December 12, 2013 Presentation EMERGING TRENDS IN INFORMATION PRIVACY AND SECURITY

Size: px
Start display at page:

Download "December 12, 2013 Presentation EMERGING TRENDS IN INFORMATION PRIVACY AND SECURITY"

Transcription

1 December 12, 2013 Presentation EMERGING TRENDS IN INFORMATION PRIVACY AND SECURITY

2 Logistics CPE Credit Requirements Takeaways

3 Full service Professional Services Firm: Attest services Tax preparation and compliance IT Audit and Security Internal Control Internal Audit Outsourcing SSAE 16 Services Over 70 professionals Highly qualified in variety of specializations: CPA, CIA, CFE, CISA, MCSE, ABV, CVA, MST Affiliations: AICPA, PCAOB, ACFEI, ISACA, PCAOB, TANGO, CICPAC, Practicewise, VACO Risk Solutions

4 Risk Solutions Division of Vaco Specializing in helping our clients reduce their financial risks 26 locations strong Highly qualified consultants CHS, CISA, CISM, CISSP, CITP, CPA, PMP, QSA, PA QSA, PCIP, JD, Six Sigma Black Belt We belong to: Member of Information System Audit and Controls Association (ISACA) Member of American College of Forensic Examiners Institute (ACFEI) Association of Credit Union Internal Auditors (ACUIA) PCI Qualified Security Assessors certified by PCI Security Standards Council Payment Application Qualified Security Assessors certified by PCI Security Standards Council Member of Petroleum Convenience Alliance for Technology Standards (PCATS) Member of National Association of Convenience Stores (NACS) 4

5 Bryant Tow, Partner Vaco Risk Solutions Laurie Kamaiko, Partner Edwards, Wildman & Palmer LLP Alex Ricardo, Breach Response Business Development Beazley Group

6 Speaker Risk Discussions Panel Discussion Best Practices and Strategies Question and Answer

7 Cybersecurity Threat Briefing Information Security Trends 7

8 Today s Speaker Bryant G. Tow, Partner 8

9 New Technology 81% of organizations permit personal mobile devices to connect to their enterprise systems. 51% Actually do! 9

10 The Numbers Net Diligence Cyber Liability and Data Breach Insurance Claims: Average number of records exposed per incident was 1.4 million The average cost per incident was $3.7 million Anti Phishing Work Group Phishing Activity Trends Report, Unique phishing sites detected in a month reached 56,859 in February, which was an all-time high. 10

11 It s About Reputation Risk Brand devaluation Decline in stock price / business valuation Decrease in credit rating Trust erosion / Fear factor We don t yet have numbers regarding reputation risk We protect the reputation of our businesses by securing Information Privacy and Security 1 11

12 Top Findings 94% of organizations have had at least one data breach in the past two years. The average number is 4 data breach incidents in the past two years. (45% - more than 5) The average economic impact of a data breaches over the past two years is $2.4 million. An increase of almost $400,000 since The average number of lost or stolen records per breach is 2,769 $188 per record totals $520,572 per breach) The top three causes for a data breach are: lost or stolen computing devices, employee mistakes and third-party snafus. 52% discovered the data breach as a result of an audit or assessment 47% employees detected 54% of organizations have little or no confidence that their organization has the ability to detect all patient data loss or theft. 12

13 The Threats 13

14 What do they want from me? Processing Power Bandwidth Storage Theft of Intellectual Property IP theft does not make headlines No disclosure requirement Victims are unaware IP is often found in blind spots CSO Magazine informal survey claims 70% of CISOs report their IP is under attack Feb

15 How are they getting to me? Lost or Stolen Device Nature of the Incident Unintential Employee Action Third Party Error Criminal Attack Technical Systems Glitch Malicious Insider Intential Non Malicious 0% 10% 20% 30% 40% 50% 15

16 How are they getting to me? Desktop/Laptop Type of device compromised or stolen Smartphone Tablet USB Drive Server Notebook 0% 10% 20% 30% 40% 16

