Protecting Employee and Customer Privacy in an Era of Big Data Monitoring
|
|
- Mervin Steven Austin
- 8 years ago
- Views:
Transcription
1 FEBRUARY 3 5, 2015 / THE HILTON NEW YORK Protecting Employee and Customer Privacy in an Era of Big Data Monitoring This program addresses the challenges associated with protecting employee and customer privacy in the wake of accelerated monitoring, collection and analysis of data for the purposes of security, marketing and business intelligence.
2 Protecting Employee and Customer Privacy in an Era of Big Data Monitoring Jason R. Baron Moderator Of Counsel, Drinker, Biddle & Reath, LLP Alan Friel, Esq. Partner, BakerHostetler Heidi Wachs, Esq. Special Counsel, Jenner & Block Julia Horwitz, Esq. Consumer Protection Counsel Electronic Privacy Information Center (EPIC) Sheryl Ann Yamuder, Esq. Senior Managing Counsel, Privacy & Data Protection MasterCard THE OPINIONS AND VIEWS EXPRESSED HERE ARE ENTIRELY OUR OWN AND DO NOT NECESSARILY REPRESENT OUR EMPLOYERS POSITIONS, STRATEGIES, OR OPINIONS. PLEASE REFRAIN FROM QUOTING OR PARAPHRASING THE SPEAKERS REMARKS WITHOUT EXPRESS PERMISSION.
3 Protecting Employee and Customer Privacy Program Format How are we monitored and why? Best practices in policy and security controls What makes effective privacy, BYOD, computer and network usage policies? Reasonable expectations of privacy in US today US privacy laws vs. EU environment
4 Mistrust 91% feel like they ve lost control over the way their personal data is collected and used 80% of Americans are worried about the government s monitoring of phone and Internet communications. - Wall Street Journal, citing Pew Study: Public Perceptions of Privacy and Security in the Post- Snowden Era
5 Mistrust (cont.) 72% worried about what companies do with information 76% worry about how much data online services collect 57% of Americans see data collection as an invasion of privacy Survey of 2500 US adults 18+, by file-transfer service, WeTransfer 72% of Americans will avoid wearing Google Glass in public. Study by market research and data collection firm Toluna
6 How Are We Monitored and Why? In the Workplace In Your Private Life Network Communications Monitoring Web, including social media Access to structured data Access to files on structured repositories Mobile devices (app usage, corp data access, , social media, websites visited) GPS tracking of vehicles and mobile devices Website activity Social media activity Mobile device usage, including GPS location Mobile app usage Point of sale in stores Use of smart products (TVs, refrigerators, asthma inhalers, video game consoles, your car, farming equipment )
7 Mass Resignation? Privacy will be the new taboo and will not be appreciated or understood by upcoming generations. -- Anonymous Respondent Source: The Future of Privacy, Authors Lee Rainie and Janna Anderson, Pew Research Internet Project
8 Reasonable Expectation of Privacy? There will be no real or sustained privacy. Every human on this planet can be detected, and any communication to or from him or her can, and will, be monitored. David Hughes, a retired US Army Colonel who, from 1972, was a pioneer in individual to/from digital telecommunications It would help if people would stop saying that privacy is dead get over it. There is no law of physics that says that it is impossible to have privacy. We can have privacy, if that is what we as a society choose. Barbara Simons, a highly decorated retired IBM computer scientist, former president of the ACM, and current board chair for Verified Voting Source: The Future of Privacy, Authors Lee Rainie and Janna Anderson, Pew Research Internet Project
9 US Privacy Law Federal Trade Commission jurisdiction Sector-by-sector laws FIPS (Federal Information Processing Standards)
10 Regulatory Scrutiny Deceptive Statements? We recognize the importance of protecting the privacy of individual-specific (personally identifiable) information collected about our guests. We safeguard our Customers personally identifiable information by using industry standard practices. Scope of Investigation Not just whether company implemented reasonable security measures They look broadly at all information collection, use, and sharing practices (e.g., US-EU Safe Harbor compliance status) Compliments of Baker Hostetler. Not for re-use. 10
11 The Pending Wyndham Case FTC v. Wyndham Worldwide Co. et al. (on appeal in 3 rd Circuit) The FTC initiated an enforcement action against Wyndham Worldwide Corp. and three of its subsidiaries in 2012, alleging that computer network intrusions led to more than $10.6 million in payment card fraud losses. Wyndham and its subsidiaries moved to dismiss the case, arguing that the FTC exceeded its congressional authority and that its use of data security enforcement actions lacked regulatory backing and failed to give them notice of which practices were lawful.
