Protect Privacy to Protect Your Startup

download Protect Privacy to Protect Your Startup

of 41

Embed Size (px)

description

learn about privacy policies, terms of use, and how to deal with privacy issues in your website or mobile app

Transcript of Protect Privacy to Protect Your Startup

  • 1. PPrrootteecctt PPrriivvaaccyy ttooPPrrootteecctt YYoouurrSSttaarrttuuppDDoonntt ccaattcchh aann FFTTCC ((AAccttiioonn)),,pprraaccttiiccee ssaaffee ddaattaa ccoolllleeccttiioonn

2. Thank You to Our Sponsors 3. Presentation Content Privacy Policy vs. Terms of Service Process of Creating Your Privacy Policy Compliance with the Law Avoiding the FTC Online Services for Protecting Privacy 4. United States v. Path, Inc. Path: mobile app developer Contrary to privacy policy,automatically collected personal info Got info from ~3,000 kids under age 13 FTC charged Path for deception andviolation of COPPA Settlement: $800,000; 20 yrs of audits 5. Our Startup: Dragon Digs The social hub of Drexel University Relies on user-generated content Features: Create, RSVP to events Post pictures, comments In-app ticket purchasing Promo emails from Dragon Digs Third-party advertising 6. Privacy Policy Explains how company gathers, uses,discloses, manages user info Separate from TOS More specifically: Type of data collected and how its used, stored,protected How user data is shared with third parties Compliance with privacy laws and user control 7. Terms of Service Rules users must abideby on website/app Legally binding; subject to change More specifically: Software license; website/app operation; usersrights Information ownership; copyright;incorporates privacy policy Disclaimers/limitation of liability; notice 8. Ensuring Enforceable Terms Forming an enforceable contract Notice and assent Click-wrap vs. Browse-wrap Additional tips and considerations 9. Notice and Assent Click-wrap: Present users with copy of terms, and Require action showing user read and agrees toterms 10. Notice and Assent Browse-wrap: Available to users via web links Does not require action indicating user agreesto terms Typically state that site use is deemed acceptance ofterms 11. Additional Tips and Considerations Use plain English Consider device it will be read on Place in a conspicuous location 12. Our Startup: Dragon Digs The social hub of Drexel University Relies on user-generated content Features: Create, RSVP to events Post pictures, comments In-app ticket purchasing Promo emails from Dragon Digs Third-party advertising 13. What Info Should I Collect? Relationship with user determineswhat should be collected De-identify personal identification infowhere possible Whatever you collect,give users notice Helps create user trust 14. Give Users a Choice No consent needed: If collected data isexpected for a relationship with user Such as product fulfillment, analytics, security,and website improvements Consent needed: If collected data isoutside what would be expected Do Not Track options 15. Tracking Cookie: Text file thatcollects user information Beacon: Graphic image filethat collects user information Types: Persistent or session cookies Can be used for website operation oradvertising 16. Privacy by Design Build in privacy and security at allstages of design and development Implement and enforce strategicallysound privacy practices throughoutcompany 17. Best Practices Data security Firewall and virus protection SSL encryption Encrypt user names and passwords Keep security current Reasonable collection limits Collect only what is needed 18. Best Practices Sound retention practices Right to be forgotten Retention depends on industry Data accuracy Allow users to access and change their profiles Knowledgeable, designated staff 19. Our Startup: Dragon Digs The social hub of Drexel University Relies on user-generated content Features: Create, RSVP to events Post pictures, comments In-app ticket purchasing Promo emails from Dragon Digs Third-party advertising 20. ComplianceBBee SSuurree YYoouu RReeaadd YYoouurrOOwwnn PPoolliiccyy!! 21. FTC Act and Regulations Unfair or deceptive Avoid the FTC: Comply Notify Protect 22. CalOPPA California Online Privacy Protection Act Conspicuously post your policy Comply Do Not Track amendment 23. CCaallOOPPPPAA CCoommpplliiaannccee Privacy policy must include: Collect info Sharing policies User review/control Notification Effective date 24. COPPA Childrens Online Privacy Protection ActAre YouUnder theAge of 13? 25. COPPA Compliance Who is collecting the info? Description of info collected Use Disclosure to third parties Parental review & consent User notice 26. CAN-SPAM ACT Controlling the Assault of Non-SolicitedPornography and Marketing Act Are you spamming? Compliance is simple 27. HIPAA Health Insurance Portability andAccountability Act 28. FERPA Family Educational Rights and Privacy Act 29. Gramm-Leach-Bliley Act Governs financial information 30. European Union E-PrivacyDirective The right to be forgotten, amongother things 31. Our Startup: Dragon Digs The social hub of Drexel University Relies on user-generated content Features: Create, RSVP to events Post pictures, comments In-app ticket purchasing Promo emails from Dragon Digs Third-party advertising 32. Avoiding the FTC FTC Statutory authority to remedy privacyinfringements Power to prohibit unfair and deceptive practices Statutory requirements CalOPPA; COPPA; CAN-SPAM;HIPAA; FERPA; GLBA 33. FTC Actions Google RockYou Snapchat The Brightest Flashlight App 34. Our Startup: Dragon Digs The social hub of Drexel University Relies on user-generated content Features: Create, RSVP to events Post pictures, comments In-app ticket purchasing Promo emails from Dragon Digs Third-party advertising 35. Privacy Policy Generators Tested 28 online generators Factors: ease of use, guidance, cost, andpolicy generated Recommendations: FreePrivacyPolicy.com GeneratePrivacyPolicy.com; SEOToaster.com TRUSTe.com (for mobile apps) 36. What Needs Protection? 37. Seals of Approval The best individually TRUSTe TrustGuard Qualys Comodo The best for you Mix-and-match to suit your needs Each service has strengths & weaknesses 38. Our Startup: Dragon Digs The social hub of Drexel University Relies on user-generated content Features: Create, RSVP to events Post pictures, comments In-app ticket purchasing Promo emails from Dragon Digs Third-party advertising 39. Questions? 40. Thank You to Our Sponsors 41. Thank You to Our AudienceApply to be a client atwww.drexel.edu/law/ELC