Technological Evolution

Size: px
Start display at page:

Download "Technological Evolution"

Transcription

1 Technological Evolution The Impact of Social Media, Big Data and Privacy on Business Consumer Privacy & Big Data Advice, Regulatory and Resulting Litigation Denise Banks Chief Privacy Officer BMO Financial Group Kofi Kwarteng Assistant GC Mead Johnson Nutrition Nathan Rohrer Chief Privacy Officer Whirlpool Rebecca Eisner Partner Mayer Brown LLP Jeff Taft Partner Mayer Brown LLP

2 Denise Banks US Chief Privacy Officer BMO Financial Group Kofi Kwarteng Assistant General Counsel Mead Johnson Nutrition Nathan Rohrer Chief Privacy Officer Whirlpool Rebecca Eisner Partner Mayer Brown LLP Jeff Taft Partner Mayer Brown LLP 2

3 Agenda Social media privacy overview Big data and analytics Internet of Things (IoT) Enforcement trends Panel discussion 3

4 Privacy Regime in US Sector-specific federal legislation (financial services, health care and education) and marketing restrictions State laws fill gaps or raise standards (e.g., consumer privacy, breach notification and data security) Industry standards, voluntary codes and government guidance Various state and federal agencies enforcing privacy laws, including FTC, HHS, banking regulators, SEC, CFTC and State Attorneys General 4

5 Privacy Regime in US Gramm-Leach-Bliley Act (GLBA) Fair Credit Reporting Act/FACT Act (FCRA) Federal Trade Commission Act (FTC Act) Children s Online Privacy Protection Act (COPPA) Telephone Consumer Protection Act (TCPA) Health Insurance Portability and Accountability Act (HIPAA) 5

6 State Privacy Regime Privacy, data breach and security laws California s SB 1 Data breach laws Massachusetts security regulations Laws applicable to online and mobile privacy California Online Privacy Protection Act Uniform Fiduciary Access to Digital Assets Act 6

7 Industry Standards, Codes of Conduct and Voluntary Programs in US Payment Card Industry Data Security Standards (PCI DSS) White House Privacy Blueprint Privacy Bill of Rights Multistakeholder process for mobile application disclosures, facial recognition technology and other areas NIST Cybersecurity Framework (Feb. 12, 2014) US-EU Safe Harbor Direct Marketing Association Guidelines 7

8 Best Practices to Address Regulatory Concerns Develop clear and conspicuous privacy statements and related notices Provide effective and efficient options for consumers to exercise choice/consent/control over information shared Heed the principles of collection, use and retention limitation Practice good security Be transparent with respect to behavioral targeting strategies and third party sharing 8

9 Big Data Overview Traditional Inputs Big Data Inputs Traditional Sources (product registrations) Electronic Sources (websites, etc.) Third party data Social Media Mobile Devices Internet of Things Big Data Analytics Powered by Cloud Computing Engines Value Risk Data Scientists 9

10 Big Data & Privacy Concerns Collection, use and dissemination of Big Data has potential privacy concerns under US and EU laws Is the collection and use of personal data/pii compliant with legal requirements? US and EU restrictions Anonymized data How are potential reputational risks minimized and what is best practice? Clear consumer disclosures Data minimization 10

11 Legal Compliance: EU Data Privacy Concerns At this stage no reason to believe that the EU data protection principles are no longer valued and appropriate for the development of Big Data, subject to further improvements to make them more effective in principle ~ EU Article 29 Working Party Statement September EC member Gunther Oettinger Speech February : Americans are in the lead. They have the data, the business models and the power,.they come along with their electronic vacuum cleaner and suck up all the data, take it back to California, process it and sell it as a service for money. Anyone who wants to take advantage of our data will have to comply with our rules or they are going to have trouble with the competition authorities. ~ New York Times Bits : Tough Talk from European Commissioner About U.S. Tech Companies 11

12 The Big Conundrum: When Does Anonymized Data Become Personal Data/PII? Big Data processing might enable patterns of behavior relating to specific individuals to be identified using information which in itself does not identify any particular individual. EU Privacy law will not apply to genuinely anonymized data. EU Privacy laws do apply to information which alone, or together with other information held by a data controller, can identify a living individual in particular: by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity ~ Article 2 EU Privacy Directive 95/46. 12

13 US Data Collection & Use Risks Collection of nonpublic personally identifiable information under US laws Anonymization/De-identification US privacy laws such as the Gramm Leach Bliley Act and FCRA generally do not cover aggregate information or blind data Anonymized or de-identified data can still present potential discrimination concerns (See, President s Report: Big Data and Differential Pricing February 2015) Whether information is truly anonymized or de-identified given the existing technology and ability of Big Data to correlate information should be a concern for companies relying on de-identification to avoid collection, use and sharing restrictions Fewer data points and zip code substitutes may be necessary to avoid correlation 13

14 US Data Collection & Use Risks Data Minimization General concern from regulators, consumers and politicians that companies tend to collect lots of information and retain the information for long periods of time often without any reason to believe it will be needed or used Review of certain data breaches has indicated data minimization would have prevented or mitigated the breach and steps have been taken to impose this requirement Examples PCI DSS impose limits on the types of information that can be collected and the time period for retention Data minimization included in some drafts of the federal data breach notice law; may eventually become a legal requirement imposed on anyone maintaining consumer information rather than best practice 14

