Global Cyber Risk An international insurance perspective
|
|
- Kathlyn Nichols
- 8 years ago
- Views:
Transcription
1 Global Cyber Risk An international insurance perspective 19 November 2014
2 Our International Cyber Risk Panel Hans Allnutt London, UK Jose Luis Arce Fernández Mexico City Noreen Howard Dublin, Ireland Rhiannon Davies Associate London Camilla De La Torre, Bogota, Colombia Guillermo Amunátegui Santiago, Chile Marcia Barbosa de Oliveira JBO Advocacia São Paulo, Brazil Mark Anderson Auckland, NZ Ben Nicholson Singapore
3 UK Insurable Cyber Risks Data Protection/Privacy Business Interruption Property Damage Hans Allnutt London, UK Data Security/Privacy Laws Data Protection Act 1998, forthcoming draft EU DP Regulation No legal obligation to notify data breaches (for most companies) but voluntary notifications increasing and highlighting first party legal and forensic costs of regulatory compliance. Fines up to 500k under DPA 1998, unlimited FCA fines Common law recognition of compensation for breaches of DPA (e.g 2,500 compensation awards).
4 UK Claims Examples Data Breaches (Betfair, Racing Post, Morrisons) Hans Allnutt London, UK IT Outages (RBS/Natwest 2013, CHAPS Payment System 2014) Insurance Market Many Insurers entering the market. Data Breach insurance gaining traction, business interruption easily understood, but questions remain over existing coverages. Underwriting challenges (claims made vs occurrence, aggregation for reinsurers)
5 Ireland What is Cyber? Technological risks Data breaches Both? Noreen Howard Dublin, Ireland Data Protection Acts European home of household names Google, Facebook, LinkedIn and most recently Amazon International implications of Irish DPC s actions
6 Ireland Enforcement DPA Noreen Howard Dublin, Ireland The Commissioner s role is to ensure that those who keep personal data comply with the provisions of the Acts. Registration Commissioner s powers include:- Service of legal notices to compel assistance Compelling a data controller to implement one or more provisions of the Acts Investigating complaints or carrying out investigations proactively
7 Ireland Enforcement (continued): DPA Noreen Howard Dublin, Ireland Authorise officers to enter premises: to inspect the type of personal information kept, how it is processed & the security measures in place. Full cooperation must be given to such officers. A data controller found guilty of an offence under the Acts:- Fines of up to 3,000 on summary conviction and 100,000 on conviction on indictment; May be ordered to delete all or part of the database; Data controllers name published in the annual report.
8 Ireland Breach notification DPC (Regulator) Noreen Howard Dublin, Ireland Personal Data Security Breach Code of Practice: Immediately consider informing those affected Notify organisations that may be able to assist, e.g. Garda Data processors to report incidents to controllers as soon as possible DPC must be notified as soon as Data Controller is aware unless: incident reported without delay to the affected data subject(s); and, breach affects <100 data subjects and no sensitive/financial data. Initial contact to DPC made within 2 working days of becoming aware of the incident, which can be via , fax or telephone DPC will then decide if a detailed report and/or subsequent investigation is necessary.
9 Ireland Breach notification DPC (Regulator) Noreen Howard Dublin, Ireland DPC specifies timeframe in which to provide a detailed report on: amount and nature of the personal data that has been compromised; action being taken to secure and / or recover the compromised personal data; action being taken to inform those affected by the incident or reasons for the decision not to do so; action being taken to limit damage or distress to those affected; chronology of events leading up to the incident; and measures being taken to prevent future incidents.
