HOW DID NETWORK SECURITY AND PRIVACY ISSUES BECOME D&O EXPOSURES?

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "HOW DID NETWORK SECURITY AND PRIVACY ISSUES BECOME D&O EXPOSURES?"

Transcription

1

2 HOW DID NETWORK SECURITY AND PRIVACY ISSUES BECOME D&O EXPOSURES? MODERATOR: Richard J. Bortnick, Esq., Defense Attorney, Cozen O Connor PANELISTS: Anjali Das, MBA, Esq., Partner, Wilson Elser Moskowitz Edelman & Dicker LLP Harold Neher, Esq., Vice President, AXIS Insurance - Professional Lines Robert Yellen, Esq., Chief Underwriting Officer, Financial Lines, U.S. and Canada, Chartis

3 IT in the Boardroom Do directors see IT as important? 33% Critical Very Important Important 7% Commodity Don't Know 43% 4% 13% Based on data from PWC s Insights from the Boardroom 2012 Nearly 90% answered YES!

4 Cybersecurity in the Boardroom Are Boards engaged in overseeing cybersecurity? 45% 14% Very Moderately Not Sufficiently Not At All Don't Know 10% 27% 4% Only 10% do NOT oversee cybersecurity at all. Based on data from PWC s Insights from the Boardroom 2012

5 Cybersecurity in the Boardroom Where does privacy and data security rank among Board non-financial priorities? 6 th! Reputation risk ranked 1 st IT risk ranked 4 th 44.8% of surveyed directors want to know more about cybersecurity. Based on data from EisnerAmper s Concerns About Risks Confronting Boards, Third Annual Board of Directors Survey 2012.

6 Why is Cyber a D&O Issue? Privacy Disclosure: mandatory disclosure laws highlight breaches. Securities Disclosure: Public companies Headlines: Massive hacks. Congressional reports. Cyber warfare. Advanced persistent threats Competition: Loss of key intellectual property- has a dramatic impact on strategy and outcome. Litigation: Cascades of litigation from massive breaches Reputation: Social media empowers many, so seemingly minor events can have a massive toll.

7 Where is the D&O Exposure? Securities class actions Shareholder derivative suits Whistleblower complaints (Dodd-Frank) 7

8 What Happens When Things Go Wrong? News Corp. The Perfect Storm Multiple shareholder cases Multi-national regulatory investigations (UK, US, etc.) Civil lawsuits (>150 pending) Impact on business (NOTR shut-down) & related businesses (BSkyB) Costs, Costs, Costs at least $315 million to date Spillover to others at least 4 new hacking-related claims against Mirror Group (w/ 10% stock drop) 2012 Wilson Elser LLP. All rights

9 Evolution of Privacy and Data Breach Lawsuits Recurring legal issues Article III Standing to Sue Damages under state law Krottner v. Starbucks, 628 F.3d 1139 Laptop stolen with employees personal information No employee information misused Employees notified, provided credit watch services Employees sued for failure to protect their personal data 9

10 Evolution of Privacy and Data Breach Lawsuits Claridge v. RockYou, 785 F.Supp.2d 855 RockYou alerted to potential security problem, attack by hackers Data of 32 million registered RockYou users at risk Company issued a press release and shut down site until security patch installed P sued company for failing to secure users personally identifiable information (PII) 10

11 Evolution of Privacy and Data Breach Lawsuits Anderson v. Hannaford, 659 F.3d 151 Hannaford s electronic payment processing system breached 4.2 million customers credit/debit card information stolen Company notified various banks Company issued press release that customer data stolen, resulting in 1800 cases of fraud Customers sued company for data breach 11

12 No End in Sight for Cyber Attacks Federal Trade Commission (FTC) lawsuits Wyndham Hotels Consumer class actions Linked In Yahoo Cyber warfare by foreign governments Attack on U.S. financial institutions Foreign energy companies 12

13 Federal Oversight FTC enforcement and related settlements Federal Bureau of Investigation (FBI) Securities and Exchange Commission (SEC) Disclosure Guidance Emerging Federal legislation 13

14 FTC Enforcement and Related Settlements FTC Background Independent law enforcement agency Privacy & data security are key consumer protection priorities FTC Act Section 5 Prohibits unfair, deceptive acts/practices in or affecting commerce Wide applicability Remedies- injunctive relief, consumer redress, disgorgement 14

15 FTC Enforcement and Related Settlements Four points of enforcement Information security is an ongoing process Security procedures must be reasonable & appropriate There is no such thing as perfect security Security practices may be unreasonable & subject to FTC enforcement even without a known security breach 15

16 FTC Enforcement and Related Settlements Google launch of Buzz social network through Gmail Ineffective opt-outs prevented Google from adequately disclosing information First FTC settlement to require a company to adopt a comprehensive privacy program FTC Privacy Report, March 2012 Privacy by design Simplified choice Greater transparency 16