15 Big Data Risks Adverse publicity (e.g., Samsung TV s recording voice data and Lenovo computers with embedded adware) The Well is Polluted Data has to be removed/cannot be used Investment is wasted The processes and practices are unlawful, unfair, opaque Risk of regulatory fines New EU Regulation proposes fines of up to 5% worldwide turnover Risk of consumer class actions In Re Google Privacy Policy litigation California and parallel European administrative actions 15

16 INTERNET OF THINGS Examples: In-vehicle telematics Fit bits Appliances/consumer products (e.g., beds) Medical devices

17 Internet of Things (IoT) Recent Developments FTC Report: Internet of Things Privacy & Security in a Connected World January 2015 U.S. Senate Committee on Commerce, Science & Transportation hearing on February 11, 2015 titled The Connected World: Examining the Internet of Things EU Article 29 Data Protection Working Party Opinion 8/2014 on Internet of Things 17

18 FTC Risks: Internet of Things Security: unauthorized access and misuse; attacks on systems; safety risks Privacy: collection of sensitive information, particularly over time, permitting inferences Undermining of consumer confidence 18

19 IoT Risks 1. Effective contracting with customers 2. Data collection issues 3. Data ownership, use and sharing 4. Data retention issues 5. Potential liability issues 6. Potential employee issues 7. Regulatory oversight risks 8. Additional issues faced in certain industries (e.g., auto industry distracted driver regulations)

20 Data Collection Issues Collect device data before the customer has signed up for the services? See Sirius XM Radio case for issue involving collection of data prior to user expressly entering into contract See OnStar example for issue involving collection of data postcancellation of services Effectiveness of online registration Changes in services or use of data require notice and consent?

21 Data Ownership, Use and Sharing Who owns IoT collected data? What rights does the individual have in the collected data? Does aggregated and anonymized use require consent? What if data has unintended secondary uses? Data sent from machinery reveals long idle periods, which reveal information about the operator of the machinery Data sent from medical device reveals worsening health of individual Geolocation information reveals private information and even trade secrets See article regarding Monsanto and DuPont s seed prescription services developed from data amassed from farms where farm techniques could be trade secrets

22 Other Risks Proposed legislation regarding collection and disclosure of geolocation information (e.g., Location Privacy Protection Act of 2014) without the user s consent. Risk that Internet-enabled devices may be remotely controlled or hacked by malicious third parties Commentators have noted that ease of availability of compliance, risk and product data may increase risk of more regulatory oversight and/or liability Regulators may demand data relating to regulatory compliance issues with devices More aggregation of data about devices may lead to more product liability claims, particularly class actions, as more data is discoverable to prove commonality of class action claims 22

23 FTC Enforcement Matters Data Collection Practices Snapchat Settles FTC Charges That Promises of Disappearing Messages Were False (May 8, 2014) Medical Billing Provider Settles FTC Charges That It Misled About Collection of Personal Health Data (Dec. 3, 2014) Data Security Practices Medical Transcript Services Company Settles FTC Charges That It Failed to Protect Consumers Information (Jan. 31, 2014) Fandango, Credit Karma Settle FTC Charges that They Deceived Consumers By Failing to Securely Transmit Information (March 28, 2014) 23

24 US-EU Safe Harbor Enforcement Matters In 2014, 14 companies across many industries settled with the FTC regarding noncompliance with aspects of the US- EU Safe Harbor In November 2014, FTC entered into settlement with TRUSTe TRUSTe provides certification seals that indicate that an online business complies with privacy standards such as the US-EU Safe Harbor Framework FTC alleged that TRUSTe failed to conduct annual recertification of businesses displaying privacy seal in over 1,000 instances 24

25 FTC Litigation Wyndham Worldwide Corporation In June 2013, FTC filed suit against Wyndham for alleged data security failures that led to three data breaches at hotels in less than two years Wyndham filed motion to dismiss complaint and motion was denied (April 2014) Wyndham appealed denial to US Circuit Court of Appeals for Third Circuit and appeal was argued last week Case could have significant ramifications for FTC and data security actions under Section 5(a) of FTC Act 25

26 Mayer Brown is a global legal services organization comprising legal practices that are separate entities ("Mayer Brown Practices"). The Mayer Brown Practices are: Mayer Brown LLP, a limited liability partnership established in the United States; Mayer Brown International LLP, a limited liability partnership incorporated in England and Wales; Mayer Brown JSM, a Hong Kong partnership, and its associated entities in Asia; and Tauil & Chequer Advogados, a Brazilian law partnership with which Mayer Brown is associated. "Mayer Brown" and the Mayer Brown logo are the trademarks of the Mayer Brown Practices in their respective jurisdictions.

Perspectives on Cybersecurity and Its Legal Implications

Perspectives on Cybersecurity and Its Legal Implications Survey Results 2015 Perspectives on Cybersecurity and Its Legal Implications a 2015 survey of corporate executives The National Institute of Standards and Technology (NIST), a non-regulatory agency of

More information

Privacy Law Basics and Best Practices

Privacy Law Basics and Best Practices Privacy Law Basics and Best Practices Information Privacy in a Digital World Stephanie Skaff sskaff@fbm.com What Is Information Privacy? Your name? Your phone number or home address? Your email address?

