Privacy and Data Breach Issues
|
|
- Dominick Robinson
- 8 years ago
- Views:
Transcription
1 Privacy and Data Breach Issues Konstantin Dino Tsibouris Founding Principal Tsibouris & Associates Columbus, Ohio Kirk Herath Associate General Counsel Nationwide Insurance Columbus, Ohio Table of Contents Privacy and Data Breach Issues PowerPoint Presentation... 1 Privacy and Data Breach Issues i
2 ii Privacy and Data Breach Issues
3 Privacy and Data Breach Issues Kirk Herath, VP, Chief Privacy Officer, Nationwide & Dino Tsibouris, Founding Principal, Tsibouris & Associates What is Big Data? Big Data 1. Exponential Growth in Data Generation Web Tracking Techniques Internet Enabled Mobile Devices 2. Innovations in Data Use Increase in Computing Capability Falling Cost of Data Storage Advances in Statistical Analysis Risks? Privacy and Data Breach Issues 1
4 GLBA and State Law Progeny Data Lakes Data accumulates from a variety of sources Customers, Consumers, Affiliates, and 3 rd Parties Data Governance & Preference Management Data accuracy, completeness, and security Is data fit for a particular purpose? Record Retention Is the data expired? Opt Out Preferences or a Failure to Opt In? TCPA Collecting Phone Numbers Notice and Consent? Use Limitations? July 10, 2015 FCC Declaratory Ruling and Order Key: Definition of an Auto Dialer 2 Privacy and Data Breach Issues
5 Using Big Data to Gauge Risk Traditional Consumer Reporting Agencies v. ZestFinancial FICO = Variables to Derive a Risk Score ZestFinancial = 1,000+ Variables to Derive a Risk Score Is this better? What are the risks? Regulator Uncertainty and Scrutiny Consumer Protection Considerations FCRA Consumer Reporting Agencies 3 rd Party Reports 7 Factor Data Used for a Permissible Purpose Duties Accuracy and Completeness Transparency and Redress Private Right of Action & Statutory Damages Privacy and Data Breach Issues 3
6 Laws ECOA/Reg B Fair Housing Act UDAAP Discrimination Disparate Treatment Disparate Impact Fair Lending Themes and Trends 4 Privacy and Data Breach Issues
7 Closer Look at Wyndham 3 data breaches at hotels in less than 2 years. Privacy and security representations made. FTC alleges that Wyndham failed to: Use complex IDs and passwords, Use firewalls and network segmentation, Patch systems, and Follow incident response procedures. Compromised 500K credit cards. Typical FTC 5 Enforcement Action Designate employee responsible for privacy or security program. Conduct risk assessment and employee training. Test and monitor risk identified. Implement and maintain protections. Evaluate and adjust of program. Biennial third party assessments. In effect for 20 years. Privacy and Data Breach Issues 5
8 Zappos MA AG Enforcement Zappos agreed to pay $106K Unauthorized access to: Names, addresses, phone numbers, Last 4 digits of credit card numbers, and Login credentials of customers. Zappos MA AG Enforcement Settlement requires: Maintenance and compliance with information security policies, Providing the AG with information, Demonstrating compliance with PCI DSS for two years, Third party audit, providing copy to MA AG, and addressing deficiencies, and Annual training. 6 Privacy and Data Breach Issues
9 SHA1 MD5 The Legal Response Proposed federal legislation Expanding state legislation Federal and state level enforcement Civil liability Privacy and Data Breach Issues 7
10 A Push for Federal Data Breach Legislation Personal Data Notification & Protection Act Proposed by President Obama at the State of the Union Address on January 20, 2015 Pre empts state laws Must notify in 30 days No private right of action FTC enforcement Personal Data Notification & Protection Act Triggers First and last name/or first initial and last name along with any two: Home address or phone number Mother s maiden name Full birth date SSN, DL, passport, alien registration number Biometric data Unique account ID (user name, routing code) 8 Privacy and Data Breach Issues
11 Personal Data Notification & Protection Act Triggers Any combination of the following three elements: First and last name/first initial and last name Unique account ID Any security code/source code that could generate a security code or password Personal Data Notification & Protection Act Risk of harm analysis Must send notice 30 days after discovery Individual notice ( acceptable with consent) Notice to media Notice to Federal law enforcement Notice to credit reporting agencies Privacy and Data Breach Issues 9
