Protect Your Privates
|
|
- Lydia Greer
- 3 years ago
- Views:
From this document you will learn the answers to the following questions:
What are the regulations that govern privacy?
What is one reason for more privacy laws and regulations?
Who is in charge of the White House Big Data Initiative?
Transcription
1
2 Protect Your Privates Session 502 June 10, :45 PM IASA 86 TH ANNUAL EDUCATIONAL CONFERENCE & BUSINESS SHOW
3 Agenda Introductions Objectives Overview of Privacy Laws and Regulations Recent Breaches Current and Future Trends Risk Mitigation Strategies
4 Chris Tait, CISA, CCSK Principal Baker Tilly Virchow Krause, LLP
5 Mike Cullen, CISA, CISSP, CIPP/US Senior Manager Baker Tilly Virchow Krause, LLP
6 POLL Poll Everywhere Online = pollev.com/mc99 Text = 22333
7 Objectives Review the definition and certain standards for privacy Review insurance specific privacy specific laws and regulations Learn about recent data breaches Discuss current and future trends in privacy Debate risk mitigation strategies with session participants
8 Overview of Privacy What is privacy? The rights and obligations of individuals and organizations with respect to the collection, use, retention, and disclosure of personal information.» Source: American Institute of Certified Public Accountants (AICPA) Generally Accepted Privacy Principles
9 Overview of Privacy What is the difference between privacy and security? Privacy is concerned with enabling individuals to have say over how their personal information is collected, used, retained, and disclosed. Security is concerned with protecting information from inappropriate access, modification, or destruction. To achieve privacy, you must have security. Both security and privacy are business issues. 9
10 Overview of Privacy What is personally identifiable information (PII)? Information that can be attributable and used to identify a specific individual may include: Name Social Security Number Residential and Office addresses Phone numbers Account numbers (e.g., driver s license, financial) Demographics (e.g., age, gender, race, ethnicity) Identification numbers (e.g., student ID, driver s license, IP address) Claims records Physical characteristics (e.g., face, eyes, fingerprints, handwriting) Profile (e.g., buying history, browsing history,
11 Overview of Privacy Why does privacy matter to insurance companies? Exceptional volume and variety of personal information (e.g., policies, health records, incident history) Increased complexity and oversight challenges Subject to many privacy laws and regulations due to breadth and nature of business operations Intrinsic reputational importance of services
12 Overview of Privacy Benefits Brand protection Market confidence Customer Loyalty Trust Competitive differentiation Risks Negative publicity Lost business Damaged relationships Legal liability and financial loss Regulatory or industry sanctions 12
13 Laws and Regulations CAN-SPAM Gramm Leach Bliley Act (GLBA) Drivers Privacy Protection Act (DPPA) Fair Credit Reporting Act (FCRA) Genetic Information Nondiscrimination Act (GINA) HIPAA and HITECH Act Identity Theft Red Flags International Laws PCI DSS State Data Protection and Breach Notification Laws
14 PCI DSS Version 3.0 PCI DSS - Version 3.0 (effective on January 1, 2014) Have until January 1, 2015 to be in compliance Some changes are future dated requirements and are best practices until July 1, 2015 Three change types clarification (vast majority), additional guidance, and evolving requirements
15 State Data Protection and Breach Notification Laws Data protection and breach notification laws 47 states, DC, Guam, Puerto Rico, US Virgin Islands Exception Alabama, New Mexico, South Dakota Kentucky joined the club April 11, 2014 Minnesota, Nevada, and Washington have all passed laws that codify some or all aspects of PCI DSS Generally these laws apply to all entities that have data about the respective state s residents, regardless if the entity does business in that state Laws dictate specific info types (PII, financial, genetic)
16 Laws and Regulations Future laws and regulations Federal Breach Notification White House Big Data Initiative
17 Federal Breach Notification Personal Data Privacy and Security Act of 2014 Sen. Patrick Leahy In committee Application Privacy, Protection, and Security Act of 2013 Rep. Hank Johnson In committee
18 Federal Breach Notification Federal Agency Data Breach Notification Act of 2014 Rep. Gerry Connolly In committee Personal Data Protection and Breach Accountability Act of 2014 Sen. Richard Blumenthal In committee
19 White House Big Data Initiative President s Council of Advisors on Science and Technology (PCAST) issued report May 1, 2014 Recommendations: Advance the Consumer Privacy Bill of Rights Pass National Data Breach Legislation Extend Privacy Protections to non-u.s. Persons Ensure Data Collected on Students in School is used for Educational Purposes Expand Technical Expertise to Stop Discrimination Amend the Electronic Communications Privacy Act
20 Recent Breaches Nationwide Insurance AppleCare Insurance Services Continental American Insurance BCBS NJ
21 Recent Warnings sans.org FBI Warns Healthcare Industry of Cyber Security Risks (April 2014) The FBI has issued two private industry notices (PINs) to the healthcare sector, warning that cyber attacks against devices and systems in that industry are likely to increase. The transition to electronic health records (EHRs), weak security, and the value of medical data on black market are all indicators that the number of attacks will rise.