17 SEC Disclosure Guidance Background 2010: Pre-guidance event disclosures by Google & Intel March 2011: EMC s disclosure of RSA secure ID breach May 2011: U.S. Senate investigates disclosure practices October 2011: SEC issues CF Disclosure Guidance Topic No. 2 17

18 SEC Disclosure Guidance Specific Disclosure Requirements Risk Factors Disclose cyber risks or incidents if either are significant factors" Management s Discussion and Analysis of Financial Condition and Results of Operations (MD&A) Disclose cyber risks/incidents if they affect a company's liquidity, results of operations or financial condition, or would cause reported financials not to indicate future operating results or financial condition Description of Business Disclose cyber risks or incidents if either effect a company s products services, relationships, competitive conditions, etc. 18

19 SEC Disclosure Guidance Specific Disclosure Requirements Legal Proceedings Disclose a cyber incident (company or any of its subsidiaries ) Financial Statement Disclosures Disclose costs associated with the prevention of, customer retention during or losses incurred after a cyber incident Disclosure Controls and Procedures If a cyber incident could disrupt a company s ability to provide the required SEC filings, the disclosure controls & procedures are ineffective 19

20 Emerging Federal Legislation Gramm-Leach-Bliley Act HIPAA HITECH Act Driver Privacy Protection Act Fair Debt Collections Practices Act Children s Internet Protection Act CAN-SPAM Act of

21 Emerging Federal Legislation (Continued) Senate Critical infrastructure regulation Federal authorities Supply chain Information sharing House Information sharing Federal authorities 21

22 Outside The United States Around the World in 5 Minutes M&A Consideration Outsourcing and Clouds Supply Chain Risks

23 Questions & Answers

Cyber Risks Connect With Directors and Officers

Cyber Risks Connect With Directors and Officers Cyber Risks Connect With Directors and Officers Implications of the New SEC Guidance on Cyber Security February 2012 Lockton Companies, LLC The Securities and Exchange Commission (SEC) has changed the

More information

Current trends in D&O liability and insurance in the United States. Kevin M. LaCroix, Executive Vice President, RT Pro Exec and Author, The D&O Diary

Current trends in D&O liability and insurance in the United States. Kevin M. LaCroix, Executive Vice President, RT Pro Exec and Author, The D&O Diary Current trends in D&O liability and insurance in the United States Kevin M. LaCroix, Executive Vice President, RT Pro Exec and Author, The D&O Diary Outline Key differences between US and Australian litigation

More information

CLOUD SECURITY LAW MICHAEL KEELING, PE, ESQ. KEELING LAW OFFICES, PC PHOENIX AND CORONADO

CLOUD SECURITY LAW MICHAEL KEELING, PE, ESQ. KEELING LAW OFFICES, PC PHOENIX AND CORONADO CLOUD SECURITY LAW MICHAEL KEELING, PE, ESQ. KEELING LAW OFFICES, PC PHOENIX AND CORONADO NOTE: Information contained in this presentation is intended for informational purposes ONLY. It is not intended

More information

Delaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP

Delaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP Changing Legal Landscape in Cybersecurity: Implications for Business Delaware Cyber Security Workshop September 29, 2015 William R. Denny, Esquire Potter Anderson & Corroon LLP Agenda Growing Cyber Threats

More information

Cyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day

Cyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day Lloyd s of London (Reuters) May 8, 2000 Cyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day Rivers Casino, Pittsburgh November 17, 2014

More information

Cybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048

Cybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048 Cybersecurity Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048 Setting expectations Are you susceptible to a data breach? October 7, 2014 Setting expectations Victim Perpetrator

More information

A Wake-Up Call? Fight Back Against Cybercrime. Prepared for: Ricky Link Managing Director, Southwest Region May 15, 2014

A Wake-Up Call? Fight Back Against Cybercrime. Prepared for: Ricky Link Managing Director, Southwest Region May 15, 2014 A Wake-Up Call? Fight Back Against Cybercrime Prepared for: Ricky Link Managing Director, Southwest Region May 15, 2014 1 Coalfire Background Leading Information Security Consulting Firm Offices: Atlanta,

More information

IAPP Global Privacy Summit 2014 The SEC and Cybersecurity: What Every Publicly Traded Company Must Know

IAPP Global Privacy Summit 2014 The SEC and Cybersecurity: What Every Publicly Traded Company Must Know IAPP Global Privacy Summit 2014 The SEC and Cybersecurity: What Every Publicly Traded Company Must Know Moderator: Elaine Wolff, Partner Corporate Finance and Securities Practice, Jenner & Block Mary Ellen

More information

ALM Virtual Corporate Counsel Managing Cybersecurity Risks and Mitigating Data Breach Damage

ALM Virtual Corporate Counsel Managing Cybersecurity Risks and Mitigating Data Breach Damage ALM Virtual Corporate Counsel Managing Cybersecurity Risks and Mitigating Data Breach Damage VENABLE LLP Attorneys at Law Washington, DC/New York/San Francisco/Los Angeles/Baltimore/Virginia/Delaware November

More information

Data Breach Response Planning: Laying the Right Foundation

Data Breach Response Planning: Laying the Right Foundation Data Breach Response Planning: Laying the Right Foundation September 16, 2015 Presented by Paige M. Boshell and Amy S. Leopard babc.com ALABAMA I DISTRICT OF COLUMBIA I FLORIDA I MISSISSIPPI I NORTH CAROLINA

More information

Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So?

Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So? Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So? Bruce Heiman K&L Gates September 10, 2015 Bruce.Heiman@klgates.com (202) 661-3935 Why share information? Prevention

More information

Cloudy With a Chance Of Risk Management

Cloudy With a Chance Of Risk Management Proudly presents Cloudy With a Chance Of Risk Management Toby Merrill, ACE USA John Mullen, Nelson Levine de Luca & Hamilton Shawn Melito, Immersion Ltd. Michael Trendler, ACE INA Canada What is Cloud

More information

Presentation to ACC Charlotte. Data Security & Privacy. November 2, 2011. Presented by: William J. Cook C. Andrew Konia Mark J.

Presentation to ACC Charlotte. Data Security & Privacy. November 2, 2011. Presented by: William J. Cook C. Andrew Konia Mark J. Presentation to ACC Charlotte Data Security & Privacy Presented by: November 2, 2011 William J. Cook C. Andrew Konia Mark J. Maier www.mcguirewoods.com Agenda Identifying the Issues/Concerns Current State/Impact

More information

Litigating Privacy, Data Breach and Cybersecurity Issues in 2014: The SEC View on Disclosure Obligations

Litigating Privacy, Data Breach and Cybersecurity Issues in 2014: The SEC View on Disclosure Obligations Litigating Privacy, Data Breach and Cybersecurity Issues in 2014: The SEC View on Disclosure Obligations American Bar Association Section of Litigation Annual Conference 2014 Spring Program Scottsdale,

More information

Data Breach and Senior Living Communities May 29, 2015

Data Breach and Senior Living Communities May 29, 2015 Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs

More information

THE C/EO PERSPECTIVE: WHAT YOU DON T KNOW WILL HURT YOU

THE C/EO PERSPECTIVE: WHAT YOU DON T KNOW WILL HURT YOU THE C/EO PERSPECTIVE: WHAT YOU DON T KNOW WILL HURT YOU Cyber Liability in the Boardroom What you don t know will hurt you. ABOUT JLT SPECIALTY JLT Specialty Insurance Services is the U.S. platform of

More information

Cyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?

Cyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime? Cyber Warfare David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Cyber crime is the fastest growing economic crime up more than 2300% since 2009 1 in 10 companies

More information

Presentation for : The New England Board of Higher Education. Hot Topics in IT Security and Data Privacy

Presentation for : The New England Board of Higher Education. Hot Topics in IT Security and Data Privacy Presentation for : The New England Board of Higher Education Hot Topics in IT Security and Data Privacy October 22, 2010 Rocco Grillo, CISSP Managing Director Protiviti Inc. Quote of the Day "It takes

More information

Data Security: Risks, Compliance and How to be Prepared for a Breach

Data Security: Risks, Compliance and How to be Prepared for a Breach Data Security: Risks, Compliance and How to be Prepared for a Breach Presented by: Sandy B. Garfinkel, Esq. The Data Breach Reality: 2015 AshleyMadison.com (July 2015) Member site facilitating personal

More information

CYBERSECURITY FRAUD LOSS ISSUES & HOW TO ADDRESS RISKS IN TODAY'S INSURANCE MARKETPLACE 12/16/2015. December 17, 2015

CYBERSECURITY FRAUD LOSS ISSUES & HOW TO ADDRESS RISKS IN TODAY'S INSURANCE MARKETPLACE 12/16/2015. December 17, 2015 12/16/2015 CYBERSECURITY FRAUD LOSS ISSUES & HOW TO ADDRESS RISKS IN TODAY'S INSURANCE MARKETPLACE December 17, 2015 Angela R. Morelock, CPA, CFE, CFF, ABV Partner, BKD, LLP amorelock@bkd.com Jeff Eiserman

More information

Cybercrime: risks, penalties and prevention

Cybercrime: risks, penalties and prevention Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,

More information

Insulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact. February 10, 2015

Insulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact. February 10, 2015 Insulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact February 10, 2015 Overview 1 The Legal Risks And Issues/The Role Of Legal Counsel: The Breach Coach The Slippery

More information

HCCA Compliance Institute 2013 Privacy & Security

HCCA Compliance Institute 2013 Privacy & Security HCCA Compliance Institute 2013 Privacy & Security 704 Conducting a Privacy Risk Assessment A Practical Guide to the Performance, Evaluation and Response April 23, 2013 Presented By Eric Dieterich Session

More information

CYBER SECURITY Cyber Security for Canadian Directors in the Wake of Ashley Madison