12 Wyndham (con t) FTC v. Wyndham Worldwide Co. et al. (pending in 3 rd Circuit) Lower court denied a motion to dismiss by Hotels and Resorts, ruling that the FTC has authority under the unfairness prong of Section 5 of the FTC Act, 15 U.S.C. 45(a), to bring a data security enforcement action against the company (FTC v. Wyndham Worldwide Corp., No. 2:13-cv-01887, 2014 BL (D.N.J. Apr. 7, 2014)). Specifically, the court said the FTC didn't need express authority from Congress to bring data security enforcement actions under the FTC Act and didn't have to promulgate prior data security
13 Wyndham (con t) FTC v. Wyndham Worldwide Co. et al. (pending in 3 rd Circuit) The district court ordered the following questions to be certified: Whether the Federal Trade Commission can bring an unfairness claim involving data security under Section 5 of the Federal Trade Commission Act, 15 U.S.C. 45(a). Whether the Federal Trade Commission must formally promulgate regulations before bringing its unfairness claim under Section 5 of the Federal Trade Commission Act, 15 U.S.C. 45(a).
14 Improving Policies Checklist Driven by increased employee mobility and rulings, such as U.S. Supreme Court, in Riley v. California, organizations are seeking to optimize policies. State the specific business purposes for monitoring and inform employees of the specific types of monitoring that will be used. Confirm company ownership of business data in any format, even on personal smartphones and laptops. Require installation of security software to enforce password protection, to enable the location of devices, as well as remote wiping. Spell out the employer s right to access and protect its information and data even if contained on the employee s personal cell phone or laptop. Sources: Employee Benefit News (EBN), Supreme Court limits search of data stored on cell phones, Walter Kruger ISACA.ORG, Employee Monitoring and Surveillance The Growing Trend, Robin Wakefield
15 Improving Policies Checklist (cont.) Require surrender of cell phones and passwords upon separation of employment for examination to accomplish removal of company data. Confirm that the employee may have no reasonable expectation of privacy with devices used to store company data and access company systems. Clarify permitted or prohibited use of company mobile devices for personal purposes, and whether company business is permitted to be conducted on personal devices. Clearly outline the forms of communication and the websites that are prohibited. Define the acceptable use of company networks and and set clear boundaries for the personal use of company networks. Determine and inform employees of the the consequences for policy violations. Sources: Employee Benefit News (EBN), Supreme Court limits search of data stored on cell phones, Walter Kruger ISACA.ORG, Employee Monitoring and Surveillance The Growing Trend, Robin Wakefield
16 Sources of Breaches Serviced By Beazley, 1/1/14 8/31/14 Compliments of Baker Hostetler. Not for re-use.
17 Victims By the Numbers Adapted from Mandiant s MTrends Beyond the Breach: 2014 Threat Report Compliments of Baker Hostetler. Not for re-use. 17
18 Victims By the Numbers Adapted from Mandiant s MTrends Beyond the Breach: 2014 Threat Report Compliments of Baker Hostetler. Not for re-use. 18
19 Companies are Still Too Optimistic About Ability to Detect an Attack Within 72 hours or less Within a week Within a month Within three months Not confident that we can detect critical Responses (%) *Information from Tripwire Breach Detection Survey, June 24, 2014; Mandiant s MTrends Beyond the Breach: 2014 Threat Report Compliments of Baker Hostetler. Not for re-use.
20 A Simplified View of a Data Breach Discovery of a Data Breach Evaluation of the Data Breach Managing the Short-Term Crisis Handling the Long-Term Consequences Theft, loss, or Unauthorized Disclosure of Personally Identifiable Non-Public Information or Third Party Corporate Information that is in the care, custody or control of the Insured Organization, or a third party for whom the Insured Organization is legally liable Forensic Investigation and Legal Review Notification and Credit Monitoring Public Relations Class-Action Lawsuits Regulatory Fines, Penalties, and Consumer Redress Reputational Damage Income Loss Compliments of Baker Hostetler. Not for re-use.
21 State Laws 47 states, D.C., & U.S. territories Laws vary between jurisdictions Varying levels of enforcement by state attorneys general Limited precedent What does access mean? What is a reasonable notice time? Compliments of Baker Hostetler. Not for re-use.
22 Who needs to be notified? Customers Government Agencies Attorneys General Law Enforcement Credit Reporting Agencies (CRA's) SEC Disclosures Compliments of Baker Hostetler. Not for re-use. 22
23 Costs of Response Forensics Notification costs Credit monitoring Call center Crisis response Legal fees Defense costs/settlement expenses PCI fines/assessments & regulatory fines Compliments of Baker Hostetler. Not for re-use. 23
24 Reputational Challenges After incident affecting 145 million users, ebay saw: Decline in user activity 15% of buyer accounts still have not reset passwords 49% of adults online less inclined to use ebay going forward Lowered annual sales target by $200 million Stock: 5/20/14 close: $ /10/14 close: Why do some incidents seem to have less of an impact? Timing/frequency of post-incident customer interaction Is company viewed as handling incident well? *Information from SC Magazine, Compliments of Baker Hostetler. Not for re-use.