10 Ireland Breach notification Data Subject Noreen Howard Dublin, Ireland Personal Data Security Breach Code of Practice Data subject centric Data at risk of unauthorised disclosure, loss, destruction or alteration Exemption where data unintelligble Treated as mandatory but does not have force of law Other approved Codes include: Garda Siochana (police); Injuries Board; Department of Education; Revenue Commissioners
11 Ireland Summary Noreen Howard Dublin, Ireland Breaches Irish Cyber Insurance Market Challenges Next steps
12 European Comparison UK Law EU Directive 95/46/EC - Data Protection Act 1998 Enforcement through Information Commissioner s Office ( ICO ) Rhiannon Davies Associate London Breach notification laws: Voluntary ICO guidance states if a large number of people are affected and/or particularly sensitive personal data the ICO and in certain cases data subjects should be informed; Compulsory for internet service providers Enforcement Level: Medium Power to fine up to 500,000 Highest Fine: 325,000
13 European Comparison France Law Rhiannon Davies Associate London EU Directive - Law No which amended former law of 1978 Enforcement - Commission Nationale Informatique et Libertes ( CNIL ) Breach notification laws: Voluntary No obligation to notify data subject or CNIL, but CNIL has power to investigate infringements and impose fines Compulsory for internet service providers Enforcement Level: High Fines: <EUR150,000 first violation. <EUR300,000 if second violation within 5 years. Legal entities, 5% of turnover if <EUR300,000), criminal fine <EUR300,000 (EUR1.5 million for a corporate entity), 5 years' imprisonment. Highest Fine: Google 150,000
14 European Comparison Germany Law: Rhiannon Davies Associate London Federal/State Data Protection Law Federal Data Protection Act ( BDSG : Bundesdatenschutzgesetz) which implements the EU Directive 95/46/EC Enforcement through protection authorities of the states Breach notification laws: Yes E.g if sensitive personal data or telecoms data, then notify regulator and data subjects Enforcement Level: High Power to fine: Up to EUR300,000 each offence for administrative offences. Criminal sanctions (maximum of to two years imprisonment or a fine). Highest Fine : Deutsche Bahn AG EUR 1,123,503.50
15 European Comparison Spain Law: Rhiannon Davies Associate London EU Directive 95/46/EC - Special Data Protection Act 1999 ( LOPD ), only a renewed version of former Data Protection Act, not a major change. Enforcement through Data Protection Commissioner s Office ( AEPD ) Breach notification laws: Partial Different from other countries, Spanish law sets out mandatory procedure for management of breaches but does not require notification of regulator or individuals. Enforcement Level: High Power to fine: <EUR 600,000 per adminstrative offence Highest Fine: Google EUR 900,000
16 Brazil Law of 23/04/2014 Internet Law Marcia Barbosa de Oliveira JBO Advocacia São Paulo, Brazil Principles: Protection of privacy and personal data Liability of agents for material and moral damages caused by data breaches Data cannot be given to third parties without express consent of the owner Consumer rules also apply
17 Brazil Law of 23/04/2014 Internet Law Marcia Barbosa de Oliveira JBO Advocacia São Paulo, Brazil Penalties: Formal warning to adopt corrective measures Fine of up to 10% of the revenue in the last business year Temporary suspension of activities Prohibition of activities Branches of foreign companies jointly responsible
18 Brazil Cyber Incidents in Brazil in large corporations: Marcia Barbosa de Oliveira JBO Advocacia São Paulo, Brazil 2012: 1957 (World average: 2.989) 2013: 4665 (World average: 3.741) Expenses with cyber incidents: increase of 18% Main causes for incidents: Hackers (41%) Employees Ex-employees Source: PwC
19 Brazil Insurance Marcia Barbosa de Oliveira JBO Advocacia São Paulo, Brazil Third party claims: data breach and defence costs Extensions: breach of intellectual property; moral damages; administrative claims First Party loss: notification cost and data breach monitoring; emergency costs; extortion; business interruption, crisis management.
20 Chile Criminal Data Protection Law, 1993 Guillermo Amunátegui Santiago, Chile Applies to natural persons and legal entities It is a criminal act to: Destroy data management systems (software or hardware); Obtain, use or handle data unduly or without authorization; Destroy, modify or damage data; Disclose or spread information.
21 Chile Civil Data Protection Law, 1999 Guillermo Amunátegui Santiago, Chile Applies to natural persons only Defines sensitive data such as: Physical or moral features; and Facts of private life (personal habits; racial origin; ideologies; religious and political thoughts; sexual life) It establishes pain and suffering damages and material damages (no fines). Courts will determine those penalties depending on the facts involved.
22 Chile Other privacy legislation Guillermo Amunátegui Santiago, Chile Employment Law Employers must keep all employees information confidential (for privacy and reputational reasons) Consumer Protection Law Security and surveillance systems must respect the dignity and consumers rights. Rules governing advertising and publicity send via s (e.g provide sender s name and an address to unsubscribe from marketing)
23 Chile Cyber Insurance Policies in Chile Guillermo Amunátegui Santiago, Chile There is only one valid insurance policy registered before the Chilean Insurance Authority that is currently available. The coverage given by this insurance policy includes an indemnity for third party claims due to a breach of personal data, corporate data, or data security. The policy tries to indemnify the costs associated with the protection of personal or corporate reputation. The policy will also cover the costs associated to investigate the cyber criminal s tracks.
24 Chile State of Cyber Insurance Market Guillermo Amunátegui Santiago, Chile Even though Chile is one of the most advanced LatAm countries in terms of technology, there is limited awareness of what might be covered by a cyber insurance policy. Currently, Chilean companies prefer to improve their technology systems instead of purchasing a cyber insurance policy. Chilean companies are afraid to admit cyber attacks because they want to protect their corporate reputation. Therefore, within Chilean market there are few examples of cyber claims/attacks and therefore limited understanding the risks and how insurers are covering those risks.
25 Colombia Data Protection Regime Camilla De La Torre, Bogota, Colombia The current regime can be divided into three categories: Criminal laws protecting traditional rights when those wrongdoing is committed using technological means. Civil laws specially designed to protect data privacy when the data is held in databases. General liability regime applicable to all activities affecting data privacy (compensation of damages of any nature) In relation to data held in databases, the law requires the managers of such databases to notify the regulator when a violation or security infringement occurs
26 Colombia Data Protection Regime (contd.) Camilla De La Torre, Bogota, Colombia Fines may be up to USD$616,000 when entities collect and misuse data in their database (e.g. using it for different purposes beyond the users authorization). Damages caused by breach of data security would be subject to compensation in accordance with the general civil liability regulation where material and non-material damages ought to be indemnified.