CYBER SECURITY Cyber Security for Canadian Directors in the Wake of Ashley Madison CYBER SECURITY Cyber Security for Canadian Directors in the Wake of Ashley Madison Gary Solway* Bennett Jones LLP The August release of the purported names and other details of over 35 million customers

More information

The SEC s Initial Involvement: Encouraging Disclosures. From Comment Letters to Enforcement

The SEC s Initial Involvement: Encouraging Disclosures. From Comment Letters to Enforcement SEC ENFORCEMENT The SEC s Two Primary Theories in Cybersecurity Enforcement Actions By Daniel F. Schubert, Jonathan G. Cedarbaum and Leah Schloss WilmerHale Cyber attacks are increasingly common and affect

More information

Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015

Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015 Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission June 25, 2015 1 Your Panelists Kenneth L. Chernof Partner, Litigation, Arnold & Porter LLP Nicholas

More information

Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer?

Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer? Minnesota Society for Healthcare Risk Management September 22, 2011 Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer? Melissa Krasnow, Partner, Dorsey & Whitney, and Certified Information

More information

Anatomy of a Privacy and Data Breach

Anatomy of a Privacy and Data Breach Anatomy of a Privacy and Data Breach Understanding the Risk and Managing a Crisis Adam Kardash: Partner, Heenan Blaikie LLP Robert Parisi: Senior Vice President, Marsh Leadership, Knowledge, Solutions

More information

Cybersecurity and Insurance Companies

Cybersecurity and Insurance Companies Cybersecurity and Insurance Companies ACLI Forum 500 CEO Leadership Retreat Timothy J. Nagle Vice President & Chief Privacy Counsel Prudential Financial 1 May 13, 2015 What is cybersecurity? Protecting

More information

Big Data As a Threat? An Alternative Approach to Cybersecurity

Big Data As a Threat? An Alternative Approach to Cybersecurity Big Data As a Threat? An Alternative Approach to Cybersecurity February 11, 2015 Brian Finch, Pillsbury Winthrop Shaw Pittman Brian Fox, PwC Pillsbury Winthrop Shaw Pittman LLP Data Breaches and Cyber

More information

Data Privacy and Cybersecurity Task Force

Data Privacy and Cybersecurity Task Force Data Privacy and Cybersecurity Task Force key contact Josephine Cicchetti Shareholder T: 202.965.8162 F: 202.965.8104 email We provide clients across industries with comprehensive counsel on complex, evolving,

More information

Changing Legal Landscape in Cybersecurity: Implications for Business

Changing Legal Landscape in Cybersecurity: Implications for Business Changing Legal Landscape in Cybersecurity: Implications for Business Presented to Greater Wilmington Cyber Security Group Presented by William R. Denny, Potter Anderson & Corroon LLP May 8, 2014 Topics

More information

Navigating the New MA Data Security Regulations

Navigating the New MA Data Security Regulations Navigating the New MA Data Security Regulations Robert A. Fisher, Esq. 2009 Foley Hoag LLP. All Rights Reserved. Presentation Title Data Security Law Chapter 93H Enacted after the TJX data breach became

More information

Best practices and insight to protect your firm today against tomorrow s cybersecurity breach

Best practices and insight to protect your firm today against tomorrow s cybersecurity breach Best practices and insight to protect your firm today against tomorrow s cybersecurity breach July 8, 2015 Baker Tilly Virchow Krause, LLP Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently

More information

Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for?

Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for? Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for? Authored by Neeraj Sahni and Tim Stapleton Neeraj Sahni is Director, Insurance Channel at Kroll Cyber Investigations

More information

Understanding the Business Risk

Understanding the Business Risk AAPA Cybersecurity Seminar Andaz Savannah Hotel March 11, 2015 10:30 am Noon Understanding the Business Risk Presenter: Joshua Gold, Esq. (212) 278-1886 jgold@andersonkill.com Disclaimer The views expressed

More information

Guylyn Cummins, Esq. Elizabeth Balfour, Esq.

Guylyn Cummins, Esq. Elizabeth Balfour, Esq. Privacy Law Perils in California, the Nation and Beyond: Securing Data, Responding to Theft of Data and Other Business Assets, Assessing Your Company s Privacy Policy, Evaluating Risks Presented by Your

More information

Exercising Your Enterprise Cyber Response Crisis Management Capabilities

Exercising Your Enterprise Cyber Response Crisis Management Capabilities Exercising Your Enterprise Cyber Response Crisis Management Capabilities Ray Abide, PricewaterhouseCoopers, LLP 2015 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved.

More information

Preventing And Dealing With Cyber Attacks And Data Breaches. Arnold & Porter LLP Lockheed Martin WMACCA February 12, 2014

Preventing And Dealing With Cyber Attacks And Data Breaches. Arnold & Porter LLP Lockheed Martin WMACCA February 12, 2014 Preventing And Dealing With Cyber Attacks And Data Breaches Arnold & Porter LLP Lockheed Martin WMACCA February 12, 2014 Charles A. Blanchard Arnold & Porter LLP Formerly General Counsel, U.S. Air Force

More information

Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows

Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows 24 February 2015 Callum Sinclair Faith Jayne Agenda Top 10 legal need-to-knows, including: What is cyber

More information

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches

More information

Mitigating and managing cyber risk: ten issues to consider

Mitigating and managing cyber risk: ten issues to consider Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed

More information

What Data? I m A Trucking Company!

