From the course: Ethics and Law in Data Analytics

Data privacy and security best practices

From the course: Ethics and Law in Data Analytics

Data privacy and security best practices

- In this presentation we're going to be highlighting some of the suggested best practices based on the FTCs enforcement actions with respect to the Internet of things. There are two attorneys from the law firm of Kelley Drye and Warren, Alysa Hutnik who's a partner in the DC offices, and Crystal Skelton who's an associate in the LA offices who have basically put this presentation together, and we're sharing it forward with you as our students because we just think it's got some really, really good suggestions for how to manage and navigate the regulatory actions that we're seeing coming out of the FTC. So I'm not going to go through all of this presentation with you in this video, you are welcome to go through it yourself. I'm going to highlight some of the slides and speak to those, and then I'm going to ask you to return to them later and really take a deeper look. So, first do's and don'ts on this list is to know your data. Some of these are very obvious, but they're really good reminders. You want to understand the devices that you are using to collect the data, how it's being collected and so forth. The FTC takes an expansive view as to the types of data it considers personal, and quite frankly they are probably just as motivated as the European Union is in Europe with respect to protecting consumer privacy. We don't talk about it as much, because the European Union is getting a lot of attention for its recent regulation and us getting ready for that. But the FTC as we can see from the cases that we've talked about is very concerned with security and privacy. So know the data, know that they take an expansive approach to it. Don't avoid a privacy by design approach. We've talked a lot about this. Europe's going to require it, the FTC wants to see it. This is where technologists, computer scientists, engineers, lawyers and ethicists are working together to create technology that is going to have built into it consumer privacy protections. Third one on this list, do consider whether and how users should be provided notice and choice. The clearer, the more user friendly, the better. And four, do have a privacy policy covering the Internet of things device and ensure that it's accurate. We've seen from the case examples in an earlier video that the Internet of things can create all kinds of interesting privacy issues, and knowing that you have a privacy policy in place and that it's constantly updated is going to be critical. I'm going to go through one more of these slides and the do's and don'ts for privacy, and then we're going to fast forward towards some of the general ones. Number five don't forget to update your privacy practices which is what I was just saying earlier. You're going to have the policy, make sure you update it to be consistent and current with what you're doing. And the next few slides talk about security, and at the end these two counselors have included for us some general do's and don'ts. Number 11 of the general do's and don'ts, do apply extra scrutiny when it comes to collecting sensitive data. We've been talking about the difference between personal data and sensitive data, and the sensitive data the more sensitive it is, the more secure it has to be. Lastly I want to highlight this last slide. Don't forget to monitor new developments at the FTC. I can't enforce enough that you've got resources at your disposal. The FTC website is amazing and including all kinds of information about their interpretations of the FTC ACT, cases, consent decrees and so forth. So do make sure that you check that out, and good luck to you. Take a look at the whole slide presentation and make sure that you understand all that is included here for you. Thank you.

Contents