25 SEC Guidance on Cyber-Security Disclosure Obligations SEC Guidelines Issued October 13, 2011 Suggests that publicly traded companies: Disclose incidents of cyber intrusions in SEC filings Disclose risk factors of cyber intrusions Guidance was careful to note that a company is not required to make disclosures that could provide a roadmap for the company s vulnerabilities. SEC has issued letters requesting certain high-profile cyber intrusions be disclosed Amazon s Zappos.com breach Google Although not mandatory, SEC s activity here seen as foreshadowing to future mandatory obligations The SEC s Office of Compliance Inspections and Examinations (OCIE) released a document in April 2014 that highlights sample questions and potential areas of informational requests that the OCIE may use in conducting examinations of registrants regarding cybersecurity. In a speech on June 10, 2014, Commissioner Luis Aguilar stated that corporate boards should have a role in preparing for cyber-security risks as well as coordinating responses when breaches occur. More focus from the SEC could encourage private litigants to bring actions against public companies for breach of fiduciary duty, mismanagement, waste of corporate assets and abuse of control. D&O lawsuit against Target Compliments of Baker Hostetler. Not for re-use. 25
26 Cyber-Security Boardroom/Executive Issue Compliments of Baker Hostetler. Not for re-use.
27
2015 ROBINS KAPLANLLP TOOLS, TIPS, AND TRENDS: DATA PRIVACY AND CYBERSECURITY
TOOLS, TIPS, AND TRENDS: DATA PRIVACY AND CYBERSECURITY PANEL MEMBERS Stacy Bettison, Founder and President, BETTISON Candice Ciresi, Head of Stratasys US Legal and Legal Counsel to SSYS, Inc and LATAM
More informationThe Data Breach: How to stay defensible before, during and after the incident. Alex Ricardo, CIPP/US Breach Response Services
The Data Breach: How to stay defensible before, during and after the incident. Alex Ricardo, CIPP/US Breach Response Services What we are NOT doing today Providing Legal Advice o Informational Purposes
More informationAnatomy of a Hotel Breach
Page 1 of 6 Anatomy of a Hotel Breach Written by Sandy B. Garfinkel Monday, 09 June 2014 15:22 Like 0 Tweet 0 0 Data breach incidents have dominated the news in 2014, and they are only becoming more frequent
More informationCybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048
Cybersecurity Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048 Setting expectations Are you susceptible to a data breach? October 7, 2014 Setting expectations Victim Perpetrator
More informationHOW DID NETWORK SECURITY AND PRIVACY ISSUES BECOME D&O EXPOSURES?
HOW DID NETWORK SECURITY AND PRIVACY ISSUES BECOME D&O EXPOSURES? MODERATOR: Richard J. Bortnick, Esq., Defense Attorney, Cozen O Connor PANELISTS: Anjali Das, MBA, Esq., Partner, Wilson Elser Moskowitz
More informationBeazley presentation master
The Art of Breach Management Beazley presentation master February 2008 A Brief Review of Data Breaches What is a Data Breach? Actual release or disclosure of information to an unauthorized individual/entity
More informationCYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131
CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 TOPICS 1. Threats to your business s data 2. Legal obligations
More informationData Privacy & Security in the Cloud: Legal Basics and New Developments
Data Privacy & Security in the Cloud: Legal Basics and New Developments Lawrence R. Freedman Partner, Edwards Wildman Palmer LLP lfreedman@edwardswildman.com (202) 939-7923 1 The Basics Two basic data
More informationCybersecurity Developments and the Growing Role of Senior Executives and Directors
Cybersecurity Developments and the Growing Role of Senior Executives and Directors From the 2013 Target Corporation breach to this year s attacks on Primera Blue Cross and American Airlines Group Inc.,
More informationThe Data Breach: How to stay defensible before, during and after the incident. Alex Ricardo, CIPP/US Breach Response Services
The Data Breach: How to stay defensible before, during and after the incident. Alex Ricardo, CIPP/US Breach Response Services What we are NOT doing today Providing Legal Advice o Informational Purposes
More informationTHE DATA BREACH: How to stay defensible before, during and after the incident. after the incident.
