Credit Card Companies Settlements

Document Sample
Credit Card Companies  Settlements Powered By Docstoc
					Privacy Advisory
Services …
      … A Best
      Practices,
      Integrated
      Approach

  Insert Firm Name Here
PRIVACY IN THE NEWS




  Breach of Credit Card
  Companies' Security
         Affects
   40 Million Accounts
INFORMATION TRENDS

 Every day, companies collect, use,
  profile, disclose, and analyze
  customer information…
 Unfortunately, some of this information is:
       – Misused
       – Stolen
       – Abused
 This has led to a trust gap among customers.
INFORMATION STAKEHOLDER
CONCERNS
 Customers
   – Concerned with how and why their information
     is collected, used, disclosed, and retained
   – Want businesses to earn trust
 Businesses
   – Trying to strike a balance between
     collection and use of information
   – Concerned with reducing privacy risk of poor privacy
     practices
   – Want to leverage good privacy practices and retain
     trust of customers
 Government
   – Taking increased action on growing
     concerns about privacy to:
            Protect rights of citizens
            Better manage its own data stores
GOVERNMENTS’ RESPONSE

   U.S. legislation
     – Gramm-Leach-Bliley Act (GLBA)
     – Health Insurance Portability and Accountability Act (HIPAA)
     – Children’s Online Privacy Protection Act (COPPA)
     – Controlling the Assault on Non-Solicited Pornography and
       Marketing Act (CAN SPAM)
     – Fair and Accurate Credit Transaction Act of 2003 (FACTA)
   Other important laws, regulations, and guidelines
     – Privacy Act of 1974
     – European Union Directive on Data Protection
     – OECD privacy guidelines
     – Personal Information, Protection and Electronic Documents Act
       (PIPEDA) in Canada
     – Privacy Online: A Report to Congress
SO WHERE ARE WE?

 Privacy is increasingly in the news,
  particularly for violations.
 Consumers are greatly concerned and
  want more control.
 Businesses are trying to balance collection
  and use.
 The Government is taking increased
  action.
PRIVACY: A DEFINITION

 PRIVACY encompasses the rights
 and obligations of individuals and
 organizations with respect to the…
        Collection
        Use
        Disclosure, and
        Retention
               …of personal information.
PERSONAL INFORMATION: WHAT IS IT?

  Personal information is any information that is, or
   reasonably could be, attributable to a specific
   individual. The information can be either factual or
   subjective, and recorded in any form or even
   unrecorded. Some examples include:
   –   Name, address, email address
   –   Identification numbers
   –   Credit records
   –   Buying history
   –   Employee records
  Much of this information is sensitive and greater
   cause for concern.
                                   Individuals                          Organizations

                            Be aware of the organization’s         Establish and communicate its
                             privacy policies                        privacy policies and
                         
Rights and Obligations
                             Provide accurate and appropriate        commitments to the individual
                             information suited to the purpose      Provide choices or seek consent
                             for which the information is            for the use of the personal
                             needed                                  information
                            Notify the organization of             Collect, use, retain, and disclose
                             inaccuracies in or changes to           personal information according
                             personal information used by the        to its privacy policies and
                             organization                            commitments
                            Adhere to applicable laws and          Allow the individual to update or
                             regulations, and other agreements       correct personal information that
                             with the organization                   is used by the organization
                                                                    Protect the personal information
                                                                     from unauthorized use and
                                                                     disclosure
                                                                    Otherwise adhere to its policies,
                                                                     applicable laws and regulations,
                                                                     and other agreements with the
                                                                     individual
BUSINESS RISKS

 60% of customers* say they have decided not to use a company
  because they weren't sure how their personal information would
  be used.

 Litigation…FTC settlements: BJ’s Wholesale Club, Inc. settles
  charges that its failure to take appropriate security measures to
  protect the sensitive information of thousands of its customers
  was an unfair practice that violated federal law; Petco Animal
  Supplies Inc. settles charges that security flaws in its Web site
  violated privacy promises it made to its customers and violated
  federal law.

 Poor privacy practices can damage brand, reputation, customer
  loyalty and satisfaction, market position, shareholder value,
  revenue and more

  *Source: 2004 Privacy & American Business survey
PRIVACY AS A COMPETITIVE
ADVANTAGE
         Companies are concerned with how their customers see
          them handling privacy concerns:
              –       100% of companies surveyed* have a privacy policy.
              –       100% of companies surveyed * report that privacy compliance
                      is a significant regulatory concern for their company.
              –       95% of companies surveyed * monitor emerging state and
                      federal privacy regulations.

 •        However, only:
              –       62% of companies surveyed * monitor internal compliance with
                      their privacy policy.
              –       49% of companies surveyed * have privacy policies that are
                      easy to understand.
              –       19% of companies surveyed * have had an independent privacy
                      audit conducted within the last two years.



 *Source: 2005 Benchmark Study of Corporate Privacy Practices co-released by the Ponemon Institute and Vontu, Inc.)
How can our firm help?
 We provide a full range of services, including
   Privacy strategic and business planning.
   Privacy gap and risk analysis.
   Benchmarking against the Generally
    Accepted Privacy Principles (GAPP).
   Privacy policy design and implementation.
   Performance measurement.
   Independent verification of privacy controls.
  GENERALLY ACCEPTED PRIVACY
           PRINCIPLES
    A Global Privacy Framework


OVERALL PRIVACY OBJECTIVE
  Personal information is collected, used,
  retained, and disclosed in conformity with
  the commitments in the entity’s privacy
  notice and with criteria set forth in
  Generally Accepted Privacy Principles
  issued by the AICPA/CICA.
GENERALLY ACCEPTED
PRIVACY PRINCIPLES
   Management
   Notice
   Choice and Consent
   Collection
   Use and Retention
   Access
   Disclosure
   Security
   Quality
   Monitoring and Enforcement
The Generally Accepted Privacy
Principles (A Global Framework)
provide detailed privacy guidance!
• The Framework contains criteria for each of
  the 10 Privacy Principles.
• Each criterion’s illustrations and
  explanations are designed to enhance the
  understanding of the criteria.
• Many criteria have additional
  considerations, such as good privacy
  practices and selected requirements of
  specific laws and regulations pertaining to a
  certain industry or country.
 [Firm Name] & GENERALLY ACCEPTED
PRIVACY PRINCIPLES HELP BRIDGE THE
              TRUST GAP
             [Your Firm
               Name]
WHAT DOES THIS MEAN?

•   Privacy is a RISK MANAGEMENT ISSUE.

•   Privacy can be used as a COMPETITIVE ADVANTAGE.
    – 56% of the companies surveyed* believe that
      safeguarding privacy has a direct positive impact on
      their company's brand or image in the marketplace.



    (source: 2005 Benchmark Study of Corporate Privacy Practices co-released by the Ponemon Institute and Vontu, Inc.)
Steps to Better Privacy Practices:


   • Designate an individual to be responsible for
     privacy.
   • Develop a business strategy.
   • Perform a risk assessment and gap analysis
     of controls and procedures.
   • Develop, design, and implement privacy
     initiatives.
   • Sustain and manage privacy processes.
CPA Privacy Advisory
     Services
 Your Trusted Adviser in
         Privacy


[Insert Firm Name Here]
       [Insert Address]
     [Insert Phone No.]
  [Insert E-mail Address]


				
DOCUMENT INFO
Description: Credit Card Companies Settlements document sample