![Page 1: Privacy and Data Protection III Annual Latin American Telecommunications, Technology, and Internet Public Policy Forum Geff Brown, Assistant General Counsel](https://reader033.vdocuments.site/reader033/viewer/2022051418/5697bff01a28abf838cbac9e/html5/thumbnails/1.jpg)
Privacy and Data ProtectionIII Annual Latin American Telecommunications, Technology, and Internet Public Policy ForumGeff Brown, Assistant General CounselMicrosoft CorporationMay 16, 2013
![Page 2: Privacy and Data Protection III Annual Latin American Telecommunications, Technology, and Internet Public Policy Forum Geff Brown, Assistant General Counsel](https://reader033.vdocuments.site/reader033/viewer/2022051418/5697bff01a28abf838cbac9e/html5/thumbnails/2.jpg)
Privacy and Data Protection
Regulatory Infrastructure
Transparency
Privacy by Design
No Privacy w/o Security
![Page 3: Privacy and Data Protection III Annual Latin American Telecommunications, Technology, and Internet Public Policy Forum Geff Brown, Assistant General Counsel](https://reader033.vdocuments.site/reader033/viewer/2022051418/5697bff01a28abf838cbac9e/html5/thumbnails/3.jpg)
Security
DATAAPPLICATIONNETWORK HOST
SECURITY
IDENTITYAND
ACCESS MANAGEME
NT
![Page 4: Privacy and Data Protection III Annual Latin American Telecommunications, Technology, and Internet Public Policy Forum Geff Brown, Assistant General Counsel](https://reader033.vdocuments.site/reader033/viewer/2022051418/5697bff01a28abf838cbac9e/html5/thumbnails/4.jpg)
Privacy by design
Context: Personal data should be used only in the context of the relationship with the individual.
Individual Choice and Control: Users should have choices about how their personal data is used.
Data Portability: Customers should have the right to freely access and move their personal data.
![Page 5: Privacy and Data Protection III Annual Latin American Telecommunications, Technology, and Internet Public Policy Forum Geff Brown, Assistant General Counsel](https://reader033.vdocuments.site/reader033/viewer/2022051418/5697bff01a28abf838cbac9e/html5/thumbnails/5.jpg)
Compliance management framework
Policy
Control Framework
Standards
Operating Procedures
Business rules for protecting information and systems which store and process information
A process or system to assure the implementation of policy
System or procedural specific requirements that must be met
Step-by-step procedures
5
![Page 6: Privacy and Data Protection III Annual Latin American Telecommunications, Technology, and Internet Public Policy Forum Geff Brown, Assistant General Counsel](https://reader033.vdocuments.site/reader033/viewer/2022051418/5697bff01a28abf838cbac9e/html5/thumbnails/6.jpg)
Transparency
What personal data goes where.
Who can access the personal data and why.
Privacy statements and other documentation.
![Page 7: Privacy and Data Protection III Annual Latin American Telecommunications, Technology, and Internet Public Policy Forum Geff Brown, Assistant General Counsel](https://reader033.vdocuments.site/reader033/viewer/2022051418/5697bff01a28abf838cbac9e/html5/thumbnails/7.jpg)
Regulatory Infrastructure
Defining bases for processing personal data: Consent; legitimate interests; contract.
Implementing rights: Access, correction and deletion; data breach notification; redress.Consistent and effective enforcement: Oversight and guidance; risk-based approaches; penalties.
![Page 8: Privacy and Data Protection III Annual Latin American Telecommunications, Technology, and Internet Public Policy Forum Geff Brown, Assistant General Counsel](https://reader033.vdocuments.site/reader033/viewer/2022051418/5697bff01a28abf838cbac9e/html5/thumbnails/8.jpg)