More information

Social Marketing & Liability

Social Marketing & Liability Social Marketing & Liability Fred E. Karlinsky, Esq. Co-Chair, Insurance Regulatory & Transactions Practice Shareholder, Greenberg Traurig Louisiana Insurers Conference Insurance Compliance Seminar August

More information

Financial Institutions and Cloud Computing What s on the Horizon

Financial Institutions and Cloud Computing What s on the Horizon Financial Institutions and Cloud Computing What s on the Horizon Rebecca Eisner Partner - Chicago +1 312 701 8577 reisner@mayerbrown.com Mark Prinsley Partner - London +44 203 130 3900 mprinsley@mayerbrown.com

More information

Cyber, PrivaCy. & Data SeCurity. www.mpplaw.com

Cyber, PrivaCy. & Data SeCurity. www.mpplaw.com Cyber, PrivaCy & Data SeCurity 360 www.mpplaw.com about our PraCtiCe Data is the lifeblood of our global economy. Collected, stored and transmitted, digital data not only imparts great opportunities, but

More information

Preparing For and Responding to a Computer Security Incident:

Preparing For and Responding to a Computer Security Incident: Preparing For and Responding to a Computer Security Incident: MAKINGTHE FIRST 72 HOURS COUNT Marcus A. Christian Partner mchristian@mayerbrown.com Rajesh De Partner & Head of Global Cybersecurity & Data

More information

Cloud Computing: A Primer on Legal Issues, Including Privacy and Data Security Concerns. Privacy and Information Management Practice / Washington, DC

Cloud Computing: A Primer on Legal Issues, Including Privacy and Data Security Concerns. Privacy and Information Management Practice / Washington, DC Cloud Computing: A Primer on Legal Issues, Including Privacy and Data Security Concerns Privacy and Information Management Practice / Washington, DC Disclaimer THIS PRESENTATION IS TO ASSIST IN A GENERAL

More information

Long-Expected Omnibus HIPAA Rule Implements Significant Privacy and Security Regulations for Entities and Business Associates

Long-Expected Omnibus HIPAA Rule Implements Significant Privacy and Security Regulations for Entities and Business Associates Legal Update February 11, 2013 Long-Expected Omnibus HIPAA Rule Implements Significant Privacy and Security Regulations for Entities and Business Associates On January 17, 2013, the Department of Health

More information

Technological Evolution

Technological Evolution Technological Evolution The Impact of Social Media, Big Data and Privacy on Business Government Regulation, Enforcement and Legislation on Privacy, Cyber Security and Social Media Jeff Brueggeman Vice

More information

Trends in Data Breach and CybersecurityRegulation, Legislation and Litigation. Part I

Trends in Data Breach and CybersecurityRegulation, Legislation and Litigation. Part I Trends in Data Breach and CybersecurityRegulation, Legislation and Litigation Part I March 20, 2014 Speakers John J. Sullivan, Partner, rejoined Mayer Brown after serving as General Counsel at the US Department

More information

Privacy and Data Breach Issues

Privacy and Data Breach Issues 15-013 Privacy and Data Breach Issues Konstantin Dino Tsibouris Founding Principal Tsibouris & Associates Columbus, Ohio Kirk Herath Associate General Counsel Nationwide Insurance Columbus, Ohio Table

More information

E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY

E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY Oana Dolea 7 th Annual Leg@l.IT Conference March 26th, 2013 Montreal, Canada INTRODUCTION Mobile e-commerce vs. E-commerce Mobile e-commerce:

More information

The Legal Pitfalls of Failing to Develop Secure Cloud Services

The Legal Pitfalls of Failing to Develop Secure Cloud Services SESSION ID: CSV-R03 The Legal Pitfalls of Failing to Develop Secure Cloud Services Cristin Goodwin Senior Attorney, Trustworthy Computing & Regulatory Affairs Microsoft Corporation Edward McNicholas Global

More information

Technological Evolution

Technological Evolution Technological Evolution The Impact of Social Media, Big Data and Privacy on Business Data Security: Before and After a Breach Occurs Archis A. Parasharami Partner Mayer Brown LLP David Hale Chief Privacy

More information

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation MELISSA J. KRASNOW, DORSEY & WHITNEY LLP

More information

Mind Your Business: Privacy, Data Security & Regulatory Compliance Best Practices & Guidance

Mind Your Business: Privacy, Data Security & Regulatory Compliance Best Practices & Guidance Mind Your Business: Privacy, Data Security & Regulatory Compliance Best Practices & Guidance National Bar Association - Commercial Law Section 2015 Corporate Counsel Conference February 26, 2015 www.alston.com

More information

Contracting for Cloud Computing

Contracting for Cloud Computing Contracting for Cloud Computing Geofrey L Master Mayer Brown JSM Partner +852 2843 4320 geofrey.master@mayerbrownjsm.com April 5th 2011 Mayer Brown is a global legal services organization comprising legal

More information

HCCA Compliance Institute 2013 Privacy & Security

HCCA Compliance Institute 2013 Privacy & Security HCCA Compliance Institute 2013 Privacy & Security 704 Conducting a Privacy Risk Assessment A Practical Guide to the Performance, Evaluation and Response April 23, 2013 Presented By Eric Dieterich Session

More information

The potential legal consequences of a personal data breach

The potential legal consequences of a personal data breach The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.