17 Botnet Description 17

18 Botnet Mapping 18

19 Increased Regulation PCI DSS 19

20 PCI Overview PCI-DSS (Payment Card Industry Data Security Standards): set of requirements to help protect the security of electronic payment card transactions that include Personal Information of cardholders, and operate as an industry standard for security for organizations utilizing credit card information PCI-DSS applies to all organizations that hold, process or pass credit card holder information It imposes through contractual provisions with brands, banks, merchants and others in processing chain requirements for security management, policies, procedures, network architecture, software design, and other critical measures that help to protect customer credit and debit card account data Violating subject company to substantial contractual fines and other assessments if contributes to a data breach occurring Major factor in any credit/debit card breach 96% of breached entities subject to PCI DSS had not achieved compliance (Verizon 2012 report) Incorporated into some state statutes (e.g. Nevada, Minnesota, Washington) Stolen information: 48% reportedly include payment card information 20

21 PCI Certifications Qualified Security Assessor (QSA) Payment Application Qualified Security Assessor ( PA-DSS) Point-to-Point Encryption Assessor (P2PE) Qualified Integrator and Reseller (QIR) Approved Scanning Vendor (ASV) Internal Security Assessor (ISA) Payment Card Industry Professional (PCIP) 21

22 Questions 22

23 Thank You!!! Bryant G. Tow, Partner October 21,

24 CYBER RISK AND DATA SECURITY December 2013 Laurie A. Kamaiko Privacy and Data Protection Group Edwards Wildman Palmer LLP 2013 Edwards Wildman Palmer LLP & Edwards Wildman Palmer UK LLP

25 Introduction Why Cyber Risk and Data Security? Costly and widely publicized Losses and Thefts of Personal Data Denial of Service Attacks Losses and Thefts of Intellectual Property and Corporate Data Losses and thefts Regulatory Investigations and Enforcement proceedings related to breach lead to review of collection, usage and security procedures Litigation (consumers, clients, other entities affected) 25

26 Background to the Risks Most entities have Personal Information at risk, many globally: Employees information Customers Functions performed for others Others performing functions for company Other relationships including information of residents of multiple jurisdictions, often multiple countries Small company does not necessary mean small or less expensive breach: May have less security, IT staff, response plans in place Less sophistication can mean more outside consultant services needed, with resulting higher cost 26

27 Background to the Risks (cont.) Big Data has become an important asset of many companies. Its use and transferability are essential to many corporate transactions. In acquisitions and divestitures, due diligence regarding data use and transferability is as important as establishing the chain of title assets. Data privacy and security issues present a myriad of (non) compliance risks that need to be addressed in a variety of corporate transactions, with appropriate procedures, representations, warranties and indemnities to be considered. Various laws agencies and industry organizations require specific data security obligations including areas to be contractually required of a company s vendors that will have access to certain of the company s data. 27

28 Background to the Risks (cont.) Who is at Risk: Industries Most Affected Hospitality (accommodation and food services high credit card usage plus need for ease and decentralization of access) Retail Financial services (including insurance) Healthcare and social services Educational institutions IT/Technology entities Government entities Any entity with PI of own employees or customers/clients 28

29 Threat Environment Sources of and Responsibility for Breaches Lost/stolen mobile devices Third Party Vendors Systems failure Security Flaw Accidental Disclosure Phishing / Trojans / Botnets Vendor Cyber Attack / Terrorism Criminal/Malicious Activity Rogue employees External hackers Cyber Risks Data Damage or Destruction Certification Authority Breach Data Loss Poor Data Protection Compliance Fraud / Theft / ID Theft Negligence Internal External _2 29

30 Threat Environment (cont.) Recent Studies of Reported Breaches Show: Cause of Breaches in 2012: 37% - Malicious or criminal attack 35% - Negligent employee 29% - System glitch 2013 Ponemon Institute 69% of malicious breaches were discovered by an external party Verizon Data Breach Investigations Report 76% of network intrusions in 2012 exploited weak or stolen credentials Verizon Data Breach Investigations Report 78% of attacks were not considered highly difficult, and 97% of malicious breaches were avoidable Verizon Data Breach Investigations Report Of client-side attacks observed, 61% targeted Adobe Reader users via malicious PDFs Trustwave Global Security Report Malware targeting Android mobile operating systems increased by 400% in Trustwave Global Security Report Over 25% of stolen data in 2012 was encrypted by cybercriminals Trustwave Global Security Report 66% of 2012 breaches studied by Verizon took months or even years to discover Verizon Data Breach Investigations Report Social tactics ( , phone calls, social networking) contributed to 29% of malicious breaches Verizon Data Breach Investigations Report 30

