Tomorrow's Jobs Today
The competition for the Information Management 2019 IMT MVP Awards was tight – and congrats are in order to all of our winners! We got to know one of them, a bit better here! Read the winning articles here: http://bit.ly/IMTAwards2019
The 2019 Information Management Today MVP Awards Winners Spotlight from Shelley Trout on Vimeo.
It gives me great pleasure to shout from the digital mountaintop that along with my co-author, Abby Moscatel, Esq., we’ve signed a book deal with John Hunt Publishing to release our book, Tomorrow’s Jobs Today: Wisdom and Career Advice from Thought Leaders in AI, Big Data, Blockchain, the Internet of Things, Privacy, and More. The manuscript originated from a series of in-depth interviews we’ve been conducting around the world. The insights that emerged from these conversations were so essential and relevant to workers in the Information Age that we knew we just had to share it with a bigger audience!
This collection of in-depth profiles featuring Smart City CIOs, Data Protection Officers, Blockchain CEO’s, Informatics Doctors and other diverse, skilled professionals gives readers first-hand insight into what tomorrow’s jobs look like today. The hands-on experiences, subject matter expertise, and measured job advice shared within these pages demonstrate how identifying opportunities, setting the right cadence, and building strong relationships are the essential ingredients to unlocking your future’s potential.
This book is for the new graduate, the professional between jobs and the doting parents desperate to get their “brilliant” but lazy kid out of the basement. It’s also for senior corporate leaders seeking an intimate understanding of the changes abounding in their organizations. It’s for the manager who wants to inspire and encourage professional development. And it’s for every knowledge worker out there who wants to leverage technology and information governance to reduce risk, generate revenue, and improve customer experiences.
Sign up for updates on the book below!
In today’s data-driven, fast-changing world, Tomorrow’s Jobs Today gives business leaders a solid overview of many complex technology trends. This book helps surface many of the issues a business leader needs to be aware of and provides food for thought on how they might be navigated as we head into a new decade. –Gregory L. Steinhauer, President, American Life
Information is the currency that fuels and funds the Digital Transformation journey. Tomorrow’s Jobs Today manages to capture a set of leadership perspectives that, while diverse, share an essential characteristic for the future of transformative work: leveraging information as one’s most valuable asset. –Peggy Winton, CEO, Association for Intelligent Information Management AIIM
If you want to stay successful, you have to embrace and adapt to changes. Tomorrow’s Jobs Today shows you how those challenges can be both enlightening and empowering. –Jim Dodson, SVP, Iron Mountain
In a world often seized by ever-accelerating change, Tomorrow’s Jobs Today has brilliantly identified, captured, and recounted liberating insights for success from a broad range of global information governance and technology professionals. There will always be challenges, but for those willing to look, the opportunity is abundant. The Information Age remains an ever-growing frontier awaiting each new wave of pioneers. –Seth Williams, President, MER Conference
This is an empowering and beautifully written book that will surely guide the reader to find a place in this quickly changing Information Age, where they can thrive and contribute to the greater good. –Dr. Angela Bair Schmider, M.S., Ph.D., Massachusetts General Hospital and Harvard Medical School
The authors bring together the voices of leading thinkers, exploring the critical themes that will dominate the years to come. Entertaining interviews reveal the best paths forward for professional development and the impending social, political, and ethical challenges of tomorrow. This is an important book. –Alex Panagides, CEO, mxHero
Tomorrow’s Jobs Today brings together an impressive group of professionals sharing their wisdom and career advice from the cutting edge of technological advancement today. These insights will inevitably bolster your career path, and the combined knowledge of so many brilliant folks in one volume is staggering. I recommend this book for anyone who is pushing or looking to push their organizations into the future. –Nick Inglis, Executive Director of Content & Programming, ARMA International
Stepping away from the mush of data that sometimes arrives through surveys, Tomorrow’s Jobs Today goes straight to the people creating the future world of work. Read this book; go interview a few visionaries yourself; help shape the world to come. –Andy Watson, Head of School, Albuquerque Academy
About John Hunt Publishing – John Hunt’s Business Books “Fresh thinking for the business world,” imprint publishes practical guides and insightful non-fiction for beginners and professionals. Covering aspects from management skills, leadership, and organizational change to positive work environments, career coaching, and self-care for managers, our books are a valuable addition to those working in the world of business.
This year’s conference takes place May 4-6th in Chicago and features Information Governance sessions on Privacy, eDiscovery, Data Remediation, emerging technologies, and operational best practices from the industry’s leading experts, along with the experiences of knowledgeable practitioners.