What Data? I m A Trucking Company! What Data? I m A Trucking Company! Presented by: Marc C. Tucker 434 Fayetteville Street, Suite 2800 Raleigh, NC, 27601 919.755.8713 marc.tucker@smithmoorelaw.com Presented by: Rob D. Moseley, Jr. 2 West

More information

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system

More information

Prepare for the Worst: Best Practices for Responding to Cybersecurity Breaches Trivalent Solutions Expo June 19, 2014

Prepare for the Worst: Best Practices for Responding to Cybersecurity Breaches Trivalent Solutions Expo June 19, 2014 Prepare for the Worst: Best Practices for Responding to Cybersecurity Breaches Trivalent Solutions Expo June 19, 2014 2014, Mika Meyers Beckett & Jones PLC All Rights Reserved Presented by: Jennifer A.

More information

Brief. The BakerHostetler Data Security Incident Response Report 2015

Brief. The BakerHostetler Data Security Incident Response Report 2015 Brief The BakerHostetler Data Security Incident Response Report 2015 The rate of disclosures of security incidents in 2015 continues at a pace that caused many to call 2013 and then 2014 the year of the

More information

SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry

SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry DATA BREACH A FICTIONAL CASE STUDY THE FIRST SIGNS OF TROUBLE Friday, 5.20 pm :

More information

3/4/2015. Scope of Problem. Data Breaches A Daily Phenomenon. Cybersecurity: Minimizing Risk & Responding to Breaches. Anthem.

3/4/2015. Scope of Problem. Data Breaches A Daily Phenomenon. Cybersecurity: Minimizing Risk & Responding to Breaches. Anthem. Cybersecurity: Minimizing Risk & Responding to Breaches March 5, 2015 Andy Chambers Michael Kelly Jimmie Pursell Scope of Problem Data Breaches A Daily Phenomenon Anthem JP Morgan / Chase Sony Home Depot

More information

A Privacy and Data Security Checklist for All

A Privacy and Data Security Checklist for All July 2015 Many companies know they have to follow privacy and data security rules. Companies in the health care industry know about Health Insurance Portability and Accountability Act (HIPAA). Financial

More information

Gus P. Coldebella (@g_co) Partner, Goodwin Procter LLP Former General Counsel, Dept. of Homeland Security. What are we going to talk about today?

Gus P. Coldebella (@g_co) Partner, Goodwin Procter LLP Former General Counsel, Dept. of Homeland Security. What are we going to talk about today? Cyber Security Meets Corporate Securities: The SEC's Authority to Regulate Companies' Cyber Defenses and Corporate Directors' Fiduciary Responsibilities Gus P. Coldebella (@g_co) Partner, Goodwin Procter

More information

Cyber Risk Checklist: Compliance with Legal Obligations Grand Rapids Cyber Security Conference April 23, 2014

Cyber Risk Checklist: Compliance with Legal Obligations Grand Rapids Cyber Security Conference April 23, 2014 Cyber Risk Checklist: Compliance with Legal Obligations Grand Rapids Cyber Security Conference April 23, 2014 2014, Mika Meyers Beckett & Jones PLC All Rights Reserved Presented by: Jennifer A. Puplava

More information

Cybersecurity: Emerging Exposures for Technology Companies. October 7, 2010

Cybersecurity: Emerging Exposures for Technology Companies. October 7, 2010 Cybersecurity: Emerging Exposures for Technology Companies October 7, 2010 Your panelists David Allred, Head of the Technology Segment for North America Commercial at Zurich Liesyl Franz, Vice President

More information

BBB Wise Giving Alliance & The International Committee of Fundraising Organizations Advancing Trust in the Charitable Sector Federal Trade

BBB Wise Giving Alliance & The International Committee of Fundraising Organizations Advancing Trust in the Charitable Sector Federal Trade BBB Wise Giving Alliance & The International Committee of Fundraising Organizations Advancing Trust in the Charitable Sector Federal Trade Commission, Bureau of Consumer Protection Allison M. Lefrak, Attorney,

More information

Cybersecurity and Data Breach: Mitigating Risk and How Government Policymakers Approach These Critical Issues

Cybersecurity and Data Breach: Mitigating Risk and How Government Policymakers Approach These Critical Issues Cybersecurity and Data Breach: Mitigating Risk and How Government Policymakers Approach These Critical Issues Todd Bertoson Daniel Gibb Erin Sheppard Principal Senior Managing Associate Counsel todd.bertoson@dentons.com

More information

Cybersecurity Developments and the Growing Role of Senior Executives and Directors

