Litigating in the Cloud - Security Issues for the Trial Practice

Size: px
Start display at page:

Download "Litigating in the Cloud - Security Issues for the Trial Practice"

Transcription

1 Litigating in the Cloud - Security Issues for the Trial Practice J. Walter Sinclair Stoel Rives LLP 101 S. Capitol Blvd, Suite 1900 Boise, Idaho (208) Mr. Sinclair is a partner in the law firm of Stoel Rives in Boise, Idaho. He has practiced law since 1978, developing a trial practice with an emphasis on business, corporate and complex litigation matters associated with agricultural product liability, antitrust, class action, complex commercial litigation contract disputes, mass tort, probate disputes, product liability, real estate and securities litigation. Mr. Sinclair graduated from Stanford University with a B.A. in Economics and then received his Juris Doctor degree from the University of Idaho, College of Law in He is admitted to practice in federal and state courts in Idaho, Washington, and Oregon, including the U.S. Court of Appeals for the Ninth Circuit. He was recently nominated as Lawyer Representative for the U.S. District & Bankruptcy Courts, District of Idaho. Mr. Sinclair has received numerous professional honors including being a Fellow in the American College of Trial Lawyers and the International Academy of Trial Lawyers, receiving the Local Litigation Star by Benchmark Litigation; top 75 Mountain States Super Lawyers; America s Leading Lawyers for Business by Chambers USA; Boise Bet-the-Company Litigator of the Year by Best Lawyers; recipient, Golden Eagle Award, DuPont Legal top award for excellent legal services; and is listed in Best Lawyers in America. Litigating in the Cloud - 1

2 Litigating in the Cloud - Security Issues for the Trial Practice Cloud computing for trial attorneys. The bold new frontier. But is it too risky for the litigation practice? Let s start by identifying what this program will address. This is not a discussion of a virtual law practice; it is simply a discussion of ipads and other tablets used in a litigation practice. Issues of backup files and data retrieval will not be addressed. What will be addressed, however, are the practical, functional, and ethical considerations as they apply to trial attorneys, specifically as they relate to the use of cloud computing with ipads/tablets. Most of us have used and/or heard of Gmail and Hotmail. They deliver a cloud computing service in which users can access their in the cloud, from any computer, with a browser and an internet connection, regardless of what kind of hardware is on that particular device. I dare say most, if not all, of us have used one of those services or something similar. And we do so for the most part without even thinking about it. Yet, that is using cloud computing service. It is here to stay, and we need to get used to it proactively. A component of cloud computing is Software as a Service (SaaS), which connects computer devices and clouds. In this software distribution model, applications are hosted by a vendor or service provider and customers access applications, software platforms, services, and data over a network. You can use traditional desktop computer laptops or a variety of mobile devices. So why do we care? The cloud raises novel, yet familiar, issues. Great concern exists about the potential of a breach of confidentiality or security and the potent vulnerability to unauthorized access or inadvertent disclosure when someone places documents and/or data in a cloud. But these concerns are not new. They are simply recreated in a new environment an environment in which most of us are unsure and often unknowledgeable. The sources of potential security threats are familiar. There are external threats including third party vendors and internal threats including employees of the cloud computing provider who can access data without authorization. What is the difference between a computer hacker and the nightly cleaning crew in an office building? Bad people exist in either world. And what is the difference between an employee of the cloud computing provider and your external data processing company? Confidentiality and security concerns must address them all. While a range of cloud technologies currently exists, including the storage of client data, financial records, legal documents, and other information, this program will only look at those aspects inherent to the trial practice. Cloud-Based Storage In using many of the litigation-based apps, you need a source, other than your firm s computer system, to store and retrieve data/documents. Let s look at the essential security offered in a cloud-based storage solution. One of my favorite services is Dropbox. This is a server + cloud solution (also known as offline cloud access ). Your data is stored on your own computers or servers and synchronized with servers in the cloud. In addition to providing storage, it also synchronizes your data among the various computer devices you control. Litigating in the Cloud - 2

3 So, how secure is this service? Here is what Dropbox has to say: All transmission of file data and metadata occurs over an encrypted channel (Secure Socket Layer (SSL)). All files stored on Dropbox servers are encrypted (AES-256) and are inaccessible without your account password. Dropbox website and client software has been hardened against attacks from hackers. Dropbox employees are not able to view any user s files. All files stored online by Dropbox are encrypted and kept securely on Amazon s Simple Storage Service (S3) in data centers located along the East Coast of the United States. 1 You should note that Dropbox uses Amazon s S3 servers. So in reality you are trusting two services. Amazon provides the storage, and Dropbox encrypts the data before any files are stored on Amazon s S3 servers. 2 The benefit of using Amazon s S3 servers is the level of their data center security, which anyone s due diligence would confirm. Physical Security: In reality, certain cloud-based storage may provide a superior degree of security than what many law firms could. And as will be addressed below, that security is what the legal profession requires. The same confidentiality standards that apply to physical client files apply to computer-generated data as well. By its very nature, cloud computing presents a unique set of risks and legal issues. However, in many ways, the risks are no different from those faced when outsourcing the management of client data to any third party. Therefore, lawyers seeking to implement any type of new IT system have an obligation to take reasonable steps to ensure that client data remains confidential. There is no obligation to ensure absolute security, however, because that is an impossibility. Legal and privacy issues surrounding cloud computing are still evolving, and a majority of states have yet to issue opinions regarding its use. The California State Bar issued Formal Opinion No regarding the use of cloud computing to maintain a virtual law office practice, where all legal services and communications were conducted solely through the internet using third party vendors. 3 While many litigators may not use cloud computing to the extent that a virtual law office might, many of the issues remain the same. 1 Nicole Black, Cloud Computing for Lawyers 98 (2012). 2 Id. at State Bar of California Standing Comm. on Prof l Responsibility & Conduct, Formal Op. No , at 1 (2012), available at Litigating in the Cloud - 3