More information

Intellectual Property & Data Protection 2015: Legal developments you need to know about

Intellectual Property & Data Protection 2015: Legal developments you need to know about Intellectual Property & Data Protection 2015: Legal developments you need to know about Welcome This is a short guide to some of the key legal developments for intellectual property and data protection

More information

Internet Gaming: The New Face of Cyber Liability. Presented by John M. Link, CPCU Cottingham & Butler

Internet Gaming: The New Face of Cyber Liability. Presented by John M. Link, CPCU Cottingham & Butler Internet Gaming: The New Face of Cyber Liability Presented by John M. Link, CPCU Cottingham & Butler 1 Presenter John M. Link, Vice President jlink@cottinghambutler.com 2 What s at Risk? $300 billion in

More information

Introduction to Data Privacy & ediscovery Intersection of Data Privacy & ediscovery

Introduction to Data Privacy & ediscovery Intersection of Data Privacy & ediscovery Today s Topics Introduction to Data Privacy & ediscovery General Overview Data Privacy in the United States Data Privacy in Foreign Countries Intersection of Data Privacy & ediscovery Preservation of Data

More information

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Melissa J. Krasnow, Dorsey & Whitney LLP

More information

Threat and Vulnerability Management (TVM) Protecting IT assets through a comprehensive program. Chicago IIA/ISACA

Threat and Vulnerability Management (TVM) Protecting IT assets through a comprehensive program. Chicago IIA/ISACA www.pwc.com Vulnerability Management (TVM) Protecting IT assets through a comprehensive program Chicago IIA/ISACA 2 nd Annual Hacking Conference Introductions Paul Hinds Managing Director Cybersecurity

More information

Data Breach Cost. Risks, costs and mitigation strategies for data breaches

Data Breach Cost. Risks, costs and mitigation strategies for data breaches Data Breach Cost Risks, costs and mitigation strategies for data breaches Tim Stapleton, CIPP/US Deputy Global Head of Professional Liability Zurich General Insurance Data Breaches: Greater frequency,

More information

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Melissa J. Krasnow, Dorsey & Whitney LLP A Note discussing written information security programs (WISPs)

More information

Technological Evolution

Technological Evolution Technological Evolution The Impact of Social Media, Big Data and Privacy on Business Cybersecurity: Promoting Prevention and Resilience Steven Chabinsky William Ridgway Marcus Christian James Woods General

More information

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 TOPICS 1. Threats to your business s data 2. Legal obligations

More information

The Matrix Reloaded: Cybersecurity and Data Protection for Employers. Jodi D. Taylor

The Matrix Reloaded: Cybersecurity and Data Protection for Employers. Jodi D. Taylor The Matrix Reloaded: Cybersecurity and Data Protection for Employers Jodi D. Taylor Why Talk About This Now? Landscape is changing Enforcement by federal and state governments on the rise Legislation on

More information

2015 Outlook: Data Privacy and Security in the United States, the European Union and Hong Kong

2015 Outlook: Data Privacy and Security in the United States, the European Union and Hong Kong 2015 Outlook: Data Privacy and Security in the United States, the European Union and Companies and organizations face an ever-expanding set of statutes and regulations regarding consumer privacy, data

More information

Virginia Commonwealth University Information Security Standard

Virginia Commonwealth University Information Security Standard Virginia Commonwealth University Information Security Standard Title: Scope: Data Classification Standard This document provides the classification requirements for all data generated, processed, stored,

More information

NSA Data Collection and its Impact on Cloud and Outsourcing and Recent Privacy and Security Developments on Capitol Hill

NSA Data Collection and its Impact on Cloud and Outsourcing and Recent Privacy and Security Developments on Capitol Hill NSA Data Collection and its Impact on Cloud and Outsourcing and Recent Privacy and Security Developments on Capitol Hill Marcus Christian Partner +1 202 263 3731 mchristian@mayerbrown.com Howard W. Waltzman

More information

Data Protection in the United States

Data Protection in the United States Data Protection in the United States Bruce E. H. Johnson Chair, Privacy and Security Group Davis Wright Tremaine LLP Pacific Rim Advisory Council Singapore, October 18, 2011 Overview of US Privacy Regulations

More information

[ 2014 Privacy & Security Update ].

[ 2014 Privacy & Security Update ]. U.S. Privacy Law: Hiding in Plain Sight U.S. Federal Trade Commissioner Julie Brill Second German-American Data Protection Day Munich, Germany April 30, 2015 Thank you, Dr. Ehmann, for your kind introduction.

More information

Data Privacy and Cybersecurity Task Force

Data Privacy and Cybersecurity Task Force Data Privacy and Cybersecurity Task Force key contact Josephine Cicchetti Shareholder T: 202.965.8162 F: 202.965.8104 email We provide clients across industries with comprehensive counsel on complex, evolving,

More information

AlixPartners, LLP. General Data Protection Statement

AlixPartners, LLP. General Data Protection Statement AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection

More information

Clients Legal Needs in HIPAA Security Compliance

Clients Legal Needs in HIPAA Security Compliance Clients Legal Needs in HIPAA Security Compliance Robyn A. Meinhardt, JD, RN FOLEY & LARDNER LLP 2004 Preserving Attorney-Client Privilege and Work Product Protections 1 Relevance to Security Compliance

More information

Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So?

Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So? Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So? Bruce Heiman K&L Gates September 10, 2015 Bruce.Heiman@klgates.com (202) 661-3935 Why share information? Prevention

More information

CSR Breach Reporting Service Frequently Asked Questions

CSR Breach Reporting Service Frequently Asked Questions CSR Breach Reporting Service Frequently Asked Questions Quick and Complete Reporting is Critical after Data Loss Why do businesses need this service? If organizations don t have this service, what could

More information

Data Privacy: What your nonprofit needs to know. Donna Balaguer and Ed Lavergne Washington, D.C. February 5, 2015

Data Privacy: What your nonprofit needs to know. Donna Balaguer and Ed Lavergne Washington, D.C. February 5, 2015 Data Privacy: What your nonprofit needs to know Donna Balaguer and Ed Lavergne Washington, D.C. February 5, 2015 Overview 2 Data privacy versus data security Privacy polices and best practices Data security

More information

Cyber Risk Checklist: Compliance with Legal Obligations Grand Rapids Cyber Security Conference April 23, 2014

Cyber Risk Checklist: Compliance with Legal Obligations Grand Rapids Cyber Security Conference April 23, 2014 Cyber Risk Checklist: Compliance with Legal Obligations Grand Rapids Cyber Security Conference April 23, 2014 2014, Mika Meyers Beckett & Jones PLC All Rights Reserved Presented by: Jennifer A. Puplava

More information

Top Five Privacy and Data Security Issues for Nonprofit Organizations

Top Five Privacy and Data Security Issues for Nonprofit Organizations Top Five Privacy and Data Security Issues for Nonprofit Organizations Julia K. Tama, Esq. Jeffrey S. Tenenbaum, Esq. Association of Corporate Counsel Nonprofit Organizations Committee Legal Quick Hit MAY

More information

Policy Implications: Privacy, Security and Liability Big Data in Telecom. June 7 2012 TIA 2012: INSIDE THE NETWORK Dallas TX

Policy Implications: Privacy, Security and Liability Big Data in Telecom. June 7 2012 TIA 2012: INSIDE THE NETWORK Dallas TX Policy Implications: Privacy, Security and Liability Big Data in Telecom June 7 2012 TIA 2012: INSIDE THE NETWORK Dallas TX Who We Are Leading trade association in support of information and communications

More information

Protecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00)

Protecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00) Protecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00) May 15, 2009 LLP US Information Security Framework Historically industry-specific HIPAA Fair Credit Reporting

More information

Before the AmCham EU Transatlantic Conference (Mar. 3, 2011), available at http://useu.usmission.gov/kennard_amchameu_030311.html.

Before the AmCham EU Transatlantic Conference (Mar. 3, 2011), available at http://useu.usmission.gov/kennard_amchameu_030311.html. One Year Later: Privacy and Data Security in a World of Big Data, the Internet of Things, and Global Data Flows Keynote Address Before the USCIB/BIAC/OECD Conference on Promoting Inclusive Growth in the

More information

Employment Law Issues in Social Media

Employment Law Issues in Social Media Employment Law Issues in Social Media John Nadolenco Partner, Los Angeles Andrew Rosenman Partner, Chicago (213) 229-5173 (312) 701-8744 jnadolenco@mayerbrown.com arosenman@mayerbrown.com Mayer Brown is

More information

Privacy Risk Assessments

Privacy Risk Assessments Privacy Risk Assessments Michael Hulet Principal November 8, 2012 Agenda Privacy Review Definition Trends Privacy Program Considerations Privacy Risk Assessment Risk Assessment Tools Generally Accepted

More information

Privacy & Data Security

Privacy & Data Security Privacy & Data Security May 9, 2014 Presented at: SWBA 39 TH ANNUAL CONFERENCE by: James E. Prendergast, Esq. Overview Data Privacy Concerns: Unauthorized access, use, acquisition or disclosure of information

More information

Competitive Intelligence Acquisition and Reverse Engineering

Competitive Intelligence Acquisition and Reverse Engineering Competitive Intelligence Acquisition and Reverse Engineering Pitfalls and Best Practices in the US, the UK and Germany Richard M. Assmus Andrea C. Hutchison Dr. Ulrich Worm May 20, 2010 Sangeeta Puran

More information

Data Privacy & Security: Essential Questions Every Business Must Ask

Data Privacy & Security: Essential Questions Every Business Must Ask Data Privacy & Security: Essential Questions Every Business Must Ask Presented by: Riddell Williams P.S. Riddell Williams P.S. May 6, 2015 #4841-4703-9779 Innocent? 2 Overview 3 basic questions every business

More information

Federal Trade Commission

Federal Trade Commission Federal Trade Commission The FTC s Privacy and Data Security Program: Where It Came From, Where It s Going Jessica Rich 1 Director, Bureau of Consumer Protection, FTC International Association of Privacy

More information

Adding Cloud Solutions to Customer Contracts Robert J. Scott

Adding Cloud Solutions to Customer Contracts Robert J. Scott Adding Cloud Solutions to Customer Contracts Robert J. Scott MSP vs. Cloud Who owns the hardware? Where does the data reside? Dedicated vs. Multi tenant? Who contracts with 3 rd parties? How are services

