Survivor s Guide to Data Breach
|
|
- Simon Douglas
- 7 years ago
- Views:
Transcription
1 Survivor s Guide to Data Breach Presented by Michael S.Taaffe, Esq. Shumaker, Loop & Kendrick, LLP Sarasota (941) Charlotte (704)
2 Shumaker Data Breach Team Sarasota, FL Michael S. Taaffe Douglas A. Cherry Scott A. LaPorta Jarrod J. Malone Charlotte, NC Jeffrey S. Bernard David H. Conaway Steven A. Meckler Joseph J. Santaniello
3 Note: These materials are for guidance and reference purposes only. They are of a general and informational nature and should not be construed or relied upon as legal advice. Businesses and individuals facing decisions regarding federal and state statutes, regulations, and the interpretation of the law should consult directly with an attorney. Shumaker, Loop & Kendrick, LLP (941)
4 2015 Top Targets, filtered by breaches
5 What is a Security or Data Breach? A security breach is defined as the unauthorized release of unencrypted or unredacted records or data containing personal information with corresponding names, such as a person s first initial and last name. The acquisition of encrypted data only is a breach if a confidential process or key needed to unlock the data is also breached. The authorized access of personal information by an employee or agent is not considered a security breach so long as the information is used for a lawful purpose.
6 What is Personal Information in North Carolina? Personal information includes: an individual s Social Security number (SSN), employer taxpayer identification number (TIN), driver s license or state identification number, passport number, checking/saving account number, credit/debit card number, PIN, digital signature, biometric data, fingerprints or any number that can be used to access his financial resources. An individual s name or address, Internet account number, Internet username or password may be considered a breach if it would permit someone to access financial accounts or resources. Personal information does not include directories available to the public.
7 How Do Data Breaches Occur? Hacking/malware Payment card fraud Unintended disclosure Lost or stolen electronic devices Physical loss Insider access
8 The Costs of Data Breaches IBM study covered: 61 U.S. companies across 16 industry sectors; Only breaches of 10,000 records or less were included; No mega breaches were included due to skewed (higher) costs; All suffered a loss of theft of customer PII that triggered data breach notification laws. Total average cost paid by organization increased from $5.4 million in 2013 to $5.9 million in Direct costs included forensic experts, customer credit monitoring and discounts on future products; Indirect costs included in-house investigations and communications, extrapolated value of customer loss, and diminished customer acquisition rates.
9 Who Must Notify of a Breach In North Carolina? A business, state or local government agency that owns or licenses records or data with personal information that has been subject to a security breach must notify. A business includes sole proprietorships, partnerships, corporations, associations, charities or any group, however organized. The business must be (1) located in North Carolina or (2) own/license the personal information (in any form) of North Carolina residents. Businesses that keep records/data with the personal information of North Carolina residents on behalf of another company must notify the owner or licensee of a security breach.
10 The Notice Must Include: General description of the security breach incident; Type of personal information breached; General description of your efforts to avoid further unauthorized access to personal information; Telephone number where people can call for more information and assistance, if one exists; and Advice for people who are affected.
11 North Carolina Security Breach Reporting Form
12 Private Data Breach Litigation Potential Causes of Action: Negligence or Negligent Misrepresentation (if more egregious facts or fraud); Violation of Uniform Deceptive Trade Practices Act statutes; Breach of Contract or Implied Covenant of Good Faith; or Invasion of Privacy. Plaintiffs counsel model is a nationwide putative class action Frequent nationwide class settlements on any remaining claims Coupon settlements. Many suits are limited (or eliminated) at the motion to dismiss stage due to inadequate Article III standing or lack of injury in fact (i.e. only harm is fear of identity theft)
13 Examples of Private Litigation Curry v. AvMed (S.D. Fla., 2014) 2009 data breach Two unencrypted laptops containing 1.2 million customers PII were stolen from a locked AvMed conference room Settled after 11 th Circuit overturned district court s dismissal for lack of cognizable injury $3 million to 460,000 class members (customers who paid premiums and were victims of the data breach) Class members who experienced identity theft could submit additional claims for reimbursement for related monetary costs ($750,000 class-wide max); $750,000 in attorney s fees (Motion to Dismiss, appeal, settlement, but no discovery); Rare cash settlement: $10 to each class member for each year of alleged premium overpayment. ($30 max);
14 Examples of Private Litigation, continued In re Sony Gaming Networks & Customer Data Breach Security Breach Litigation (MDL, S.D. Cal., 2014)* 2011 data breach into Sony s PlayStation and Sony Online Entertainment networks resulted in the theft of 77 million customers names, addresses and possibly credit card data. Sony suspended access to the hacked networks for over two weeks $15 Million Coupon Settlement Customers who took Welcome Back Package following suspended service will receive less in settlement; With proper documentation, class members can receive up to $2,500 in reimbursements for identity theft-related expenses; and Class members will receive online purchase credits and/or 1-3 months of free membership to certain Sony online gaming and music services. Up to $2.75 million in class counsels fees and expenses * Preliminary approval only
15 Hypothetical Scenarios 1. What are the most important steps to take to prepare for a cyber attack? 2. Your company has been the victim of a cyber attack, what steps should you take? 3. How should you notify customers/clients of a data breach?