THE DATA BREACH: How to stay defensible before, during and after the incident. after the incident. September 22, 2015 Erica Ouellette Beazley Technology, Media & Business Services Alyson Newton, Executive
More informationUse of Mobile Apps in the Workplace:
Use of Mobile Apps in the Workplace: PRIVACY & SECURITY ADAM D.H. GRANT AGRANT@ALPERTBARR.COM Cell Phone & Tablet Ownership 91% of American adults own a cell phone 56% have smartphones Of Americans aged
More informationHow To Protect Your Cybersecurity From Cyber Incidents
SEC ENFORCEMENT The SEC s Two Primary Theories in Cybersecurity Enforcement Actions By Daniel F. Schubert, Jonathan G. Cedarbaum and Leah Schloss WilmerHale Cyber attacks are increasingly common and affect
More informationUnderstanding the Business Risk
AAPA Cybersecurity Seminar Andaz Savannah Hotel March 11, 2015 10:30 am Noon Understanding the Business Risk Presenter: Joshua Gold, Esq. (212) 278-1886 jgold@andersonkill.com Disclaimer The views expressed
More informationLaw Firm Cyber Security & Compliance Risks
ALA WEBINAR Law Firm Cyber Security & Compliance Risks James Harrison CEO, INVISUS Breach Risks & Trends 27.5% increase in breaches in 2014 (ITRC) Over 500 million personal records lost or stolen in 2014
More informationDelaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP
Changing Legal Landscape in Cybersecurity: Implications for Business Delaware Cyber Security Workshop September 29, 2015 William R. Denny, Esquire Potter Anderson & Corroon LLP Agenda Growing Cyber Threats
More informationMind Your Business: Privacy, Data Security & Regulatory Compliance Best Practices & Guidance
Mind Your Business: Privacy, Data Security & Regulatory Compliance Best Practices & Guidance National Bar Association - Commercial Law Section 2015 Corporate Counsel Conference February 26, 2015 www.alston.com
More informationCyber Risks Connect With Directors and Officers
Cyber Risks Connect With Directors and Officers Implications of the New SEC Guidance on Cyber Security February 2012 Lockton Companies, LLC The Securities and Exchange Commission (SEC) has changed the
More informationAdvice from the Trenches: Preparing for the Challenges and Pressures of a Security Incident Investigation
Advice from the Trenches: Preparing for the Challenges and Pressures of a Security Incident Investigation Marshall Heilman Managing Director Craig A. Hoffman Partner Who we are Marshall Heilman Craig Hoffman
More informationplantemoran.com What School Personnel Administrators Need to know
plantemoran.com Data Security and Privacy What School Personnel Administrators Need to know Tomorrow s Headline Let s hope not District posts confidential data online (Tech News, May 18, 2007) In one of
More informationThe Matrix Reloaded: Cybersecurity and Data Protection for Employers. Jodi D. Taylor
The Matrix Reloaded: Cybersecurity and Data Protection for Employers Jodi D. Taylor Why Talk About This Now? Landscape is changing Enforcement by federal and state governments on the rise Legislation on
More informationCybersecurity and Data Breach: Mitigating Risk and How Government Policymakers Approach These Critical Issues
Cybersecurity and Data Breach: Mitigating Risk and How Government Policymakers Approach These Critical Issues Todd Bertoson Daniel Gibb Erin Sheppard Principal Senior Managing Associate Counsel todd.bertoson@dentons.com
More informationTechnological Evolution
Technological Evolution The Impact of Social Media, Big Data and Privacy on Business Consumer Privacy & Big Data Advice, Regulatory and Resulting Litigation Denise Banks Chief Privacy Officer BMO Financial
More informationPrivacy & Data Security
Privacy & Data Security May 9, 2014 Presented at: SWBA 39 TH ANNUAL CONFERENCE by: James E. Prendergast, Esq. Overview Data Privacy Concerns: Unauthorized access, use, acquisition or disclosure of information
More informationCase 2:13-cv-01887-ES-JAD Document 282-1 Filed 12/09/15 Page 1 of 18 PageID: 4861 THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF NEW JERSEY
Case 2:13-cv-01887-ES-JAD Document 282-1 Filed 12/09/15 Page 1 of 18 PageID: 4861 THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF NEW JERSEY Federal Trade Commission, Plaintiff, v. Wyndham Worldwide
More informationSharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So?
Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So? Bruce Heiman K&L Gates September 10, 2015 Bruce.Heiman@klgates.com (202) 661-3935 Why share information? Prevention
More informationTODAY S AGENDA. Trends/Victimology. Incident Response. Remediation. Disclosures
TODAY S AGENDA Trends/Victimology Incident Response Remediation Disclosures Trends/Victimology ADVERSARY CLASSIFICATIONS SOCIAL ENGINEERING DATA SOURCES COVERT INDICATORS - METADATA METADATA data providing
More informationCybersecurity Best Practices in Mortgage Banking. Article by Jim Deitch October 2015
Cybersecurity Best Practices in Mortgage Banking Article by Jim Deitch Cybersecurity Best Practices in Mortgage Banking BY JIM DEITCH Jim Deitch Recent high-profile cyberattacks have clearly demonstrated
More information[ 2014 Privacy & Security Update ].
