Data Privacy and Cybersecurity Task Force

Transcription

1 Data Privacy and Cybersecurity Task Force key contact Josephine Cicchetti Shareholder T: F: We provide clients across industries with comprehensive counsel on complex, evolving, and multifaceted issues related to information security and data breach. We blend our skills and experiences as litigators and transactional attorneys with a deep understanding of information security and data breach law to meet and anticipate our clients needs. Carlton Fields' team includes attorneys who have earned the designation of Certified Information Privacy Professional (CIPP/US), as well as former federal cybersecurity prosecutors. They are active and hold leadership positions in data privacy and cybersecurity organizations, such as: International Association of Privacy Professionals (IAPP) The Sedona Conference Working Group on Data Security and Privacy Liability DRI - Data Management and Security Committee ABA - Privacy and Computer Crime Committee CLE Working Group ABA - Computer and Software Legislation Committee ABA - Electronic Filing Committee ABA - Internet Relationships and Cloud Computing Committee ABA - Section of Science & Technology Law The International Security Management Association ISACA (Information Systems Audit and Control Association) Our services include: Data Breach and Incident Response Help clients prepare for, and respond to, data breaches and the full range of government investigations they may prompt Develop comprehensive incident response plans that address internal and external actions Provide immediate support, via phone and , for clients that learn of a possible related professionals related practices National Trial Practice National Class Actions Business Transactions Energy Health Care Government Law and Consulting Financial Services and Insurance Litigation Corporate Consumer Finance and Banking Discovery Joseph W. Swanson Of Counsel Intellectual Property and Technology related industries T: F:

2 data breach and must act immediately to thwart potential liability Policy Drafting and Implementation Draft data privacy and information security policies, procedures, and programs for businesses of all sizes with both domestic and international operations Update existing client policies to meet evolving business challenges Federal and State Privacy Laws Regularly assist clients with their obligations pursuant to laws including, Gramm- Leach-Bliley, the Fair Credit Reporting Act, HIPAA, and HITECH Help clients navigate state breach notification laws Development Commercial Finance Health Care Insurance Securities & Investment Companies Technology Telecommunications Consumer Finance and Banking International Privacy Regulations and Global Policies Counsel clients on compliance with the safe harbor negotiated between U.S. Department of Commerce and European Commission, which streamlines the method for U.S. companies to comply with the EU s data protection directive Counsel clients on compliance with International Standards of Organization, the internationally recognized best practices for personal data use, transmission, and storage Employee Privacy Issues Advise employers on a wide range of privacy areas, including compliance with federal and state regulations Counsel clients on compliance with the Fair Credit Reporting Act and analogous state law regarding pre-employment background checks and post-hire investigations Website and Social Networking Issues Help ensure client compliance with FTC and other regulations Assist clients with the wide-ranging issues that arise as a result of social media use and an Internet presence, and help them develop related proactive policies and standards Key matters Helped clients implement companywide privacy and security policies to ensure protection of sensitive data such as patient information Helped clients that have experienced data breaches due to theft (e.g., stolen laptops and servers) or accident (e.g., natural disasters, lost backup tapes) Defended clients being investigated by federal and/or state government agencies after complaints of privacy violations or data breaches (e.g., we help clients that are

3 subject to the federal HIPAA privacy and security regulations respond to investigations by the U.S. Department of Health and Human Services Office for Civil Rights.) resources and tools Implications Of Internal Data Theft At Hospitals Tips for preventing and handling data breaches by employees. Resources Hot Topics in Cyber Coverage [PODCAST] Insurers face a potential double whammy when it comes to cybersecurity threats. Phishing for Cybersecurity Coverage: When is a Fraud a "Computer Fraud"? So when is a fraud a covered "computer fraud"? A look at the cases reveals the ways courts are struggling with this issue. Client Alerts SEC Continues to Focus on Cybersecurity Risks 9 Things Employees Should Do to Prevent Data Breaches Employees should adopt "safe" practices to minimize their mistakes and help thwart criminals. Resources Cyber Caremark: Protecting Your Board from Shareholder Derivative Litigation After a Data Loss Event [PODCAST] A company s board of directors has an important oversight role in protecting its company s assets and its shareholders interests in an environment of increasing cyber threats. Cybersecurity as a Regulatory Issue: The NAIC Considers The Anthem Breach And Weighs a "Cybersecurity Bill of Rights"