Tackling data privacy and maintaining consumer trust is harder than ever, especially with the sheer amount of information you need to manage and with constantly evolving privacy laws (CCPA, GDPR, etc) moving the goalposts. The usual checkbox compliance, ad-hoc governance, and reactive information security policies will fail, if they haven’t already, and create too much organizational risk. To achieve a state of consistent compliance and minimize corporate risk you must provide three things to your business: transparent governance, frictionless security, and continuous validation. To provide these things, you must build a strong information governance framework and privacy compliance plan to succeed.
This special, two-part panel discussion facilitated by the ICRM will compare current academic curricula with the existing ICRM exam to identify gaps and areas of improvements for both academia and the ICRM. University Professors will discuss their programs and IG industry leaders will add perspective from the business world. There will be ample time for members of the audience to share their thoughts as well. It is time to close any gaps between what is taught at the university level and what is needed in the world of business. More effective preparation of the next generation of IG professionals will benefit all organizations that depend on these practitioners to address the business opportunities and challenges of the future and it will provide more fulfilling careers for those emerging from school into the world of business.
Also, our partners at Ethikos will be coming all the way from Brussels to present on GDPR.
The GDPR will celebrate its second anniversary on 25 May 2020 – a good time for US companies impacted by this regulation to understand what they should expect in the coming months. In this presentation, Legal professionals working in Europe will discuss how the GDPR has been enforced so far in Europe, what the regulators’ future direction might be, and the key areas US organizations will need to focus on in the coming months. Is there a higher risk of enforcement on the horizon? What is the level of privacy awareness among Internet users, consumers and individuals in Europe? Should US organizations that collect and process personal data of EU data subjects be worried about these regulatory trends?
“California Consumer Privacy Act – Now What Do We Do?”
Register here: https://zoom.us/webinar/register/WN_inuTshVvT9SAQ_XGa
Learn: Why data protection and privacy are important to my business What to do in case of a data breach Preparation for a cyber-attack Preparation for CCPA Preparation for PII/PHI breach response
When: Wednesday, Jan. 22, 2020 Time: 10 a.m. PST/1 p.m. EST
The Federal Trade Commission is extending the deadline to submit comments on the agency’s review of the Children’s Online Privacy Protection Act Rule (COPPA Rule) until December 11, 2019.
The federal government’s Regulations.gov portal is temporarily inaccessible. The FTC is giving commenters additional time to submit comments, as well as an alternative mechanism to file them. Those unable to submit comments via Regulations.gov can submit them via email with the subject line “COPPA comment” to secretary@ftc.gov. All comments, whether filed through Regulations.gov or sent by email, must be submitted by11:59 p.m. ET on December 11, 2019.
The Commission voted 5-0 to extend the comment deadline until December 11, 2019.
Rafael Moscatel, CRM, IGP, is the Managing Director of Compliance and Privacy Partners, LLC. Reach him at 323-413-7432, follow him on Twitter at @rafael_moscatel or visit http://www.capp-llc.com to learn more.
The Federal Trade Commission issued an Opinion finding that the data analytics and consulting company Cambridge Analytica, LLC engaged in deceptive practices to harvest personal information from tens of millions of Facebook users for voter profiling and targeting. The Opinion also found that Cambridge Analytica engaged in deceptive practices relating to its participation in the EU-U.S. Privacy Shield framework.
In an administrative complaint filed in July, FTC staff alleged that Cambridge Analytica and its then-CEO Alexander Nix and app developer Aleksandr Kogan deceived consumers. Nix and Kogan agreed to settle the FTC’s allegations. Cambridge Analytica, which filed for bankruptcy in 2018, did not respond to the complaint filed by FTC staff, or a motion submitted for summary judgment of the allegations.
The FTC staff’s administrative complaint alleged that Kogan worked with Nix and Cambridge Analytica to enable Kogan’s GSRApp to collect Facebook data from app users and their Facebook friends. The complaint alleged that app users were falsely told the app would not collect users’ names or other identifiable information. The GSRApp, however, collected users’ Facebook User ID, which connects individuals to their Facebook profiles.
The complaint also alleged that Cambridge Analytica claimed it participated in the EU-U.S. Privacy Shield—which allows companies to transfer consumer data legally from European Union countries to the United States—after allowing its certification to lapse. In addition, the complaint alleged the company failed to adhere to the Privacy Shield requirement that companies that cease participation in the Privacy Shield affirm to the Department of Commerce, which maintains the list of Privacy Shield participants, that they will continue to apply the Privacy Shield protections to personal information collected while participating in the program.