More information

Cybersecurity: Protecting Your Business. March 11, 2015

Cybersecurity: Protecting Your Business. March 11, 2015 Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks

More information

HIPAA and Beyond: The Evolving Landscape of Health Privacy

HIPAA and Beyond: The Evolving Landscape of Health Privacy HIPAA and Beyond: The Evolving Landscape of Health Privacy Melissa Bianchi, Hogan Lovells US LLP Ann Tobin, UnitedHealth Group IAPP Global Privacy Summit, March 9, 2012 No Longer Just HIPAA New developments

More information

Re: Big Data Request for Information

Re: Big Data Request for Information March 31, 2014 Attn: Big Data Study Office of Science and Technology Policy Eisenhower Executive Office Building 1650 Pennsylvania Avenue NW Washington, D.C. 20502 Ladies and Gentlemen: Re: Big Data Request

More information

Big Data for Mutuals. Marc Dautlich 25 November 2013

Big Data for Mutuals. Marc Dautlich 25 November 2013 Big Data for Mutuals Marc Dautlich 25 November 2013 Agenda BIG DATA What is it? OPPORTUNITIES What are they? LEGAL CHALLENGES How do we overcome them? LEGAL REFORM What can we do now to minimise impact?

More information

Cyberprivacy and Cybersecurity for Health Data

Cyberprivacy and Cybersecurity for Health Data Experience the commitment Cyberprivacy and Cybersecurity for Health Data Building confidence in health systems Providing better health care quality at lower cost will be the key aim of all health economies

More information

Data Privacy & Security in the Cloud: Legal Basics and New Developments

Data Privacy & Security in the Cloud: Legal Basics and New Developments Data Privacy & Security in the Cloud: Legal Basics and New Developments Lawrence R. Freedman Partner, Edwards Wildman Palmer LLP lfreedman@edwardswildman.com (202) 939-7923 1 The Basics Two basic data

More information

Delaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP

Delaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP Changing Legal Landscape in Cybersecurity: Implications for Business Delaware Cyber Security Workshop September 29, 2015 William R. Denny, Esquire Potter Anderson & Corroon LLP Agenda Growing Cyber Threats

More information

ACE Advantage PRIVACY & NETWORK SECURITY

ACE Advantage PRIVACY & NETWORK SECURITY ACE Advantage PRIVACY & NETWORK SECURITY SUPPLEMENTAL APPLICATION COMPLETE THIS APPLICATION ONLY IF REQUESTING COVERAGE FOR PRIVACY LIABILITY AND/OR NETWORK SECURITY LIABILITY COVERAGE. Please submit with

More information

C H A MB E R O F C O M ME R C E O F T H E U N IT E D S T A T E S OF A M E R IC A

C H A MB E R O F C O M ME R C E O F T H E U N IT E D S T A T E S OF A M E R IC A C H A MB E R O F C O M ME R C E O F T H E U N IT E D S T A T E S OF A M E R IC A W I L L I A M L. K O V A C S S E N I O R V I C E P R E S I D E N T E N V I R O N M E N T, T E C H N O L O G Y & R E G U

More information

MASSIVE NETWORKS Online Backup Compliance Guidelines... 1. Sarbanes-Oxley (SOX)... 2. SOX Requirements... 2

MASSIVE NETWORKS Online Backup Compliance Guidelines... 1. Sarbanes-Oxley (SOX)... 2. SOX Requirements... 2 MASSIVE NETWORKS Online Backup Compliance Guidelines Last updated: Sunday, November 13 th, 2011 Contents MASSIVE NETWORKS Online Backup Compliance Guidelines... 1 Sarbanes-Oxley (SOX)... 2 SOX Requirements...

More information

A LEGAL GUIDE TO CLOUD COMPUTING

A LEGAL GUIDE TO CLOUD COMPUTING A LEGAL GUIDE TO CLOUD COMPUTING INTRODUCTION Many companies are considering implementation of cloud computing services to decrease IT costs while providing the flexibility to scale usage on demand. The

More information

Cyber Risks in the Boardroom

Cyber Risks in the Boardroom Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks in a Changing

More information

The Year Ahead in Privacy and Data Security

The Year Ahead in Privacy and Data Security Contact: Timothy J. Toohey Partner 213.417.5324 ttoohey@mpplaw.com The Year Ahead in Privacy and Data Security 2014 promises to be another eventful year in the privacy and data security fields. Although

More information

Information Security Law: Control of Digital Assets.

Information Security Law: Control of Digital Assets. Brochure More information from http://www.researchandmarkets.com/reports/2128523/ Information Security Law: Control of Digital Assets. Description: For most organizations, an effective information security

More information

Implementing Privacy Compliant Hybrid Cloud Solutions

Implementing Privacy Compliant Hybrid Cloud Solutions Implementing Privacy Compliant Hybrid Cloud Solutions SESSION ID: DSP-T07A Peter J Reid Privacy Officer, Enterprise Business Hewlett-Packard Company Historical IT Outsourcing Perspective Cloud Web 2.0

More information

DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT

DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT Advisor Article DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT By James R. Carroll, David S. Clancy and Christopher G. Clark* Skadden, Arps, Slate, Meagher & Flom Customer data security

More information

Prepare for the Worst: Best Practices for Responding to Cybersecurity Breaches Trivalent Solutions Expo June 19, 2014

Prepare for the Worst: Best Practices for Responding to Cybersecurity Breaches Trivalent Solutions Expo June 19, 2014 Prepare for the Worst: Best Practices for Responding to Cybersecurity Breaches Trivalent Solutions Expo June 19, 2014 2014, Mika Meyers Beckett & Jones PLC All Rights Reserved Presented by: Jennifer A.

