This session will include supplementary handouts, including:

• Key U.S. Federal & State Data Protection Laws
• Samples of Compliant Written Data Protection Policies & Security Procedures
• Modifiable Online Privacy Policy Template

According to Pew Research Center, 50% of Americans believe our personal information is less secure today than it was five (5) years ago. Take a moment to consider the major data breaches that have occurred in the past half-decade: The infamous Equifax debacle of 2017; the billions of Yahoo email accounts hacked; the 200 million U.S. voters' whose personal data was (accidentally) leaked by Deep Root Analytics; the 57 million Uber accounts that were breached; and, likely countless more instances that we don't even know about! Clearly, it's a rhetorical question … but, isn't the public's distrust in organizations of all sizes – including community banks – understandable?

As consumers grow weary of organizations, like your bank, collecting their personal information, the United States government is doing little to reassure the public that it's serious about protecting the data and privacy of U.S. citizens. At the moment, data protection and privacy are regulated by a patchwork of competing laws at the state and federal levels. The Federal Trade Commission (FTC) has repeatedly asked Congress to pass personal data protection and security laws that reflect our modern, digital world. Yet, because the United States government has not regulated the collection and use of personal information with a single, comprehensive law, community banks face the burden of complying with overlapping and, oftentimes, contradictory regulations.

Although the U.S. has not substantially updated its laws on personal data in decades, in 2018, the European Union became the global focal point for individual data protection when it enacted the General Data Protection Regulation (GDPR). Since then, all 50 U.S. states have enacted data breach notification laws, which require businesses, including your community bank, to contact customers if their personal information is compromised. Likewise, several U.S. states have followed the EU's lead by enacting laws that expand the data breach notification requirements – and require significant alterations to your data processing operations– and empower consumers to have control how their personal data is used. In 2020, you can expect many "GDPR"-centric laws to pass in state legislatures around the country.

Beyond the influx of data protection legislation, the types of legally-actionable injuries that can arise from your bank's collection and (mis)use of personal data are rapidly evolving. Prudent community banks are taking precautionary measures to ensure that their data protection policies and privacy notices adhere to GDPR-like standards, which helps fend off lawsuits from greedy plaintiffs' attorneys. Don't be surprised if you receive an action letters claiming that your clients have suffered various injuries because of your bank's collection and (mis)use of personal data!

Discover how to comply with the entire patchwork of U.S. laws, mitigate legal risks, and get ahead of new GDPR-like laws, in this 120-minute session. We will untangle this complex web of data protection and privacy laws that complicate the lives of community bankers, and identify best practices for your bank to adopt today. You will learn how to (1) conduct a self-audit of your bank's existing data protection program; (2) establish watertight consent management processes, and (3) implement an effective data rights management program.

In this webinar, you will also learn to conduct a "gap assessment" to determine whether your existing data protection procedures require revision to comply with current and anticipated state laws. To prepare your community bank for new data protection and privacy regulations, it is imperative for your compliance team to work alongside your business, marketing, and IT teams to routinely monitor and test your bank's risk mitigation controls; accordingly, it will beneficial if representatives from each of these business units participate in this session together. 

After attending this session, you will be (1) prepared to comply with any GDPR-like laws that your state may enact; (2) well-equipped to make tremendous improvements to your data rights management program; and, (3) an unlikely target for plaintiffs' attorneys.

Covered Topics 

• Overview of Data Protection & Privacy
  • Definitions: Consent; Cookies; Spam; etc.
  • Third-Party Data Processing
  • Domestic & International Data Transfers 
• Data Protection Laws 
  • General Data Protection Regulation 
    • Obligations of a Bank as a Data Controller
    • Customer Rights to Access Personal Data or Object to Its Collections
    • Security Requirements
  • U.S. Federal Law– 
    • FTC Act
    • Gramm-Leach-Bliley Act (plus the Safeguards Rule, Disposal Rule, and Red Flags Rule) 
    • Children's Online Privacy Protection Act (it may be applicable to your bank!)
    • Others: HIPAA, U.S. Privacy Act, & the Safe Harbor Act
    • Enforcement - Federal Trade Commission and State Attorneys General
  • Privacy Rules Promulgated by National Banking Agencies
  • U.S. State Data Protection Laws
    • State Breach Notification Laws
    • States Requiring Businesses to Make Significant Changes to Data Processing Operations
    • California Online Privacy Protection Act
  • Case Law, Pending Litigation, & Open Questions of Law
  • Key Takeaways 
• Self-Audit: Analyze Your Data Protection Program
  • Conducting a Gap Assessment – Case Studies: Written Data Protection Policies & Security Procedures
  • Consent Management Processes
  • Evaluating Risk Mitigation Controls 
• Implementing an Effective Data Rights Management Program
  • Auditing Collected Personal Data; Analyzing the Types of Data Collected; Identifying Data That's "Critical" for Your Bank
  • Develop a Personal Data Requests Process to Manage Customer Requests Related to Their Data - Includes Customer Requests to Opt Out of Collection & How to Operationalize All Requests
  • Discuss Written Data Protection Policies, 
  • Review Templates -- Online Privacy Policy & Privacy Notices
  • Security Procedures
  • Training Employees Who Handle Personal Data
  • Insurance? 
• Answer Your Questions

Who Should Attend:

To prepare your community bank for new data protection and privacy regulations, it is imperative for your compliance team to work alongside your business, marketing, and IT teams to routinely monitor and test your bank's risk mitigation controls; accordingly, it will beneficial if representatives from each of these business units participate in this session together.