4 The California opinion indicates an attorney must assess the technology to determine if it is adequate to comply with the ethical obligations of maintaining client confidentiality. 4 To help legal practitioners ensure they meet their ethical and professional obligations when using new technologies such as cloud computing, the Law Society of NSW, in conjunction with the Office of the Legal Services Commissioner (OLSC), is developing a series of guidelines that will be based on the findings of a major research project by the OLSC. On a national level, the International Legal Technology Standards Organization has published a set of standards for the use of technology in law practice. To summarize, it is the lawyer s duty to competently investigate and exercise sound professional judgment in forming a reasonable conclusion as to the security of a potential service provider. In August 2009 the American Bar Association (ABA) created the Commission on Ethics 20/20 to consider whether the Model Rules of Professional Conduct adequately address the challenges of a 21st century law practice. The issues that committee reviewed included concerns regarding the privacy and security of client confidential data stored online on third party servers and the acceptable level of data access by providers. The discussion focused on the professional obligation to take reasonable steps to protect electronically stored client confidential data from inadvertent disclosure or unauthorized access. On September 19, 2011, the ABA Commission on Ethics 20/20 published its Revised Proposal regarding Technology and Confidentiality, which includes proposed changes to Model Rules 1.0 and 1.6. Of particular interest to attorneys using cloud computing, the proposed changes to Model Rule 1.6 include proposing new language to Comment [16] to identify several factors that lawyers should consider when determining whether their efforts in this regard have been reasonable, including the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, the cost of employing additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer s ability to represent clients This may require some reasonable due diligence. 6 The obligation of reasonable due diligence should be used in selecting a third party vendor. 7 Vendor policies should also employ the same policies and procedures that an attorney would use to comply with the attorney s duty of confidentiality. 8 4 Id. at 3. 5 See ABA Commission on Ethics 20/20, Report on Revised Proposal Technology and Confidentiality, at 5 (Sept. 19, 2011), 0_technology_and_confidentiality_revised_resolution_and_report_posting.authcheckdam.pdf. 6 Id. at 2. 7 Id. 8 Id. Litigating in the Cloud - 4

5 While an attorney does not have to be an expert in technology, he or she should at least have an understanding of what protections are afforded by the technology. 9 If an attorney does not have enough knowledge to assess the security of the technology, then he or she should seek the help of an IT professional. 10 Other considerations may include a disclosure to the client about how and where his or her confidential information is being kept and whether the attorney should seek consent regarding the receipt and storage of information. 11 Concerns over confidentiality and compliance with Rule 1.6 (a) and Rule 1.15 are the overarching ethics concerns that loom over the general use of all cloud computing in the trial practice context, regardless of the specific application or intended use by the litigator. 12 The following list was compiled from the various state bar ethics opinions and may help in making a reasonable conclusion as to the security of a cloud service 13. A. Clarify Relationship with the Service Provider Did you perform due diligence in checking the background of the service provider? o Is it a solid company with a good operating record and a good reputation with others in the field? o In what country and state is it located and does it do business? Did you notify the vendor of the confidential nature of the information stored on the firm s servers and in its document database? Does the vendor understand a lawyer s professional responsibilities? Did you examine the vendor s existing policies and procedures with respect to the handling of confidential information? Has some third party addressed this issue before? B. Create an Enforceable End-Users Licensing Agreement 9 Id. 10 Id. at Id. at For further reading, see ABA Commission on Ethics 20/20 Working Group on the Implications of New Technologies, Issues Paper Concerning Client Confidentiality and Lawyers Use of Technology (Sept. 20, 2010), migrated/2011_build/ethics_2020/clientconfidentiality_issuespaper.authcheckdam.pdf; ABA Comm. on Ethics & Prof l Responsibility, Formal Op (1999) (discussing confidentiality issues of using unencrypted ). 13 Sharon Bradley, Ethics on the Wing: Examination of Opinions on Electronic Services and Cloud Computing, 1, Georgia Law, University of Georgia Law School, March 19, 2012 Litigating in the Cloud - 5

6 What is the cost of the service, how is it paid, and what happens in the event of nonpayment? o Do you lose access to your data, does the data become the property of the service provider, or is the data destroyed? Are any proprietary rights over your data granted to the service provider? Has the vendor assured you that confidential client information on your computer system will be accessed only for technical support purposes and only on an as needed basis? Has the vendor assured you that the confidentiality of all client information will be respected and preserved by the vendor and its employees? Do you and the vendor agree on additional procedures for protecting any particularly sensitive client information? How is the relationship terminated? o What type of notice is required? o How do you retrieve your data? Is the policy different from that for nonpayment? Are there any choice of law or forum, or limitation of damages provisions? Has any third party addressed these issues before? C. Understand the Security Measures Know how these things work o Encryption Is there an encrypted connection to which to send your information? Will you have the ability to encrypt some data using higher level encryption tools? Was the service provider s initial encryption scheme tested by an independent auditor? o SSL - This is an industry standard that ensures that the communications between your computers and the cloud-based server are encrypted and protected from interception. o Intrusion detection - What security measures are used to protect the servers and keep out hackers? o Firewalls o Passwords - Who has access to the passwords? o Tiered data center - The Uptime Institute s tiered classification system is an industry standard approach to site infrastructure functionality. Tier 4 data centers have the most stringent protection for their servers. o Does the company conduct regular security audits in-house or via third party? D. What Happens to the Data Itself? Retrieving the data o What if the service provider goes out of business or there is a break in continuity (sales, merger, etc.)? o Server failure o You close your account/cancel the service Litigating in the Cloud - 6