22 Recent Warnings sans.org Medical Devices Lack Adequate Security (April 2014) A study of medical equipment at a chain of health care facilities in the Midwest found drug infusion pumps that could be remotely controlled to alter dosages; Bluetooth enabled defibrillators that could be manipulated to deliver or prevent shocks; and electronic medical records with inadequate protections, leaving them vulnerable to alteration and theft. Many devices lacked access authentication requirements, and many had weak or hardcoded passwords. Of particular concern were embedded web services that let devices communicate with each other and deliver data to electronic medical records.
23 Recent Warnings sans.org Study Shows More than 40 Percent of Identity Theft is Medical-Related (April 2014) A survey recently released by the Identity Theft Resource Center found that 43 percent of all identity thefts reported in the US in 2013 were medicalrelated. Stolen medical identity information has been used to obtain treatment and prescription medicines; medical identity fraud also places incorrect information in the patients health records.
24 Data Costs Ponemon Institute (2013 study) Mean = $136 Financial industry = $215 Krebs on Security Black market worth itunes accounts for $8 Groupon.com accounts for $5 Facebook and Twitter retail for $2.50
25 Breach Stats Verizon Data Breach Report 50 CONTRIBUTING GLOBAL ORGANIZATIONS 1,367 CONFIRMED DATA BREACHES 63,437 SECURITY INCIDENTS 95 COUNTRIES REPRESENTED
26 Incident Types
27 Who Got Hit 20% Companies that were sought out 80% Victims of opportunity 90+% could have been stopped using fundamental precautions
28 Current and Future Trends Big Data Alternative Scoring Products Mobile Devices Lawsuits and Cyber Insurance Internet of Things
29 Current and Future Trends Big Data Definition Meta Data Third party Data
30 Big Data Gartner = Data encompassing the three Vs : Volume, Velocity and Variety Oracle = Derivation of value from traditional relational database-driven business decision making, augmented with new sources of unstructured data Intel = Data analyzed in this way are business transactions stored in relational databases, followed by documents, e- mail, sensor data, blogs, and social media
31 Big Data Microsoft = The process of applying serious computing power to seriously massive and often highly complex sets of information Method for an Integrated Knowledge Environment (MIKE) open-source project = A function of the complexity of a data set with a high degree of permutations and interactions within the set National Institute of Standards and Technology (NIST) = Data that exceed(s) the capacity or capability of current or conventional methods and systems
32 What is Big Data? High volume, high velocity, and/or high variety information assets that require new forms of processing to enable enhanced decision making, insight discovery, and process optimization Doug Laney, "The Importance of Big Data: A Definition, Gartner
33 Big Data Meta Data Third-party Data
34 Source: GAO
35 Data Broker Characteristics (FTC Report May 2014) Data Brokers Collect Consumer Data from Numerous Sources, Largely Without Consumers Knowledge The Data Broker Industry is Complex, with Multiple Layers of Data Brokers Providing Data to Each Other Data Brokers Collect and Store Billions of Data Elements Covering Nearly Every U.S. Consumer Data Brokers Combine and Analyze Data About Consumers to Make Inferences About Them, Including Potentially Sensitive Inferences Data Brokers Combine Online and Offline Data to Market to Consumers Online
36 Current and Future Trends Alternative Scoring Products Built using predictive modeling. Predictive modeling uses copious amounts of information fed through analytical methods to predict the future, based on past information.