16 Steps to Take Before an Attack Occurs (NOW)! A. Have an actionable plan tailored to your organization in place before an attack occurs. B. Assess the benefits of data breach insurance. C. Have appropriate technology and services in place before an attack occurs in order to prevent breaches and alert you to them. D. Make sure your legal counsel is ready and able to respond to an attack. E. Make sure to practice your plan prior to an attack, have a fire drill.
17 Steps to Take When an Attack Occurs A. Make an initial assessment. B. Contact outside counsel knowledgeable about responding to an attack. C. Implement your organizations specifically tailored data breach plan. D. Begin a forensic investigation to learn about the attack. E. Contact the proper authorities (local police, state police, FBI, secret service) using outside counsel to maintain attorney client privilege. F. Contact a PR firm through your outside counsel to maintain attorney client privilege.
18 Steps to Take When an Attack Occurs, continued G. Notify those affected by the breach (A requirement in most states). H. Notify state attorney generals (A requirement in many states). I. Notify credit reporting agencies (A requirement in most states).
19 The Value of Outside Counsel Attorney-client privilege protects communications Outside counsel can help navigate the legal landscape and ensure compliance with numerous laws that may apply to a data breach Outside counsel can ensure that processes are put into place to preserve materials that may be discoverable in litigation Time is of the essence! A team of experienced attorneys can mobilize quickly
20 Solutions Limitations on further disclosure Keep only what is necessary Confidentiality Breach notification requirements Information security requirements Cyber Insurance Use of subcontractors Aggressive and timely legal counsel
21 Questions? Thank you so much for attending!
22 Shumaker, Loop & Kendrick, LLP Michael S. Taaffe Esq. Shumaker, Loop & Kendrick, LLP 240 South Pineapple Avenue, 10 th Floor Sarasota, FL PH: Fax:
Security Breaches Under the NC Identity Theft Protection Act: Basic Information for Local Health Departments
Security Breaches Under the NC Identity Theft Protection Act: Basic Information for Local Health Departments Jill Moore UNC Institute of Government April 2007 In 2005, the N.C. General Assembly passed
More informationPrepare for the Worst: Best Practices for Responding to Cybersecurity Breaches Trivalent Solutions Expo June 19, 2014
Prepare for the Worst: Best Practices for Responding to Cybersecurity Breaches Trivalent Solutions Expo June 19, 2014 2014, Mika Meyers Beckett & Jones PLC All Rights Reserved Presented by: Jennifer A.
More informationCYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131
CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 TOPICS 1. Threats to your business s data 2. Legal obligations
More informationData Security: Risks, Compliance and How to be Prepared for a Breach
Data Security: Risks, Compliance and How to be Prepared for a Breach Presented by: Sandy B. Garfinkel, Esq. The Data Breach Reality: 2015 AshleyMadison.com (July 2015) Member site facilitating personal
More informationData Breach and Senior Living Communities May 29, 2015
Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs
More informationRecent Developments in Privacy/Security Litigation
Recent Developments in Privacy/Security Litigation Elizabeth F. Hodge February 25, 2015 Privacy & Security Enforcement HIPAA Office for Civil Rights State Attorneys General Federal Trade Commission (FTC)
More informationBest practices and insight to protect your firm today against tomorrow s cybersecurity breach
Best practices and insight to protect your firm today against tomorrow s cybersecurity breach July 8, 2015 Baker Tilly Virchow Krause, LLP Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently
More informationIDENTITY THEFT IN SOUTH CAROLINA: 2014 UPDATE. Marti Phillips, Esq. Director, Identity Theft Unit South Carolina Department of Consumer Affairs
IDENTITY THEFT IN SOUTH CAROLINA: 2014 UPDATE Marti Phillips, Esq. Director, Identity Theft Unit South Carolina Department of Consumer Affairs This presentation is not meant to serve as a substitute for
More informationThe Matrix Reloaded: Cybersecurity and Data Protection for Employers. Jodi D. Taylor
The Matrix Reloaded: Cybersecurity and Data Protection for Employers Jodi D. Taylor Why Talk About This Now? Landscape is changing Enforcement by federal and state governments on the rise Legislation on
More informationNavigating the New MA Data Security Regulations
Navigating the New MA Data Security Regulations Robert A. Fisher, Esq. 2009 Foley Hoag LLP. All Rights Reserved. Presentation Title Data Security Law Chapter 93H Enacted after the TJX data breach became
More informationData Security Breach. How to Respond
Data Security Breach How to Respond About ERM About The Speaker Information Security Director at ERM CISSP, CISA, CRISC, PCIP, PCI-QSA Core Experience: Information Assurance Computer Forensics Penetration
More informationSubscribe to Credit Monitoring and/or Submit a Claim Form to get benefits. EXCLUDE YOURSELF
SUPERIOR COURT OF THE STATE OF CALIFORNIA, COUNTY OF ORANGE If you applied for health insurance through WellPoint / Anthem Blue Cross before March 10, 2010, you could get benefits from a class action settlement.
