Online Privacy & Security Online Privacy & Security for the - - PowerPoint PPT Presentation

online privacy security online privacy security for the
SMART_READER_LITE
LIVE PREVIEW

Online Privacy & Security Online Privacy & Security for the - - PowerPoint PPT Presentation

Feb 21, 2024 137 likes •331 views

1 Online Privacy & Security Online Privacy & Security for the Mortgage Industry for the Mortgage Industry Ronald M. Jacobs Ronald M. Jacobs (202) 216-8215 (202) 216-8215 rmjacobs@ @venable venable.com .com rmjacobs 2 Online

slide-1
SLIDE 1

1

Online Privacy & Security Online Privacy & Security for the Mortgage Industry for the Mortgage Industry

Ronald M. Jacobs Ronald M. Jacobs (202) 216-8215 (202) 216-8215 rmjacobs rmjacobs@ @venable venable.com .com

slide-2
SLIDE 2

2

  • Gramm-Leach-Bliley Act (GLB)

Privacy Regulations: 7/1/01 Security Regulations: 5/23/03

  • Pending Online Privacy Legislation
  • SPAM

Online Privacy & Security Overview

slide-3
SLIDE 3

3

Gramm Gramm-Leach-

  • Leach-Bliley

Bliley Act Act

Privacy Regulations Privacy Regulations

slide-4
SLIDE 4

4

Privacy Notices

  • Clear & Conspicuous
  • Must be “clear and conspicuous” -- designed to

call attention to the nature and significance of the notice In a consistent location In a noticeable location

  • Placed on a page consumers use often or

linked directly from transaction page

  • Must visible to consumers before sending

nonpublic personal information

slide-5
SLIDE 5

5

Privacy Notices (part 2)

  • Suggestions for Privacy Notice
  • Text or visual cues to encourage scrolling down
  • When collecting personal information, place in

a more prominent location

  • Use a popup window
  • How to Display Notice
  • Customers: post privacy notice continuously in

a C&C manner on the web site for those consenting to receive notice on web site

  • Consumers: require acknowledgement of

receipt of notice as part of transaction

slide-6
SLIDE 6

6

Opt-Out Forms

  • Opt-Out Form
  • If consumer has agreed to receive notices

electronically, then provide an electronic means to opt-out

  • Requiring a consumer to write a letter is not

acceptable

  • Must provide reasonable opportunity to opt-out

before sharing information

slide-7
SLIDE 7

7

Nonpublic Personal Information

  • Data collected online (or otherwise)
  • Includes “cookies”
  • A cookie is a small line of text that is stored by

your browser on your computer's hard drive. Our cookies do not contain any personally identifiable information.

  • Use of cookies
  • Some sites require cookies to operate -- be

sure to let people know this

slide-8
SLIDE 8

8

Gramm Gramm-Leach-

  • Leach-Bliley

Bliley Act Act

Security Regulations Security Regulations

slide-9
SLIDE 9

9

GLB Security Regulations

  • Effective May 23, 2003
  • Contracts signed by June 24, 2002 valid until May

24, 2004

  • Nonaffiliated third party to perform services or

functions on your behalf

  • Even if contract does not specify that the

service provider will maintain appropriate safeguards

slide-10
SLIDE 10

10

Scope of Security Rule

  • Applies to financial institutions
  • Those that collect information from a

consumer/customer

  • Those that obtain information from other

financial institutions

  • Applies to service providers
  • any person or entity that receives, maintains,

processes, or otherwise is permitted access to customer information through its provision of services directly to a financial institution

slide-11
SLIDE 11

11

Information Security Program

  • Objectives:
  • Insure security and confidentiality
  • Protect against any anticipated threats or

hazards to security or integrity

  • Protect against unauthorized access or use of

information that could result in substantial harm

  • r inconvenience to any customer
slide-12
SLIDE 12

12

Information Security Program

  • Elements:
  • Designate employee(s) to coordinate program
  • Identify reasonably foreseeable internal and

external risks to security, confidentiality, and integrity of customer information that could result in disclosure, misuse, alteration, destruction, or

  • ther compromise and sufficiency of safeguards

Employee training Information systems (including physical integrity) Attacks

slide-13
SLIDE 13

13

Information Security Program

  • Elements (cont):
  • Design and implement information safeguards to

control risks and regularly test and monitor

  • Oversee service providers

Select providers capable of maintaining safeguards Require providers to maintain safeguards

  • Evaluate and adjust program in light of tests and

changes in operations

slide-14
SLIDE 14

14

Online Privacy Legislation Online Privacy Legislation

Pending Bills Pending Bills

slide-15
SLIDE 15

15

Pending Legislation

  • H.R. 69 Online Privacy Protection Act of 2003
  • H.R. 71 Wireless Privacy Protection Act of 2003
  • H.R. 122 Wireless Telephone Spam Protection

Act

  • H.R. 338 Defense of Privacy Act
  • S. 223 Identity Theft Protection Act
  • S. 228 Social Security Number Misuse

Prevention Act

slide-16
SLIDE 16

16

Unsolicited Commercial Email Unsolicited Commercial Email

Legislative & Regulatory Legislative & Regulatory Approaches to SPAM Approaches to SPAM

slide-17
SLIDE 17

17

FTC Workshop

  • E-mail Address Gathering
  • Falsity in Sending Spam
  • Open Relays/Open

Proxies/Form Mail Scripts

  • The Economics of Spam
  • Blacklists
  • Best Practices
  • Wireless Spam
  • Federal and State

Legislation

  • International

Perspectives

  • Litigation Challenges
  • Technological Solutions

to Spam/Structural Changes to E-Mail

slide-18
SLIDE 18

18

Legislation

  • S. 563: Computer Owners’ Bill of Rights

Creates do-not-email list at FTC

  • S. 877: CAN-SPAM Act of 2003

Prohibits fraudulent headers Opt-out requirement

slide-19
SLIDE 19

19

Online Privacy & Security Online Privacy & Security for the Mortgage Industry for the Mortgage Industry

Ronald M. Jacobs Ronald M. Jacobs (202) 216-8215 (202) 216-8215 rmjacobs rmjacobs@ @venable venable.com .com