7 Will you be able to take the data with you? Make sure data will be returned in a readable format. Backup policies o How often is data backed up, and are backups distributed across geographic regions? Backups should not be located in only one place, in case something catastrophic happens at that location. o What are the steps to recover data? Where are the servers located? They should not be located outside the United States, where they might be subject to foreign laws. Foreign privacy laws can differ markedly from U.S. laws. Who has access to your data? Can employees of the service provider access the stored data, and is their access restricted and tracked? Do the service provider s employees understand their responsibilities regarding confidentiality? What would the service provider do if served with a subpoena? Federal laws like the Gramm-Leach-Bliley Act (financial services modernization) and the Health Information Portability and Accountability Act require safeguards to be in place to prevent disclosure of private and personal information. How does the service provider meet these federal requirements? Will you have unrestricted access to the stored data? Is your data stored elsewhere so that if access is thwarted you can acquire the data via another source? E. Security Begins in the Office Client security includes the security of the desktop or laptop from which you are accessing the service. All office computers need to be properly secured with firewall and anti-virus protection, and the latest security updates for your operating system and web browsers. Enforce strict password protocols; use a password generator. Employees have to be trained to use the products and everyone held to the same security standards. F. Conclusion The primary and final responsibility for data integrity, maintenance, disposition, and confidentiality rests with you. Addressing the issues above should help you find the best cloud computing service provider for your practice, while also ensuring that your law firm is taking the necessary steps to minimize the risk of inadvertent disclosure of confidential client information. And finally, recognizing your limitations is also part of exercising professional competence. If you have neither the time nor the inclination to develop sufficient technical knowledge, hire a consultant. Cloud Computing Service Questionnaire Although absolute security is impossible, and no law firm can be expected to achieve it, lawyers must take reasonable steps to ensure that their client s data is securely stored and remains confidential. Litigating in the Cloud - 7

8 Below is a summary list of questions to ask any cloud computing provider ) What type of facility will host the data? 2) Who else has access to the cloud facility, the servers, and the data, and what mechanisms are in place to ensure that only authorized personnel will be able to access your data? How does the vendor screen its employees? If the vendor does not own the data center, how does the data center screen its employees? 3) Does the contract include terms that limit data access by the vendor s employees to only those situations where you request assistance? 4) Does the contract address confidentiality? If not, is the vendor willing to sign a confidentiality agreement? 5) How frequently are backups performed (the more often, the better)? How are you able to verify that backups are being performed as promised? 6) Is data backed up to more than one server? Where are the respective servers located? Will your data, and any backup copies of it, always stay within the boundaries of the United States? 7) How secure are the data centers where the servers are housed? 8) What types of encryption methods are used and how are passwords stored? Is your data encrypted while in transit or only when in storage? 9) Has a third party, such as McAfee, evaluated or tested the vendor s security measures to assess the strength of, among other things, firewalls, encryption techniques, and intrusion detection systems? Are the audits of the security system available for your review? 10) Are there redundant power supplies for the servers? 11) Does the contract include a guarantee of uptime? How much uptime? Does the contract include historical data regarding uptime, or will the provider give you that information? What happens in the event that the servers are down? Will you be compensated if there is an unexpected period of downtime that exceeds the amount set forth in the agreement? 14 Nicole Black, Cloud Computing for Lawyers 101 (2012). 15 This list is not exhaustive. For additional resources, including suggestions of questions to ask and additional issues to consider before signing an agreement with a cloud computing vendor, see Tanya L. Forsheit, Contracting for Cloud Computing Services: Privacy and Data Security Considerations, Privacy & Sec. L. Rep. 9PVLR20 (May 17, 2010), available at Edward A. Pisacreta, Law Technology News, A Checklist for Cloud Computing Deals (Apr. 9, 2010), PubArticleLTN.jsp?id= ; Michael P. Bennett, Law Technology News, Ruuuuumble... Negotiating Cloud Computing Agreements (Mar. 11, 2010), ng_cloud_computing_ Agreements. Litigating in the Cloud - 8

9 12) If a natural disaster strikes one geographic region, would all data be lost? Are there geo-redundant backups? 13) What remedies does the contract provide? Are consequential damages included? Are total damages capped or specific? 14) Does the agreement contain a forum selection clause? How about a mandatory arbitration clause? 15) If there is a data breach, will you be notified? How are costs for remedying the breach allocated? 16) What rights do you have upon termination? Does the contract contain terms that require the vendor to assist you in transitioning from its system to another? 17) What rights do you have in the event of a billing or similar dispute with the vendor? Do you have the option of having your data held in escrow by a third party so that it is fully accessible in the event of a dispute? Alternatively can you back up your data locally so that it is accessible to you should you need it? 18) Does the provider carry cyber insurance? If so, what does it cover? What are the coverage limits? Litigating in the Cloud - 9

LAWYERING IN THE CLOUD CRIB NOTES 2012 Charles F. Luce, Jr. coloradolegalethics.com/ (alpha release)

