m B2C site GRC

Owned by jim mason
Dec 10, 2019
2 min read

Key Points

  1. public and private B2C sites subject to many regulations in different jurisdictions
  2. need to know applicable policies
  3. need to know how to design and manage for compliance, audits
  4. PII management policies - GDPR and related personal data privacy policies
  5. Site access policies
  6. Implied warranties and merchantibility - don't exist
  7. Identify contact points and recourse processes
  8. File, track and manage compliants
  9. User agreement to arbitration processes in specific jurisdictions
  10. Token policies by jurisdiction



References

Reference_description_with_linked_URLs_____________________________Notes_____________________________________________________________






Regulations
https://gdpr-info.eu/
https://en.wikipedia.org/wiki/General_Data_Protection_Regulation		GDPR info

file:///C:/Users/Jim%20Mason/Google%20Drive/_docs/howto/data/security/data-privacy-gdpr-articles-prepare-2018-cventgdprpresentationjanuary2018-180522202336.pdf

https://drive.google.com/open?id=1FV-TZMhJZO7f3Q_VroLT-GR0xBSlLMBL

GDPR impacts
https://www.nytimes.com/2019/09/24/technology/europe-google-right-to-be-forgotten.htmlGDPR limitations by jurisdiction - EU Justice

https://media.licdn.com/dms/document/C4E1FAQFNSGeVpeH1lQ/feedshare-document-pdf-analyzed/0?e=1565456400&v=beta&t=2WxypxrACfhQi4zIO0T1Z4p3f_1_T1yfIy4j08Kdv5g

https://drive.google.com/open?id=1QX-07IfqRFOsfbvT1wdK1hd1DaE3nt7i

Blockchain GDPR compliance study - 2019
https://www.eublockchainforum.eu/reportsEU blockchain forum reports
https://www.eublockchainforum.eu/sites/default/files/reports/20181016_report_gdpr.pdf?width=1024&height=800&iframe=trueBlockchain and GDPR concepts - EU blockchain forum
https://www.eublockchainforum.eu/sites/default/files/report_identity_v0.9.4.pdf?width=1024&height=800&iframe=trueBlockchain and Digital Identity concepts - EU blockchain forum
https://medium.com/varanida/gdpr-results-impacts-and-the-blockchain-opportunity-d9f368d347aaGDPR impact survey results - 2019

CCPA

TCPA
https://www.pwc.com/us/en/services/consulting/cybersecurity/new-york-shield-act.htmlNew York State SHIELD law expands PII in 2020


Studies

file:///C:/Users/Jim%20Mason/Google%20Drive/_docs/howto/data/security/data-privacy-management-study-2019-Integris-and-Ivy-Exec-Data-Privacy-Maturity-Study.pdf

https://drive.google.com/open?id=1q2XWPUnnA3_mU0Bca4LhniBlF_eeaHEw

Data Privacy Studies - Integris






Standards and Practices


https://cdn2.hubspot.net/hubfs/5096489/Collateral/Protegrity_Methods_of%20Data_Protection_FINAL_02.pdf

https://drive.google.com/open?id=1xGMnTfpxdRgmoTQidjeNQbfumLheqdtC

Data Privacy Protection Methods

soap contract – statement of authorized purpose ( data usage contract )

https://www.jdsupra.com/legalnews/cfpb-outlines-principles-for-consumer-98316/Principles for consumer data sharing
https://www.information-compliance.admin.cam.ac.uk/data-protection/guidance/data-sharingData sharing guidance - Cambridge Univ


Requirements








Private Data Solutions




https://drive.google.com/open?id=1qUcxM1sBxQCEOC_oK5HmQ-GL_f8FHM7ZSichern Slides
https://medium.com/wearetheledger/private-db-a-built-in-gdpr-compliant-solution-for-hyperledger-fabric-1a082da1b301Fabric Private Data Concepts - old - for v1.2
https://hyperledger-fabric.readthedocs.io/en/latest/private_data_tutorial.htmlHLF data privacy docs













Key Concepts


Data Protection Methods Overview

https://cdn2.hubspot.net/hubfs/5096489/Collateral/Protegrity_Methods_of%20Data_Protection_FINAL_02.pdf



Data Privacy Studies



GDPR regulations - data privacy limitations

https://www.nytimes.com/2019/09/24/technology/europe-google-right-to-be-forgotten.html






Data Sharing agreement concepts

https://www.jdsupra.com/legalnews/cfpb-outlines-principles-for-consumer-98316/

The Consumer Financial Protection Bureau (CFPB or Bureau) recently released a set of consumer protection principles for protecting consumers when they authorize third party companies to access their financial data to provide certain financial products and services

The principles, which are intended to be read together, relate to:

  • data access;
  • data scope and usability;
  • control of the data and informed consent;
  • payment authorizations;
  • data security;
  • transparency on data access rights;
  • data accuracy;
  • accountability for access and use; and
  • disputes and resolutions for unauthorized access.



Potential Value Opportunities



Potential Challenges



Candidate Solutions



Step-by-step guide for Example



sample code block

sample code block



Recommended Next Steps