37 Example Scores Energy consumption scores Scores that identify the approximate credit capacity of neighborhoods instead of individuals Health risk scores Target s Pregnancy Predictor Score
38 Example Scores Acxiom offers a Consumer Prominence Indicator Score that quantifies the size of a specific consumer s economic footprint, indicating the historical consumer purchasing and relative amount of marketing activity surrounding that individual. World Privacy Forum, The Scoring of America Report
39 One company states they use 300 billion data attributes in compiling their predictive scores, compiled from 8,000 data files World Privacy Forum, The Scoring of America Report
40 Risks/Challenges: Why and How? HOW? Volume = Capture, store, process data Notice and consent Storage costs Processing power limits Velocity = Different rates, systems Correlation Analysis Variety = Integrity of data Completeness Structured vs. unstructured
41 Source: FTC
42 Current and Future Trends Mobile Devices Data Apps Devices Organization owned vs. Bring Your Own Device (BYOD) People
43 Mobile Device Framework DATA WEB/APPS DEVICES PEOPLE Data App Phone Policy Confidential Data Web Tablet Agreement Restricted Practices Data App Laptop Procedures Internal Use Data Web Practices Public Data App Risk Assessment
44 Current and Future Trends Lawsuits Curry v. AvMed, Inc.
45 Current and Future Trends Cyber Insurance
46 Current and Future Trends Internet of Things Cameras Alarm systems Thermostats Smoke detectors Automobiles/OBD RFID (state use restrictions)
47 Internet of Things Autos AAA recently estimated that one in five new cars sold this year will collect and transmit data outside the vehicle. According to one survey, cars may make up over five percent of connected devices by 2025.
48 Internet of Things Autos The recent Government Accounting Office (GAO) report on in-car, location-based services assessed industry practices regarding connected car location data against the Fair Information Practice Principles. This report focused specifically on disclosures, consumer consent and control, data safeguards and retention policies and company accountability. The GAO s report was generally positive, reflecting the obvious attention companies in the connected car ecosystem are paying to privacy issues. The companies understand that consumer adoption of the new technologies requires consumer trust, and consumer trust requires a demonstration of robust privacy and security controls.
49 Internet of Things (IoT) Privacy issues: Notice Purpose limitation Proportionality Data accuracy People's rights Security
50 Risk Mitigation Strategies Accept Manage Transfer Avoid
51 Risk Mitigation Strategies Accept Is it a formal process or just acceptance by implicit consent?
52 Risk Mitigation Strategies Manage Policies Practices Audits
53 Risk Mitigation Strategies Transfer Vendor management SOC Reports
54 Risk Mitigation Strategies Avoid
55 Disclosure Pursuant to the rules of professional conduct set forth in Circular 230, as promulgated by the United States Department of the Treasury, nothing contained in this communication was intended or written to be used by any taxpayer for the purpose of avoiding penalties that may be imposed on the taxpayer by the Internal Revenue Service, and it cannot be used by any taxpayer for such purpose. No one, without our express prior written permission, may use or refer to any tax advice in this communication in promoting, marketing, or recommending a partnership or other entity, investment plan, or arrangement to any other party. Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. The information provided here is of a general nature and is not intended to address specific circumstances of any individual or entity. In specific circumstances, the services of a professional should be sought Baker Tilly Virchow Krause, LLP 55
56 Contact information Chris Tait, CISA, CFSA, CCSK Principal Baker Tilly Virchow Krause, LLP Mike Cullen, CISA, CISSP, CIPP/US Senior Manager Baker Tilly Virchow Krause, LLP 56
57 Please complete the Session Evaluation Form on the conference app and include your conference Registration ID# to be included in a drawing for a free conference registration for the 2014 Annual Conference! NOTE: Your conference Registration ID# is located at the bottom left hand corner of your badge. IASA 86 TH ANNUAL EDUCATIONAL CONFERENCE & BUSINESS SHOW
Auditing your institution's cybersecurity incident/breach response plan. Baker Tilly Virchow Krause, LLP
Auditing your institution's cybersecurity incident/breach response plan Objectives > Provide an overview of incident/breach response plans and their intended benefits > Describe regulatory/legal requirements
More informationHIPAA Compliance: Are you prepared for the new regulatory changes?
HIPAA Compliance: Are you prepared for the new regulatory changes? Baker Tilly CARIS Innovation, Inc. April 30, 2013 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed
More informationNetwork Security & Privacy Landscape
Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies
More informationHCCA Compliance Institute 2013 Privacy & Security
HCCA Compliance Institute 2013 Privacy & Security 704 Conducting a Privacy Risk Assessment A Practical Guide to the Performance, Evaluation and Response April 23, 2013 Presented By Eric Dieterich Session
More informationHow To Protect Your Organization From Liability From A Cell Phone (For Business)
Bring Your Own Device: A Framework for Audit March 6, 2013 1 Webinar Moderator Phil Hurd ACUA President 2 Your Presenters Mike Cullen, Senior Manager CISA, CISSP, CIPP/US > Leads the firm s Technology
More informationBig Data, Big Risk, Big Rewards. Hussein Syed
Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data
More informationWELCOME TO SECURE360 2013
WELCOME TO SECURE360 2013 Don t forget to pick up your Certificate of Attendance at the end of each day. Please complete the Session Survey front and back, and leave it on your seat. Are you tweeting?