LAWYERING IN THE CLOUD CRIB NOTES 2012 Charles F. Luce, Jr. coloradolegalethics.com/ (alpha release) CHARLES LUCE S LAWYERING IN THE CLOUD CRIB NOTES 2012 Charles F. Luce, Jr. coloradolegalethics.com/ (alpha release) A. Cloud Computing Defined: n. A loosely defined term for any system providing access

More information

Ethical Considerations for Lawyers Using the Cloud

Ethical Considerations for Lawyers Using the Cloud Ethical Considerations for Lawyers Using the Cloud Presentation by Peter J. Guffin, Esq. Pierce Atwood LLP pguffin@pierceatwood.com (207) 791-1199 Maine State Bar Association Summer Meeting June 22, 2012

More information

CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS. Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE. October 2, 2013

CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS. Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE. October 2, 2013 CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE October 2, 2013 By: Diane M. Gorrow Soule, Leslie, Kidder, Sayward & Loughman, P.L.L.C. 220 Main Street

More information

ETHICS for Lawyers and Law Firms Using Cloud Technology

ETHICS for Lawyers and Law Firms Using Cloud Technology ETHICS for Lawyers and Law Firms Using Cloud Technology Donna Kirk Seyle ~ Legal Tech Advisor: Law Practice Strategy 108 MONTESANO ST SANTA CRUZ, CA 95062 (831) 332-2243 Donna Seyle is an attorney, author,

More information

Email Data Security. The dominant business communication tool

Email Data Security. The dominant business communication tool Email Data Security Jim Brashear General Counsel Zix Corporation Dallas Business Uses Email The dominant business communication tool Time spent on email exceeds time spent on all other communication tools

More information

( and how to fix them )

( and how to fix them ) THE 5 BIGGEST MISTAKES LAWYERS MAKE WHEN CHOOSING A CLOUD SERVICE PROVIDER ( and how to fix them ) In recent years, an increasingly large number of law firms have moved their software and data to the cloud.

More information

Data Security and the Cloud

Data Security and the Cloud Data Security and the Cloud TABLE OF CONTENTS DATA SECURITY AND THE CLOUD EXECUTIVE SUMMARY PAGE 3 CHAPTER 1 CHAPTER 2 CHAPTER 3 CHAPTER 4 CHAPTER 5 PAGE 4 PAGE 5 PAGE 6 PAGE 8 PAGE 9 DATA SECURITY: HOW

More information

Data Security 101. Christopher M. Brubaker. A Lawyer s Guide to Ethical Issues in the Digital Age. cbrubaker@clarkhill.com

Data Security 101. Christopher M. Brubaker. A Lawyer s Guide to Ethical Issues in the Digital Age. cbrubaker@clarkhill.com Data Security 101 A Lawyer s Guide to Ethical Issues in the Digital Age Christopher M. Brubaker cbrubaker@clarkhill.com November 4-5, 2015 Pennsylvania Bar Institute 21 st Annual Business Lawyers Institute

More information

Legal Ethics in the Information Age: Unique Data Privacy Issues Faced by Law Firms. v2.18.11, rev

Legal Ethics in the Information Age: Unique Data Privacy Issues Faced by Law Firms. v2.18.11, rev Legal Ethics in the Information Age: Unique Data Privacy Issues Faced by Law Firms v2.18.11, rev 1 Presenters Joseph DeMarco, Partner DeVore & DeMarco, LLP Lauren Shy, Assistant General Counsel Fragomen,

More information

Cloud Computing: Legal Risks and Best Practices

Cloud Computing: Legal Risks and Best Practices Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent

More information

stacktools.io Services Device Account and Profile Information

stacktools.io Services Device Account and Profile Information Privacy Policy Introduction This Privacy Policy explains what information Super7ui LLC collect about you and why, what we do with that information, how we share it, and how we handle the content you place

More information

Ethics in Technology and ediscovery Stuff You Know, But Aren t Thinking About

Ethics in Technology and ediscovery Stuff You Know, But Aren t Thinking About Ethics in Technology and ediscovery Stuff You Know, But Aren t Thinking About Kelly H Twigger, Esq. Oil and Gas Symposium Arkansas Law Review October 16-17, 2014 Overview In the last two decades, business

More information

WHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery

WHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery WHITE PAPER HIPAA-Compliant Data Backup and Disaster Recovery DOCUMENT INFORMATION HIPAA-Compliant Data Backup and Disaster Recovery PRINTED March 2011 COPYRIGHT Copyright 2011 VaultLogix, LLC. All Rights

More information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1

More information

If You re a Lawyer Headed to the Cloud, Read This First By Reid F. Trautz, Director, AILA Practice & Professionalism Center

If You re a Lawyer Headed to the Cloud, Read This First By Reid F. Trautz, Director, AILA Practice & Professionalism Center If You re a Lawyer Headed to the Cloud, Read This First By Reid F. Trautz, Director, AILA Practice & Professionalism Center Not since the terms cyberspace and Y2K has there been an inexact technology term

More information

Dean Bank Primary and Nursery School. Secure Storage of Data and Cloud Storage

Dean Bank Primary and Nursery School. Secure Storage of Data and Cloud Storage Dean Bank Primary and Nursery School Secure Storage of Data and Cloud Storage January 2015 All school e-mail is disclosable under Freedom of Information and Data Protection legislation. Be aware that anything

More information

Five keys to a more secure data environment

Five keys to a more secure data environment Five keys to a more secure data environment A holistic approach to data infrastructure security Compliance professionals know better than anyone how compromised data can lead to financial and reputational

More information

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation MELISSA J. KRASNOW, DORSEY & WHITNEY LLP