U.S. Privacy Law: Hiding in Plain Sight U.S. Federal Trade Commissioner Julie Brill Second German-American Data Protection Day Munich, Germany April 30, 2015 Thank you, Dr. Ehmann, for your kind introduction.
More informationMobile Medical Devices and BYOD: Latest Legal Threat for Providers
Presenting a live 90-minute webinar with interactive Q&A Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Developing a Comprehensive Usage Strategy to Safeguard Health Information and
More informationCurrent trends in D&O liability and insurance in the United States. Kevin M. LaCroix, Executive Vice President, RT Pro Exec and Author, The D&O Diary
Current trends in D&O liability and insurance in the United States Kevin M. LaCroix, Executive Vice President, RT Pro Exec and Author, The D&O Diary Outline Key differences between US and Australian litigation
More informationJoe A. Ramirez Catherine Crane
RIMS/RMAFP PRESENTATION Joe A. Ramirez Catherine Crane RISK TRANSFER VIA INSURANCE Most Common Method Involves Assessment of Risk and Loss Potential Risk of Loss Transferred For a Premium Insurance Contract
More informationCyber and CGL Insurance Coverage for Data Breach Claims
Cyber and CGL Insurance Coverage for Data Breach Claims Paula Weseman Theisen, Partner Data breach overview Definition of data breach/types Data breach costs Data breach legal claims and damages Cyber-insurance
More informationSINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry
SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry DATA BREACH A FICTIONAL CASE STUDY THE FIRST SIGNS OF TROUBLE Friday, 5.20 pm :
More informationWashington Update: The Feds Impact Cybersecurity Without Passing Major New Laws
Washington Update: The Feds Impact Cybersecurity Without Passing Major New Laws Brian Finch Pillsbury Winthrop Shaw Pittman Brian Caudill American Gas Association Pillsbury Winthrop Shaw Pittman LLP Introduction
More informationBeazley Group Beazley Breach Response. A data breach isn t always a disaster Mishandling it is.
Beazley Group Beazley Breach Response A data breach isn t always a disaster Mishandling it is. A world of risk 932.7m Personal records breached in the U.S. since 2005 3 51% The proportion of breaches attributable
More informationClients Legal Needs in HIPAA Security Compliance
Clients Legal Needs in HIPAA Security Compliance Robyn A. Meinhardt, JD, RN FOLEY & LARDNER LLP 2004 Preserving Attorney-Client Privilege and Work Product Protections 1 Relevance to Security Compliance
More informationHit ratios are still very low for Security & Privacy coverage: What are companies waiting for?
Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for? Authored by Neeraj Sahni and Tim Stapleton Neeraj Sahni is Director, Insurance Channel at Kroll Cyber Investigations
More informationHCCA Compliance Institute 2013 Privacy & Security
HCCA Compliance Institute 2013 Privacy & Security 704 Conducting a Privacy Risk Assessment A Practical Guide to the Performance, Evaluation and Response April 23, 2013 Presented By Eric Dieterich Session
More informationCybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015
Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission June 25, 2015 1 Your Panelists Kenneth L. Chernof Partner, Litigation, Arnold & Porter LLP Nicholas
More informationDavid Horrigan, Esq., 451 Research
University of Texas Mobility Monday Series BRING YOUR OWN DEVICE (BYOD): The Legal E Discovery, Regulatory, IT and HR Implications August 4, 2014 David Horrigan, Esq., 451 Research 451 Research Global
More informationAre You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style.
Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style March 27, 2013 www.mcguirewoods.com Introductions Holly Carnell McGuireWoods LLP
More informationwww.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14
www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the
More informationWhat are you trying to secure against Cyber Attack?