In its Opinion, the Commission found that Cambridge Analytica violated the FTC Act through the deceptive conduct alleged in the complaint. The Final Order prohibits Cambridge Analytica from making misrepresentations about the extent to which it protects the privacy and confidentiality of personal information, as well as its participation in the EU-U.S. Privacy Shield framework and other similar regulatory or standard-setting organizations. In addition, the company is required to continue to apply Privacy Shield protections to personal information it collected while participating in the program (or to provide other protections authorized by law), or return or delete the information. It also must delete the personal information that it collected through the GSRApp.
The Commission voted 5-0 to issue the Opinion and Final Order.
Rafael Moscatel, CRM, IGP, is the Managing Director of Compliance and Privacy Partners, LLC. Reach him at 323-413-7432, follow him on Twitter at @rafael_moscatel or visit http://www.capp-llc.com to learn more.
The Federal Trade Commission has reached settlements with four companies that allegedly misrepresented their participation in the EU-U.S. Privacy Shield framework, which enables companies to transfer consumer data legally from European Union countries to the United States. The FTC also alleged that two of the companies failed to comply with Privacy Shield requirements.
In separate actions, the FTC settled Privacy Shield cases against:
In addition to allegations that each company falsely claimed to participate in the EU-U.S. Privacy Shield framework, the FTC also alleged that Click Labs and Incentive Services falsely claimed to participate in the Swiss-U.S. Privacy Shield framework, which establishes a process for companies to transfer consumer data in compliance with Swiss law.
In its cases against Global Data and TDARX, the FTC further alleged that the companies continued to claim participation in EU-U.S. Privacy Shield after allowing their certifications to lapse, and that those companies failed to comply with the framework. The companies allegedly failed to verify annually that statements about their Privacy Shield practices were accurate, and failed to affirm that they would continue to apply Privacy Shield protections to personal information collected while participating in the program.
“The Privacy Shield Framework is critical to facilitating transatlantic commerce and assuring our European partners of our commitment to data protection,” said Andrew Smith, Director of the FTC’s Bureau of Consumer Protection. “Enforcement of the Privacy Shield framework is a priority of the FTC, and we will hold companies accountable where, as here, they fail to keep their Privacy Shield promises.”
The Department of Commerce administers both the EU-U.S. and Swiss-U.S. Privacy Shield frameworks, while the FTC enforces the promises companies make when joining the programs. With today’s announcement, the FTC has now brought a total of 21 enforcement actions related to the EU-U.S. Privacy Shield framework since it was established in 2016.
Under the settlements, all four companies are prohibited from misrepresenting their participation in the EU-U.S. Privacy Shield framework, as well as any other privacy or data security program sponsored by any government, or any self-regulatory or standard-setting organization. As part of their settlements, Global Data Vault and TDARX also are required to continue to apply the Privacy Shield protections to personal information they collected while participating in the program, or return or delete the information.
The Commission voted 5-0 to issue the proposed administrative complaints and to accept the consent agreements with the four companies. The FTC will publish a description of the consent agreement packages in the Federal Register soon. The agreements will be subject to public comment for 30 days after publication in the Federal Register after which the Commission will decide whether to make the proposed consent orders final. Once processed, comments will be posted on Regulations.gov.
NOTE: The Commission issues an administrative complaint when it has “reason to believe” that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. When the Commission issues a consent order on a final basis, it carries the force of law with respect to future actions. Each violation of such an order may result in a civil penalty of up to $42,530.
On October 10, 2018, the Attorney General released proposed regulations for the California Consumer Privacy Act of 2018 (CCPA). The California Department of Justice (DOJ) will hold four public hearings to provide all interested persons the opportunity to present statements or comments on the proposed regulations, as detailed below. The hearings will begin promptly at 10:00 a.m. and will conclude when the last speaker has finished their presentation. Please note that attendees may be required to go through building security before entering each venue. For more information about the public hearings, and to RSVP, please visit: https://www.oag.ca.gov/privacy/ccpa/rsvp.
The deadline to submit written comments is December 6, 2019 at 5:00 p.m. (PST). Comments may be submitted via email (PrivacyRegulations@doj.ca.gov), mail (Privacy Regulations Coordinator, California Office of the Attorney General, 300 South Spring Street, First Floor, Los Angeles, CA 90013), or at the public hearings.
Please visit www.oag.ca.gov/privacy/ccpa for information about the DOJ’s CCPA rulemaking process, including the following newly added pdfs: Tips on Submitting Effective Comments and Information about the Rulemaking Process.
PUBLIC HEARING DATES
Sacramento
December 2, 2019; 10:00 a.m.