More informationNC General Statutes - Chapter 75 Article 2A 1
Article 2A. Identity Theft Protection Act. 75-60. Title. This Article shall be known and may be cited as the "Identity Theft Protection Act". (2005-414, s. 1.) 75-61. Definitions. The following definitions
More informationJanuary 2007. An Overview of U.S. Security Breach Statutes
January 2007 An Overview of U.S. Security Breach Statutes An Overview of U.S. Security Breach Statutes Jeffrey M. Rawitz and Ryan E. Brown 1 This Jones Day White Paper summarizes what is generally entailed
More informationData Breach Response Basic Principles Under U.S. State and Federal Law. ABA Litigation Section Core Knowledge January 2015 1
Data Breach Response Basic Principles Under U.S. State and Federal Law ABA Litigation Section Core Knowledge January 2015 1 I. Introduction Data breaches have become an unfortunate reality for many of
More informationCyber and data Policy wording
Please read the schedule to see whether Breach costs, Cyber business interruption, Hacker damage, Cyber extortion, Privacy protection or Media liability are covered by this section. The General terms and
More informationIntroduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide
Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide by Christopher Wolf Directors, Privacy and Information Management Practice Hogan Lovells US LLP christopher.wolf@hoganlovells.com
More informationPENNSYLVANIA IDENTITY THEFT RANKING BY STATE: Rank 14, 72.5 Complaints Per 100,000 Population, 9016 Complaints (2007) Updated January 29, 2009
PENNSYLVANIA IDENTITY THEFT RANKING BY STATE: Rank 14, 72.5 Complaints Per 100,000 Population, 9016 Complaints (2007) Updated January 29, 2009 Current Laws: A person commits the offense of identity theft
More informationNorth Carolina General Statutes Chapter 75 Monopolies, Trusts, and Consumer Protection Article 2A Identity Theft Protection Act
North Carolina General Statutes Chapter 75 Monopolies, Trusts, and Consumer Protection Article 2A Identity Theft Protection Act 75-60. Title. This Article shall be known and may be cited as the "Identity
More informationData Breach Law and Litigation
Technological Evolution The Impact of Social Media, Big Data and Privacy on Business Data Security: Before and After a Breach Occurs Archis A. Parasharami Partner Mayer Brown LLP David Hale Chief Privacy
More information2015 ROBINS KAPLANLLP TOOLS, TIPS, AND TRENDS: DATA PRIVACY AND CYBERSECURITY
TOOLS, TIPS, AND TRENDS: DATA PRIVACY AND CYBERSECURITY PANEL MEMBERS Stacy Bettison, Founder and President, BETTISON Candice Ciresi, Head of Stratasys US Legal and Legal Counsel to SSYS, Inc and LATAM
More informationTRENDS IN CYBER LIABILITY Presented by Chris DiIenno Data Privacy and Network Security Group Lewis Brisbois Bisgaard & Smith
TRENDS IN CYBER LIABILITY Presented by Chris DiIenno Data Privacy and Network Security Group Lewis Brisbois Bisgaard & Smith Types of Data at Stake Residents, constituents, employees PII Personally Identifiable
More informationArticles. Three Large States Revise Their Security Breach Notification Laws and Texas Applies Its Law to Residents of Some Other States to Boot
Three Large States Revise Their Security Breach Notification Laws and Texas Applies Its Law to Residents of Some Other States to Boot Jeff Dodd IP and Technology Developments - October 2011 October 25,
More informationIf You Shopped at Target from November 27 through December 18, 2013 or Received Notice That Your Personal Information Was Compromised,
UNITED STATES DISTRICT COURT FOR THE DISTRICT OF MINNESOTA If You Shopped at Target from November 27 through December 18, 2013 or Received Notice That Your Personal Information Was Compromised, You Could
More informationa. Credit to be used primarily for personal, family, or household purposes. c. Any other purpose authorized under 15 U.S.C. 168l(b).