12 A Push for State Law and Regulation Timing and content of breach notice Definition of personal data /password information Non HIPAA health data Requirements to inform media/regulators Contracting 3.2. Protection of Your Data. We will maintain administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Your Data, as described in the Documentation. 10 Privacy and Data Breach Issues
13 Security Breaches Remediation Notification Individuals, Regulators, Media Litigation Privacy and Data Breach Issues 11
14 General Data Protection Regulation EU member states in final stages of negotiations. Expected in the next year or so. Includes data breach notification obligation. Fines as high as %2 of annual turnover. Questions & Answers Dino Tsibouris (614) Kirk Herath 12 Privacy and Data Breach Issues
CSR Breach Reporting Service Frequently Asked Questions
CSR Breach Reporting Service Frequently Asked Questions Quick and Complete Reporting is Critical after Data Loss Why do businesses need this service? If organizations don t have this service, what could
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation MELISSA J. KRASNOW, DORSEY & WHITNEY LLP
More informationProtecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00)
Protecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00) May 15, 2009 LLP US Information Security Framework Historically industry-specific HIPAA Fair Credit Reporting
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Melissa J. Krasnow, Dorsey & Whitney LLP
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Melissa J. Krasnow, Dorsey & Whitney LLP A Note discussing written information security programs (WISPs)
More informationPII = Personally Identifiable Information
PII = Personally Identifiable Information EMU is committed to protecting the privacy of personally identifiable information of its students, faculty, staff, and other individuals associated with the University.
More informationHCCA Compliance Institute 2013 Privacy & Security
HCCA Compliance Institute 2013 Privacy & Security 704 Conducting a Privacy Risk Assessment A Practical Guide to the Performance, Evaluation and Response April 23, 2013 Presented By Eric Dieterich Session
More informationMASSIVE NETWORKS Online Backup Compliance Guidelines... 1. Sarbanes-Oxley (SOX)... 2. SOX Requirements... 2
MASSIVE NETWORKS Online Backup Compliance Guidelines Last updated: Sunday, November 13 th, 2011 Contents MASSIVE NETWORKS Online Backup Compliance Guidelines... 1 Sarbanes-Oxley (SOX)... 2 SOX Requirements...
More informationData Privacy: What your nonprofit needs to know. Donna Balaguer and Ed Lavergne Washington, D.C. February 5, 2015
Data Privacy: What your nonprofit needs to know Donna Balaguer and Ed Lavergne Washington, D.C. February 5, 2015 Overview 2 Data privacy versus data security Privacy polices and best practices Data security
More information2/9/2012. The Third International Conference on Technical and Legal Aspects of the e-society CYBERLAWS 2012
The Third International Conference on Technical and Legal Aspects of the e-society CYBERLAWS 2012 Legal Issues Involved in Creating Security Compliance Plans W. David Snead Attorney + Counselor Washington,
More informationPII Personally Identifiable Information Training and Fraud Prevention
PII Personally Identifiable Information Training and Fraud Prevention Topics What is Personally Identifiable Information (PII)? Why are we committed to protecting PII? What laws govern us? How do we comply?
More informationLaw Firm Cyber Security & Compliance Risks
ALA WEBINAR Law Firm Cyber Security & Compliance Risks James Harrison CEO, INVISUS Breach Risks & Trends 27.5% increase in breaches in 2014 (ITRC) Over 500 million personal records lost or stolen in 2014
More informationITS Policy Library. 11.06 - Device Encryption. Information Technologies & Services
ITS Policy Library 11.06 - Device Encryption Information Technologies & Services Responsible Executive: Chief Information Officer, WCMC Original Issued: July 15, 2008 Last Updated: November 21, 2014 POLICY
More informationPrivacy Law Basics and Best Practices
Privacy Law Basics and Best Practices Information Privacy in a Digital World Stephanie Skaff sskaff@fbm.com What Is Information Privacy? Your name? Your phone number or home address? Your email address?