31 Cost Factors Affecting Cost of Data Breach:* Average cost of breach per US company was over $5.4 million and $188 per record exposed. Factors That Reduced Cost: Incident Response Plan reduced cost $42/record Strong Security Posture reduced cost $34/record Chief Information Security Officer ( CISO ) - reduced cost $23/record Outside consultant assisting in breach response reduced cost $13/record Factors that Increased Cost: Too quick a notification increased cost $37/record But delays in notification can be major issue in regulatory and media scrutiny, as well as class action lawsuits * Source: Ponemon 2013, Cost of a Breach Report (2012 Breaches) 31

32 Cost (cont.) Direct Costs Reputation Management Regulatory Liability Civil Liability Forensics Mandatory breach notifications Public Relations Costs Legal advice Contractual penalties: PCI fines, card replacement costs Credit Monitoring offers Marketing and PR continued Notifications that may not be required Remediation Services and other non-required offers Indirect Losses Loss of Customers/ Business and related marketing costs to replace Loss of and/or Reconstitution of Data Loss of Goodwill Loss of Profits Regulatory Investigation and/or Audit Costs Regulatory Fines Business Disruption/Interruption Time lost in addressing and remediating the breach Operating delays or interruptions Disruption as target of breach (e.g., cyber extortion) Breach of contract costs Breach of confidentiality costs Statutory fines Third Party Claims: Defense costs and Damages payments 32

33 Legal & Regulatory Environment States 46 states (and District of Columbia and Puerto Rico) have breach notification requirements All but 6 are for electronic data only Notice required to individuals 15 require notice to state agencies; in some, multiple agencies State law applicable is based on residence of affected individuals, not where breached company located Texas purports to apply to residents of other states without breach notice laws. Remediation not technically required, but generally expected, at the risk of regulatory scrutiny and third-party claims 33

34 Legal & Regulatory Environment (cont.) States (cont d) Different definitions Personal Information Breach (actual acquisition, access, or harm threshold?) Varying notification requirements for procedures and content State by State analysis and compliance is difficult and expensive Many also have data security and record disposal requirements Some incorporate Payment Card Industry Data Security Standards (PCI- DSS), e.g. Nevada, Minnesota, Washington Attorneys General active in enforcement 34

35 US Legal & Regulatory Framework (cont.) State Breach Laws (cont.) Different definitions of Personal Information(PI) or Personally Identifiable Information (PII) Typically, name together with one or more of Social Security number Driver s license or other state or government issued identification number Financial account number (bank, credit and debit card and other financial accounts) with or without PIN Sometimes Health or medical information Other types of information, including mother s maiden name, digitized or electronic signature, and other security related information Typically in electronic format; six states extend to paper 35

36 US Legal & Regulatory Framework (cont.) State Breach Laws (cont.) Different definitions of Breach Typically defined as a compromise of security: Acquisition or Misuse of Personal Information Access, often with Harm Threshold (varies by state) By an Unauthorized Person Encryption is usually a safe harbor Different content and timing requirements of notice Most require nature of breach and type of information MA prohibits certain these disclosures in notices to affected individual Some require information on obtaining police report, placing credit freeze or identifying the appropriate agency to contact with questions Promptly, Without Unreasonable Delay and timing requirements 36

37 US Legal & Regulatory Framework (cont.) State Breach Laws (cont.) Notice to State Agency or Agencies required by 15 states Before, concurrent with or after Notices to Individuals Some require preliminary notice very quickly State licensing authorities have their own agency notice requirements that sometimes define breach or security incident differently from state breach notice requirement of the same state Form of Individual Notice Writing, typically not Substitute Notice Varies by state Usually required where affected individuals are unknown Sometimes an option if individual notification would be too costly May permit where physical address unavailable Media publication and website posting 37