North Carolina General Statutes Article 2A Identity Theft Protection Act 75-61. Definitions. The following definitions apply in this Article: (1) "Business". A sole proprietorship, partnership, corporation,
More informationDiscussion on Network Security & Privacy Liability Exposures and Insurance
Discussion on Network Security & Privacy Liability Exposures and Insurance Presented By: Kevin Violette Errors & Omissions Senior Broker, R.T. Specialty, LLC February, 25 2014 HFMA Washington-Alaska Chapter
More informationData Privacy: What your nonprofit needs to know. Donna Balaguer and Ed Lavergne Washington, D.C. February 5, 2015
Data Privacy: What your nonprofit needs to know Donna Balaguer and Ed Lavergne Washington, D.C. February 5, 2015 Overview 2 Data privacy versus data security Privacy polices and best practices Data security
More informationData Privacy and Cybersecurity Task Force
Data Privacy and Cybersecurity Task Force key contact Josephine Cicchetti Shareholder T: 202.965.8162 F: 202.965.8104 email We provide clients across industries with comprehensive counsel on complex, evolving,
More informationSINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry
SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry DATA BREACH A FICTIONAL CASE STUDY THE FIRST SIGNS OF TROUBLE Friday, 5.20 pm :
More informationNC s Identity Theft Protection Act
NC s Identity Theft Protection Act What Does it Mean for Local Health Departments? Jill Moore UNC Institute of Government Two Issues Managing security breaches Collection and use of SSNs Security Breaches
More informationMichie's Legal Resources. This part shall be known and may be cited as the Tennessee Identity Theft Deterrence Act of 1999. [Acts 1999, ch. 201, 2.
http://www.michie.com/tennessee/lpext.dll/tncode/12ebe/13cdb/1402c/1402e?f=templates&... Page 1 of 1 47-18-2101. Short title. This part shall be known and may be cited as the Tennessee Identity Theft Deterrence
More informationCybersecurity: Protecting Your Business. March 11, 2015
Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks
More informationPrivacy Rights Clearing House
10/13/15 Cybersecurity in Education What you face as educational organizations How to Identify, Monitor and Protect Presented by Jamie Gershon Sr. Vice President Education Practice Group 1 Privacy Rights
More informationCyber Liability. What School Districts Need to Know
Cyber Liability What School Districts Need to Know Data Breaches Growing In Number Between January 1, 2008 and April 4, 2012 314,216,842 reported records containing sensitive personal information have
More informationYOUR LEGAL RIGHTS AND OPTIONS IN THIS SETTLEMENT
UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF GEORGIA If You Used a Credit or Debit Card at a Self-Checkout Lane at a U. S. Home Depot Store Between April 10, 2014 and September 13, 2014 or
More informationDATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT
Advisor Article DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT By James R. Carroll, David S. Clancy and Christopher G. Clark* Skadden, Arps, Slate, Meagher & Flom Customer data security
More informationThe Evolving Legal Framework Regulating Commercial Data Security Standards
The Evolving Legal Framework Regulating Commercial Data Security Standards By Bret Cohen Late one evening in December 2010, an employee of a commercial blood bank left his office with four backup tapes
More informationCyber Liability Insurance: It May Surprise You
Cyber Liability Insurance: It May Surprise You Moderator Eugene Montgomery, President & CEO Community Financial Insurance Center Panelists Antonio Trotta, Senior Claim Counsel, CNA Specialty William Heinbokel,
More informationBlack Hats, Firewalls, and Data Loss: Insurers Confront Data Breach Litigation
Thomas W. Curvin Phillip E. Stano Mark Thibodeaux Tracey K. Ledbetter December 9, 2014 Black Hats, Firewalls, and Data Loss: Insurers Confront Data Breach Litigation INSURANCE AND FINANCIAL SERVICES LITIGATION
More informationPhilip L. Gordon, Esq. Littler Mendelson, P.C.