More informationBig Data, Big Risk, Big Rewards. Hussein Syed
Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data
More informationData Breach Response Basic Principles Under U.S. State and Federal Law. ABA Litigation Section Core Knowledge January 2015 1
Data Breach Response Basic Principles Under U.S. State and Federal Law ABA Litigation Section Core Knowledge January 2015 1 I. Introduction Data breaches have become an unfortunate reality for many of
More informationPrivacy Risk Assessments
Privacy Risk Assessments Michael Hulet Principal November 8, 2012 Agenda Privacy Review Definition Trends Privacy Program Considerations Privacy Risk Assessment Risk Assessment Tools Generally Accepted
More informationIDENTITY THEFT PREVENTION (Red Flag) POLICY
IDENTITY THEFT PREVENTION (Red Flag) POLICY The risk to the College, its employees and students from data loss and identity theft is of significant concern to the College and can be reduced only through
More informationPrepare for the Worst: Best Practices for Responding to Cybersecurity Breaches Trivalent Solutions Expo June 19, 2014
Prepare for the Worst: Best Practices for Responding to Cybersecurity Breaches Trivalent Solutions Expo June 19, 2014 2014, Mika Meyers Beckett & Jones PLC All Rights Reserved Presented by: Jennifer A.
More informationThe Matrix Reloaded: Cybersecurity and Data Protection for Employers. Jodi D. Taylor
The Matrix Reloaded: Cybersecurity and Data Protection for Employers Jodi D. Taylor Why Talk About This Now? Landscape is changing Enforcement by federal and state governments on the rise Legislation on
More informationPacific University. Policy Governing. Identity Theft Prevention Program. Red Flag Guidelines. Approved June 10, 2009
Pacific University Policy Governing Identity Theft Prevention Program Red Flag Guidelines Approved June 10, 2009 Program adoption Pacific University developed this identity Theft Prevention Program ( Program
More informationPrivacy Legislation and Industry Security Standards
Privacy Legislation and Issue No. 3 01010101 01010101 01010101 Information is generated about and collected from individuals at an unprecedented rate in the ordinary course of business. In most cases,
More informationThe HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq.
The HITECH Act: Implications to HIPAA Covered Entities and Business Associates Linn F. Freedman, Esq. Introduction and Overview On February 17, 2009, President Obama signed P.L. 111-05, the American Recovery
More informationPrivacy Impact Assessment
AUGUST 16, 2013 Privacy Impact Assessment CIVIL PENALTY FUND AND BUREAU-ADMINISTERED REDRESS PROGRAM Contact Point: Claire Stapleton Chief Privacy Officer 1700 G Street, NW Washington, DC 20552 202-435-7220
More informationplantemoran.com What School Personnel Administrators Need to know
plantemoran.com Data Security and Privacy What School Personnel Administrators Need to know Tomorrow s Headline Let s hope not District posts confidential data online (Tech News, May 18, 2007) In one of
More informationIntroduction to Data Privacy & ediscovery Intersection of Data Privacy & ediscovery
Today s Topics Introduction to Data Privacy & ediscovery General Overview Data Privacy in the United States Data Privacy in Foreign Countries Intersection of Data Privacy & ediscovery Preservation of Data
More informationCONNECTICUT IDENTITY THEFT RANKING BY STATE: Rank 19, 68.8 Complaints Per 100,000 Population, 2409 Complaints (2007) Updated November 28, 2008
CONNECTICUT IDENTITY THEFT RANKING BY STATE: Rank 19, 68.8 Complaints Per 100,000 Population, 2409 Complaints (2007) Updated November 28, 2008 Current Laws: A person commits identity theft when he intentionally
More informationWearables and Big Data and Drones, Oh My! How to Manage Privacy Risk in the Use of Newer Technologies 1
Wearables and Big Data and Drones, Oh My! How to Manage Privacy Risk in the Use of Newer Technologies 1 Julie S. McEwen, CISSP, PMP, CIPP/G/US, CIPM, CIPT 2 2015 Project Management Symposium, University
More informationTechnological Evolution
Technological Evolution The Impact of Social Media, Big Data and Privacy on Business Consumer Privacy & Big Data Advice, Regulatory and Resulting Litigation Denise Banks Chief Privacy Officer BMO Financial
More informationYour Agency Just Had a Privacy Breach Now What?