38 US Legal & Regulatory Framework (cont.) State Breach Laws (cont.) Attorneys General generally active in enforcement Different definitions of PI and Breach, and differing content and timing requirements add to cost and exposure Federal breach notice statute intended to apply uniform standards has stalled Proposals typically would maintain some specific requirements, such as notice of certain rights under state law, and notice to state agencies 38

39 US Legal & Regulatory Framework (cont.) Federal Risk Identification and Security Requirements Gramm-Leach-Bliley Act HIPAA /HITECH (applies to health and medical information in certain circumstances) FTC Red Flags, Fair Credit Reporting Act, etc. FTC 5 Enforcement Proceedings Unfair and deceptive trade practices Lack of reasonable security practices Significant civil penalties 20 years of biennial privacy audits Cybersecurity Executive Order Multiple Bills Pending in Congress Potentially standardize notification and security requirements, but not eliminate state enforcement Institute national security standards 39

40 US Legal & Regulatory Framework (cont.) Healthcare Protected Health Information(PHI) and Electronic PHI (ephi) Health Insurance Portability and Accountability Act of 1996 (HIPAA). Privacy Rule protects patient medical records and other health information. Requires security of ephi. Health Information Technology for Economic and Clinical Health (HITECH) Act Extends privacy and security to business associates of HIPAA covered entities Enforcement Federal: Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services States: Attorneys General of States have authority to enforce both state law and HITECH. 40

41 US Legal & Regulatory Framework (cont.) Health Information Protection and Accountability Act of 1996 (HIPAA) (cont.) Final Omnibus Rule (effective Sept. 2013) Amended HIPAA Extended HIPAA and the Privacy Rule and Security Rules to BAs Changed Harm Threshold for breach notification Increased potential penalties to maximum $1.5 million per violation Imposes breach notification requirements on Bas as well as CE CEs must notify individuals whose unsecured data is believed to have been accessed, acquired or disclosed as a result of a breach Bas must notify CEs of breaches of which they become aware. Other provisions increased patient rights to privacy, including where paying by cash 41

42 Legal & Regulatory Environment (cont.) SEC Disclosure Guidance - October 13, Division of Corporate Finance Material events to be reported by public companies are ones which a reasonable investor would consider important to an investment decision Guidance as to cybersecurity risks and incidents as material events Requires risk assessment Internal and external threats Identity vulnerabilities Likelihood of threats exploiting vulnerabilities Impact/damage Adequacy existing security Avoid generic risk disclosure and describe material risks and specify how each affects the company Identify outsourcing that has material risk and how addressed Describe known or threatened cyber incidents Describe relevant insurance Potentially creates disclosure standard for non-public companies as well 42

43 Litigation Trends Regulatory enforcement Consumer class actions Judicial expansion of what constitutes PI Privacy violations: wrongful collection and usage of information 43

44 US Legal & Regulatory Framework (cont.) Additional U.S. Exposures Enforcement Trends Actions are more numerous, reaching smaller breaches and resulting in larger settlements Actions, and settlements, are focused on companies that knew or should have known of a problem, or that ignored legal, regulatory and PCI requirements States now have authority to enforce HIPAA/HITECH Federal Trade Commission (FTC) Activities Unfair and deceptive trade practices Unfair is having inadequate security Deceptive is acting out of conformance with privacy and other policies and statements Extending protections to all consumer data, including log-in credentials (Twitter) and Facebook postings 44

45 Litigation Trends (cont.) Probability of litigation* 2X more likely if breach results from perceived carelessness in handling PI (e.g., lost lap top), than from company inability to withstand cyber attack Probability of settlement* Driven by presence of actual or statutory damages and class certification Not driven by breach size, cause or type of information Large breach, however, increases interest of class action lawyers and thus likelihood of litigation PHI (protected health information) probably more likely to generate individual suits than PI) *Source: Draft study by CyLabs of Carnegie Mellon 45