More information

10 Ways to Avoid Ethics Dangers in the Cloud

10 Ways to Avoid Ethics Dangers in the Cloud 877.557.4273 catalystsecure.com ARTICLE 10 Ways to Avoid Ethics Dangers in the Cloud Is Cloud Computing Bob Ambrogi, Esq. Director of Communications, Catalyst Repository Systems Is Cloud Computing Ethical

More information

Selecting a Law Firm Cloud Provider: Questions to Ask and Ethical/Security Concerns

Selecting a Law Firm Cloud Provider: Questions to Ask and Ethical/Security Concerns Selecting a Law Firm Cloud Provider: Questions to Ask and Ethical/Security Concerns by Sharon D. Nelson, Esq. and John W. Simek 2013 Sensei Enterprises, Inc. It seems like everybody is talking about the

More information

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)

More information

Data Breaches and Trade Secrets: What to Do When Your Client Gets Hacked

Data Breaches and Trade Secrets: What to Do When Your Client Gets Hacked Data Breaches and Trade Secrets: What to Do When Your Client Gets Hacked R. Mark Halligan, FisherBroyles, LLP Andreas Kaltsounis, Stroz Friedberg Amy L. Carlson, Stoel Rives LLP Moderated by David A. Bateman,

More information

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Melissa J. Krasnow, Dorsey & Whitney LLP

More information

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Melissa J. Krasnow, Dorsey & Whitney LLP A Note discussing written information security programs (WISPs)

More information

Insights into Cloud Computing

Insights into Cloud Computing This article was originally published in the November 2010 issue of the Intellectual Property & Technology Law Journal. ARTICLE Insights into Cloud Computing The basic point of cloud computing is to avoid

More information

Presented by Luke Downing

Presented by Luke Downing Presented by Luke Downing What is the Cloud? Market research 5 key benefits Considerations/Risks ABA rules Questions to asks Q&A Incorporated in 2002 Founded by Luke Downing & Matt Bakey Located in Norfolk,

More information

IBX Business Network Platform Information Security Controls. 2015-02- 20 Document Classification [Public]

IBX Business Network Platform Information Security Controls. 2015-02- 20 Document Classification [Public] IBX Business Network Platform Information Security Controls 2015-02- 20 Document Classification [Public] Table of Contents 1. General 2 2. Physical Security 2 3. Network Access Control 2 4. Operating System

More information

The Use of Cloud Computing for the Storing and Accessing of Client Information: Some Practical and Ethical Considerations

The Use of Cloud Computing for the Storing and Accessing of Client Information: Some Practical and Ethical Considerations The Use of Cloud Computing for the Storing and Accessing of Client Information: Some Practical and Ethical Considerations Jeffrey D. Scott Jeffrey D. Scott, Legal Professional Corporation Practice Advisors

More information

Unless otherwise stated, our SaaS Products and our Downloadable Products are treated the same for the purposes of this document.

Unless otherwise stated, our SaaS Products and our Downloadable Products are treated the same for the purposes of this document. Privacy Policy This Privacy Policy explains what information Fundwave Pte Ltd and its related entities ("Fundwave") collect about you and why, what we do with that information, how we share it, and how

More information

Table of Contents. Acknowledgement

Table of Contents. Acknowledgement OPA Communications and Member Services Committee February 2015 Table of Contents Preamble... 3 General Information... 3 Risks of Using Email... 4 Use of Smartphones and Other Mobile Devices... 5 Guidelines...

More information

A Checklist for Software as a Service (SaaS) Vendors and Application Service Providers

A Checklist for Software as a Service (SaaS) Vendors and Application Service Providers A Checklist for Software as a Service (SaaS) Vendors and Application Service Providers This checklist is a longer version of a SaaS Checklist that appeared in the July 2009 issue of LAWPRO Magazine at

More information

Every Cloud Has A Silver Lining. Protecting Privilege Data In A Hosted World

Every Cloud Has A Silver Lining. Protecting Privilege Data In A Hosted World Every Cloud Has A Silver Lining Protecting Privilege Data In A Hosted World May 7, 2014 Introduction Lindsay Stevens Director of Software Development Liquid Litigation Management, Inc. lstevens@llminc.com

More information

Mapping Your Path to the Cloud. A Guide to Getting your Dental Practice Set to Transition to Cloud-Based Practice Management Software.

Mapping Your Path to the Cloud. A Guide to Getting your Dental Practice Set to Transition to Cloud-Based Practice Management Software. Mapping Your Path to the Cloud A Guide to Getting your Dental Practice Set to Transition to Cloud-Based Practice Management Software. Table of Contents Why the Cloud? Mapping Your Path to the Cloud...4

More information

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: Privacy Responsibilities and Considerations Cloud computing is the delivery of computing services over the Internet, and it offers many potential

More information

CCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING

CCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING CCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING CCBE response regarding the European Commission Public Consultation on Cloud Computing The Council of Bars and Law

More information

How not to lose your head in the Cloud: AGIMO guidelines released

How not to lose your head in the Cloud: AGIMO guidelines released How not to lose your head in the Cloud: AGIMO guidelines released 07 December 2011 In brief The Australian Government Information Management Office has released a helpful guide on navigating cloud computing

More information

Risk Management of Outsourced Technology Services. November 28, 2000

Risk Management of Outsourced Technology Services. November 28, 2000 Risk Management of Outsourced Technology Services November 28, 2000 Purpose and Background This statement focuses on the risk management process of identifying, measuring, monitoring, and controlling the