Cybersecurity Legal Landscape Bonnie Harrington Executive Counsel EHS and Product Safety & Cybersecurity GE Energy Management Imagination at work. What are you trying to secure against Cyber Attack? Personally
More informationData Security: Risks, Compliance and How to be Prepared for a Breach
Data Security: Risks, Compliance and How to be Prepared for a Breach Presented by: Sandy B. Garfinkel, Esq. The Data Breach Reality: 2015 AshleyMadison.com (July 2015) Member site facilitating personal
More informationALM Virtual Corporate Counsel Managing Cybersecurity Risks and Mitigating Data Breach Damage
ALM Virtual Corporate Counsel Managing Cybersecurity Risks and Mitigating Data Breach Damage VENABLE LLP Attorneys at Law Washington, DC/New York/San Francisco/Los Angeles/Baltimore/Virginia/Delaware November
More informationREGULATION OF COMPANIES DATA SECURITY PRACTICES UNDER THE FTC ACT AND CALIFORNIA UNFAIR COMPETITION LAW By Kathryn F. Russo 1
REGULATION OF COMPANIES DATA SECURITY PRACTICES UNDER THE FTC ACT AND CALIFORNIA UNFAIR COMPETITION LAW By Kathryn F. Russo 1 I. Introduction News of data breaches dominates the headlines. Technology is
More informationBrief. The BakerHostetler Data Security Incident Response Report 2015
Brief The BakerHostetler Data Security Incident Response Report 2015 The rate of disclosures of security incidents in 2015 continues at a pace that caused many to call 2013 and then 2014 the year of the
More informationInternet Gaming: The New Face of Cyber Liability. Presented by John M. Link, CPCU Cottingham & Butler
Internet Gaming: The New Face of Cyber Liability Presented by John M. Link, CPCU Cottingham & Butler 1 Presenter John M. Link, Vice President jlink@cottinghambutler.com 2 What s at Risk? $300 billion in
More informationData Breach and Senior Living Communities May 29, 2015
Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs
More informationCYBER SECURITY SPECIALREPORT
CYBER SECURITY SPECIALREPORT 32 The RMA Journal February 2015 Copyright 2015 by RMA INSURANCE IS AN IMPORTANT TOOL IN CYBER RISK MITIGATION Shutterstock, Inc. The time to prepare for a potential cyber
More informationCyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day
Lloyd s of London (Reuters) May 8, 2000 Cyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day Rivers Casino, Pittsburgh November 17, 2014
More informationIs Your Financial Institutions' Insurance Policy vulnerable to a cyber claim? Joan D Ambrosio, James Cooper and Kim West 22 January 2014
Is Your Financial Institutions' Insurance Policy vulnerable to a cyber claim? Joan D Ambrosio, James Cooper and Kim West 22 January 2014 Cyber Exposures Joan D Ambrosio Reported data breaches continue
More informationCyber/Information Security Insurance. Pros / Cons and Facts to Consider
1 Cyber/Information Security Insurance Pros / Cons and Facts to Consider 2 Presenters Calvin Rhodes, Georgia Chief Information Officer Ron Baldwin, Montana Chief Information Officer Ted Kobus, Partner
More informationHot Topics and Trends in Cyber Security and Privacy
Hot Topics and Trends in Cyber Security and Privacy M. Darren Traub March 13, 2015 Cyber Attacks Ranked Top 5 Most Likely Risks in 2015 - The World Economic Forum Recent Global Headlines Include: 1 Where
More information3/4/2015. Scope of Problem. Data Breaches A Daily Phenomenon. Cybersecurity: Minimizing Risk & Responding to Breaches. Anthem.
Cybersecurity: Minimizing Risk & Responding to Breaches March 5, 2015 Andy Chambers Michael Kelly Jimmie Pursell Scope of Problem Data Breaches A Daily Phenomenon Anthem JP Morgan / Chase Sony Home Depot
More informationBBB Wise Giving Alliance & The International Committee of Fundraising Organizations Advancing Trust in the Charitable Sector Federal Trade
BBB Wise Giving Alliance & The International Committee of Fundraising Organizations Advancing Trust in the Charitable Sector Federal Trade Commission, Bureau of Consumer Protection Allison M. Lefrak, Attorney,
More informationCurrent Developments Concerning Cybersecurity. ICI General Membership Meeting Legal Forum Jillian Bosmann and Nancy O Hara Thursday, May 19, 2016
Current Developments Concerning Cybersecurity ICI General Membership Meeting Legal Forum Jillian Bosmann and Nancy O Hara Thursday, May 19, 2016 AGENDA Why is Cybersecurity Important? Top Cybersecurity
More informationThe Legal Pitfalls of Failing to Develop Secure Cloud Services
SESSION ID: CSV-R03 The Legal Pitfalls of Failing to Develop Secure Cloud Services Cristin Goodwin Senior Attorney, Trustworthy Computing & Regulatory Affairs Microsoft Corporation Edward McNicholas Global
More informationSecurity, privacy, and incident response issues are often
ISSA DEVELOPING AND CONNECTING CYBERSECURITY LEADERS GLOBALLY The Legal Implications of BYOD: Preparing Personal Device Use Policies By David Navetta, Esq. ISSA member, Denver, USA Chapter This article
More informationData Privacy: What your nonprofit needs to know. Donna Balaguer and Ed Lavergne Washington, D.C. February 5, 2015
Data Privacy: What your nonprofit needs to know Donna Balaguer and Ed Lavergne Washington, D.C. February 5, 2015 Overview 2 Data privacy versus data security Privacy polices and best practices Data security
More informationThe Practical Realities of Cybersecurity
& present The Practical Realities of Cybersecurity Best practices for crafting policies and procedures to protect your company Andrew Morentz, Member Telecommunications Law Professionals PLLC email amorentz@telecomlawpros.com
More informationTen Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder
Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system
More informationCyberSecurity for Law Firms
CyberSecurity for Law Firms Cracking the Cyber Code: Recent Headlines, Reinforcing the Need and Response Planning July 16, 2013 Making the Case Matthew Magner Senior Underwriting Officer Chubb & Son, a
More informationCyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties
Cyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties Pamela Passman President and CEO Center for Responsible Enterprise And Trade (CREATe.org)
More informationWhere s the App for That?