1 Your Agency Just Had a Privacy Breach Now What? Kathleen Claffie U.S. Customs and Border Protection What is a Breach The loss of control, compromise, unauthorized disclosure, unauthorized acquisition,
More informationCybersecurity Assessment
Cybersecurity Assessment What Will the Regulators Be Looking For? Legal Counsel to the Financial Services Industry Digital Commerce & Payments Series Webinar March 18, 2015 1 Introduction & Overview Today
More informationThe Legal Pitfalls of Failing to Develop Secure Cloud Services
SESSION ID: CSV-R03 The Legal Pitfalls of Failing to Develop Secure Cloud Services Cristin Goodwin Senior Attorney, Trustworthy Computing & Regulatory Affairs Microsoft Corporation Edward McNicholas Global
More informationGramm Leach Bliley Act. GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev. 7/1/2007
Gramm Leach Bliley Act 15 U.S.C. 6801-6809 6809 GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev. 7/1/2007 1 Objectives for GLBA Training GLBA Overview Safeguards Rule
More informationThe Importance of Privacy & Data Security in a Changing World
Cyber, PrivaCy & Data SeCurity 360 www.mpplaw.com about our PraCtiCe Data is the lifeblood of our global economy. Collected, stored and transmitted, digital data not only imparts great opportunities, but
More informationCybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015
Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission June 25, 2015 1 Your Panelists Kenneth L. Chernof Partner, Litigation, Arnold & Porter LLP Nicholas
More informationJefferson Glassie, FASAE Whiteford, Taylor & Preston
Jefferson Glassie, FASAE Whiteford, Taylor & Preston 2 * 3 PII = An individuals first name and last name or first initial and last name in combination with any one or more of the following data elements
More informationPrivacy Impact Assessment
MAY 24, 2012 Privacy Impact Assessment matters management system Contact Point: Claire Stapleton Chief Privacy Officer 1700 G Street, NW Washington, DC 20552 202-435-7220 claire.stapleton@cfpb.gov DOCUMENT
More informationData Security. Updated April, 2006. CCIM Institute 430 N. Michigan Avenue Chicago, IL 60611 (312) 321-4460
Data Security Updated April, 2006 CCIM Institute 430 N. Michigan Avenue Chicago, IL 60611 (312) 321-4460 Background As technology has evolved and become vital for businesses, a growing number of public
More informationDEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY
DEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY This Plan we adopted by member, partner, etc.) on Our Program Coordinator (date). (Board of Directors, owner, We have appointed
More informationHow Much Do I Need To Do to Comply? Vice president SystemExperts Corporation
How Much Do I Need To Do to Comply? Richard E. Mackey, Jr. Vice president SystemExperts Corporation Agenda Background Requirements and you Risk language Risk Factors Assessing risk Program elements and
More informationSINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry
SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry DATA BREACH A FICTIONAL CASE STUDY THE FIRST SIGNS OF TROUBLE Friday, 5.20 pm :
More informationPrivacy / Network Security Liability Insurance Discussion. January 30, 2013. Kevin Violette RT ProExec
Privacy / Network Security Liability Insurance Discussion January 30, 2013 Kevin Violette RT ProExec 1 Irrefutable Laws of Information Security 1) Information wants to be free People want to talk, post,