More information

Practice Resource. Cloud computing checklist. Introduction

Practice Resource. Cloud computing checklist. Introduction Practice Resource Cloud computing checklist Cloud computing offers many benefits to lawyers including the ability to access an exploding array of new software services and applications, the offloading

More information

SRG Security Services Technology Report Cloud Computing and Drop Box April 2013

SRG Security Services Technology Report Cloud Computing and Drop Box April 2013 SRG Security Services Technology Report Cloud Computing and Drop Box April 2013 1 Cloud Computing In the Industry Introduction to Cloud Computing The term cloud computing is simply the use of computing

More information

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually

More information

Using Dropbox with Amicus Attorney. (Presentation Notes) Full Presentation & Video Available @ http://accellis.com/ using-amicus-attorney-with-dropbox

Using Dropbox with Amicus Attorney. (Presentation Notes) Full Presentation & Video Available @ http://accellis.com/ using-amicus-attorney-with-dropbox (Presentation Notes) Full Presentation & Video Available @ http://accellis.com/ using-amicus-attorney-with-dropbox Materials by: Colleen Heine Amicus Attorney Certified Consultant My name is Colleen Heine

More information

Privacy Policy. Introduction. Scope of Privacy Policy. 1. Definitions

Privacy Policy. Introduction. Scope of Privacy Policy. 1. Definitions Privacy Policy Introduction This Privacy Policy explains what information TORO Limited and its related entities ("TORO") collect about you and why, what we do with that information, how we share it, and

More information

Connecticut Bar Association

Connecticut Bar Association Connecticut Bar Association Professional Ethics Committee 30 Bank Street PO Box 350 New Britain CT 06050-0350 06051 for 30 Bank Street P: (860) 223-4400 F: (860) 223-4488 Approved June 19, 2013 Informal

More information

Security Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1

Security Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1 JUNE 1, 2012 SalesNOW Security Policy v.1.4 2012-06-01 v.1.4 2012-06-01 1 Overview Interchange Solutions Inc. (Interchange) is the proud maker of SalesNOW. Interchange understands that your trust in us

More information

PROFESSIONAL COUNSELSM

PROFESSIONAL COUNSELSM PROFESSIONAL COUNSELSM ADVICE AND INSIGHT INTO THE PRACTICE OF LAW Lawyers Toolkit 3.0: A Guide to Managing the Attorney-Client Relationship A CNA PROFESSIONAL COUNSEL GUIDE FOR LAWYERS AND LAW FIRMS The

More information

Who Controls Your Information in the Cloud?

Who Controls Your Information in the Cloud? Who Controls Your Information in the Cloud? threat protection compliance archiving & governance secure communication Contents Who Controls Your Information in the Cloud?...3 How Common Are Information

More information

ProFESSIONAL COUNSELSM

ProFESSIONAL COUNSELSM ProFESSIONAL COUNSELSM Advice and Insight into the Practice of Law Caution in the Cumulus: Lawyers Professional & Ethical Risks and Obligations Using the Cloud in Their Practice A Cna Professional Counsel

More information

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant 1 HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant Introduction U.S. healthcare laws intended to protect patient information (Protected Health Information or PHI) and the myriad

More information

Website Privacy Policy Statement

Website Privacy Policy Statement Website Privacy Policy Statement This website ( CRSF Website ) is operated by Cal Ripken, Sr. Foundation, Inc. ( Company ) and this policy applies to all websites owned, operated, controlled and otherwise

More information

Massachusetts Identity Theft/ Data Security Regulations

Massachusetts Identity Theft/ Data Security Regulations Massachusetts Identity Theft/ Data Security Regulations Effective March 1, 2010 Are You Ready? SPECIAL REPORT All We Do Is Work. Workplace Law. In four time zones and 45 major locations coast to coast.

More information

Cyber Risks in the Boardroom

Cyber Risks in the Boardroom Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks in a Changing

More information

Making the leap to the cloud: IS my data private and secure?

Making the leap to the cloud: IS my data private and secure? Making the leap to the cloud: IS my data private and secure? tax & accounting MAKING THE LEAP TO THE CLOUD: IS MY DATA PRIVATE AND SECURE? Cloud computing: What s in it for me? The more you know about

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101 Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro

More information

DATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE

DATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE DATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE ACC-Charlotte February 4, 2015 THIS WILL NEVER HAPPEN TO ME! Death, Taxes & Data Breach Not just Home Depot, Target or Sony Do you employ the next

More information

Information Sheet: Cloud Computing

Information Sheet: Cloud Computing info sheet 03.11 Information Sheet: Cloud Computing Info Sheet 03.11 May 2011 This Information Sheet gives a brief overview of how the Information Privacy Act 2000 (Vic) applies to cloud computing technologies.

More information

What Data? I m A Trucking Company!

What Data? I m A Trucking Company! What Data? I m A Trucking Company! Presented by: Marc C. Tucker 434 Fayetteville Street, Suite 2800 Raleigh, NC, 27601 919.755.8713 marc.tucker@smithmoorelaw.com Presented by: Rob D. Moseley, Jr. 2 West

More information

Why Lawyers? Why Now?

Why Lawyers? Why Now? TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business

More information

Panel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices

Panel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices Panel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices Over the course of this one hour presentation, panelists will cover the following subject areas, providing answers

More information

All can damage or destroy your company s computers along with the data and applications you rely on to run your business.

