appropriate use of personal information under the circumstances. Privacy is an individual’s right to control the collection, use and disclosure of personal information.” - definition from the IAPP

Privacy

encompasses the rights and obligations of individuals and organizations with respect to the collection, use, retention, disclosure, and disposal

of personal information.” - definition from the AICPAClasses of Privacy: Bodily Privacy

Territorial Privacy

Communications PrivacyInformation Privacy “Crossover of classes” Slide5

WHAT IS PRIVACY?, cont.

Privacy Protection Models:

Comprehensive (EU)

Sectoral (US)

Co-regulatory (Australia)

No general regulations/laws

EU’s Special Categories of Data: Racial or ethnic origin; Political opinions; Religious or philosophical beliefs; Trade-union membership; Processing of genetic/biometric data (for the purposes of unique identification; and Data concerning health or the sex life or sexual orientation

Views on Sensitive Personal Information:

EU tends to view sensitive PI as a “privacy” issue (a human right)US tends to view sensitive PI as a “security” issue (a constitutional right)

Privacy in the United States:

Federal Laws

State Laws (especially Identity Theft and Breaches)

only 1 state (Alabama) does not have a data breach notification law(s)

State Breach Notification Laws:

First name or initial and last name, along with:

Social Security Number;

Driver’s License Number or State ID Card Number; or

Account number (credit/debit) plus security/access code or password that would allow access

Several exceptions across states (medical/healthcare, federal/state ID #s, biometric data, tax info, employment info, mother’s maiden name, digital signature,…???)Slide6

WHAT IS PRIVACY?, cont.

Other Key Concepts:

Privacy Policy and Notice

Consent and Choice (Opt-In and Opt-Out)

Information Security

Fair Information Practices, OECD Guidelines, GAPP, and PIPEDA

from The Atlantic, 3/1/2012Slide7

OECD GUIDELINES

Collection Limitation

Data Quality

Purpose Specification

Use Limitation

Security Safeguards

Openness Individual Participation

Accountability Slide8

WHAT IS RIM?

You all know this!!!

“The field of management responsible for establishing and implementing policies, systems, and procedures to capture, create, access, distribute, use, store, secure, retrieve, and ensure disposition of an organization’s records and information.”

-

ARMA’s Glossary of Records and Information Management TermsSlide9

A “SYMBIOTIC” RELATIONSHIPBETWEEN PRIVACY AND RIM

The fields of Privacy and RIM are very much interrelated!

Privacy has historically been integral to the practice of RIM (although subtly until recently)

Fundamental concepts shared between Privacy and RIM

Compliance

Retention and Disposition

Information/Data Classification

And many more…

Correlation between the

OECD Guidelines

and the

Generally Accepted Recordkeeping Principles®Slide10

“THE PRINCIPLES”

OR

“THE OECD GUIDELINES”

Concept #1:

PROTECTION

The Principles

NOTE: The OECD has the Security Safeguard Guideline.

Concept #2:

OPENNESSThe OECD GuidelinesNOTE: The Principles has the Principle of Transparency.Slide11

“THE PRINCIPLES”

OR

“THE OECD GUIDELINES”

Concept #3:

ACCOUNTABILITY

Both

The Principles

are:

AccountabilityProtection

Compliance

Availability

Retention

Disposition

TransparencySlide12

THE ROLE OF RETENTION

Generally Accepted Recordkeeping Principles of Retention and Disposition are fundamental concepts for any RIM program

Accessibility (Retention) and Findability (Disposition)

Organizational Use and Meeting Business Obligations

Controlling Storage Costs

Complying with Laws and Regulations

Laws and regulations make Retention a mandatory requirement of most Privacy programs (it’s always best practice!!!)

The best way to prevent a data breach is...Slide13

INFORMATIONGOVERNANCE:

An Organizational Effort Involving Privacy and RIMSlide14

TECHNOLOGY

Significance cannot be understated!

#1 most influential force for the fields of Privacy, RIM, and IG (

BY FAR

)

Revolutionizing the field of RIMTransition toward electronic records and data

Expanded business and compliance requirementsVastly improved tools AND challenges (keeping up???)