More informationIdentity Theft Prevention Policy
Eastern Kentucky University Policy and Regulation Library 6.#.#P Volume 6, Volume Title: Financial Affairs Chapter #, Chapter Title Section #, Name: Identity Theft Prevention Policy Approval Authority:
More informationRegulatory Impact on Agencies & How They Affect You, The Client
Regulatory Impact on Agencies & How They Affect You, The Client Regulatory Impact on Agencies & How They Affect You, The Client Presented By: Thomas Perrotta, V.P. Collections & Compliance, CCCO Presentation
More informationCybersecurity: Protecting Your Business. March 11, 2015
Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks
More informationOklahoma State University Policy and Procedures. Red Flags Rules and Identity Theft Prevention
Oklahoma State University Policy and Procedures Rules and Identity Theft Prevention 3-0540 ADMINISTRATION & FINANCE July 2009 Introduction 1.01 Oklahoma State University developed this Identity Theft Prevention
More informationWeber Human Services Identity Theft Prevention Policy
Weber Human Services Identity Theft Prevention Policy Purpose: Weber Human Services (WHS) is committed to protecting the privacy of the Protected Health Information ( PHI ) of our clients and the Personal
More informationIDENTITY THEFT: DATA SECURITY FOR EMPLOYERS. Boston, MA 02110 Richmond, Virginia 23219 Tel. (617) 502.8238 Tel. (804) 783.7579
IDENTITY THEFT: DATA SECURITY FOR EMPLOYERS Daniel J. Blake, Esq. Vijay K. Mago, Esq. LeClairRyan, A Professional Corporation LeClairRyan, A Professional Corporation One International Place, Eleventh Floor
More informationGuylyn Cummins, Esq. Elizabeth Balfour, Esq.
Privacy Law Perils in California, the Nation and Beyond: Securing Data, Responding to Theft of Data and Other Business Assets, Assessing Your Company s Privacy Policy, Evaluating Risks Presented by Your
More informationWelcome to part 2 of the HIPAA Security Administrative Safeguards presentation. This presentation covers information access management, security
Welcome to part 2 of the HIPAA Security Administrative Safeguards presentation. This presentation covers information access management, security awareness training, and security incident procedures. The
More informationCDT ISSUE BRIEF ON FEDERAL DATA BREACH NOTIFICATION LEGISLATION
CDT ISSUE BRIEF ON FEDERAL DATA BREACH NOTIFICATION LEGISLATION January 27, 2015 A September 2014 Ponemon study found that 60% of U.S. companies have experienced more than one data breach in the past two
More informationPII Compliance Guidelines
Personally Identifiable Information (PII): Individually identifiable information from or about an individual customer including, but not limited to: (a) a first and last name or first initial and last
More informationIdentity Theft Prevention Program (Approved by the Board of Trustees)
Administrative Regulation 8:8 Responsible Office: EVPFA Date Effective: 9/15/2009 Supersedes Version: No previous version Identity Theft Prevention Program (Approved by the Board of Trustees) Major Topics
More informationDATA PRIVACY ENFORCEMENT EFFORTS BY STATE ATTORNEYS GENERAL
DATA PRIVACY ENFORCEMENT EFFORTS BY STATE ATTORNEYS GENERAL State AGs have been very active in the leadership of data privacy protection initiatives across the country, and have dedicated considerable
More informationCyber and Privacy Risk What Are the Trends? Is Insurance the Answer?