All can damage or destroy your company s computers along with the data and applications you rely on to run your business. All can damage or destroy your company s computers along with the data and applications you rely on to run your business. Losing your computers doesn t have to disrupt your business if you take advantage

More information

A Hands-On Understanding of Cloud Services. Presented by: PMPA IT Committee

A Hands-On Understanding of Cloud Services. Presented by: PMPA IT Committee A Hands-On Understanding of Cloud Services Presented by: PMPA IT Committee Today s Agenda Introduction / Overview Benefits Risks of using Cloud Services Cloud Apps Overview/Preview Shop Example Hands-On

More information

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER 3 APPLIES TO: ALL STAFF 4 COMMITTEE & DATE APPROVED: AUDIT COMMITTEE

More information

Protecting Client Data and Maintaining Compliance in an Emerging SaaS World Eight Critical Questions to Consider with SaaS Vendors

Protecting Client Data and Maintaining Compliance in an Emerging SaaS World Eight Critical Questions to Consider with SaaS Vendors Protecting Client Data and Maintaining Compliance in an Emerging SaaS World Eight Critical Questions to Consider with SaaS Vendors As the tax and accounting profession continues its transition to SaaS

More information

California State University, Sacramento INFORMATION SECURITY PROGRAM

California State University, Sacramento INFORMATION SECURITY PROGRAM California State University, Sacramento INFORMATION SECURITY PROGRAM 1 I. Preamble... 3 II. Scope... 3 III. Definitions... 4 IV. Roles and Responsibilities... 5 A. Vice President for Academic Affairs...

More information

plantemoran.com What School Personnel Administrators Need to know

plantemoran.com What School Personnel Administrators Need to know plantemoran.com Data Security and Privacy What School Personnel Administrators Need to know Tomorrow s Headline Let s hope not District posts confidential data online (Tech News, May 18, 2007) In one of

More information

Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services

Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services 1 Contents 3 Introduction 5 The HIPAA Security Rule 7 HIPAA Compliance & AcclaimVault Backup 8 AcclaimVault Security and

More information

Cloud Computing Contracts. October 11, 2012

Cloud Computing Contracts. October 11, 2012 Cloud Computing Contracts October 11, 2012 Lorene Novakowski Karam Bayrakal Covering Cloud Computing Cloud Computing Defined Models Manage Cloud Computing Risk Mitigation Strategy Privacy Contracts Best

More information

HIPAA: Bigger and More Annoying

HIPAA: Bigger and More Annoying HIPAA: Bigger and More Annoying Instructor: Laney Kay, JD Contact information: 4640 Hunting Hound Lane Marietta, GA 30062 (770) 312-6257 (770) 998-9204 (fax) laney@laneykay.com www.laneykay.com OFFICIAL

More information

MASSIVE NETWORKS Online Backup Compliance Guidelines... 1. Sarbanes-Oxley (SOX)... 2. SOX Requirements... 2

MASSIVE NETWORKS Online Backup Compliance Guidelines... 1. Sarbanes-Oxley (SOX)... 2. SOX Requirements... 2 MASSIVE NETWORKS Online Backup Compliance Guidelines Last updated: Sunday, November 13 th, 2011 Contents MASSIVE NETWORKS Online Backup Compliance Guidelines... 1 Sarbanes-Oxley (SOX)... 2 SOX Requirements...

More information

InsightCloud. www.insightcloud.com. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS?

InsightCloud. www.insightcloud.com. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS? What is InsightCloud? InsightCloud is a web portal enabling Insight customers to purchase and provision a wide range of Cloud services in a straightforward and convenient manner. What is SaaS? Software

More information

Neoscope www.neoscopeit.com 888.810.9077

Neoscope www.neoscopeit.com 888.810.9077 Your law firm depends on intelligence. But can you count on your technology? You may not be in the intelligence technology business, but it s probably impossible to imagine your practice without IT. Today,

More information

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What

More information

Legal Issues Associated with Cloud Computing. Laurin H. Mills May 13, 2009

Legal Issues Associated with Cloud Computing. Laurin H. Mills May 13, 2009 Legal Issues Associated with Cloud Computing Laurin H. Mills May 13, 2009 What Is Cloud Computing? The cloud is a metaphor for the Internet Leverages the connectivity of the Internet to optimize the utility

More information

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security Technical Paper Plain talk about security When it comes to Cloud deployment, security is top of mind for all concerned. The Infor CloudSuite team uses best-practice protocols and a thorough, continuous

More information

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.

More information

ABA Section of Litigation Intellectual Property Litigation Committee Roundtable Discussion Outline

ABA Section of Litigation Intellectual Property Litigation Committee Roundtable Discussion Outline ABA Section of Litigation Intellectual Property Litigation Committee Roundtable Discussion Outline Litigating IP and IT Contracts -- And Drafting Tips for Avoiding Litigation By Paul R. Gupta Mayer, Brown,

More information

KEY STEPS FOLLOWING A DATA BREACH

KEY STEPS FOLLOWING A DATA BREACH KEY STEPS FOLLOWING A DATA BREACH Introduction This document provides key recommended steps to be taken following the discovery of a data breach. The document does not constitute an exhaustive guideline,

More information

M&T BANK CANADIAN PRIVACY POLICY

M&T BANK CANADIAN PRIVACY POLICY M&T BANK CANADIAN PRIVACY POLICY At M&T Bank, we are committed to safeguarding your personal information and maintaining your privacy. This has always been a priority for us and this is why M&T Bank (

More information

MONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP)

MONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP) MONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP) 201 CMR 17.00 Standards for the Protection of Personal Information Of Residents of the Commonwealth of Massachusetts Revised April 28,