46 Litigation Trends (cont.) Increasing litigation arising from breaches of PI Failure to adequately secure information Failure to adequately respond to breach Untimely Misrepresentation in cause, effect Violation of consumer protection statutes 80 different causes of action have been identified Financial Incentives of Litigation U.S. Class Actions What is Legally Recognized Injury? 46

47 Litigation Trends (cont.) Potential Plaintiffs Consumers whose PI accessed (consumer class actions) Financial institutions affected (fraud charges, card replacement costs, etc.) Shareholder/derivative suits Share price drops Board approval inadequate security Contractual fines/penalties Misrepresentation/failure to disclose; cause, timing of disclosure, information at risk, etc. Others affected Potential Defendants: Breached entities Vendors holding PI Professional advisors Ds & Os approving company security policies, responses and financial disclosures 47

48 Litigation Trends Consumer class actions for data breaches losses Challenge of proving legally cognizable injury/loss Trend to assert violations of unfair trade practices or consumer protection statutes and seek statutory damages (don t need to prove loss) Trend to assert Lost Value of stolen passwords and user names 48

49 Litigation Trends New Theories of Liability asserted in Litigation/Class Actions Online behavioural advertising/consumer tracking Improper collection practices Improper disclosures Statutory violations that are not data breaches per se Consumer protection statutes Wrongful collection/sale of PI Zip Codes as PI when requested by retailers without need (California, Massachusetts, and possibly other states soon) Increasing regulatory and statutory requirements for disclosure of how customer information shared with 3 rd parties (California Shine the Light Law) Adequacy of privacy policies and company compliance with representations in privacy policies Privacy and notices on sites and apps (e.g., California Online Privacy Protection Act COPPA ) Statutory restrictions on recording business calls with consumers Trend toward asserting violations of unfair trade practices statutes and consumer protection statutes and seeking statutory damages 49

50 Role of the Board of Directors Be aware of the Issues Engage the right Internal and External Resources Allocate the appropriate Budget Require appropriate Reporting Adopt appropriate Policies and Procedures Training Privacy Incident Response Vendor Selection and Management Demand a Culture of Compliance Privacy by Design Legal Compliance 50

51 Privacy/Cyber Risk Alex Ricardo, CIPP/US Breach Response Services

52 What I am NOT doing today Providing Legal Advice o I am not an Attorney o Informational Purposes Only o You should consult with Privacy Counsel for any decisions surrounding your Incident Response Plan or Data Breach Response Methodology 52

53 Privacy and Data Risk Exposures Recent Developments Frequency of high profile breaches Increased media and regulatory attention Advanced persistent threat / Sophisticated Hackers Increased social media use Introduction of more regulation 53

54 Evolving Technology Cloud Computing Not new, just gaining popularity with widespread deployment of broadband Increased risk of having data stored/processed remotely by 3 rd party Cloud providers sitting on reams of data for thousands of customers, including sensitive data and PII, trade secrets Cloud customers cannot get favorable terms when it comes to data security and privacy and CSP will accept little to no liability Repatriation issues/concerns 54

55 Types of Data Security Breaches Improper Disposal of Data o Paper Un-shredded Documents File cabinets without checking for contents X-Ray Images o Electronic assets computers, smart phones, backup tapes, hard drives, servers, copiers, fax machines, scanners, printers Phishing/Spear Phishing Attacks Network Intrusions/Hacks/Malware Viruses Lost/Missing/Stolen Electronic Assets Mishaps due to Broken Business Practices Rogue Employees 55

56 A Simplified View of a Data Breach Response Methodology Discovery of an Event Evaluation of the Event Managing the Short-Term Crisis Handling the Long-Term Consequences Class-Action Lawsuits Theft, loss, or Unauthorized Disclosure of Personally Identifiable Non-Public Information or Third Party Corporate Information that is in the care, custody or control of the Insured Organization, or a third party for whom the Insured Organization is legally liable Forensic Investigation and Legal Review Notification and Credit Monitoring Public Relations Regulatory Fines, Penalties, and Consumer Redress Reputational Damage Income Loss 56