More informationData Privacy & Security: Essential Questions Every Business Must Ask
Data Privacy & Security: Essential Questions Every Business Must Ask Presented by: Riddell Williams P.S. Riddell Williams P.S. May 6, 2015 #4841-4703-9779 Innocent? 2 Overview 3 basic questions every business
More informationTape Vaulting Audit And Encryption Usage Analysis
Tape Vaulting Audit And Encryption Usage Analysis Prepared for Public Presentation (includes SB 1386, Gramm Leach Bliley, and Personal Data Protection and Security Act of 2005 Customer Information Protection
More informationUnderstanding changes to the Trust Services Principles for SOC 2 reporting
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Understanding changes to the Trust Services Principles for SOC 2 reporting
More informationData Breach Cost. Risks, costs and mitigation strategies for data breaches
Data Breach Cost Risks, costs and mitigation strategies for data breaches Tim Stapleton, CIPP/US Deputy Global Head of Professional Liability Zurich General Insurance Data Breaches: Greater frequency,
More informationBest practices and insight to protect your firm today against tomorrow s cybersecurity breach
Best practices and insight to protect your firm today against tomorrow s cybersecurity breach July 8, 2015 Baker Tilly Virchow Krause, LLP Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently
More informationCSR Breach Reporting Service Frequently Asked Questions
CSR Breach Reporting Service Frequently Asked Questions Quick and Complete Reporting is Critical after Data Loss Why do businesses need this service? If organizations don t have this service, what could
More informationCompliance Challenges. Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard. Increased Audits & On-site Investigations
Enabling a HITECH & HIPAA Compliant Organization: Addressing Meaningful Use Mandates & Ensuring Audit Readiness Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard Compliance Mandates Increased
More informationData Security Breaches: Learn more about two new regulations and how to help reduce your risks
Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches
More informationplantemoran.com What School Personnel Administrators Need to know
plantemoran.com Data Security and Privacy What School Personnel Administrators Need to know Tomorrow s Headline Let s hope not District posts confidential data online (Tech News, May 18, 2007) In one of
More informationDATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH
DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH Andy Watson Grant Thornton LLP. All rights reserved. CYBERSECURITY 2 SURVEY OF CHIEF AUDIT EXECUTIVES (CAEs) GRANT THORNTON'S 2014 CAE SURVEY Data privacy and
More informationPrivacy Legislation and Industry Security Standards
Privacy Legislation and Issue No. 3 01010101 01010101 01010101 Information is generated about and collected from individuals at an unprecedented rate in the ordinary course of business. In most cases,
More informationData, Data Everywhere - What Are You Doing to Protect Yourself?
Data, Data Everywhere - What Are You Doing to Protect Yourself? How to protect yourself from personal data theft May 29-30, 2013 Presentation Overview What data should you be worried about protecting?
More informationPII Personally Identifiable Information Training and Fraud Prevention
PII Personally Identifiable Information Training and Fraud Prevention Topics What is Personally Identifiable Information (PII)? Why are we committed to protecting PII? What laws govern us? How do we comply?
More informationUpdates within Network Security and Privacy Risk Management
Updates within Network Security and Privacy Risk Management RIMS Minneapolis Meeting Melissa Krasnow, Partner, Dorsey & Whitney LLP (Minneapolis, MN) Mario Paez, Midwest Practice Leader for Tech., Privacy,
More informationData Breach 101 How to Avoid a Virtual Catastrophe
Data Breach 101 How to Avoid a Virtual Catastrophe Presented by Eduard Goodman, J.D., LL.M., CIPP Chief Privacy Officer In partnership with IDentity Theft 911 is solely responsible for the content of this
More informationHot Topics in IT. CUAV Conference May 2012
Hot Topics in IT CUAV Conference May 2012 Baker Tilly Virchow Krause, LLP Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International.
More informationNetwork Security & Privacy Landscape
Network Security & Privacy Landscape Presented By: Pam Townley, AVP / Eastern Zonal Manager AIG Professional Liability Division Jennifer Bolling, Account Executive Gallagher Management Liability Division
More informationWhere Do You Draw the Creepy Line? Privacy, Big Data Analytics and the Internet of Things
Where Do You Draw the Creepy Line? Privacy, Big Data Analytics and the Internet of Things aisa.org.a u aisa.org.a u Rebecca Herold, CEO The Privacy Professor 1 rebeccaherold@rebeccaherold.com Agenda Technology
More informationWebEx guide. > Everyone is muted to avoid background noise. Please use the chat box if you need to communicate with the host.
