Course Description
Overview:
Discover the increasing risks, obligations, and steep fines facing organizations who gather and process personal data from individuals in the U.S. and the European Economic Area (EEA).*
The GDPR went into effect on the 25 of May 2018; applicable to the 28 Member-States, plus members of the EEA - the GDPR also affects U.S.-based companies that transfer personal data from the EEA to the States.
Your business must establish watertight consent management processes (this responsibility typically lies with CIOs) and effective data rights management systems (in contrast, CMOs tend to be tasked with this duty) to not only guarantee your institution remains compliant, but also ensure you don't lose your most valuable asset - data. Guidance will be provided on data protection in the U.S., including obligations on the data controller & the consent of data subjects; rights to access personal data or object to its collection; and, security requirements.
We will also cover cookies & spam; third-party data processing; and, of course, transferring data international (i.e., GDPR compliance). This webinar will also detail the enforcement powers, as well as sanctions and remedies, of the U.S. regulator.
We will discuss the patchwork system of U.S. data protection legislation (see below for a list of prominent federal privacy laws). Although there is no comprehensive, national law regulating the collection and use of personal data, there are many federal and state laws and regulations, as well as governmental agency guidelines, related to data collection and personal privacy.
Many of these laws overlap (and, often contradict each other!), and some apply to particular types of information(i.e., financial or health information of e-communications). Further, although broad consumer protection laws are not explicitly designed to protect privacy, many have been used to prohibit unfair or deceptive abusive acts or practices related to disclosing personal information.
*Iceland, Liechtenstein, and Norway
You Will Learn About the Following Regulations:
European Union's (EU's) General Data Protection Regulation (GDPR) - Scope & Applicability
The Data Protection Law Enforcement Directive
EU-U.S. Privacy shield Framework
United States Privacy Act
The Safe Harbor Act
Health Insurance Portability and Accountability Act (HIPAA) (42 U.S.C. §1301 et seq.)
Federal Trade Commission Act (15 U.S.C. §§41-58) (FTC Act)
Children's Online Privacy Protection Act (COPPA) (15 U.S.C. §§6501-6506)
The Financial Services Modernization Act (Gramm-Leach-Bliley Act (GLB)) (15 U.S.C. §§6801-6827)
Security Breach Notification Rule (45 C.F.R. Part 164)
The Fair Credit Reporting Act (15 U.S.C. §1681) (and the Fair and Accurate Credit Transactions Act (Pub. L. No. 108-159) which amended the Fair Credit Reporting Act)
The Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM Act) (15 U.S.C. §§7701-7713 and 18 U.S.C. §1037)
The Telephone Consumer Protection Act (47 U.S.C. §227 et seq.)
The Electronic Communications Privacy Act (18 U.S.C. §2510)
The Computer Fraud and Abuse Act (18 U.S.C. §1030)
Plus, other rules concerning the protection of personal data
Why should you Attend: Representing the most dramatic shift in European data protection law in more than 20 years, The European Union's (EU's) General Data Protection Regulation (GDPR) fundamentally reshapes the way in which data is handled across every sector. Because GDPR requirements extend worldwide, this new EU regulation will impact businesses across the globe.
Organizations that are not compliant could now face heavy fines. Accordingly, this webinar will provide an overview of, and help you understand, the new GDPR; insight will likewise be provided on how such changes may affect your organization.
All attendees will receive modifiable Online Privacy Policy and Privacy Notice templates.
Areas Covered in the Session:
GDPR Overview & Objectives. Replacing the Data Protection Directive of 95/46/EC, GDPR is designed to: (1) harmonize data privacy laws across Europe; (2) protect and empower all EU citizens' data privacy; and, (3) reshape the way organizations across the region approach data privacy
GDPR Basic Concepts, i.e., Personal Data, Data subject, Data controller, Data processor, Data transfer, "processing" personal data
Categories of GDPR-Defined Data/Sensitive Data
New GDPR Requirements. Wider Territorial Scope, Consent, Privacy by Design, Data Protection Officers, Breach Notification, Cross border data transfers, & Fines
Best Practices for GDPR Compliance. Creating a Roadmap to Implementation
High-Level Overview of U.S. Data Protection Rules & Principles, including: data controller requirements; data subjects right to consent/object to personal data collection & right to access such information; and, security obligations
Review of prominent U.S. federal privacy laws, including: FTC Act, COPPA, Gramm-Leach-Bliley Act (plus the Safeguards Rule, Disposal Rule, and Red Flags Rule), HIPAA (e.g., Privacy Rule, Security Rule, Transactions Rule, & Omnibus Rule
Privacy Rules promulgated by national banking agencies
Course Audience:
- IT Executives & Marketing Officers
- Human Resources Executives
- Regulatory Affairs & Policy Staff
- Legal Counsel
- Compliance Officers
- CMOs & Marketing Officers
- Risk Management Staff
Agenda
-
Audience
• IT Executives & Marketing Officers
• Human Resources Executives
• Regulatory Affairs & Policy Staff
• Legal Counsel
• Compliance Officers
• CMOs & Marketing Officers
• Risk Management Staff