27 Colombia State of Cyber Insurance Market Camilla De La Torre, Bogota, Colombia Cyber risk insurance is only at an initial stage of development in Colombia. Only one insurance company is offering cyber-risk insurance policies in Colombia but in 2015 two additional companies are intending to offer this. Main coverages offered by cyber policies: Liabilities for data Protection/Privacy Data recovery Restoration of public reputation Costs of notification of data breaches
28 Mexico State of Cyber Insurance Market Jose Luis Arce Fernández Mexico City Cyber Risk Insurance is really new Mexico. A few insurers offering policies, as a specific policy or as an endorsement. There are few (if any) claims under cyber risk insurance policies although it is becoming more common to see reports of fines against companies for breaching Mexican privacy laws - this may increase interest in cyber insurance policies
29 Mexico Mexican Data Protection Laws Jose Luis Arce Fernández Mexico City Based on global privacy and data protection frameworks, similar to other countries. However, idiosyncrasies in the Mexican Law must be considered. Notification Law requires data subjects to be notified of breaches if the breach significantly affects their economic or moral rights. No legal requirement to notify other entities of government agencies. Fines Up to $1.2m (double if sensitive data involved) for breaches of DP law Citibank, Pfizer, Office Depot have been fined since 2012
30 Mexico Mexican Data Protection Laws Jose Luis Arce Fernández Mexico City Liability Compensation may be payable to individuals for harm or damage to individuals property or rights due to a breach of the law by the data controller of its sub-contractors Non-domiciled companies Companies do not have to be domiciled to process Mexican personal data but they must comply with Mexican laws and can be fined. Data breaches There are no public sector data breaches in Mexico, only private sector breaches which have been heavily publicised in the media.
31 Mexico Points to note for Cyber Risk Insurers Jose Luis Arce Fernández Mexico City In principle, the offering and sale of insurance by foreign insurance companies in Mexico is prohibited. Insurance/reinsurance is written via a fronting arrangement. Increasing opportunities to write cyber insurance/reinsurance in Mexico in the near future, once more privacy breaches are known publicly. Only a few insurance companies are selling this kind of insurance in Mexico: either as an specific policy or as endorsement to Civil Liability Policies. Insured companies do not understand the risks they face and sometimes they think that they are covered by existing policies.
32 Singapore/Asia Ben Nicholson Singapore ASEAN introduction of new data protection / privacy rules in Malaysia, Singapore and Philippines. New rules not harmonised Cyber Policies not selling. Why? Recent Cybercrime / Cyber Risk Incidents Theft of personal details of 650 private clients from StanChart Singapore / Fuji Xerox (Dec 2013) Theft of personal details and credit card numbers of 20 million Koreans by a worker at the Korean Credit Bureau (Jan 2014)
33 Singapore/Asia Notable Enforcement / Civil Actions Ben Nicholson Singapore Korea SK Communications ordered to pay US$185 each to 2,737 class action claimants for losing IDs in hack of Facebookstyle service. Class action also filed in January 2014 in the KCB case. Singapore PDPC has handed out combined fines of GBP 52,000 for two incidents (22 data subjects) of breach of DNC Registry provisions. PDPC creates avenue for data subjects to sue data controllers in case of data breach.
34 New Zealand & Australia Insurable Cyber Risks Data Protection/Privacy Business Interruption Media Liabilities Fines and penalties Mark Anderson Auckland, New Zealand Data Security/Privacy Laws New Zealand - Privacy Act 1993 Australia Privacy Amendment (Enhancing Privacy Protection) Act 2012 No obligation to notify data breaches but Australia Privacy Amendment (privacy Alerts) Bills New Zealand Privacy Amendment Bill 2015 New Zealand fines up to NZD$25,000 Australia fines update AUD$1,100,000
35 New Zealand & Australia Claims Examples Data Breaches Governmental and Small Business Mark Anderson Auckland, New Zealand Cyber Extortion: Australian police investigate extortion of consumers caught with their pants down IT Outages: NZ Met Service Environmental hacktivism: Solid Energy Insurance Market New Zealand: 5-6 insurers in the market. Estimated NZD$2m GWP 2014 Australia: Similar providers. Slower initial uptake estimated AUD$7m GWP 2014 Australasia growing market for cyber and data protection insurance
36 Questions
Data and Cyber Laws Up-date 9 July 2015
Data and Cyber Laws Up-date 9 July 2015 Janine Regan Alexia Zuber Viktoria Protokova Simon Holdsworth charlesrussellspeechlys.com Topics Updates on the key aspects of, and commentary on, the proposed GDPR
More informationCyber and data Policy wording
Please read the schedule to see whether Breach costs, Cyber business interruption, Hacker damage, Cyber extortion, Privacy protection or Media liability are covered by this section. The General terms and
More informationCyber and Data Security. Proposal form
Cyber and Data Security Proposal form This proposal form must be completed and signed by a principal, director or a partner of the proposed insured. Cover and Quotation requirements Please indicate which
More informationThe potential legal consequences of a personal data breach
The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.
More informationInhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten. MHC.ie
Inhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten MHC.ie Rewriting the Past Oisin Tobin otobin@mhc.ie Agenda 1. Background 2. Findings and impact: a) Jurisdiction b) A
More informationMitigating and managing cyber risk: ten issues to consider
Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed
More informationCyber Security : preventing and mitigating incidents. Alexander Brown Robert Allen
Cyber Security : preventing and mitigating incidents Alexander Brown Robert Allen 07 & 08 October 2015 Cyber Security context of the threat The magnitude and tempo of [cyber security attacks], basic or
More informationHacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows
Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows 24 February 2015 Callum Sinclair Faith Jayne Agenda Top 10 legal need-to-knows, including: What is cyber
More informationNavigating the Privacy Law Landscape - US and Europe
21 January, 2015 Navigating the Privacy Law Landscape - US and Europe Roberta Anderson, Partner, K&L Gates, Pittsburgh Friederike Gräfin von Brühl, Senior Associate, K&L Gates, Berlin Etienne Drouard,
More informationOUTSOURCING, HOSTING AND DATA PRIVACY ISSUES
OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES 4 April 2013 James Castro-Edwards Solicitor Monica Salgado Advogada / Portuguese Lawyer OUR TEAM Speechly Bircham is an ambitious, full-service law firm with
More informationData Protection Avoiding Information Commissioner Fines. Caroline Egan 5 June 2014
Data Protection Avoiding Information Commissioner Fines Caroline Egan 5 June 2014 Why is data protection a hot topic in pensions? Pension schemes hold large amounts of personal data Individuals more aware
More informationCOMPUTER MISUSE AND CYBERSECURITY ACT (CHAPTER 50A)
COMPUTER MISUSE AND CYBERSECURITY ACT (CHAPTER 50A) (Original Enactment: Act 19 of 1993) REVISED EDITION 2007 (31st July 2007) An Act to make provision for securing computer material against unauthorised
More informationSecurity & Privacy Current cover and Risk Management Services
Security & Privacy Current cover and Risk Management Services Introduction Technological advancement has enabled greater working flexibility and increased methods of communications. However, new technology
More informationData protection issues on an EU outsourcing
Data protection issues on an EU outsourcing Saam Golshani, Alastair Gorrie and Diego Rigatti, Orrick Herrington & Sutcliffe www.practicallaw.com/8-380-8496 Outsourcing can mean subcontracting a process
More informationtechnical factsheet 176
technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection
More informationFRANCE. Chapter XX OVERVIEW
Chapter XX FRANCE Merav Griguer 1 I OVERVIEW France has an omnibus privacy, data protection and cybersecurity framework law. As a member of the European Union, France has implemented the EU Data Protection
More informationData breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd
Data breach, cyber and privacy risks Brian Wright Lloyd Wright Consultants Ltd Contents Data definitions and facts Understanding how a breach occurs How insurance can help to manage potential exposures
More informationPolicy and Procedure for approving, monitoring and reviewing personal data processing agreements
Policy and Procedure for approving, monitoring and reviewing personal data processing agreements 1 Personal data processing by external suppliers, contractors, agents and partners Policy and Procedure
More informationData Protection Breach Management Policy
Data Protection Breach Management Policy Please check the HSE intranet for the most up to date version of this policy http://hsenet.hse.ie/hse_central/commercial_and_support_services/ict/policies_and_procedures/policies/
More informationData Protection Policy
Data Protection Policy September 2015 Contents 1. Scope 2. Purpose 3. Data protection roles 4. Staff training and guidance 5. About the Data Protection Act 1998 6. Policy 7. The Information Commissioner's
More informationFirm Registration Form
Firm Registration Form Firm Registration Form This registration form should be completed by firms who are authorised and regulated by the Financial Conduct Authority. All sections of this form are mandatory.