WebEx guide > Everyone is muted to avoid background noise. Please use the chat box if you need to communicate with the host. > Asking questions: In the chat screen, ask questions by choosing All Panelists
More informationHIPAA PRIVACY AND SECURITY AWARENESS. Covering Kids and Families of Indiana April 10, 2014
HIPAA PRIVACY AND SECURITY AWARENESS Covering Kids and Families of Indiana April 10, 2014 GOALS AND OBJECTIVES The goal is to provide information to you to promote personal responsibility and behaviors
More informationNorth Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP
Mobile Device Management Risky Business in Healthcare North Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP Agenda HIPAA/HITECH & Mobile Devices Breaches Federal
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Melissa J. Krasnow, Dorsey & Whitney LLP A Note discussing written information security programs (WISPs)
More informationIntroduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide
Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide by Christopher Wolf Directors, Privacy and Information Management Practice Hogan Lovells US LLP christopher.wolf@hoganlovells.com
More informationMIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)
MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...
More information6/17/2013 PRESENTED BY: Updates on HIPAA, Data, IT and Security Technology. June 25, 2013
Updates on HIPAA, Data, IT and Security Technology June 25, 2013 1 The material appearing in this presentation is for informational purposes only and should not be construed as advice of any kind, including,
More informationPresentation for : The New England Board of Higher Education. Hot Topics in IT Security and Data Privacy
Presentation for : The New England Board of Higher Education Hot Topics in IT Security and Data Privacy October 22, 2010 Rocco Grillo, CISSP Managing Director Protiviti Inc. Quote of the Day "It takes
More informationSMB Data Breach Risk Management Best Practices. By Mark Pribish February 19, 2015
SMB Data Breach Risk Management Best Practices By Mark Pribish February 19, 2015 Presentation Agenda About Mark Pribish Information Governance The Threat Landscape Data Breach Trends Legislative and Regulatory
More informationTop Ten Technology Risks Facing Colleges and Universities
Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology
More informationIT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014
IT Cloud / Data Security Vendor Risk Management Associated with Data Security September 9, 2014 Speakers Brian Thomas, CISA, CISSP In charge of Weaver s IT Advisory Services, broad focus on IT risk, security
More informationData Breach and Senior Living Communities May 29, 2015
Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs
More information03/06/2014. Bring Your Own Device: A Framework for Audit. Acknowledgement
Bring Your Own Device: A Framework for Audit Emily A Knopp, CPA, CISA Audit Director Angelo State University, Member of Texas Tech University System March 6, 2014 Texas Association of College of University
More informationBaker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Understanding SOC 3
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Understanding SOC 3 Agenda 1) A brief perspective on where SOC 3 originated
More informationCYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS
CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS 1 As regulators around the world move to tighten compliance requirements for financial institutions, improvement in cyber security controls will become
More informationFACTA Identity Theft Red Flags Program. www.chs.acfei.com
1 FACTA Identity Theft Red Flags Program Module 1 Fair and Accurate Credit Transactions Act Overview Identity thieves use individual s personal identifiable information to open new accounts and misuse
More informationWHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR
KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION
More informationCybersecurity: Protecting Your Business. March 11, 2015
Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks
More informationIdentity Theft Security and Compliance: Issues for Business
Identity Theft Security and Compliance: Issues for Business The Facts Six Common Uses for Stolen Information Financial Criminal Medical DMV Social Security Terrorist The Facts A Chronology of Data Breaches
More informationCyber Insurance: How to Investigate the Right Coverage for Your Company
6-11-2015 Cyber Insurance: How to Investigate the Right Coverage for Your Company Presented by: Faith M. Heikkila, Ph.D., CISM, CIPM, CIPP-US, ABCP Greenleaf Trust Chief Information Security Officer (CISO)
More informationBig Data Analytics: Answering the Unanswered Questions
