3. Today’s Agenda
Data Breach Updates for 2012
How to Protect Your Brand
Commercial Email: State of the State
Reputation Resources: Tools You Can Use
Privacy Bill of Rights
Wrap Up
Proprietary & Confidential 3
4. Not a day seems to go by without an
announcement of a brand and a recent
data compromise.
Will yours be next?
Proprietary & Confidential 4
5. Q: $6.5 Billion
A: Data breach impact to U.S.
businesses
Source: OTA
Proprietary & Confidential 5
11. Data breaches, what are they after?
Organizations who store large amounts of customer data
are attractive targets for identity thieves
Data is the new currency for the dark side
Thieves target personal, financial and other PII:
Names and Addresses
Phone Number
Email Address
Social Security Numbers
Bank Account Numbers
Credit and Debit Card Numbers
Account Passwords
Security Questions and Answers
Source: Zeta Interactive
Proprietary & Confidential 11
12. Data breaches, how do they work?
Attacks can take many forms
Phishing
Hacking
Malware
Hardware Theft
Exploiting of Accidental Release
Data Spill, Improper Disposal of Digital Assets, Other Accidents
Thieves use stolen data to victimize customers
Financial Fraud - All Forms and Types
Use of Stolen Information to Commit Additional Crimes
Money Laundering
Criminal Impersonation, Stalking and Harassment
Terrorism
Source: Zeta Interactive
Proprietary & Confidential 12
13. What are the privacy laws?
Federal Laws
• FTC Act
• Sarbanes-Oxley
• HIPPA / COPPA
States Laws
• Breach Notifications
• Data Encryption
• SSN Protection
Local Laws
• Wireless Networks
International Laws
• EU Data Protection Directive / UK Cookie Tracking
Professional / Trade Protocols
Source: Zeta Interactive
Proprietary & Confidential 13
14. What are the impacts?
Data breaches affect
every aspect of the IT
Security audits and scrutiny
company:
Infrastructure changes
Financial
Litigation Marketing & Communication
PR & crisis management
Business loss & focus
Brand degradation & mistrust
Stock devaluation
Identity protection
Legal
Government regulations
services & support Government notifications
PR & Marketing activity Class action lawsuits
Source: Zeta Interactive
Proprietary & Confidential 14
15. Protect your brand.
Technical security is a critical first step
Review all your potential internal loopholes
Conduct a comprehensive risk assessment
Identify threats
Analyze potential harm
Identify reasonable mitigation
Understand the legal landscape
Implement policies and procedures consistent with above
Develop a written information security program and incident
response
Periodically review the program to guard against new and evolving threats
Require your vendors to employ best security practices
Contractual language and penalties for non compliance
Make privacy a corporate mandate for adoption
Proprietary & Confidential 15
16. Tools you can use.
Seek guidance from your legal teams
Consider a third-party privacy seal for compliance
Register cousin domains that look like yours
• This will protect your brand online and avoid Phishing issues
Keys to consumer trust
• Notice: Say what you are going to do and do it
• Consent: Ask for permission
• Choice: Allow your customers options
Be transparent online - don’t hide your activities
Update your privacy policy regularly
Proprietary & Confidential 16
17. Commercial email state of the state
Email Deliverability = Brand Management
Brand Management = Email Reputation
Good Email Reputation = Better Deliverability
Better Deliverability = Builds Consumer TRUST
Better Consumer Trust = Drives Engagement
More aggressive filter implementation on ISP level
More streamlined industry organization/cooperation
Continued legal/privacy/technology issues remain
More informed clients as access to information is available
There are still No Guarantees for delivery to any inbox
Proprietary & Confidential 17
18. A word on reputation
Majority of deliverability issues are based on reputation
The data that affects reputation includes:
• Email authentication implementation
• Email volumes
• Complaint rates
• Hard bounce rates
• Spam trap hits
• Consumer engagement: clicks / opens / conversions
To protect reputation:
• Monitor the sends consistently
To repair reputation:
• Fix the problems data integrity / confirmed opt-in
Proprietary & Confidential 18
20. The Consumers Privacy Bill of Rights
Privacy Right Definition
A right to exercise control over what personal data companies
Individual control
collect and how they use it.
A right to readable and accessible information about privacy
Transparency
and security practices.
A right to expect that companies will collect, use and
Respect for Context disclosure personal data in ways consistent with the context
where data was shared.
Security A right to secure and responsible handling of personal data.
A right to access and correct personal data in usable formats,
Access and Accuracy
in a manner appropriate to data sensitivity.
A right to reasonable limits on the personal data that
Focused Collection
companies collect and retain.
A right to have personal data handled by companies in a
Accountability
manner that complies with the Consumer Privacy Bill of Rights.
Proprietary & Confidential 20
21. Wrap up
Data breaches will continue to evolve
Protect your brand online
Monitor your online reputation
Be proactive not reactive for your brand
• Have a plan and execute to it
Manage internal and external expectations
• Who do you do business with and do they COMPLY?
Obey the law
• Understand what’s required of you and your online presence
Your online journey will be rewarding when you invest the time and resources
Proprietary & Confidential 21