Minnesota Society for Healthcare Risk Management September 22, 2011 Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer? Melissa Krasnow, Partner, Dorsey & Whitney, and Certified Information
More informationCYBER & PRIVACY LIABILITY INSURANCE GUIDE
CYBER & PRIVACY LIABILITY INSURANCE GUIDE 01110000 01110010 011010010111011001100001 01100 01110000 01110010 011010010111011001100001 0110 Author Gamelah Palagonia, Founder CIPM, CIPT, CIPP/US, CIPP/G,
More informationWake Forest University. Identity Theft Prevention Program. Effective May 1, 2009
Wake Forest University Identity Theft Prevention Program Effective May 1, 2009 I. GENERAL It is the policy of Wake Forest University ( University ) to comply with the Federal Trade Commission's ( FTC )
More informationIdentity Theft Prevention Policy. Effective Date: January 1, 2011. Policy Statement
Identity Theft Prevention Policy Effective Date: January 1, 2011 Policy Statement Identity Theft is a crime in which an individual wrongfully obtains and uses another person's personal data, usually for
More informationWISCONSIN IDENTITY THEFT RANKING BY STATE: Rank 15, 175.9 Complaints Per 100,000 Population, 9852 Complaints (2007) Updated January 16, 2009
WISCONSIN IDENTITY THEFT RANKING BY STATE: Rank 15, 175.9 Complaints Per 100,000 Population, 9852 Complaints (2007) Updated January 16, 2009 Current Laws: It is unlawful to intentionally use or attempt
More informationResponding to New Identity Theft Laws
Responding to New Identity Theft Laws March 2011 Privacy Expectations Today, there is increasing recognition that an individual has a legitimate interest in controlling the collection, use and disclosure/dissemination
More informationBest Practices for Protecting Sensitive Data in an Oracle Applications Environment. Presented by: Jeffrey T. Hare, CPA CISA CIA
Best Practices for Protecting Sensitive Data in an Oracle Applications Environment Presented by: Jeffrey T. Hare, CPA CISA CIA Webinar Logistics Hide and unhide the Webinar control panel by clicking on
More informationCybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048
Cybersecurity Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048 Setting expectations Are you susceptible to a data breach? October 7, 2014 Setting expectations Victim Perpetrator
More informationThe Department of Health and Human Services Privacy Awareness Training. Fiscal Year 2015
The Department of Health and Human Services Privacy Awareness Training Fiscal Year 2015 Course Objectives At the end of the course, you will be able to: Define privacy and explain its importance. Identify
More informationPrivacy Impact Assessment
DECEMBER 20, 2013 Privacy Impact Assessment MARKET ANALYSIS OF ADMINISTRATIVE DATA UNDER RESEARCH AUTHORITIES Contact Point: Claire Stapleton Chief Privacy Officer 1700 G Street, NW Washington, DC 20552
More information2/9/2012. 2012 HIPAA Privacy and Security Audit Readiness. Table of contents
2012 HIPAA Privacy and Security Audit Readiness Mark M. Johnson National HIPAA Services Director Table of contents Page Background 2 Regulatory Background and HITECH Impacts 3 Office of Civil Rights (OCR)
More informationBig Data for Mutuals. Marc Dautlich 25 November 2013
Big Data for Mutuals Marc Dautlich 25 November 2013 Agenda BIG DATA What is it? OPPORTUNITIES What are they? LEGAL CHALLENGES How do we overcome them? LEGAL REFORM What can we do now to minimise impact?
More informationRHODE ISLAND IDENTITY THEFT RANKING BY STATE: Rank 34, 56.0 Complaints Per 100,000 Population, 592 Complaints (2007) Updated January 5, 2009
RHODE ISLAND IDENTITY THEFT RANKING BY STATE: Rank 34, 56.0 Complaints Per 100,000 Population, 592 Complaints (2007) Updated January 5, 2009 Current Laws: A person commits the crime of identity fraud if
More informationINFORMATION SECURITY FOR YOUR AGENCY
INFORMATION SECURITY FOR YOUR AGENCY Presenter: Chad Knutson Secure Banking Solutions, LLC CONTACT INFORMATION Dr. Kevin Streff Professor at Dakota State University Director - National Center for the Protection
More informationIntroduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide
Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide by Christopher Wolf Directors, Privacy and Information Management Practice Hogan Lovells US LLP christopher.wolf@hoganlovells.com