1 Big Data Analytics: Answering the Unanswered Questions Session 302 IASA 86 TH ANNUAL EDUCATIONAL CONFERENCE & BUSINESS SHOW Introductions John Runte, Principal Baker Tilly Virchow Krause, LLP 414 777
More informationThe Future of Data Breach Risk Management Response and Recovery. The Cybersecurity Forum April 14, 2016
The Future of Data Breach Risk Management Response and Recovery Increasing electronic product life and reliability The Cybersecurity Forum April 14, 2016 Today s Topics About Merchants Information Solutions,
More informationAdding Cloud Solutions to Customer Contracts Robert J. Scott
Adding Cloud Solutions to Customer Contracts Robert J. Scott MSP vs. Cloud Who owns the hardware? Where does the data reside? Dedicated vs. Multi tenant? Who contracts with 3 rd parties? How are services
More informationJefferson Glassie, FASAE Whiteford, Taylor & Preston
Jefferson Glassie, FASAE Whiteford, Taylor & Preston 2 * 3 PII = An individuals first name and last name or first initial and last name in combination with any one or more of the following data elements
More information12/4/2013. Regulatory Updates. Eric M. Wright, CPA, CITP. Schneider Downs & Co., Inc. December 5, 2013
Regulatory Updates Eric M. Wright, CPA, CITP Schneider Downs & Co., Inc. December 5, 2013 Eric M. Wright, CPA, CITP Eric has been involved with Information Technology with Schneider Downs since 1983. He
More informationImpact of Data Breaches
Research Note Impact of Data Breaches By: Divya Yadav Copyright 2014, ASA Institute for Risk & Innovation Applicable Sectors: IT, Retail Keywords: Hacking, Cyber security, Data breach, Malware Abstract:
More informationMastering Data Privacy, Social Media, & Cyber Law
Mastering Data Privacy, Social Media, & Cyber Law October 22, 2014 Data Breach Notification and Cybersecurity Developments in 2014 Melissa J. Krasnow, Dorsey & Whitney LLP, and Certified Information Privacy
More informationHIPAA Compliance and Reporting Requirements
Healthcare IT Assurance Peace of Mind Through Privacy and Security Risk Management By Dan Schroeder, CPA, MBA, CISA, CIA, PCI QSA, CISM, CIPP/US Dan.schroeder@hawcpa.com BRIEF CONTENTS HCIT IMPROVES THE
More information3/4/2015. Scope of Problem. Data Breaches A Daily Phenomenon. Cybersecurity: Minimizing Risk & Responding to Breaches. Anthem.
Cybersecurity: Minimizing Risk & Responding to Breaches March 5, 2015 Andy Chambers Michael Kelly Jimmie Pursell Scope of Problem Data Breaches A Daily Phenomenon Anthem JP Morgan / Chase Sony Home Depot
More informationLessons Learned from HIPAA Audits
Lessons Learned from HIPAA Audits October 29, 2012 Tony Brooks, CISA, CRISC Partner - IT Assurance and Risk Services HORNE LLP AGENDA HIPAA/HITECH Regulations Breaches and Fines OCR HIPAA/HITECH Compliance
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Melissa J. Krasnow, Dorsey & Whitney LLP
More informationMobile Medical Devices and BYOD: Latest Legal Threat for Providers
Presenting a live 90-minute webinar with interactive Q&A Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Developing a Comprehensive Usage Strategy to Safeguard Health Information and
More informationBig Data & Analytics: Your concise guide (note the irony) Wednesday 27th November 2013
Big Data & Analytics: Your concise guide (note the irony) Wednesday 27th November 2013 Housekeeping 1. Any questions coming out of today s presentation can be discussed in the bar this evening 2. OCF is
More informationCYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131
CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 TOPICS 1. Threats to your business s data 2. Legal obligations
More informationPresented by: Leslie Bender, CIPP General Counsel/CPO The ROI Companies www.theroi.com
Healthcare Compliance: How HiTECH May Affect Relationships with Business Associates Presented by: Leslie Bender, CIPP General Counsel/CPO The ROI Companies www.theroi.com Legal Disclaimer This information
More information2010 AICPA Top Technology Initiatives. About the Presenter. Agenda. Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP
2010 AICPA Top Technology Initiatives Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP Georgia Society of CPAs Annual Convention June 16, 2010 About the Presenter Partner-in-Charge, Habif,
More information8/3/2015. Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice
Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice Monday, August 3, 2015 1 How to ask a question during the webinar If you dialed in to this webinar on your phone
More informationPrivacy Law Basics and Best Practices
Privacy Law Basics and Best Practices Information Privacy in a Digital World Stephanie Skaff sskaff@fbm.com What Is Information Privacy? Your name? Your phone number or home address? Your email address?
More informationHIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help
HIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help The Health Information Portability and Accountability Act (HIPAA) Omnibus Rule which will begin to be enforced September 23, 2013,
More informationHow To Buy Cyber Insurance
10-26-2015 Cyber Insurance: How to Investigate the Right Coverage for Your Company Presented by: Faith M. Heikkila, Ph.D., CISM, CIPM, CIPP-US, ABCP Greenleaf Trust Chief Information Security Officer (CISO)
More informationMastering Data Privacy, Protection, & Forensics Law
Mastering Data Privacy, Protection, & Forensics Law April 15, 2015 Data Breach Notification and Cybersecurity Developments in 2015 Melissa J. Krasnow, Dorsey & Whitney LLP, and Certified Information Privacy
More informationManaging Cyber & Privacy Risks
Managing Cyber & Privacy Risks NAATP Conference 2013 NSM Insurance Group Sean Conaboy Rich Willetts SEAN CONABOY INSURANCE BROKER NSM INSURANCE GROUP o Sean has been with NSM Insurance Group for the past
More informationPrivacy Policy and Notice of Information Practices
Privacy Policy and Notice of Information Practices Effective Date: April 27, 2015 BioMarin Pharmaceutical Inc. ("BioMarin") respects the privacy of visitors to its websites and online services and values
More informationCyberprivacy and Cybersecurity for Health Data
Experience the commitment Cyberprivacy and Cybersecurity for Health Data Building confidence in health systems Providing better health care quality at lower cost will be the key aim of all health economies
More informationInformation Governance Roadmap
Information Governance Roadmap Mitigating Privacy Risks, Reducing Costs And Meeting Obligations Speakers Heather Buchta Quarles & Brady Partner Rebecca Perry Jordan Lawrence CIPP/US/G Director of Professional
More informationPresented by Dave Olsen, CPA, President
Presented by Dave Olsen, CPA, President My Frame of Reference 15 Years in Public Practice 11 Years in Tax & Accounting Software (20% of prof. e-files) 3 Year term on IRS ETAAC committee and Security Sub-Group
More informationData breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC
Data breach! cyber and privacy risks Brian Wright Michael Guidry Lloyd Guidry LLC Collaborative approach Objective: To develop your understanding of a data breach, and risk transfer options to help you
More informationInformation Security Addressing Your Advanced Threats
Information Security Addressing Your Advanced Threats Where We are Going Information Security Landscape The Threats You Face How To Protect Yourself This Will Not Be Boring What Is Information Security?
More informationThe University of North Carolina at Charlotte Identity Theft Prevention Program
The University of North Carolina at Charlotte Identity Theft Prevention Program Program Adoption As a best practice and using as a guide the Federal Trade Commission s ( FTC ) Red Flags Rule ( Rule ),
More informationIntroduction to Compliance:
Introduction to Compliance: Protecting Customer Information Presented by Joshua Schafer & Rachel Fisher Introductions Joshua Schafer has over 10 years experience in information technology and is currently
More informationSINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry
SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry DATA BREACH A FICTIONAL CASE STUDY THE FIRST SIGNS OF TROUBLE Friday, 5.20 pm :
More informationPII = Personally Identifiable Information
PII = Personally Identifiable Information EMU is committed to protecting the privacy of personally identifiable information of its students, faculty, staff, and other individuals associated with the University.
More informationCurrent Developments Concerning Cybersecurity. ICI General Membership Meeting Legal Forum Jillian Bosmann and Nancy O Hara Thursday, May 19, 2016
Current Developments Concerning Cybersecurity ICI General Membership Meeting Legal Forum Jillian Bosmann and Nancy O Hara Thursday, May 19, 2016 AGENDA Why is Cybersecurity Important? Top Cybersecurity
More informationManaging data security and privacy risk of third-party vendors
Managing data security and privacy risk of third-party vendors The use of third-party vendors for key business functions is here to stay. Routine sharing of critical information assets, including protected
More informationINFORMATION SECURITY FOR YOUR AGENCY
INFORMATION SECURITY FOR YOUR AGENCY Presenter: Chad Knutson Secure Banking Solutions, LLC CONTACT INFORMATION Dr. Kevin Streff Professor at Dakota State University Director - National Center for the Protection
More informationRisky Business. Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015
Risky Business Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015 What We ll Cover About Me Background The threat Risks to your organization What your organization can/should
More informationCompromises in Healthcare Privacy due to Data Breaches
Compromises in Healthcare Privacy due to Data Breaches S. Srinivasan, PhD Distinguished Professor of Information Systems Jesse H. Jones School of Business Texas Southern University, Houston, Texas, USA
More informationManaging Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec
Managing Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec Jeremy Ong Divisional Vice-President Great American Insurance Company November 13, 2010 1 Agenda Overview of data breach statistics
More informationHIPAA Health & Medical Billing Requirements and Risk Management
May 7, 2013 IT SECURITY, HIPAA PRIVACY AND DISASTER RECOVERY 1 The material appearing in this presentation is for informational purposes only and should not be construed as advice of any kind, including,
More informationLegal Ethics in the Information Age: Unique Data Privacy Issues Faced by Law Firms. v2.18.11, rev
Legal Ethics in the Information Age: Unique Data Privacy Issues Faced by Law Firms v2.18.11, rev 1 Presenters Joseph DeMarco, Partner DeVore & DeMarco, LLP Lauren Shy, Assistant General Counsel Fragomen,
More informationPresentation to ACC Charlotte. Data Security & Privacy. November 2, 2011. Presented by: William J. Cook C. Andrew Konia Mark J.