More information

Cybersecurity and Data Breach: Mitigating Risk and How Government Policymakers Approach These Critical Issues

Cybersecurity and Data Breach: Mitigating Risk and How Government Policymakers Approach These Critical Issues Cybersecurity and Data Breach: Mitigating Risk and How Government Policymakers Approach These Critical Issues Todd Bertoson Daniel Gibb Erin Sheppard Principal Senior Managing Associate Counsel todd.bertoson@dentons.com

More information

Data security: A growing liability threat

Data security: A growing liability threat Data security: A growing liability threat Data security breaches occur with alarming frequency in today s technology-laden world. Even a comparatively moderate breach can cost a company millions of dollars

More information

Cyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day

Cyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day Lloyd s of London (Reuters) May 8, 2000 Cyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day Rivers Casino, Pittsburgh November 17, 2014

More information

Protecting Employee and Customer Privacy in an Era of Big Data Monitoring

Protecting Employee and Customer Privacy in an Era of Big Data Monitoring FEBRUARY 3 5, 2015 / THE HILTON NEW YORK Protecting Employee and Customer Privacy in an Era of Big Data Monitoring This program addresses the challenges associated with protecting employee and customer

More information

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd Data breach, cyber and privacy risks Brian Wright Lloyd Wright Consultants Ltd Contents Data definitions and facts Understanding how a breach occurs How insurance can help to manage potential exposures

More information

WESTLAW JOURNAL COMPUTER & INTERNET

WESTLAW JOURNAL COMPUTER & INTERNET Westlaw Journal COMPUTER & INTERNET Litigation News and Analysis Legislation Regulation Expert Commentary VOLUME 30, ISSUE 21 / MARCH 22, 2013 Expert Analysis The FTC and Mobile Privacy By John L. Hines

More information

Technology and Innovation in Financial Services

Technology and Innovation in Financial Services Technology and Innovation in Financial Services David Beam Partner +1 202 263 3375 dbeam@mayerbrown.com Marcus Christian Partner +1 202 263 3731 mchristian@mayerbrown.com Ori Lev Partner +1 202 263 3270

More information

Big Data and Cybersecurity: Standards for Safeguarding Personal Information

Big Data and Cybersecurity: Standards for Safeguarding Personal Information White Paper Big Data and Cybersecurity: Standards for Safeguarding Personal Information Domestic and multinational companies are increasingly focused on safeguarding personal information due largely to

More information

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC Data breach! cyber and privacy risks Brian Wright Michael Guidry Lloyd Guidry LLC Collaborative approach Objective: To develop your understanding of a data breach, and risk transfer options to help you

More information

U.S. Information Privacy Law

U.S. Information Privacy Law U.S. Information Privacy Law Ivan Rothman Joseph Grasser January 28, 2014 Introduction and Agenda Sources of US Privacy Law Some Basic Concepts Sectors of US Privacy Law Non-Sector Specific Issues Privacy

More information

The Cyber Attack and Hacking Epidemic A Legal and Business Survival Guide

The Cyber Attack and Hacking Epidemic A Legal and Business Survival Guide The Cyber Attack and Hacking Epidemic A Legal and Business Survival Guide Practising Law Institute January 9, 2012 Melissa J. Krasnow, Partner, Dorsey & Whitney LLP, and Certified Information Privacy Professional

More information

Bloomberg BNA Professional Learning Legal Course Catalog OnDemand Programs

Bloomberg BNA Professional Learning Legal Course Catalog OnDemand Programs Bloomberg BNA Professional Learning Legal Course Catalog OnDemand Programs *This is a sample course catalog. BBNA is in the process of moving all of our recorded content on to our new platform. Not all

More information

Data Breach Reporting: Summary of Governing Bodies with Reporting Requirements in the United States

Data Breach Reporting: Summary of Governing Bodies with Reporting Requirements in the United States Data Breach Reporting: Summary of Governing Bodies with Reporting Requirements in the United States Introduction When it comes to Personally Identifiable Information (PII), privacy laws and regulations

More information

TERMINATION PAYMENTS AND INTERNATIONALLY MOBILE EMPLOYEES

TERMINATION PAYMENTS AND INTERNATIONALLY MOBILE EMPLOYEES Article A similar version of this article first appeared in tax Journal, 18 November 2013 TERMINATION PAYMENTS AND INTERNATIONALLY By James Hill Speed Read: The taxation of termination payments paid to

More information

Major Changes Introduced by the New Companies Ordinance Companies Limited by Guarantee 1

Major Changes Introduced by the New Companies Ordinance Companies Limited by Guarantee 1 Major s Introduced by the New Companies Ordinance Companies Limited by Guarantee 1 1. Abolition of Memorandum of Association Memorandum of Association is abolished for all local companies. Current provisions