More informationBUSINESS ASSOCIATE ADDENDUM
BUSINESS ASSOCIATE ADDENDUM This Business Associate Addendum ( Addendum ) adds to and is made a part of the Q- global Subscription and License Agreement by and between NCS Pearson, Inc. ( Business Associate
More informationRoadmap. What is Big Data? Big Data for Educational Institutions 5/30/2014. A Framework for Addressing Privacy Compliance and Legal Considerations
Big Data for Educational Institutions A Framework for Addressing Privacy Compliance and Legal Considerations Roadmap Introduction What is Big Data? How are educational institutions using Big Data? What
More informationWho Should Know This Policy 2 Definitions 2 Contacts 3 Procedures 3 Forms 5 Related Documents 5 Revision History 5 FAQs 5
Information Security Policy Type: Administrative Responsible Office: Office of Technology Services Initial Policy Approved: 09/30/2009 Current Revision Approved: 08/10/2015 Policy Statement and Purpose
More informationPresentation for : The New England Board of Higher Education. Hot Topics in IT Security and Data Privacy
Presentation for : The New England Board of Higher Education Hot Topics in IT Security and Data Privacy October 22, 2010 Rocco Grillo, CISSP Managing Director Protiviti Inc. Quote of the Day "It takes
More informationCFPB COMPLIANCE: Interaction Between Compliance Assessments and Systems Issues
CFPB COMPLIANCE: Interaction Between Compliance Assessments and Systems Issues Presented by: Stefanie H. Jackman Consumer Financial Services Group 678.420.9490 jackmans@ballardspahr.com Trevor Salter Consumer
More informationPROGRAM TO PREVENT, DETECT & MITIGATE IDENTITY THEFT
Office of Employee Benefits Administrative Manual PROGRAM TO PREVENT, DETECT & MITIGATE IDENTITY THEFT 150 EFFECTIVE DATE: AUGUST 1, 2009 REVISION DATE: PURPOSE: Ensure that the Office of Employee Benefits
More informationHow To Protect Your Privacy Online From Your Company Or Affiliates
Data Security and Privacy Proposed Threshold Questions and Initial Due Diligence Personal information means any information that can be used to identify a specific individual, for example, such individual
More informationCovered Areas: Those EVMS departments that have activities with Covered Accounts.
I. POLICY Eastern Virginia Medical School (EVMS) establishes the following identity theft program ( Program ) to detect, identify, and mitigate identity theft in its Covered Accounts in accordance with
More informationHow To Protect Yourself From Cyber Threats
Cyber Security for Non- Profit Organizations Scott Lawler CISSP- ISSAP, ISSMP, HCISPP Copyright 2015 LP3 May 2015 Agenda IT Security Basics e- Discovery Compliance Legal Risk Disaster Plans Non- Profit
More informationSummary. Background and Justification
Supporting Statement for the Recordkeeping and Disclosure Requirements Associated with the Guidance on Response Programs for Unauthorized Access to Customer Information (FR 4100; OMB No. 7100-0309) Summary
More informationUniversity of Tennessee's Identity Theft Prevention Program
IDENTITY THEFT PREVENTION PROGRAM 1. BACKGROUND The University of Tennessee (UT) developed this Identity Theft Prevention Program pursuant to the Federal Trade Commission s Red Flags Rule, Section 114
More informationMIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)
MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...
More informationInternet Gaming: The New Face of Cyber Liability. Presented by John M. Link, CPCU Cottingham & Butler
Internet Gaming: The New Face of Cyber Liability Presented by John M. Link, CPCU Cottingham & Butler 1 Presenter John M. Link, Vice President jlink@cottinghambutler.com 2 What s at Risk? $300 billion in
More informationMEMORANDUM MEMBERS OF THE SENATE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION
MEMORANDUM TO: FROM: MEMBERS OF THE SENATE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION REPUBLICAN COMMITTEE STAFF DATE: FEBRUARY 3, 2015 RE: SUBCOMMITTEE HEARING ON GETTING IT RIGHT ON DATA SECURITY
More informationData Security and Privacy Policy
Data Security and Privacy Policy Overview TRG is a data-driven consulting company that provides arts, cultural and entertainment organizations guidance and solutions for patron-based, sustainable income.