Beyond The Legal Requirements: Key Practical Issues in Negotiating Business Associate Agreements, Responding to a Breach of Unsecured PHI, and Understanding HHS Enforcement Philip L. Gordon, Esq. Littler
More informationTODAY S AGENDA. Trends/Victimology. Incident Response. Remediation. Disclosures
TODAY S AGENDA Trends/Victimology Incident Response Remediation Disclosures Trends/Victimology ADVERSARY CLASSIFICATIONS SOCIAL ENGINEERING DATA SOURCES COVERT INDICATORS - METADATA METADATA data providing
More informationConsumer Reporting Agencies and Federal Law
Privacy and Information Security Law Randy Canis CLASS 11 Financial Data pt. 1; Data Security 1 Financial Data pt. 1 2 A. THE FAIR CREDIT REPORTING ACT 3 Credit Reports Why do credit reports matter? Credit
More informationPersonal Information Protection Policy
I Personal Information Protection Policy Purpose: This policy outlines specific employee responsibilities in regards to safeguarding personal information. To this end, each employee has a responsibility
More informationCybersecurity Workshop
Cybersecurity Workshop February 10, 2015 E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. 150 West Main Street, Suite 2100 Norfolk, VA 23510 (757) 624-3153
More informationLET S ENCRYPT SUBSCRIBER AGREEMENT
Page 1 of 7 LET S ENCRYPT SUBSCRIBER AGREEMENT This Subscriber Agreement ( Agreement ) is a legally binding contract between you and, if applicable, the company, organization or other entity on behalf
More informationPsyBar, LLC 6600 France Avenue South, Suite 640 Edina, MN 55435 Telephone: (952) 285-9000 Facsimile: (952) 848-1798
PsyBar, LLC 6600 France Avenue South, Suite 640 Edina, MN 55435 Telephone: (952) 285-9000 Facsimile: (952) 848-1798 Updated 12/8/15 PSYBAR, L. L. C. INDEPENDENT CONTRACTOR AGREEMENT PsyBar attempts to
More informationCOLORADO IDENTITY THEFT RANKING BY STATE: Rank 8, 89.0 Complaints Per 100,000 Population, 4328 Complaints (2007) Updated November 28, 2008
COLORADO IDENTITY THEFT RANKING BY STATE: Rank 8, 89.0 Complaints Per 100,000 Population, 4328 Complaints (2007) Updated November 28, 2008 Current Laws: A person commits identity theft if he or she: Knowingly
More informationPrivacy & Data Security
Privacy & Data Security May 9, 2014 Presented at: SWBA 39 TH ANNUAL CONFERENCE by: James E. Prendergast, Esq. Overview Data Privacy Concerns: Unauthorized access, use, acquisition or disclosure of information
More informationDATA BREACH CHARTS (Current as of December 31, 2015)
DATA BREACH CHARTS (Current as of December 31, 2015) The charts below provide summary information about data breach notification statutes across the country. California adopted the first data breach notification
More informationDATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE
DATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE ACC-Charlotte February 4, 2015 THIS WILL NEVER HAPPEN TO ME! Death, Taxes & Data Breach Not just Home Depot, Target or Sony Do you employ the next
More informationKRS Chapter 61. Personal Information Security and Breach Investigations
KRS Chapter 61 Personal Information Security and Breach Investigations.931 Definitions for KRS 61.931 to 61.934. (Effective January 1, 2015).932 Personal information security and breach investigation procedures
More informationWISCONSIN IDENTITY THEFT RANKING BY STATE: Rank 15, 175.9 Complaints Per 100,000 Population, 9852 Complaints (2007) Updated January 16, 2009
WISCONSIN IDENTITY THEFT RANKING BY STATE: Rank 15, 175.9 Complaints Per 100,000 Population, 9852 Complaints (2007) Updated January 16, 2009 Current Laws: It is unlawful to intentionally use or attempt
More informationCyber Insurance Presentation
Cyber Insurance Presentation Presentation Outline Introduction General overview of Insurance About us Cyber loss statistics Cyber Insurance product coverage Loss examples Q & A About Us A- Rated reinsurance
More informationState of Illinois Department of Central Management Services ACTION PLAN FOR NOTIFICATION OF A SECURITY BREACH
State of Illinois Department of Central Management Services ACTION PLAN FOR NOTIFICATION Effective August 31, 2007 Publication Name(s): Version #(1): ILLINOIS DEPARTMENT OF CENTRAL MANAGEMENT SERVICES
More informationCybersecurity y Managing g the Risks
Cybersecurity y Managing g the Risks Presented by: Steven L. Caponi Jennifer Daniels Gregory F. Linsin 99 Cybersecurity The Risks Are Real Perpetrators are as varied as their goals Organized Crime: seeking
More informationCLASS ACTION DATA BREACH LITIGATION: IS THE TIDE TURNING IN PLANTIFFS FAVOR?