Presentation to ACC Charlotte Data Security & Privacy Presented by: November 2, 2011 William J. Cook C. Andrew Konia Mark J. Maier www.mcguirewoods.com Agenda Identifying the Issues/Concerns Current State/Impact
More informationInstructor Introduction
Securing Big Data Instructor Introduction Leighton R. Johnson, III CISA, CISSP, CISM, MBCI, CSSLP, CIFI, CFCP, CAP, CRISC SC-ISACA Chapter Instructor Member: IEEE, ACM, ASIS, ISSA, IISFA, ISACA, ISC2,
More informationCloudy With a Chance Of Risk Management
Proudly presents Cloudy With a Chance Of Risk Management Toby Merrill, ACE USA John Mullen, Nelson Levine de Luca & Hamilton Shawn Melito, Immersion Ltd. Michael Trendler, ACE INA Canada What is Cloud
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation MELISSA J. KRASNOW, DORSEY & WHITNEY LLP
More informationHot Topics and Trends in Cyber Security and Privacy
Hot Topics and Trends in Cyber Security and Privacy M. Darren Traub March 13, 2015 Cyber Attacks Ranked Top 5 Most Likely Risks in 2015 - The World Economic Forum Recent Global Headlines Include: 1 Where
More information[Company Name] HIPAA Security Awareness and Workforce Training Program Manual
[Company Name] HIPAA Security Awareness and Workforce Training Program Manual The Importance of Security Awareness Training 4 Data Security Breaches 5 What is Information Security? 6 Roles and Responsibilities
More informationPacific University. Policy Governing. Identity Theft Prevention Program. Red Flag Guidelines. Approved June 10, 2009
Pacific University Policy Governing Identity Theft Prevention Program Red Flag Guidelines Approved June 10, 2009 Program adoption Pacific University developed this identity Theft Prevention Program ( Program
More informationTHE HARTFORD ASSET MANAGEMENT CHOICE sm POLICY NETWORK
THE HARTFORD ASSET MANAGEMENT CHOICE sm POLICY NETWORK SECURITY AND THEFT OF DATA COVERAGE APPLICATION Name of Insurance Company to which application is made NOTICE: THIS POLICY PROVIDES CLAIMS MADE COVERAGE.
More informationIT Compliance Volume II
The Essentials Series IT Compliance Volume II sponsored by by Rebecca Herold Addressing Web-Based Access and Authentication Challenges by Rebecca Herold, CISSP, CISM, CISA, FLMI February 2007 Incidents
More informationPlan of Attack 5 Step Plan
Plan of Attack 5 Step Plan Naming those Digital Assets Practicing Digital Doomsday Training + Policies and Procedures Technology Tuning Security in the Supply Chain Next Steps Sample Plan 0 to 30 Days
More information2/9/2012. 2012 HIPAA Privacy and Security Audit Readiness. Table of contents
2012 HIPAA Privacy and Security Audit Readiness Mark M. Johnson National HIPAA Services Director Table of contents Page Background 2 Regulatory Background and HITECH Impacts 3 Office of Civil Rights (OCR)
More informationNew York Privacy Officers Forum. Online Behavioral Advertising: Emerging Legal and Business Issues
2010 New York Privacy Officers Forum Online Behavioral Advertising: Emerging Legal and Business Issues Aaron P. Simpson Partner, Hunton & Williams LLP (212) 309-1126 Peter Weingard SVP, Marketing, Collective
More informationThe Business Case for Security Information Management
The Essentials Series: Security Information Management The Business Case for Security Information Management sponsored by by Dan Sullivan Th e Business Case for Security Information Management... 1 Un
More informationData breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd
Data breach, cyber and privacy risks Brian Wright Lloyd Wright Consultants Ltd Contents Data definitions and facts Understanding how a breach occurs How insurance can help to manage potential exposures
More informationPCI Compliance for Healthcare
PCI Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches happening?
More information