Cybersecurity Developments and the Growing Role of Senior Executives and Directors Cybersecurity Developments and the Growing Role of Senior Executives and Directors From the 2013 Target Corporation breach to this year s attacks on Primera Blue Cross and American Airlines Group Inc.,

More information

Current Developments Concerning Cybersecurity. ICI General Membership Meeting Legal Forum Jillian Bosmann and Nancy O Hara Thursday, May 19, 2016

Current Developments Concerning Cybersecurity. ICI General Membership Meeting Legal Forum Jillian Bosmann and Nancy O Hara Thursday, May 19, 2016 Current Developments Concerning Cybersecurity ICI General Membership Meeting Legal Forum Jillian Bosmann and Nancy O Hara Thursday, May 19, 2016 AGENDA Why is Cybersecurity Important? Top Cybersecurity

More information

$194 per record lost* 3/15/2013. Global Economic Crime Survey. Data Breach Costs. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP

$194 per record lost* 3/15/2013. Global Economic Crime Survey. Data Breach Costs. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Global Cyber Crime is the fastest growing economic crime Cyber Crime is more lucrative than trafficking drugs!

More information

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 TOPICS 1. Threats to your business s data 2. Legal obligations

More information

Cyber Liability. Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group 877-337-3200 Ext. 7029

Cyber Liability. Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group 877-337-3200 Ext. 7029 Cyber Liability Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group 877-337-3200 Ext. 7029 Today s Agenda What is Cyber Liability? What are the exposures? Reality of a

More information

Cyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties

Cyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties Cyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties Pamela Passman President and CEO Center for Responsible Enterprise And Trade (CREATe.org)

More information

MANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS

MANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS MANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS RRD Donnelley SEC Hot Topics Institute May 21, 2014 1 MANAGING CYBERSECURITY RISK AND DISCLOSURE OBLIGATIONS Patrick J. Schultheis Partner Wilson

More information

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd Data breach, cyber and privacy risks Brian Wright Lloyd Wright Consultants Ltd Contents Data definitions and facts Understanding how a breach occurs How insurance can help to manage potential exposures

More information

Protecting Employee and Customer Privacy in an Era of Big Data Monitoring

Protecting Employee and Customer Privacy in an Era of Big Data Monitoring FEBRUARY 3 5, 2015 / THE HILTON NEW YORK Protecting Employee and Customer Privacy in an Era of Big Data Monitoring This program addresses the challenges associated with protecting employee and customer

More information

Increased Regulatory Focus on Cybersecurity Underscores Need for Public Companies to Review Cybersecurity-Related Disclosures

Increased Regulatory Focus on Cybersecurity Underscores Need for Public Companies to Review Cybersecurity-Related Disclosures Increased Regulatory Focus on Cybersecurity Underscores Need for Public Companies to Review Cybersecurity-Related Disclosures March 11, 2014 I. RECENT FOCUS ON CYBERSECURITY As a result of recent highly-publicized

More information

www.bonddickinson.com Cyber Risks October 2014 2

www.bonddickinson.com Cyber Risks October 2014 2 www.bonddickinson.com Cyber Risks October 2014 2 Why this emerging sector matters Justin Tivey Legal Director T: +44(0)845 415 8128 E: justin.tivey The government estimates that the current cost of cyber-crime

More information

www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14

www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14 www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the

More information

Conducting due diligence and managing cybersecurity in medical technology investments

Conducting due diligence and managing cybersecurity in medical technology investments Conducting due diligence and managing cybersecurity in medical technology investments 2015 McDermott Will & Emery LLP. McDermott operates its practice through separate legal entities in each of the countries

More information

Before the FEDERAL TRADE COMMISSION Washington, DC 20580. In re Maricopa Community College District

Before the FEDERAL TRADE COMMISSION Washington, DC 20580. In re Maricopa Community College District Before the FEDERAL TRADE COMMISSION Washington, DC 20580 In the Matter of ) ) Maricopa County Community College District ) ) ) Complaint, Request for Investigation, Injunction, and Other Relief Submitted

More information

Network Security & Privacy Landscape

Network Security & Privacy Landscape Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies

More information

Preparing for the Inevitable Data Breach: What to Do Before Sensitive Customer and Employee Data is Breached, Stolen or Compromised

Preparing for the Inevitable Data Breach: What to Do Before Sensitive Customer and Employee Data is Breached, Stolen or Compromised ACE USA Podcast Released February 3, 2010 Preparing for the Inevitable Data Breach: What to Do Before Sensitive Customer and Employee Data is Breached, Stolen or Compromised Moderator: Richard Tallo Senior

More information

Network Security & Privacy Landscape

Network Security & Privacy Landscape Network Security & Privacy Landscape Presented By: Pam Townley, AVP / Eastern Zonal Manager AIG Professional Liability Division Jennifer Bolling, Account Executive Gallagher Management Liability Division

More information

IAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope

IAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope IAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope March 6, 2014 Victoria King UPS (404) 828-6550 vking@ups.com Lisa J. Sotto Hunton & Williams LLP (212) 309-1223 lsotto@hunton.com

More information

Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014

Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014 Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014 Nikos Georgopoulos Privacy Liability & Data Breach Management wwww.privacyrisksadvisors.com October 2014

More information

Privacy Law Basics and Best Practices

Privacy Law Basics and Best Practices Privacy Law Basics and Best Practices Information Privacy in a Digital World Stephanie Skaff sskaff@fbm.com What Is Information Privacy? Your name? Your phone number or home address? Your email address?