CalEPA Building
Coastal Room, 2nd Floor
1001 I Street
Sacramento, CA 95814
Los Angeles
December 3, 2019; 10:00 a.m.
Ronald Reagan Building
Auditorium, 1st Floor
300 S. Spring Street
Los Angeles, CA 90013
San Francisco
December 4, 2019; 10:00 a.m.
Milton Marks Conference Center
Lower Level
455 Golden Gate Ave.
San Francisco, CA 94102
Fresno
December 5, 2019; 10:00 a.m.
Fresno Hugh Burns Building
Assembly Room #1036
2550 Mariposa Mall
Fresno, CA 93721
In its complaint, the FTC alleged that Medable, Inc.—which provides technology solutions to business customers operating in pharmaceutical, biotechnology, and research industries—falsely claimed in its privacy policy that it was a certified participant in the EU-U.S. Privacy Shield framework and adhered to the program’s principles. While the company initiated an application with the Department of Commerce in December 2017, it did not complete the steps necessary to participate in the framework.
The Department of Commerce administers the framework, while the FTC enforces the promises companies make when joining the program. With today’s announcement, the FTC has now brought a total of 17 enforcement actions related to the Privacy Shield framework since it was established in 2016.
As part of the settlement with the FTC, Medable is prohibited from misrepresenting its participation in the EU-U.S. Privacy Shield framework, any other privacy or data security program sponsored by the government, or any self-regulatory or standard-setting organization.
The Commission vote to issue the proposed administrative complaint and to accept the consent agreement with Medable was 5-0. The FTC will publish a description of the consent agreement package in the Federal Register soon. The agreement will be subject to public comment for 30 days after publication in the Federal Register, after which the Commission will decide whether to make the proposed consent order final. Once processed, comments will be posted on Regulations.gov.
NOTE: The Commission issues an administrative complaint when it has “reason to believe” that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. When the Commission issues a consent order on a final basis, it carries the force of law with respect to future actions. Each violation of such an order may result in a civil penalty of up to $42,530.
On Monday, November 18th, Google AdSense pushed out the following updates regarding the California Consumer Privacy Act:
from Google:
| The California Consumer Privacy Act (CCPA) is a new data privacy law that applies to certain businesses which collect personal information from California residents. The new law goes into effect on January 1, 2020. |
| Google already offers data protection terms pursuant to the General Data Protection Regulation (GDPR) in Europe. We are now also offering service provider terms under the CCPA, which will supplement those existing data protection terms (revised to reflect the CCPA), effective January 1, 2020. For customers on our online contracts and updated platform contracts, the service provider terms will be incorporated into our existing contracts via the data protection terms. For such customers, there is no action required on your part to add the service provider terms into your contract. |
| These service provider terms will be made available alongside new tools for partners to enable restricted data processing. Restricted data processing is intended to help partners prepare for CCPA. Some partners may decide to send a restricted data processing signal for users who click a CCPA opt-out link. Other partners may decide to enable restricted data processing for all users in California via a control in our products. Subject to the service provider terms, we will act as your CCPA service provider with respect to data processed while restricted data processing is enabled. You can refer to this article for more information on restricted data processing and to determine whether restricted data processing meets your CCPA compliance needs. Please also refer to our Help Center articles for Ad Manager, AdMob, AdSense for more information on enabling restricted data processing. |
| Please see privacy.google.com/businesses for more information about Google’s data privacy policies. |
Compliance & Privacy Partners provides smart and affordable privacy compliance, data governance and risk-management solutions designed to help organizations build privacy programs, assess, manage and remediate risks and demonstrate defensible compliance. We offer and support a variety of data privacy management platforms which include data subject fulfillment workflows, records and PI inventory management, vendor assessment and policy adherence tools, privacy impact assessments, file analysis projects and records retention enforcement.
via FTC Press Release
A Utah-based technology company has agreed to implement a comprehensive data security program to settle Federal Trade Commission allegations that the company failed to put in place reasonable security safeguards, which allowed a hacker to access the personal information of a million consumers.
InfoTrax Systems, L.C., provides back-end operation services to multi-level marketers. This includes such services as compensation, inventory, orders, accounting, training, and data security, as well as operating its clients’ website portals.
In its complaint, the FTC alleges that InfoTrax and its former CEO Mark Rawlins failed to use reasonable, low-cost, and readily available security protections to safeguard the personal information it maintained on behalf of its clients. This includes failing to:
In addition, the FTC alleged that InfoTrax stored consumers’ personal information—such as Social Security numbers, payment card information, bank account information, and user names and passwords—in clear, readable text on its network.