More information

KEEPING PATIENT INFORMATION SAFE AND SECURE IN THE CLOUD

KEEPING PATIENT INFORMATION SAFE AND SECURE IN THE CLOUD CASE STUDY Take Cover The costs of exposing or losing patient information can ruin a dental practice. Cloud-based solutions can protect your business and your patients against these threats: Unauthorized

More information

TO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel

TO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel AL 2000 12 O OCC ADVISORY LETTER Comptroller of the Currency Administrator of National Banks Subject: Risk Management of Outsourcing Technology Services TO: Chief Executive Officers of National Banks,

More information

Valdosta Technical College. Information Security Plan

Valdosta Technical College. Information Security Plan Valdosta Technical College Information Security 4.4.2 VTC Information Security Description: The Gramm-Leach-Bliley Act requires financial institutions as defined by the Federal Trade Commision to protect

More information

Wellesley College Written Information Security Program

Wellesley College Written Information Security Program Wellesley College Written Information Security Program Introduction and Purpose Wellesley College developed this Written Information Security Program (the Program ) to protect Personal Information, as

More information

Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015

Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 The following comprises a checklist of areas that genomic research organizations or consortia (collectively referred

More information

The privacy of DataLogic CRM, Inc. s customers and affiliates is important to us. Therefore:

The privacy of DataLogic CRM, Inc. s customers and affiliates is important to us. Therefore: Privacy Policy DataLogic CRM, Inc. is committed to the security and privacy of our customer s data. This Privacy Policy explains our commitment to safeguarding our customers data and serves as our agreement

More information

Cloud Computing in a Government Context

Cloud Computing in a Government Context Cloud Computing in a Government Context Introduction There has been a lot of hype around cloud computing to the point where, according to Gartner, 1 it has become 'deafening'. However, it is important

More information

Email Compliance in 5 Steps

Email Compliance in 5 Steps Email Compliance in 5 Steps Introduction For most businesses, email is a vital communication resource. Used to perform essential business functions, many organizations rely on email to send sensitive confidential

More information

Cybersecurity: Emerging Exposures for Technology Companies. October 7, 2010

Cybersecurity: Emerging Exposures for Technology Companies. October 7, 2010 Cybersecurity: Emerging Exposures for Technology Companies October 7, 2010 Your panelists David Allred, Head of the Technology Segment for North America Commercial at Zurich Liesyl Franz, Vice President

More information

Website Privacy Policy Statement. 1519 York Rd Lutherville, MD 21093. We may be reached via email at julie@juliereisler.com.

Website Privacy Policy Statement. 1519 York Rd Lutherville, MD 21093. We may be reached via email at julie@juliereisler.com. Website Privacy Policy Statement This website juliereisler.com is operated by Empowered Living, LLC and this policy applies to all websites owned, operated, controlled and otherwise made available by Company,

More information

Email Security in Law Firms. What you need to know and how you can use secure email to win more clients

Email Security in Law Firms. What you need to know and how you can use secure email to win more clients Email Security in Law Firms What you need to know and how you can use secure email to win more clients Introduction As clients are demanding greater protection of their information, law firms must incorporate

More information

INFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013

INFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013 INFORMATION SECURITY GUIDE Cloud Computing Outsourcing Information Security Unit Information Technology Services (ITS) July 2013 CONTENTS 1. Background...2 2. Legislative and Policy Requirements...3 3.

More information

Faster, Smarter, More Secure: IT Services Geared for the Health Care Industry A White Paper by CMIT Solutions

Faster, Smarter, More Secure: IT Services Geared for the Health Care Industry A White Paper by CMIT Solutions Faster, Smarter, More Secure: IT Services Geared for the Health Care Industry A White Paper by CMIT Solutions Table of Contents Introduction... 3 1. Data Backup: The Most Critical Part of any IT Strategy...

More information

NCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.

NCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15. NCS 330 Information Assurance Policies, Ethics and Disaster Recovery NYC University Polices and Standards 4/15/15 Jess Yanarella Table of Contents: Introduction: Part One: Risk Analysis Threats Vulnerabilities

More information

2012 Endpoint Security Best Practices Survey

2012 Endpoint Security Best Practices Survey WHITE PAPER: 2012 ENDPOINT SECURITY BEST PRACTICES SURVEY........................................ 2012 Endpoint Security Best Practices Survey Who should read this paper Small and medium business owners

More information

Information Technology Security Policies

Information Technology Security Policies Information Technology Security Policies Randolph College 2500 Rivermont Ave. Lynchburg, VA 24503 434-947- 8700 Revised 01/10 Page 1 Introduction Computer information systems and networks are an integral

More information

Cyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s

Cyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s Cyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s 1 Agenda Data Security Trends Root causes of Cyber Attacks How can we fix this? Secure Infrastructure Security Practices

More information

HIPAA Compliance: Efficient Tools to Follow the Rules

HIPAA Compliance: Efficient Tools to Follow the Rules Bank of America Merrill Lynch White Paper HIPAA Compliance: Efficient Tools to Follow the Rules Executive summary Contents The stakes have never been higher for compliance with the Health Insurance Portability

More information

Law & Ethics, Policies & Guidelines, and Security Awareness

Law & Ethics, Policies & Guidelines, and Security Awareness Law & Ethics, Policies & Guidelines, and Security Awareness Modifications by Prof. Dong Xuan and Adam C. Champion Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of

More information

CHIS, Inc. Privacy General Guidelines

CHIS, Inc. Privacy General Guidelines CHIS, Inc. and HIPAA CHIS, Inc. provides services to healthcare facilities and uses certain protected health information (PHI) in connection with performing these services. Therefore, CHIS, Inc. is classified

More information