More informationData Protection in Ireland
Data Protection in Ireland 0 Contents Data Protection in Ireland Introduction Page 2 Appointment of a Data Processor Page 2 Security Measures (onus on a data controller) Page 3 8 Principles Page 3 Fair
More informationCYBER RISK SECURITY, NETWORK & PRIVACY
CYBER RISK SECURITY, NETWORK & PRIVACY CYBER SECURITY, NETWORK & PRIVACY In the ever-evolving technological landscape in which we live, our lives are dominated by technology. The development and widespread
More informationDATA PROTECTION LAWS OF THE WORLD. India
DATA PROTECTION LAWS OF THE WORLD India Date of Download: 6 February 2016 INDIA Last modified 27 January 2016 LAW IN INDIA There is no specific legislation on privacy and data protection in India. However,
More informationComprehensive Liability
Comprehensive Liability Insurance Policies This Liability Cover package applies to Cycling New Zealand, Mountain Bike New Zealand, BMX New Zealand, New Zealand Schools Cycling Association and all other
More informationJANUARY 2014 PROTECTING YOUR FUTURE BROKERS AND ADVISORS / SPECIALISTS IN RISK MANAGEMENT / INCORPORATING APEX FUNDING LIMITED
Comprehensive Liability Insurance Policies This Liability Cover package applies to BikeNZ, Cycling New Zealand, Mountain Bike New Zealand, BMX New Zealand, New Zealand Schools Cycling Association and all
More informationData, Privacy, Cookies and the FTC in 2013. Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller
Data, Privacy, Cookies and the FTC in 2013 Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller BIOS Kevin Stark: Product Manager at ExactTarget. Focused on data security,
More informationDealing with data breaches in Europe and beyond
Dealing with data breaches in Europe and beyond Karin Retzer and Joanna Łopatowska Morrison & Foerster LLP www.practicallaw.com/6-505-9638 The use of increasingly advanced technology means that the ways
More informationROEHAMPTON UNIVERSITY DATA PROTECTION POLICY
ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:
More informationCyber Risk: Global Warning? by Cinzia Altomare, Gen Re
Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Global Warning It is a matter of time before there is a major cyber attackon the global financial system and the public needs to invest heavily in
More informationSouth East Asia: Data Protection Update
Data Privacy and Security Team To: Our Clients and Friends September 2013 South East Asia: Data Protection Update Europe has had data protection laws in place for over a decade. Such laws regulate how
More informationCyber/ Network Security. FINEX Global
Cyber/ Network Security FINEX Global ABOUT US >> We are one of the largest insurance brokers in the world >> We have over 180 years of history and experience in insurance; we currently operate in over
More informationCYBER SECURITY - CYBER RISK MANAGEMENT AND MITIGATION. Scott Thiel, Partner June 2015
CYBER SECURITY - CYBER RISK MANAGEMENT AND MITIGATIN Scott Thiel, Partner June 2015 Agenda 1. Current threat environment 2. Regulatory frameworks of countries in the Asia Pacific region 3. Key challenges
More informationAPIP - Cyber Liability Insurance Coverages, Limits, and FAQ
APIP - Cyber Liability Insurance Coverages, Limits, and FAQ The state of Washington purchases property insurance from Alliant Insurance Services through the Alliant Property Insurance Program (APIP). APIP
More informationManaging Cyber Risk through Insurance
Managing Cyber Risk through Insurance Eric Lowenstein Aon Risk Solutions This presentation has been prepared for the Actuaries Institute 2015 ASTIN and AFIR/ERM Colloquium. The Institute Council wishes
More informationCONSULTATION PAPER NO 2. 2004
CONSULTATION PAPER NO 2. 2004 REGULATION OF GENERAL INSURANCE MEDIATION BUSINESS This consultation paper explains the need for the Island to regulate general insurance mediation business and examines the
More informationCyber Risks Management. Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor
Cyber Risks Management Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor 1 Contents Corporate Assets Data Breach Costs Time from Earliest Evidence of Compromise to Discovery of Compromise The Data Protection
More informationData Breach Notification Duty. Dr. Elisabeth Thole 31 October 2015 UIA Valencia
Data Breach Notification Duty Dr. Elisabeth Thole 31 October 2015 UIA Valencia Van Doorne 2 How is your cyber crime awareness? Either you have been data breached or you just do not know that you have been
More informationCyber Risks in Italian market
Cyber Risks in Italian market Milano, 01.10.2014 Forum Ri&Assicurativo Gianmarco Capannini Agenda 1 Cyber Risk - USA 2 Cyber Risk Europe experience trends Market size and trends Market size and trends
More informationTHE ANATOMY OF A CYBER POLICY. Jamie Monck-Mason & Andrew Hill
THE ANATOMY OF A CYBER POLICY Jamie Monck-Mason & Andrew Hill What s in a name? Lack of uniformity in policies: Cyber Cyber liability Data protection Tech PI The scope of cyber insurance First party coverage
More informationEU Data Protection and Information Security for Banking & Financial Service sectors 4 th December 2014
EU Data Protection and Information Security for Banking & Financial Service sectors 4 th December 2014 Janine Regan, Associate George Willis, Associate charlesrussellspeechlys.com Janine Regan Associate
More informationMerthyr Tydfil County Borough Council. Data Protection Policy
Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the
More informationDATA PROTECTION LAWS OF THE WORLD. Panama
DATA PROTECTION LAWS OF THE WORLD Panama Date of Download: 19 November 2015 PANAMA Last modified 26 January 2015 LAW IN PANAMA In recent years, Panama has taken significant legislative steps to regulate
More informationData Protection and Information Security. Procedure for reporting a breach of data security. April 2013
Data Protection and Information Security Procedure for reporting a breach of data security April 2013 Page 1 of 6 Created on: 01/04/2009 Contents 1 Introduction... 3 2 Data Classification... 3 3 What Is
More informationGetting Serious about Privacy and Cyber Security in Asia Pacific
SESSION ID: CDS-F04 Getting Serious about Privacy and Cyber Security in Asia Pacific Scott Thiel Partner DLA Piper @DLA_Piper Peter Jones Partner DLA Piper @DLA_Piper Agenda Current threat environment
More informationCybercrime: risks, penalties and prevention
Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,
More informationInformation Security Risks when going cloud. How to deal with data security: an EU perspective.
