S3E8: 'Recent FTC Enforcement: What Privacy Engineers Need to Know' with Heidi Saas (H.T. Saas)

The Shifting Privacy Left Podcast

Nội dung được cung cấp bởi Debra J. Farber (Shifting Privacy Left). Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được Debra J. Farber (Shifting Privacy Left) hoặc đối tác nền tảng podcast của họ tải lên và cung cấp trực tiếp. Nếu bạn cho rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không có sự cho phép của bạn, bạn có thể làm theo quy trình được nêu ở đây https://vi.player.fm/legal.

7M ago 1:15:33

MP3•Trang chủ episode

In this week's episode, I am joined by Heidi Saas, a privacy lawyer with a reputation for advocating for products and services built with privacy by design and against the abuse of personal data. In our conversation, she dives into recent FTC enforcement actions, analyzing five FTC actions and some enforcement sweeps by Colorado & Connecticut.
Heidi shares her insights on the effect of the FTC enforcement actions and what privacy engineers need to know, emphasizing the need for data management practices to be transparent, accountable, and based on affirmative consent. We cover the role of privacy engineers in ensuring compliance with data privacy laws; why 'browsing data' is 'sensitive data;' the challenges companies face regarding data deletion; and the need for clear consent mechanisms, especially with the collection and use of location data. We also discuss the need to audit the privacy posture of products and services - which includes a requirement to document who made certain decisions - and how to prioritize risk analysis to proactively address risks to privacy.
Topics Covered:

Heidi’s journey into privacy law and advocacy for privacy by design and default
How the FTC brings enforcement actions, the effect of their settlements, and why privacy engineers should pay closer attention
Case 1: FTC v. InMarket Media - Heidi explains the implication of the decision: where data that are linked to a mobile advertising identifier (MAID) or an individual's home are not considered de-identified
Case 2: FTC v. X-Mode Social / OutLogic - Heidi explains the implication of the decision, focused on: affirmative express consent for location data collection; definition of a 'data product assessment' and audit programs; and data retention & deletion requirements
Case 3: FTC v. Avast - Heidi explains the implication of the decision: 'browsing data' is considered 'sensitive data'
Case 4: The People (CA) v. DoorDash - Heidi explains the implications of the decision, based on CalOPPA: where companies that share personal data with one another as part of a 'marketing cooperative' are, in fact, selling of data
Heidi discusses recent State Enforcement Sweeps for privacy, specifically in Colorado and Connecticut and clarity around breach reporting timelines
The need to prioritize independent third-party audits for privacy
Case 5: FTC v. Kroger - Heidi explains why the FTC's blocking of Kroger's merger with Albertson's was based on antitrust and privacy harms given the sheer amount of personal data that they process
Tools and resources for keeping up with FTC cases and connecting with your privacy community

Guest Info:

Follow Heidi on LinkedIn
Read (book): 'Means of Control: How the Hidden Alliance of Tech and Government is Creating a New American Surveillance State'

Send us a text

Privado.ai
Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.
TRU Staffing Partners
Top privacy talent - when you need it, where you need it.
Shifting Privacy Left Media
Where privacy engineers gather, share, & learn
Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Chương

1. S3E8: 'Recent FTC Enforcement: What Privacy Engineers Need to Know' with Heidi Saas (H.T. Saas) (00:00:00)

2. Introducing Heidi Saas (00:01:56)

3. Heidi's journey into privacy law and why advocating for privacy by design and default has been so important to her (00:04:23)

4. How the FTC brings enforcement actions, the effect of their settlements, and why do privacy engineers should pay closer attention (00:10:15)

5. Case 1: FTC v. InMarket - Heidi explains the implication of the decision - data linked to a mobile advertising identifier or an individual's home is not considered de-identified (00:15:42)

6. Case 2: FTC v. X-Mode Social / OutLogic - Heidi explains the implication of the decision, focused on: affirmative, express consent; definition of a 'data product assessment' and audit programs; and data retention & deletion requirements (00:21:42)

7. Case 3: FTC v. Avast - Heidi explains the implication of the decision where 'browsing data' is considered 'sensitive data' (00:32:00)

8. Case 4: The People (CA) v. DoorDash - Heidi explains the implications of the holding: where companies sharing personal data as part of a 'marketing cooperative' is a 'sale of data' (00:45:11)

9. Heidi discusses recent State Enforcement Sweeps, specifically in Colorodo and Connecticut (00:49:36)

10. Case 5: Heidi explains how the FTC blocked the Kroger merger with Albertson's based on the personal data they have (01:00:55)

63 tập

#Tech #Entrepreneur #Business #News #Tech News #Privacy #Security #Engineering #Innovation #Ethics #Design #Debra J. Farber (Shifting Privacy Left Media #Development #DevOps #Data Science #Privacy Engineer #Architecture