CLASS ACTION DATA BREACH LITIGATION: IS THE TIDE TURNING IN PLANTIFFS FAVOR? These days, it is rare to turn on the news and not hear about a new data breach affecting U.S. companies and consumers. In fact,
More informationOutline. Identity Fraud and HIPAA Data Breaches Criminal and Civil Enforcement Efforts Orlando, FL July 30, 2014 7/10/2014
LeadingAge Florida s 50 th Annual Convention and Exposition Identity Fraud and HIPAA Data Breaches Criminal and Civil Enforcement Efforts Orlando, FL July 30, 2014 James Robnett Special Agent in Charge
More informationThe Age of Data Breaches:
The Age of Data Breaches: HOW TO AVOID BEING THE NEXT HEADLINE MARCH 24, 2015 2015 Epstein Becker & Green, P.C. All Rights Reserved. ebglaw.com This presentation has been provided for informational purposes
More informationCYBER SECURITY A L E G A L P E R S P E C T I V E
A L E G A L P E R S P E C T I V E T H O M A S G. S C H R O E T E R A S S O C I A T E G E N E R A L C O U N S E L P O R T O F H O U S T O N A U T H O R I T Y DISCLAIMER! This presentation: does not include
More informationCONNECTICUT IDENTITY THEFT RANKING BY STATE: Rank 19, 68.8 Complaints Per 100,000 Population, 2409 Complaints (2007) Updated November 28, 2008
CONNECTICUT IDENTITY THEFT RANKING BY STATE: Rank 19, 68.8 Complaints Per 100,000 Population, 2409 Complaints (2007) Updated November 28, 2008 Current Laws: A person commits identity theft when he intentionally
More informationCyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?
Cyber Warfare David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Cyber crime is the fastest growing economic crime up more than 2300% since 2009 1 in 10 companies
More informationWhat s trending on NP Privacy Partner
NP PRIVACY PARTNER Nixon peabody LLP What s trending on NP Privacy Partner January 30, 2015 Beware private drone operators, the FTC issues an Internet of Things report, hackers use stolen passwords to
More informationA Privacy and Cybersecurity Primer for Nonprofits
A Privacy and Cybersecurity Primer for Nonprofits Nonprofits in the Digital Age March 24, 2016 Presenters: Sean Hoar and Anna Watterson Privacy & Security Privacy The choices a consumer exercises re: who
More information$194 per record lost* 3/15/2013. Global Economic Crime Survey. Data Breach Costs. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP
David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Global Cyber Crime is the fastest growing economic crime Cyber Crime is more lucrative than trafficking drugs!
More informationWhat Data? I m A Trucking Company!
What Data? I m A Trucking Company! Presented by: Marc C. Tucker 434 Fayetteville Street, Suite 2800 Raleigh, NC, 27601 919.755.8713 marc.tucker@smithmoorelaw.com Presented by: Rob D. Moseley, Jr. 2 West
More informationCybersecurity and Privacy 2015: Presentation to Institute of International Bankers
Cybersecurity and Privacy 2015: Presentation to Institute of International Bankers Sue Ross Senior Counsel Norton Rose Fulbright US LLP October 27, 2015 Speaker Sue Ross Senior Counsel Norton Rose Fulbright
More information2015 -- S 0134 SUBSTITUTE B ======== LC000486/SUB B/2 ======== S T A T E O F R H O D E I S L A N D
0 -- S 01 SUBSTITUTE B LC000/SUB B/ S T A T E O F R H O D E I S L A N D IN GENERAL ASSEMBLY JANUARY SESSION, A.D. 0 A N A C T RELATING TO CRIMINAL OFFENSES - IDENTITY THEFT PROTECTION Introduced By: Senators
More informationCyber and Privacy Risk What Are the Trends? Is Insurance the Answer?
Minnesota Society for Healthcare Risk Management September 22, 2011 Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer? Melissa Krasnow, Partner, Dorsey & Whitney, and Certified Information
More informationInsurance Considerations Related to Data Security and Breach in Outsourcing Agreements
Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Greater New York Chapter Association of Corporate Counsel November 19, 2015 Stephen D. Becker, Executive Vice President
More informationRHODE ISLAND IDENTITY THEFT RANKING BY STATE: Rank 34, 56.0 Complaints Per 100,000 Population, 592 Complaints (2007) Updated January 5, 2009
RHODE ISLAND IDENTITY THEFT RANKING BY STATE: Rank 34, 56.0 Complaints Per 100,000 Population, 592 Complaints (2007) Updated January 5, 2009 Current Laws: A person commits the crime of identity fraud if
More informationHealthcare Practice. Breach Notification Requirements Under HIPAA/HITECH Act and Oregon Consumer Identity Theft Protection Act. Oregon.