Separating fact from fiction about new software licensing /SaaS/ cloud computing models: advantages, disadvantages and ethical implications. Information Security Risks when going cloud. How to deal with
More informationData breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC
Data breach! cyber and privacy risks Brian Wright Michael Guidry Lloyd Guidry LLC Collaborative approach Objective: To develop your understanding of a data breach, and risk transfer options to help you
More informationDemystifying Cyber Insurance. Jamie Monck-Mason & Andrew Hill. Introduction. What is cyber? Nomenclature
Demystifying Cyber Insurance Jamie Monck-Mason & Andrew Hill Introduction What is cyber? Nomenclature 1 What specific risks does cyber insurance cover? First party risks - losses arising from a data breach
More informationPrivacy and Electronic Communications Regulations
ICO lo Notification of PECR security breaches Privacy and Electronic Communications Regulations Contents Introduction... 2 Overview... 2 Relevant security breaches... 3 What is a service provider?... 3
More informationCoverage is subject to a Deductible
Frank Cowan Company Limited 75 Main Street North, Princeton, ON N0J 1V0 Phone: 519-458-4331 Fax: 519-458-4366 Toll Free: 1-800-265-4000 www.frankcowan.com CYBER RISK INSURANCE DETAILED APPLICATION Notes:
More informationQBE Trade Credit Trade Credit Insurance proposal form
QBE Trade Credit Trade Credit Insurance proposal form QBE European Operations Please read the following information carefully This document sets out the important information that you, or your insurance
More informationData protection policy
Data protection policy Introduction 1 This document is the data protection policy for the Nursing and Midwifery Council (NMC). 2 The Data Protection Act 1998 (DPA) governs the processing of personal data
More informationCyber Liability Insurance Data Security, Privacy and Multimedia Protection
Page 1 of 5 Cyber Liability Insurance Data Security, Privacy and Multimedia Protection What is a Cyber Risk? Technology is advancing at such an alarming rate and business is more and more reliant on IT
More informationsp rts Sports Coaching & Clinics Insurance Application Form Underwriting Australia Sports Leisure Licensed Clubs
sp rts Underwriting Australia Insurance Application Form Sports Leisure Licensed Clubs Please use this application for occupations relating to the including: Sports Clinics Sports Coaches School Sports
More informationData Breach Management Policy and Procedures for Education and Training Boards
Data Breach Management Policy and Procedures for Education and Training Boards POLICY on DATA BREACHES in SCHOOLS/COLLEGES and OTHER EDUCATION and ADMINISTRATIVE CENTRES UNDER the REMIT of TIPPERARY EDUCATION
More informationCyber Threats and the Insurance Response
Cyber Threats and the Insurance Response Scott Reeves & Laurence Yan Munich Reinsurance Company This presentation has been prepared for the Actuaries Institute 2014 General Insurance Seminar. The Institute
More informationCyberEdge. Desired Coverages. Application Form. Covers Required. Financial Information. Company or Trading Name: Address: Post Code: Telephone:
Company or Trading Name: Address: Post Code: Telephone: E-mail: Website: Date Business Established Number of Employees Do you have a Chief Privacy Officer (or Chief Information Officer) who is assigned
More informationCERTIFICATE IN DATA PROTECTION DATA SECURITY & DATA PROTECTION. Presented by Sophie More O Ferrall 9 February 2015
CERTIFICATE IN DATA PROTECTION DATA SECURITY & DATA PROTECTION Presented by Sophie More O Ferrall 9 February 2015 DATA SECURITY LEGAL REQUIREMENTS SECTOR SPECIFIC ISSUES INTERNATIONAL TRANSFERS DATA SECURITY
More informationerisks Policyholder s Guide to Privacy & Security Breach Response Planning
erisks Policyholder s Guide to Privacy & Security Breach Response Planning Professional Indemnity Financial Institutions Directors & Officers Management Liability Medical Malpractice Media Liability Level
More informationEmbracing Cyber Risk: Insurance Solutions
Embracing Cyber Risk: Insurance Solutions ANZIIF Risk Rendezvous 15 Ian Pollard, Managing Director, Delta Insurance New Zealand Limited Agenda Risk Management Risk Transfer and Insurance Cyber attacks
More informationCyber Liability Insurance Data Security, Privacy and Multimedia Protection
Page 1 of 5 Cyber Liability Insurance Data Security, Privacy and Multimedia Protection What is a Cyber Risk? Technology is advancing at such an alarming rate and business is more and more reliant on IT
More informationHow To Insure A Project In The Uk