Where s the App for That? Mobile Medical Apps, Cybersecurity and the Regulatory and Litigation Landscape Sharon R. Klein Jan P. Levine Angelo A. Stio, III PBI Health Law Institute 2016 Spring 2016 1 Today
More informationInformation Security Law: Control of Digital Assets.
Brochure More information from http://www.researchandmarkets.com/reports/2128523/ Information Security Law: Control of Digital Assets. Description: For most organizations, an effective information security
More informationData Breach Cost. Risks, costs and mitigation strategies for data breaches
Data Breach Cost Risks, costs and mitigation strategies for data breaches Tim Stapleton, CIPP/US Deputy Global Head of Professional Liability Zurich General Insurance Data Breaches: Greater frequency,
More informationBYOD Policies: A Litigation Perspective
General Counsel Panel Reveals the Real Deal BYOD Policies: A Litigation Perspective By Andrew Hinkes Reprinted with Permission BYOD Policies: A Litigation Perspective By Andrew Hinkes Bring-your-own-device
More informationAnatomy of a Privacy and Data Breach
Anatomy of a Privacy and Data Breach Understanding the Risk and Managing a Crisis Adam Kardash: Partner, Heenan Blaikie LLP Robert Parisi: Senior Vice President, Marsh Leadership, Knowledge, Solutions
More informationData Privacy and Cybersecurity Task Force
Data Privacy and Cybersecurity Task Force key contact Josephine Cicchetti Shareholder T: 202.965.8162 F: 202.965.8104 email We provide clients across industries with comprehensive counsel on complex, evolving,
More informationCyber Liability. AlaHA Annual Meeting 2013
Cyber Liability AlaHA Annual Meeting 2013 Disclaimer We are not providing legal advise. This Presentation is a broad overview of health care cyber loss exposures, the process in the event of loss and coverages
More informationQuestions And Answers. Electron ic Monitoring in the Workplace
Questions And Answers Electron ic Monitoring in the Workplace Kevin J. Smith and Rachel J. Tischler Employers and employment attorneys alike have been concerned about the legal limits of electronic monitoring
More informationBy Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN
Major Changes to HIPAA Security and Privacy Rules Enacted in Economic Stimulus Package By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN The HITECH Act is the
More informationBeyond Data Breach: Cyber Trends and Exposures
Beyond Data Breach: Cyber Trends and Exposures Vietnam 7 th May 2015 Jason Kelly Head of Asia Financial Lines AIG Agenda Why do companies need cyber protection Example of Cyber attack worldwide and in
More informationDATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT
Advisor Article DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT By James R. Carroll, David S. Clancy and Christopher G. Clark* Skadden, Arps, Slate, Meagher & Flom Customer data security
More informationThe Cyber Attack and Hacking Epidemic A Legal and Business Survival Guide
The Cyber Attack and Hacking Epidemic A Legal and Business Survival Guide Practising Law Institute January 9, 2012 Melissa J. Krasnow, Partner, Dorsey & Whitney LLP, and Certified Information Privacy Professional
More informationIDENTITY THEFT IN SOUTH CAROLINA: 2014 UPDATE. Marti Phillips, Esq. Director, Identity Theft Unit South Carolina Department of Consumer Affairs
IDENTITY THEFT IN SOUTH CAROLINA: 2014 UPDATE Marti Phillips, Esq. Director, Identity Theft Unit South Carolina Department of Consumer Affairs This presentation is not meant to serve as a substitute for
More informationHow To Protect Your Data From Hackers
Cyber Risk: What you need to know and what you can t afford to ignore! James Johnston Directors' and Officers' Insurance Underwriter Daniel Fletcher Cyber Insurance Underwriter Financial & Specialty Markets
More informationSmall Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m.
Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m. Topics: Explain why it is important for firms of all sizes to address cybersecurity risk. Demonstrate awareness
More information3/13/2015 HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA?
HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA? 1 DEFINITIONS HIPAA Health Insurance Portability and Accountability Act of 1996 Primarily designed
More informationSEC update: Cybersecurity initiatives. SEC update: Cybersecurity initiatives. Intelligize // 02
Intelligize // 02 As is tradition, at the beginning of the year, the U.S. Securities and Exchange Commission outlined both its current state of affairs and annual goals for maintaining proper compliance
More informationTHE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS
THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Investment in cyber insurance Lockton Companies
More informationAuditing your institution's cybersecurity incident/breach response plan. Baker Tilly Virchow Krause, LLP
Auditing your institution's cybersecurity incident/breach response plan Objectives > Provide an overview of incident/breach response plans and their intended benefits > Describe regulatory/legal requirements
More informationPrepare for the Worst: Best Practices for Responding to Cybersecurity Breaches Trivalent Solutions Expo June 19, 2014
Prepare for the Worst: Best Practices for Responding to Cybersecurity Breaches Trivalent Solutions Expo June 19, 2014 2014, Mika Meyers Beckett & Jones PLC All Rights Reserved Presented by: Jennifer A.
More informationCybersecurity Assessment
Cybersecurity Assessment What Will the Regulators Be Looking For? Legal Counsel to the Financial Services Industry Digital Commerce & Payments Series Webinar March 18, 2015 1 Introduction & Overview Today
More informationData Breach Response Planning: Laying the Right Foundation
Data Breach Response Planning: Laying the Right Foundation September 16, 2015 Presented by Paige M. Boshell and Amy S. Leopard babc.com ALABAMA I DISTRICT OF COLUMBIA I FLORIDA I MISSISSIPPI I NORTH CAROLINA
More informationCybersecurity and Insurance Companies
Cybersecurity and Insurance Companies ACLI Forum 500 CEO Leadership Retreat Timothy J. Nagle Vice President & Chief Privacy Counsel Prudential Financial 1 May 13, 2015 What is cybersecurity? Protecting
More informationIDENTIFYING AND RESPONDING TO DATA BREACHES
IDENTIFYING AND RESPONDING TO DATA BREACHES Michael P. Hindelang Honigman Miller Schwartz and Cohn LLP October 14, 2015 Merit Security Summit DATA SECURITY RISKS, THREATS & REAL WORLD EXAMPLES OVERVIEW
More informationPROFESSIONAL RISK PRIVACY CLAIMS SCENARIOS
PROFESSIONAL RISK PRIVACY CLAIMS SCENARIOS The following claim scenarios are hypothetical and are offered solely to illustrate the types of situations that may result in claims. Although sorted by industry,
More informationData Protection in the United States
Data Protection in the United States Bruce E. H. Johnson Chair, Privacy and Security Group Davis Wright Tremaine LLP Pacific Rim Advisory Council Singapore, October 18, 2011 Overview of US Privacy Regulations
More informationWhat Data? I m A Trucking Company!
What Data? I m A Trucking Company! Presented by: Marc C. Tucker 434 Fayetteville Street, Suite 2800 Raleigh, NC, 27601 919.755.8713 marc.tucker@smithmoorelaw.com Presented by: Rob D. Moseley, Jr. 2 West
More informationTHE FUTURE OF CYBERSECURITY: STANDARDS AND REGULATION
THE FUTURE OF CYBERSECURITY: STANDARDS AND REGULATION Paul Rosenzweig Red Branch Consulting PLLC www.redbranchconsulting.com www.paulrosenzweigesq.com The Economics of Cybersecurity Non-Exclusive (Use
More informationHIPAA and Mental Health Privacy:
HIPAA and Mental Health Privacy: What Social Workers Need to Know Presenter: Sherri Morgan, JD, MSW Associate Counsel, NASW Legal Defense Fund and Office of Ethics & Professional Review 2010 National Association
More informationGALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability
GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the
More informationHIPAA Data Breaches: Managing Them Internally and in Response to Civil/Criminal Investigations
HIPAA Data Breaches: Managing Them Internally and in Response to Civil/Criminal Investigations Health Care Litigation Webinar Series March 22, 2012 Spence Pryor Paula Stannard Jason Popp 1 HIPAA/HITECH
More informationIN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF ARIZONA
David W. Lincicum (California Bar No. 223566) Burke W. Kappler (D.C. Bar No. 471936) Federal Trade Commission 600 Pennsylvania Avenue, N.W. Mail Stop NJ-8122 Washington, D.C. 20580 dlincicum@ftc.gov bkappler@ftc.gov
More informationIntroduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide
Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide by Christopher Wolf Directors, Privacy and Information Management Practice Hogan Lovells US LLP christopher.wolf@hoganlovells.com
More informationSigned into law on February 17, 2009, the Stimulus Package known
Stimulus Package Expands HIPAA Privacy and Security and Adds Federal Data Breach Notification Law Marcy Wilder, Donna A. Boswell, and BarBara Bennett The authors discuss provisions of the Stimulus Package
More information2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security
2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security Commissioned by ID Experts November 2009 INTRODUCTION Healthcare breaches are on the rise; according to the 2009
More information