More informationIDENTITY THEFT IN SOUTH CAROLINA: 2014 UPDATE. Marti Phillips, Esq. Director, Identity Theft Unit South Carolina Department of Consumer Affairs
IDENTITY THEFT IN SOUTH CAROLINA: 2014 UPDATE Marti Phillips, Esq. Director, Identity Theft Unit South Carolina Department of Consumer Affairs This presentation is not meant to serve as a substitute for
More informationPolicies and Procedures: IDENTITY THEFT PREVENTION
Policies and Procedures: IDENTITY THEFT PREVENTION Section: Chapter: Policy: Compliance Administration Identity Theft Prevention I. PURPOSE The purpose of this policy is to protect patients and West Virginia
More information2. Privacy Policy Guidance Memorandum 2008-02, OHS Policy Regarding Privacy Impact Assessments (December 30, 2008)
3/30/2016 IV. Definitions 1. Privacy Policy Guidance Memorandum 2008-01, The Fair Information Practice Principles: Framework for Privacy Policy at the Department of Homeland Security (December 29, 2008)
More informationPRIVACY BREACH POLICY
Approved By Last Reviewed Responsible Role Responsible Department Executive Management Team March 20, 2014 (next review to be done within two years) Chief Privacy Officer Quality & Customer Service SECTION
More informationOur Commitment to Information Security
Our Commitment to Information Security What is HIPPA? Health Insurance Portability and Accountability Act 1996 The HIPAA Privacy regulations require health care providers and organizations, as well as
More informationSOUTH TEXAS COLLEGE. Identity Theft Prevention Program and Guidelines. FTC Red Flags Rule
SOUTH TEXAS COLLEGE Identity Theft Prevention Program and Guidelines FTC Red Flags Rule Issued June 24, 2009 Table of Contents Section Section Description Page # 1 Section 1: Program Background and Purpose
More informationEthics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015
Ethics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015 Katherine M. Layman Cozen O Connor 1900 Market Street Philadelphia, PA 19103 (215) 665-2746
More informationCYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131
CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 TOPICS 1. Threats to your business s data 2. Legal obligations
More informationPROFESSIONAL RISK PRIVACY CLAIMS SCENARIOS
PROFESSIONAL RISK PRIVACY CLAIMS SCENARIOS The following claim scenarios are hypothetical and are offered solely to illustrate the types of situations that may result in claims. Although sorted by industry,
More informationThe Institute of Professional Practice, Inc. Business Associate Agreement
The Institute of Professional Practice, Inc. Business Associate Agreement This Business Associate Agreement ( Agreement ) effective on (the Effective Date ) is entered into by and between The Institute
More informationACCG Identity Theft Prevention Program. ACCG 50 Hurt Plaza, Suite 1000 Atlanta, Georgia 30303 (404)522-5022 (404)525-2477 www.accg.
ACCG Identity Theft Prevention Program ACCG 50 Hurt Plaza, Suite 1000 Atlanta, Georgia 30303 (404)522-5022 (404)525-2477 www.accg.org July 2009 Contents Summary of ACCG Identity Theft Prevention Program...
More informationAlienVault for Regulatory Compliance
AlienVault for Regulatory Compliance Overview of Regulatory Compliance in Information Security As computers and networks have become more important in society they and the information they contain have
More informationREQUEST FOR PROPOSALS for Authorized Providers of Continuing Education Credits
REQUEST FOR PROPOSALS for Authorized Providers of Continuing Education Credits RFP ISSUANCE: January 22, 2015 PROPOSAL DUE DATE: Open Submittal I. ABOUT DBA INTERNATIONAL DBA International (DBA) is the
More informationIDENTITY THEFT PREVENTION PROGRAM
IDENTITY THEFT PREVENTION PROGRAM Implemented October 2009 Page 1 Table of Contents Background... 3 Purpose... 3 Definitions... 3 Pretext Calling... 4 Receiving Telephone Calls... 5 Change of Address...
More informationIDENTITY THEFT PREVENTION PROGRAM
LEGAL REQUIREMENTS Section 114 of the Federal Trade Commission s Fair and Accurate Credit Transactions Act of 2003 created the Red Flags Rule. This regulation requires the College to have an Identity Theft
More information