4 Secure Communications: How a Monthly Lunch Can Protect Your Company in a Data Breach Internet Savvy Senior Lacks Standing to Bring Website Privacy Putative Class Claims Against AARP Seventh Circuit Petitioned for Rehearing En Banc to Determine Whether Data Breach Class Claims Survive Clapper, Satisfy Article III Standing Requirements A Firewall for the Boardroom: Best Practices to Insulate Directors and Officers From Derivative Lawsuits and Related Regulatory Actions Regarding Data Breaches Checking in on Target s Derivative Litigation: 18 Months Later, Directors Remain Stuck in the Checkout Line Lessons for companies that want to learn from Target s experience. What Every Company s Board Must Know About Cybersecurity Taking the right steps and asking the right questions is critical. Spoofing Whales: How Companies Can Protect Their CEOs and CFOs from the "Business Compromise Innovative fraudsters borrow elements from targeting phishing scams. Cyberclaim Coverage Denied: The TCPA Protects Privacy, Not Personally Identifiable Information The FTC, Privacy, and the Life & Health Business

5 Don t Let Employee Trade Secret Thieves Turn the Table on You: Ten Tips for Minimizing Employment Liability Seeking Clarity on SEC Disclosure Obligations Related to Cybersecurity Cybersecurity Coverage Litigation: Learning to Survive After the Second Wave Nevada Federal District Court Follows National Trend, Dismisses Data Breach Class Action for Lack of Standing Client Alerts Florida Enacts Law Providing for Civil Remedy Against Cyber Fraud and Abuse A goal is to provide a remedy to businesses that suffer losses resulting from unauthorized access to computers. Telematics and Usage-Based Insurance: Benefits, Challenges, and the Future Data Breach Class Actions: Don t Overlook Standing Defense Just Because Plaintiff Alleges Identity Theft Target Reaches Preliminary Settlement in Consumer Data Breach Class Action Threat of Identity Theft is Not Enough: Another Data Breach Class Action Dismissed for Lack of Standing

6 Expect Focus Expect Focus - Volume I, Winter 2015 A quarterly review providing legal news and updates on important developments affecting the insurance, financial services, consumer finance, health care, and technology industries. Client Alerts New York's Banking Regulator Proposes Tougher Anti-Money Laundering and Cybersecurity Enforcement Rules Federal regulation has not done the job. A Different Kind of Data Breach Loss or Disclosure of Company Information by Employee Theft A data breach can be an inside job. Cyber Risk as a Regulatory Issue: Tales of Encryption No Harm, No Standing: Texas Federal Court Dismisses Data Breach Class Action Cyber Risk as a Regulatory Issue: A Connecticut Regulator Shares Her Insights Will 2015 Be The Year of the Data Breach Class Action?: Target Data Breach Claims Survive Motions to Dismiss Expect Focus Crisis Management: Five Steps to Take Before Providing That Comment A multipronged approach can mitigate the inevitable crisis.

7 Expect Focus Cybersecurity: Dig That Crazy Important Beat The SEC and FINRA urge broker-dealers to assess their approaches to cybersecurity risk management. Expect Focus Standard CGL Policy Form Adds Data Breach Coverage Exclusion Cyberspace Developments: Obama's Proposed Information-Sharing Bill U.S. companies should get ready for increased oversight, regulation, and enforcement by the federal government on all cybersecurity and information management matters Client Alerts Consumer Financial Protection Bureau Attempts to Regulate Telecom A recent action filed against wireless service provider Sprint suggests that the Consumer Financial Protection Bureau may be attempting to extend its reach beyond industries that offer consumer financial products and services. The alert below discusses this development. news, events & publications Events How to Maintain the Health of Your Business: Prevent Data Security Issues and Learn About Laws that A ffect You Contractors University The Sedona Conference Working Group 11 on Data Security and Privacy Liability Annual Meeting News Insurers Must Be Prepared For Cybercrime Coverage Battles Carlton Fields Attorney Bill Cheng Earns Certified Information Privacy Professional Designation The Next Tsunami: Cybersecurity for Property and Casualty Insurers Publications

8 NAIC Cybersecurity Task Force Weighs Credit Freezes Rule Change Would Let Law Enforcement Access Computers Remotely Regardless of Location Insurers Must Be Prepared For Cybercrime Coverage Battles Carlton Fields Jorden Burt, P.A. Carlton Fields practices law in California through Carlton Fields Jorden Burt, LLP. All Rights Reserved.