Required knowledgebase and skill sets

… An equally dramatic impact on the field of PrivacyData, electronic records, the Internet, cloud computing, mobile devices, cyber crime, data breaches, Big Data, online advertising, online tracking, etc. etc. etc. Proliferation in laws and regulations focused on Privacy and Information Security (many, many more to come)

A global focusSlide15

LAWS AND REGULATIONS

Foundational to both Privacy and RIM

Legal/Regulatory environment is dynamic

The impact of laws and regulations is always increasing (e.g., GDPR)

Impact on an organization may depend on industry, jurisdiction, and/or organization’s risk tolerance

A global considerationSlide16

LAWS AND REGULATIONS, cont.

Examples of Federal Laws:

Gramm-Leach-Bliley Act (GLBA)

HIPAA/HITECH

Telecommunications Act of 1996

Electronic Communications Privacy Act of 1986 (ECPA)

Employment Laws (ADA, FCRA, etc.)

FOIAPatriot Act and Freedom Act

Sarbanes-Oxley Act of 2002 Examples of State Laws:

California AB 1950 (2004)

Mass. 201 CMR 17 (2010)

Examples of International Laws:

General Data Protection Regulation (GDPR)

Safe Harbor Act

Privacy ShieldSlide17

WHAT IS THE GDPR?

The General Data Protection Regulation

Does not

only

apply to the EU

Strong Privacy requirements w/ potentially costly penalties for non-compliance

Goes into effect on May 25, 2018

Lots of questions remain about how the GDPR will ultimately be defined and implementedSlide18

THE ROLE OF INFORMATON SECURITY

Security is a fundamental concept of RIM (e.g., Principle of Protection)

Security is also a key Privacy concept: Physical, Administrative, and Technological

“You can have Security without Privacy, but you

cannot have Privacy without Security”

CIA

= Confidentiality Integrity

A

vailability

NOTE: Two of these are Generally Accepted Recordkeeping Principles.Slide19

WHY INFORMATION SECURITY?

2013

2014

2016

2017Slide20

PROFESSIONAL OPPORTUNITIES FOR RIM PRACTICIONERS

WITHIN THE PRIVACY FIELD

Privacy is driving a renewed “appreciation” for RIM programs and professionals

RIM is very much respected and appreciated by Privacy professionals

Management of the Information Lifecycle is critical, especially Retention/Disposition

Privacy crosses basically all sectors (especially critical to financial, health, utilities and other highly regulated industries)

Opportunities exist globally!Slide21

TYPES OF OPPORTUNITIES

PRIVACY-SPECIFIC

Higher-level Positions (Manager, Director, Officer, VP, Counsel, C-level, etc.)

5+ years “dedicated” Privacy experience

and/or

Law Degree

Mid- to Low- Level Positions (Specialist, Analyst, etc.)

2+ years “dedicated” Privacy experience andBachelor’s Degree (Information-related)

Health-related Position: HIM background/certification

PRIVACY-RELATED

More and more IG/RIM job descriptions are seeking some level of knowledge/experience with Privacy

Seeking certifications (e.g., CRM, IGP, Privacy-focus)

54 ARMA members have a CIPP certification

Technology experience (becoming more critical)

Privacy/Compliance experience (e.g., familiarity with various laws and regulations)

Know how Privacy intersects with IG/RIM and seek out (if possible) opportunities to participate in Privacy ManagementSlide22

TAKING ADVANTAGE OF THE OPPORTUNITIES

RIM professionals

must

develop the proper skill set(s) to be successful in the field of Privacy

AND

continue this skill development!

Some Critical Skills:Understand concepts and applications for:

Foundational Privacy Knowledge/Skills

IT (systems admin, data communication, IT governance, development, etc.)Information SecurityData Governance

Understand how laws and regulations impact these disciplines

and

your organization

Be able to “Manage” Risk

SPEAK THE LANGUAGE!!!Slide23

RELEVANT CERTIFICATIONSSlide24

HIGHER EDUCATIONSlide25

QUESTIONS/DISCUSSION

DATA PRIVACY DAY –

JANUARY 28, 2018

Brett Wise, CRM CIPT CIPP/US IGP CIP

Director of Records & Information Management

The American Board of Pediatrics

Chapel Hill, North Carolina

brettwise@hotmail.com

or

bwise@abpeds.org