More information

Insulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact. February 10, 2015

Insulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact. February 10, 2015 Insulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact February 10, 2015 Overview 1 The Legal Risks And Issues/The Role Of Legal Counsel: The Breach Coach The Slippery

More information

Cybersecurity Assessment

Cybersecurity Assessment Cybersecurity Assessment What Will the Regulators Be Looking For? Legal Counsel to the Financial Services Industry Digital Commerce & Payments Series Webinar March 18, 2015 1 Introduction & Overview Today

More information

Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked

Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked Linda Vincent, R.N., P.I., CITRMS Vincent & Associates Founder The Identity Advocate San Pedro, California The opinions expressed

More information

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS As a world leader in electronic commerce and payment services, First Data Corporation and its subsidiaries ( First Data entity or entities ),

More information

Diane Honeycutt National Institute of Standards and Technology (NIST) 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899

Diane Honeycutt National Institute of Standards and Technology (NIST) 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 Submitted via email: cyberframework@nist.gov April 8, 2013 Diane Honeycutt National Institute of Standards and Technology (NIST) 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 Re: Developing a Framework

More information

MEMORANDUM MEMBERS OF THE SENATE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION

MEMORANDUM MEMBERS OF THE SENATE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION MEMORANDUM TO: FROM: MEMBERS OF THE SENATE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION REPUBLICAN COMMITTEE STAFF DATE: FEBRUARY 3, 2015 RE: SUBCOMMITTEE HEARING ON GETTING IT RIGHT ON DATA SECURITY

More information

CYBERSECURITY FRAUD LOSS ISSUES & HOW TO ADDRESS RISKS IN TODAY'S INSURANCE MARKETPLACE 12/16/2015. December 17, 2015

CYBERSECURITY FRAUD LOSS ISSUES & HOW TO ADDRESS RISKS IN TODAY'S INSURANCE MARKETPLACE 12/16/2015. December 17, 2015 12/16/2015 CYBERSECURITY FRAUD LOSS ISSUES & HOW TO ADDRESS RISKS IN TODAY'S INSURANCE MARKETPLACE December 17, 2015 Angela R. Morelock, CPA, CFE, CFF, ABV Partner, BKD, LLP amorelock@bkd.com Jeff Eiserman

More information

HOW DID NETWORK SECURITY AND PRIVACY ISSUES BECOME D&O EXPOSURES?

HOW DID NETWORK SECURITY AND PRIVACY ISSUES BECOME D&O EXPOSURES? HOW DID NETWORK SECURITY AND PRIVACY ISSUES BECOME D&O EXPOSURES? MODERATOR: Richard J. Bortnick, Esq., Defense Attorney, Cozen O Connor PANELISTS: Anjali Das, MBA, Esq., Partner, Wilson Elser Moskowitz

More information

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN Major Changes to HIPAA Security and Privacy Rules Enacted in Economic Stimulus Package By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN The HITECH Act is the

More information

Building Trust and Confidence in Healthcare Information. How TrustNet Helps

Building Trust and Confidence in Healthcare Information. How TrustNet Helps Building Trust and Confidence in Healthcare Information The management of healthcare information in the United States is regulated under the HIPAA (Health Insurance Portability and Accountability Act)

More information

Data Security Standard (DSS) Compliance. SIFMA June 13, 2012

Data Security Standard (DSS) Compliance. SIFMA June 13, 2012 Payment Card Industry (PCI) Data Security Standard (DSS) Compliance SIFMA June 13, 2012 EisnerAmper Consulting Services Group Overview of EisnerAmper Fifth fhlargest accounting firm in the Metro New York

More information

KEY LEGAL ISSUES IN TODAY S MOBILE MARKETING:

KEY LEGAL ISSUES IN TODAY S MOBILE MARKETING: KEY LEGAL ISSUES IN TODAY S MOBILE MARKETING: Emerging Trends in Mobile Technology, Location-Based Services, and Mobile Commerce Mark Bisard, American Express Nate Hole, Loeb & Loeb LLP Brian Nixon, Loeb

More information

Title V Preventing Fraud and Abuse. Subtitle A- Establishment of New Health and Human Services and Department of Justice Health Care Fraud Positions

Title V Preventing Fraud and Abuse. Subtitle A- Establishment of New Health and Human Services and Department of Justice Health Care Fraud Positions Title V Preventing Fraud and Abuse Subtitle A- Establishment of New Health and Human Services and Department of Justice Health Care Fraud Positions Sec. 501. Health and Human Services Senior Advisor There

More information

(1) regulate the storage, retention, transmission, and security measures for credit card, debit card, and other payment-related data;

(1) regulate the storage, retention, transmission, and security measures for credit card, debit card, and other payment-related data; Legal Updates & News Legal Updates Pending Changes to California s Data Breach Law: New Burdens for Retailers? September 2007 by Christine E. Lyon, William L. Stern Related Practices: Privacy and Data

More information

Data, Privacy, Cookies and the FTC in 2013. Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller

Data, Privacy, Cookies and the FTC in 2013. Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller Data, Privacy, Cookies and the FTC in 2013 Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller BIOS Kevin Stark: Product Manager at ExactTarget. Focused on data security,

More information