Healthcare Practice Breach Notification Requirements Under HIPAA/HITECH Act and Consumer Identity Theft Protection Act August 2013 Anchorage Beijing New York Portland Seattle Washington, D.C. www.gsblaw.com
More informationData Security Incident Response Plan. [Insert Organization Name]
Data Security Incident Response Plan Dated: [Month] & [Year] [Insert Organization Name] 1 Introduction Purpose This data security incident response plan provides the framework to respond to a security
More informationPII = Personally Identifiable Information
PII = Personally Identifiable Information EMU is committed to protecting the privacy of personally identifiable information of its students, faculty, staff, and other individuals associated with the University.
More informationCyber Insurance and Your Data Ted Claypoole, Partner, Womble Carlyle and Jack Freund, PhD, InfoSec Mgr, TIAA-CREF
Cyber Insurance and Your Data Ted Claypoole, Partner, Womble Carlyle and Jack Freund, PhD, InfoSec Mgr, TIAA-CREF October 9, 2013 1 Cyber Insurance Why? United States Department of Commerce: Cyber Insurance
More informationGENERAL ASSEMBLY OF NORTH CAROLINA SESSION 2005 H 2 HOUSE BILL 629 Committee Substitute Favorable 5/18/05
GENERAL ASSEMBLY OF NORTH CAROLINA SESSION 0 H HOUSE BILL Committee Substitute Favorable //0 Short Title: Option to Freeze Credit Report. Sponsors: Referred to: March, 0 (Public) A BILL TO BE ENTITLED
More informationMICHAEL D. WAKS LONG BEACH PERSONAL INJURY ATTORNEY
WHAT IS LEGAL MALPRACTICE IN CALIFORNIA? A client who sustains harm as a direct result of legal malpractice can file a civil lawsuit against the attorney who was responsible for causing that harm. MICHAEL
More informationSUPERIOR COURT OF THE STATE OF CALIFORNIA, COUNTY OF SACRAMENTO. You may be entitled to get benefits from a class action settlement.
SUPERIOR COURT OF THE STATE OF CALIFORNIA, COUNTY OF SACRAMENTO You may be entitled to get benefits from a class action settlement. A California Superior Court authorized this Notice. This is not a solicitation
More informationNerds and Geeks Re-United: Towards a Practical Approach to Health Privacy Breaches. Gerard M. Stegmaier gstegmaier@wsgr.
Nerds and Geeks Re-United: Towards a Practical Approach to Health Privacy Breaches Gerard M. Stegmaier gstegmaier@wsgr.com @1sand0slawyer Data Breach Trends 2011 Average Loss to Organization = $5.5 million
More informationIdentity Theft Prevention and Security Breach Notification Policy. Purpose:
Identity Theft Prevention and Security Breach Notification Policy Purpose: Lahey Clinic is committed to protecting the privacy of the Personal Health Information ( PHI ) of our patients and the Personal
More informationClients Legal Needs in HIPAA Security Compliance
Clients Legal Needs in HIPAA Security Compliance Robyn A. Meinhardt, JD, RN FOLEY & LARDNER LLP 2004 Preserving Attorney-Client Privilege and Work Product Protections 1 Relevance to Security Compliance
More informationAUGUST 28, 2013 INFORMATION TECHNOLOGY INCIDENT RESPONSE PLAN. 1250 Siskiyou Boulevard Ashland OR 97520
AUGUST 28, 2013 INFORMATION TECHNOLOGY INCIDENT RESPONSE PLAN 1250 Siskiyou Boulevard Ashland OR 97520 Revision History Revision Change Date 1.0 Initial Incident Response Plan 8/28/2013 Official copies
More informationInsurance for Data Breaches in the Hospitality Industry
The Academy of Hospitality Industry Attorneys The Pl Palmer House Hilton Chicago, IL April 25, 2014 Insurance for Data Breaches in the Hospitality Industry Presenters: David P. Bender, Jr. dbender@andersonkill.com
More informationIdentity Theft. What it is and How to Protect Yourself
Mark R. Herring Attorney General Commonwealth of Virginia Office of the Attorney General 900 East Main Street Richmond, Virginia 23219 (804) 786-2071 (Telephone) (804) 786-1991 (Facsimile) Identity Theft
More informationManaging Cyber & Privacy Risks
Managing Cyber & Privacy Risks NAATP Conference 2013 NSM Insurance Group Sean Conaboy Rich Willetts SEAN CONABOY INSURANCE BROKER NSM INSURANCE GROUP o Sean has been with NSM Insurance Group for the past
More informationCYBER LIABILITY. Bring on tomorrow. Network Security and Privacy. May 15, 2014
CYBER LIABILITY Network Security and Privacy Bring on tomorrow May 15, 2014 1 AGENDA I. Identify Exposures II. Identify how a breach can occur III. The Coverage (Third Party Liability + First Party Losses)