More information

COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER THE FEDERAL TRADE COMMISSION. In the Matter of Myspace, LLC. FTC File No. 102 3058.

COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER THE FEDERAL TRADE COMMISSION. In the Matter of Myspace, LLC. FTC File No. 102 3058. COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER to THE FEDERAL TRADE COMMISSION In the Matter of Myspace, LLC FTC File No. 102 3058 June 8, 2012 By notice published on May 14, 2012, the Federal Trade

More information

THE FUTURE OF CYBERSECURITY: STANDARDS AND REGULATION

THE FUTURE OF CYBERSECURITY: STANDARDS AND REGULATION THE FUTURE OF CYBERSECURITY: STANDARDS AND REGULATION Paul Rosenzweig Red Branch Consulting PLLC www.redbranchconsulting.com www.paulrosenzweigesq.com The Economics of Cybersecurity Non-Exclusive (Use

More information

Three Corporate Remedies

Three Corporate Remedies Oppression, Derivative Action & Winding Up Three Corporate Remedies By Albert S. Frank, LL.B. The corporate battles that make the newspaper headlines typically involve publicly traded corporations and

More information

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495 How Cybersecurity Initiatives May Impact Operators Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495 Agenda! Rise in Data Breaches! Effects of Increase in Cybersecurity Threats! Cybersecurity

More information

Data Breach Cost. Risks, costs and mitigation strategies for data breaches

Data Breach Cost. Risks, costs and mitigation strategies for data breaches Data Breach Cost Risks, costs and mitigation strategies for data breaches Tim Stapleton, CIPP/US Deputy Global Head of Professional Liability Zurich General Insurance Data Breaches: Greater frequency,

More information

CYBER SECURITY SPECIALREPORT

CYBER SECURITY SPECIALREPORT CYBER SECURITY SPECIALREPORT 32 The RMA Journal February 2015 Copyright 2015 by RMA INSURANCE IS AN IMPORTANT TOOL IN CYBER RISK MITIGATION Shutterstock, Inc. The time to prepare for a potential cyber

More information

Cyber Security Issues in the Healthcare Industry PBI 21st Annual Health Law Institute

Cyber Security Issues in the Healthcare Industry PBI 21st Annual Health Law Institute Cyber Security Issues in the Healthcare Industry PBI 21st Annual Health Law Institute Pennsylvania Convention Center March 13, 2015 Roberta D. Anderson roberta.anderson@klgates.com @RobertaEsq AGENDA Practical

More information

Is Your Financial Institutions' Insurance Policy vulnerable to a cyber claim? Joan D Ambrosio, James Cooper and Kim West 22 January 2014

Is Your Financial Institutions' Insurance Policy vulnerable to a cyber claim? Joan D Ambrosio, James Cooper and Kim West 22 January 2014 Is Your Financial Institutions' Insurance Policy vulnerable to a cyber claim? Joan D Ambrosio, James Cooper and Kim West 22 January 2014 Cyber Exposures Joan D Ambrosio Reported data breaches continue

More information

CYBER SECURITY A L E G A L P E R S P E C T I V E

CYBER SECURITY A L E G A L P E R S P E C T I V E A L E G A L P E R S P E C T I V E T H O M A S G. S C H R O E T E R A S S O C I A T E G E N E R A L C O U N S E L P O R T O F H O U S T O N A U T H O R I T Y DISCLAIMER! This presentation: does not include

More information

Privacy & Data Security

Privacy & Data Security Privacy & Data Security May 9, 2014 Presented at: SWBA 39 TH ANNUAL CONFERENCE by: James E. Prendergast, Esq. Overview Data Privacy Concerns: Unauthorized access, use, acquisition or disclosure of information

More information

Making Sense of Cyber Insurance: A Guide for SMEs

Making Sense of Cyber Insurance: A Guide for SMEs Making Sense of Cyber Insurance: A Guide for SMEs abi.org.uk @BritishInsurers 2 abi.org.uk Contents Introduction 4 Six Key Areas to Look Out For in Cyber Insurance Policies 5 Potential Exclusions to Look

More information

Best Practices in Incident Response. SF ISACA April 1 st 2009. Kieran Norton, Senior Manager Deloitte & Touch LLP

Best Practices in Incident Response. SF ISACA April 1 st 2009. Kieran Norton, Senior Manager Deloitte & Touch LLP Best Practices in Incident Response SF ISACA April 1 st 2009 Kieran Norton, Senior Manager Deloitte & Touch LLP Current Landscape What Large scale breaches and losses involving credit card data and PII