Schedule 15A: Insurance Part 1 Required Insurances Sub-part 1 Design and Construction Phase The policies to be taken out by the Contractor, or caused to be taken out by the Major Sub-contractor, and maintained
More information235.1. Federal Act on Data Protection (FADP) Aim, Scope and Definitions
English is not an official language of the Swiss Confederation. This translation is provided for information purposes only and has no legal force. Federal Act on Data Protection (FADP) 235.1 of 19 June
More informationData Security and Extranet
Data Security and Extranet Derek Crabtree Schools ICT Support Manager derek.crabtree@merton.gov.uk Target Operating Model 2011 Merton Audit Organisation name: London Borough of Merton Periodic plan date:
More informationOBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;
OBJECTS AND REASONS This Bill would provide for (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; (b) the protection of the privacy of individuals in relation
More informationEnforced subject access (section 56)
ICO lo Enforced subject access (section 56) Data Protection Act Contents Introduction... 2 Overview.3 The criminal offence.... 3 Exceptions and penalties.... 7 Relevant records....... 8 Other considerations
More informationStatutory Liability Insurance
Statutory Liability Insurance December 2015 Statutory Liability Insurance is designed to provide cover to the company and its directors, officers and employees for defence costs and fines/penalties in
More informationPrivacy, the Cloud and Data Breaches
Privacy, the Cloud and Data Breaches Annelies Moens Head of Sales and Operations, Information Integrity Solutions Legalwise Seminars Sydney, 20 March 2013 About IIS Building trust and privacy through global
More informationQUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt
QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.
More informationSCOTLAND S COMMISSIONER FOR CHILDREN AND YOUNG PEOPLE STANDARD CONDITIONS OF CONTRACT FOR SERVICES
SCOTLAND S COMMISSIONER FOR CHILDREN AND YOUNG PEOPLE STANDARD CONDITIONS OF CONTRACT FOR SERVICES 1 1 Definitions In these conditions:- We means Scotland s Commissioner for Children and Young People,
More informationData Management Session: Privacy, the Cloud and Data Breaches
Data Management Session: Privacy, the Cloud and Data Breaches Annelies Moens Head of Sales and Operations, IIS President, iappanz IACCM APAC Australia Sydney, 1 August 2012 Overview Changing privacy regulation
More informationASPEN AUSTRALIA BRANCH PRIVACY POLICY
ASPEN AUSTRALIA BRANCH PRIVACY POLICY INTRODUCTION This policy applies to the operations of Aspen s Australia branch. Aspen is committed to complying with the principles of the Privacy Act 1988 and accordingly
More informationSecurity breach! A closer look from a data protection law perspective November 2014 Gabriel Voisin (Associate)
Security breach! A closer look from a data protection law perspective November 2014 Gabriel Voisin (Associate) Why is this a challenge? When personal data is compromised, mandatory or recommended notification
More informationAcceptable Use Policy
Acceptable Use Policy TERMS & CONDITIONS www.tagadab.com INTRODUCTION Tagadab has created this (AUP) for our customers to protect our resources, our customer s resources, and to ensure that Tagadab Ltd
More informationService Schedule for BT Business Lite Web Hosting and Business Email Lite powered by Microsoft Office 365
1. SERVICE DESCRIPTION 1.1 The Service enables the Customer to: set up a web site(s); create a sub-domain name associated with the web site; create email addresses. 1.2 The email element of the Service
More informationPRIVACY POLICY Personal information and sensitive information Information we request from you
PRIVACY POLICY Business Chicks Pty Ltd A.C.N. 121 566 934 (we, us, our, or Business Chicks) recognises and values the protection of your privacy. We also understand that you want clarity about how we manage
More informationOur standard terms and conditions for Your Advanced Personal Loan.
Our standard terms and conditions for Your Advanced Personal Loan. For loans approved on or after 6 June 2015 6 June 2015 Important Information The information set out below forms part of your disclosure
More informationFinancial Services (Banking Reform) Act 2013
Financial Services (Banking Reform) Act 2013 CHAPTER 33 26.75 Financial Services (Banking Reform) Act 2013 CHAPTER 33 CONTENTS PART 1 RING-FENCING Ring-fencing 1 Objectives of Prudential Regulation Authority
More informationMulti-Jurisdictional Study: Cloud Computing Legal Requirements. Julien Debussche Associate January 2015
Multi-Jurisdictional Study: Cloud Computing Legal Requirements Julien Debussche Associate January 2015 Content 1. General Legal Framework 2. Data Protection Legal Framework 3. Security Requirements 4.