More informationIDENTITY THEFT: DATA SECURITY FOR EMPLOYERS. Boston, MA 02110 Richmond, Virginia 23219 Tel. (617) 502.8238 Tel. (804) 783.7579
IDENTITY THEFT: DATA SECURITY FOR EMPLOYERS Daniel J. Blake, Esq. Vijay K. Mago, Esq. LeClairRyan, A Professional Corporation LeClairRyan, A Professional Corporation One International Place, Eleventh Floor
More informationIndiana Social Security Number Disclosure and Security Breach Legislation
Indiana Social Security Number Disclosure and Security Breach Legislation Presented by: Joanna Lyn Grama, J.D., Information Security Project Manager Scott Ksander, Senior Inforensics Analyst/Engineer 1
More informationIN THE SECOND DISTRICT COURT OF APPEAL, LAKELAND, FLORIDA. November 04, 2015
IN THE SECOND DISTRICT COURT OF APPEAL, LAKELAND, FLORIDA November 04, 2015 FLORIDA DIGESTIVE HEALTH SPECIALISTS, LLP, a Florida Limited Liability Partnership, and RAMON E. COLINA, M.D., LLC, Appellants/Cross-Appellees,
More informationPrivacy and Data Security Update for Defense Contractors
Privacy and Data Security Update for Defense Contractors T.J. Crane May 19, 2017 Overview DoD interim rule Expanded DFAR reporting obligations New DFAR definitions Cloud services Changes to local breach
More informationCYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS
CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS 1 As regulators around the world move to tighten compliance requirements for financial institutions, improvement in cyber security controls will become
More informationPRIVACY BREACH MANAGEMENT POLICY
PRIVACY BREACH MANAGEMENT POLICY DM Approval: Effective Date: October 1, 2014 GENERAL INFORMATION Under the Access to Information and Protection of Privacy Act (ATIPP Act) public bodies such as the Department
More informationAftermath of a Data Breach Study
Aftermath of a Data Breach Study Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: January 2012 Ponemon Institute Research Report Aftermath
More informationStudent Data Breaches: Is Your District Prepared?
Student Data Breaches: Is Your District Prepared? Colleen A. Sloan, Esq., Manager, Labor Relations and Associate School Attorney JoAnn Balazs, Director, Management Services Janell Hallgren, Manager, Policy
More informationCOMMONWEALTH OF MASSACHUSETTS. ASSURANCE OF DISCONTINUANCE PURSUANT TO M.GX. c. 93A, S 5 I. INTRODUCTION
COMMONWEALTH OF MASSACHUSETTS SUFFOLK, ss. SUPERIOR COURT CIVIL ACTION NO. 14-3832 COMMONWEALTH OF MASSACHUSETTS, Plaintiff, n, ^ I v. - 8 2014 TD BANK, NA., Defendant. M'GKAcl JOS&FH 30N0VAN CLERK/^y;
More informationData Breach Strikes - Nerds & Geeks Unite: Effective Cooperation Between Privacy and Technical Experts Presented by: Paul H. Luehr, Managing Dir.
Data Breach Strikes - Nerds & Geeks Unite: Effective Cooperation Between Privacy and Technical Experts Presented by: Paul H. Luehr, Managing Dir. Stroz Friedberg Gerard M. Stegmaier, Esq. Wilson Sonsini
More informationCovered Areas: Those EVMS departments that have activities with Covered Accounts.
I. POLICY Eastern Virginia Medical School (EVMS) establishes the following identity theft program ( Program ) to detect, identify, and mitigate identity theft in its Covered Accounts in accordance with
More informationOakland Family Services - Was Your Email Hacked?
Oakland Family Services Information Breach FAQs 1. What happened? An unauthorized individual remotely gained access to the email account of one Oakland Family Services employee July 14, 2015 resulting
More informationIf you made a purchase or a return at a TJX store listed below, you could get benefits from a class action settlement.
UNITED STATES DISTRICT COURT FOR THE DISTRICT OF MASSACHUSETTS If you made a purchase or a return at a TJX store listed below, you could get benefits from a class action settlement. A federal court authorized
More informationComputer Security Incident Reporting and Response Policy
SECTION: 3.8 SUBJECT: Computer Security Incident Reporting and Response Policy AUTHORITY: Executive Director; Chapter 282.318, Florida Statutes - Security of Data and Information Technology Resources;
More informationPersonal Information Protection Act Information Sheet 11
Notification of a Security Breach Personal Information Protection Act Information Sheet 11 Introduction Personal information is used by organizations for a variety of purposes: retail and grocery stores
More information