More information

Posted by David A. Katz, Wachtell, Lipton, Rosen & Katz, on Sunday December 16, 2012 at 10:20 am

Posted by David A. Katz, Wachtell, Lipton, Rosen & Katz, on Sunday December 16, 2012 at 10:20 am 1 of 7 5/8/2014 7:34 PM Posted by David A. Katz, Wachtell, Lipton, Rosen & Katz, on Sunday December 16, 2012 at 10:20 am Editor s Note: David A. Katz is a partner at Wachtell, Lipton, Rosen & Katz specializing

More information

The CFPB focuses on mobile phone carrier payment processing If you think you are not a Financial Services Company You may want to think again

The CFPB focuses on mobile phone carrier payment processing If you think you are not a Financial Services Company You may want to think again www.pwc.com/consumerfinance www.pwcregulatory.com The CFPB focuses on mobile phone carrier payment processing If you think you are not a Financial Services Company You may want to think again January 2015

More information

INFORMATION SHARING What Companies Can Learn from Cybersecurity Resources in Pittsburgh

INFORMATION SHARING What Companies Can Learn from Cybersecurity Resources in Pittsburgh INFORMATION SHARING What Companies Can Learn from Cybersecurity Resources in Pittsburgh By Mark Rush and Joe Valenti K&L Gates Cyber crime is a serious threat it cripples companies, damages economies,

More information

WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES

WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES This special report examines the cyber risk disclosures made by the retail sector of the Fortune 1000.

More information

Reducing Cyber Risk in Your Organization

Reducing Cyber Risk in Your Organization Reducing Cyber Risk in Your Organization White Paper 2016 The First Step to Reducing Cyber Risk Understanding Your Cyber Assets With nearly 80,000 cyber security incidents worldwide in 2014 and more than

More information

Cybersecurity and Hospitals. What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response

Cybersecurity and Hospitals. What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response Cybersecurity and Hospitals What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response This resources was prepared exclusively for American Hospital Association members by Mary

More information

Protecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00)

Protecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00) Protecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00) May 15, 2009 LLP US Information Security Framework Historically industry-specific HIPAA Fair Credit Reporting

More information

InsureTech 2015: Addressing cybersecurity and fraud in the ME insurance industry

InsureTech 2015: Addressing cybersecurity and fraud in the ME insurance industry InsureTech 2015: Addressing cybersecurity and fraud in the ME insurance industry Dino Wilkinson Partner Norton Rose Fulbright (Middle East) LLP 3 February 2015 The growing challenge of cyber risks From

More information

Recent Developments in U.S. Law: Privacy and Information Technology Health - 2013

Recent Developments in U.S. Law: Privacy and Information Technology Health - 2013 Recent Developments in U.S. Law: Privacy and Information Technology Health - 2013 Amyt M. Eckstein Moses & Singer LLP 405 Lexington Avenue New York, NY 10174-1299 (212) 554-7843 What Does Privacy Mean?

More information

The Matrix Reloaded: Cybersecurity and Data Protection for Employers. Jodi D. Taylor

The Matrix Reloaded: Cybersecurity and Data Protection for Employers. Jodi D. Taylor The Matrix Reloaded: Cybersecurity and Data Protection for Employers Jodi D. Taylor Why Talk About This Now? Landscape is changing Enforcement by federal and state governments on the rise Legislation on

More information

Cybersecurity Workshop

Cybersecurity Workshop Cybersecurity Workshop February 10, 2015 E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. 150 West Main Street, Suite 2100 Norfolk, VA 23510 (757) 624-3153

More information

How to Respond When Sensitive Customer and Employee Data is Breached, Stolen or Compromised

How to Respond When Sensitive Customer and Employee Data is Breached, Stolen or Compromised ACE USA Podcast Released June 24, 2010 How to Respond When Sensitive Customer and Employee Data is Breached, Stolen or Compromised Moderator: Richard Tallo Senior Vice President, ACE North America Marketing

More information

Data Security Best Practices for In-House Counsel

Data Security Best Practices for In-House Counsel Donna L. Wilson, Linda D. Kornfeld and Rebecca Perry Association of Corporate Counsel San Diego August 6, 2015 1 DONNA L. WILSON Tel: (310) 312-4144 Email: DLWilson@manatt.com Donna L. Wilson is co-chair

More information

Hackers, Slackers & Packers: Preventing Data Loss & Dealing with the Inevitable. Data Breaches Are All Too Common

Hackers, Slackers & Packers: Preventing Data Loss & Dealing with the Inevitable. Data Breaches Are All Too Common Hackers, Slackers & Packers: Preventing Data Loss & Dealing with the Inevitable Steven J. Fox (sjfox@postschell.com) Peter D. Hardy (phardy@postschell.com) Robert Brandfass (BrandfassR@wvuh.com) (Mr. Brandfass

More information