More informationOverview of the Impact of the Privacy Reforms on Credit Reporting
Overview of the Impact of the Privacy Reforms on Credit Reporting June 2012 Andrew Galvin, Partner 1 OVERVIEW 1.1 Credit Reporting Reform - Background When initially passed, the Privacy Act 1988 essentially
More information2015 No. 1945 FINANCIAL SERVICES AND MARKETS. The Small and Medium Sized Business (Credit Information) Regulations 2015
S T A T U T O R Y I N S T R U M E N T S 2015 No. 1945 FINANCIAL SERVICES AND MARKETS The Small and Medium Sized Business (Credit Information) Regulations 2015 Made - - - - 26th November 2015 Coming into
More informationThe era of hacks and cyber regulation
6 February 2014 The era of hacks and cyber regulation We trust that you are well versed with the details of the various cyber-attacks that made the headlines towards the end of 2014, and early this year,
More information005ASubmission to the Serious Data Breach Notification Consultation
005ASubmission to the Serious Data Breach Notification Consultation (Consultation closes 4 March 2016 please send electronic submissions to privacy.consultation@ag.gov.au) Your details Name/organisation
More informationOn the edge Lexis PSL Restructuring & Insolvency
On the edge Lexis PSL Restructuring & Insolvency Data protection law for insolvency practitioners November 2014 Welcome to your third edition of On the edge, a series of guides highlighting a selection
More informationSINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry
SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry DATA BREACH A FICTIONAL CASE STUDY THE FIRST SIGNS OF TROUBLE Friday, 5.20 pm :
More informationClause 1. Definitions and Interpretation
[Standard data protection [agreement/clauses] for the transfer of Personal Data from the University of Edinburgh (as Data Controller) to a Data Processor within the European Economic Area ] In this Agreement:-
More informationCyber and Privacy Risk What Are the Trends? Is Insurance the Answer?
Minnesota Society for Healthcare Risk Management September 22, 2011 Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer? Melissa Krasnow, Partner, Dorsey & Whitney, and Certified Information
More informationPUBLIC & PRODUCTS LIABILITY RENEWAL DECLARATION
PUBLIC & PRODUCTS LIABILITY RENEWAL DECLARATION IMPORTANT INFORMATION: PLEASE READ THE FOLLOWING INFORMATION BEFORE COMPLETING THIS RENEWAL DECLARATION A. Obtaining a Quotation To minimise delays in obtaining
More informationCyber Insurance Presentation
Cyber Insurance Presentation Presentation Outline Introduction General overview of Insurance About us Cyber loss statistics Cyber Insurance product coverage Loss examples Q & A About Us A- Rated reinsurance
More informationService Schedule for Business Email Lite powered by Microsoft Office 365
Service Schedule for Business Email Lite powered by Microsoft Office 365 1. SERVICE DESCRIPTION Service Overview 1.1 The Service is a hosted messaging service that delivers the capabilities of Microsoft
More informationNumber 45 of 2013. Credit Reporting Act 2013
Number 45 of 2013 Credit Reporting Act 2013 Number 45 of 2013 CREDIT REPORTING ACT 2013 CONTENTS PART 1 PRELIMINARY AND GENERAL Section 1. Short title and commencement 2. Interpretation 3. Regulations
More informationOur specialist insurance services for Professionals risks
Our specialist insurance services for Professionals risks Price Forbes & Partners is an independent Lloyd s broker based in the heart of London s insurance sector. We trade with all of the major international
More informationData Protection and Community Councils Briefing Note
Data Protection and Community Councils Briefing Note This briefing note has been prepared in response to specific queries raised by Community Councils in Marr in relation to their Data Protection requirements.
More informationAct on the Contractor s Obligations and Liability when Work is Contracted Out (1233/2006) (as amended by several Acts, including 678/2015)
Unofficial Translation Ministry of Employment and the Economy, Finland September 2015 Section 1. Objectives of the Act Act on the Contractor s Obligations and Liability when Work is Contracted Out (1233/2006)
More informationCorporate ICT & Data Management. Data Protection Policy
90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control
More informationCaedmon College Whitby
Caedmon College Whitby Data Protection and Information Security Policy College Governance Status This policy was re-issued in June 2014 and was adopted by the Governing Body on 26 June 2014. It will be
More information2015 No. 0000 FINANCIAL SERVICES AND MARKETS. The Small and Medium Sized Businesses (Credit Information) Regulations 2015
Draft Regulations to illustrate the Treasury s current intention as to the exercise of powers under clause 4 of the the Small Business, Enterprise and Employment Bill. D R A F T S T A T U T O R Y I N S
More informationTHE TRANSFER OF PERSONAL DATA ABROAD
THE TRANSFER OF PERSONAL DATA ABROAD MARCH 2014 THIS NOTE CONSIDERS THE SITUATION OF AN IRISH ORGANISATION OR BUSINESS SEEKING TO TRANSFER PERSONAL DATA ABROAD FOR STORAGE OR PROCESSING, IN LIGHT OF THE
More informationSo the security measures you put in place should seek to ensure that:
Guidelines This guideline offers an overview of what the Data Protection Act requires in terms of information security and aims to help you decide how to manage the security of the personal data you hold.
More information