“Service providers like InfoTrax don’t get a pass on protecting sensitive data they handle just because their clients are other businesses rather than individual consumers,” said Andrew Smith, Director of the FTC’s Bureau of Consumer Protection. “As this case shows, it’s every company’s responsibility to protect customers’ personal information, especially sensitive data like Social Security numbers.”
As a result of the company’s security failures, a hacker infiltrated InfoTrax’s server, along with websites maintained by the company on behalf of clients, more than 20 times from May 2014 until March 2016. In March 2016, the intruder accessed about one million consumers’ sensitive personal information, according to the complaint.
InfoTrax did not detect these intrusions until March 2016, when it was alerted that its servers had reached maximum capacity. This alert was due to a data archive file created by the hacker who had infiltrated its network. InfoTrax’s security failures not only affected its network but also the websites of its clients, the FTC alleges.
The personal information that the intruder obtained can be used to commit identity theft and fraud. The FTC alleges that InfoTrax’s failure to provide reasonable security for personal data in its care violated the FTC’s prohibition against unfair practices.
As part of the proposed settlement with the FTC, InfoTrax and Rawlins are prohibited from collecting, selling, sharing, or storing personal information unless they implement an information security program that would address the security failures identified in the complaint. This includes assessing and documenting internal and external security risks; implementing safeguards to protect personal information from cybersecurity risks; and testing and monitoring the effectiveness of those safeguards.
In addition, the proposed settlement requires the company to obtain third-party assessments of its information security program every two years. Under the order, the assessor must specify the evidence that supports its conclusions and conduct independent sampling, employee interviews, and document review. Finally, the order grants the Commission the authority to approve the assessor for each two-year assessment period.
The Commission vote to issue the administrative complaint and to accept the proposed consent agreement with InfoTrax and Rawlins was 5-0. Commissioner Christine S. Wilson released a concurring statement.
The FTC will publish a description of the consent agreement package in the Federal Register soon. The agreement will be subject to public comment for 30 days after publication in the Federal Register after which the Commission will decide whether to make the proposed consent order final. Once processed, comments will be posted on Regulations.gov.
NOTE: The Commission issues an administrative complaint when it has “reason to believe” that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. When the Commission issues a consent order on a final basis, it carries the force of law with respect to future actions. Each violation of such an order may result in a civil penalty of up to $42,530.
Compliance & Privacy Partners provides smart and affordable privacy compliance, data governance and risk-management solutions designed to help organizations build privacy programs, assess, manage and remediate risks and demonstrate defensible compliance. We offer and support a variety of data privacy management platforms which include data subject fulfillment workflows, records and PI inventory management, vendor assessment and policy adherence tools, privacy impact assessments, file analysis projects and records retention enforcement.
There’s a memorable scene in Back to the Future 3 where Marty receives a Western Union telegraph from Doc almost a century after it was originally mailed, warning him of events to come. Seems an unlikely possibility that any organization would honor such a request to preserve, protect and deliver documents for so long. However, that’s exactly what happens every day, all over the world, and it happened to me only a few years ago when I found out I was adopted at the age of 33! The experience was so life changing that I made a film about it which is finally available this month on Amazon and Itunes.
The State of California, to whom I wrote a letter verifying my identification, swiftly wrote me back with a manila envelope containing a treasure trove of documents gathered from multiple state agencies. In the package were details from social workers, hospitals, doctors and even notes from my biological parents! They were all free of charge and kept under seal for over three decades! We take these systems for granted nowadays but can you imagine how effective a system must be to protect my information for this long, over so many administrations and to do it largely without computers? What really makes these processes work is not technology of course, it’s people. But what motivates these people to do such a thing?
I’ll tell you what my own epiphany was, as somebody who works in the fields of Information Governance and Privacy… and that was that record keeping, and those who perform it, are part of the ethical backbone that so much of our society relies on. This often thankless discipline codifies and exemplifies the altruistic commitment we have, and must continue to have to one other. It’s a commitment to value the records and history that tell us who we are and a pledge to protect those records as a matter of ethics ethics and common values. It’s one of the reasons Archives and Records Management has been a passion of mine for so many years.
The new era of Privacy is a boon for Records Management because it underscores the truth that the most important data and records are not just necessary for business continuity, death and taxes but are personal. The return of the discussion of privacy as a fundamental right is not new of course. It’s written into the Constitution in the 4th Amendment. It has been defined historically through almost all cultures and even has biblical roots. Privacy a gift that we’re just beginning to learn how to appreciate again and a silver lining in a world struggling so hard to protect it.