57 Privacy and Breach Losses Many costs to consider Breach costs Privacy Counsel Forensics Consumer-facing services Crisis services Legal defense Legal settlement 57

58 Insurance Coverage Options Privacy Liability: Privacy Injury Liability (Data Owners) Privacy Regulatory Proceedings and PCI Fines Network and Content Liability Network Security Liability Content Injury Public Relations and Response Expenses Network Loss or Damage Business Interruption and Extra Expense Network Crime Electronic Theft Network Extortion 58

59 Underwriting Process Process and requirements Process time 59

60 Best Practices Breach Preparedness and Prevention Screening of new hires and vendors Review contracts with IT vendors, ensure they are compliant with regulatory bodies Pre-arrange a breach service provider Provide certification through e-learning to employees Keep General counsel current to state disclosure laws, federal and state regulations Develop an incident response plan Conduct annual risk assessments Hold privacy workshop to identify vulnerabilities Consider insuring against risks 60

61 Alex Ricardo, CIPP/US Breach Response Services Beazley Rockefeller Center t: +1 (917) Avenue of the Americas c: +1 (646) New York, NY e: For More Information: It s bad enough a company may possibly face liability from the data breach itself. The last thing you want is to create further liability exposure from how you respond to the incident. Making sure you are kept in the best defensible position possible during the course of your breach response methodology should be a priority. The descriptions contained in this broker communication are for preliminary informational purposes only. The product is available on an admitted basis in some but not all US jurisdictions through Beazley Insurance Company, Inc., and is available on a surplus lines basis through licensed surplus lines brokers underwritten by Beazley syndicates at Lloyd's. The exact coverage afforded by the product described herein is subject to and governed by the terms and conditions of each policy issued. The publication and delivery of the information contained herein is not intended as a solicitation for the purchase of insurance on any US risk. Beazley USA Services, Inc. is licensed and regulated by insurance regulatory authorities in the respective states of the US and transacts business in the State of California as Beazley Insurance Services (License#: 0G55497). 61

62 Panel Discussion

63 How do I mitigate my risk with the growing use of mobile and portable technologies? Policies and Education Social networking awareness Encryption Remote Wipes/Autolocks Obtaining employee consent Backing up company information on an employee device Do s and Don ts of mobile use Laptop Safety

64 What are some of the things I need to consider when using 3rd party service providers? For all vendors: Due diligence on their data security Coordination of representations in privacy policies Allocation of responsibilities in event of breach Terms in vendor agreements: Indemnification provisions Access provisions Insurance requirements (cyber and other) Cloud computing Identify the assets for cloud deployment Evaluate the assets Map the assets to the cloud deployment model Evaluate potential cloud service models Map out data flow

65 Percentage of respondents who report that their organization has the following capabilities in place to counter the risks associated with third parties 65

66 What should I be doing to prepare the Company for a breach? Screen new hires and vendors Annual risk assessments Educate employees Discuss privacy by design with operations people Pre arrange breach service providers Develop a cross functional privacy committee for breach planning and response Discuss information collection and disclosure practices with all departments Consider insuring against risks

67 What should I be doing to prepare my Company for the increased regulations related to IT Security? Understand business activities subject to regulation for privacy considerations Disclosure of PI collections and sharing procedures Website and mobile app privacy Know how changes in business operations impact compliance requirements Accept responsibility for compliance EXECUTIVE MANAGEMENT BOARD OF DIRECTORS

68 What can I do to better protect my data from cyber crime? Data Mapping Understand WHAT your sensitive data is and WHERE it resides Perform a security risk assessment Set security standards Develop comprehensive policies Provide security training Adopt a business plan Spear Phishing Do s and Don ts

69 Percentage of respondents who report that their organization has the following security and privacy related capabilities in place

70 Michael Camacho, Principal (401) x233

The Data Breach: How to stay defensible before, during and after the incident. Alex Ricardo, CIPP/US Breach Response Services

The Data Breach: How to stay defensible before, during and after the incident. Alex Ricardo, CIPP/US Breach Response Services The Data Breach: How to stay defensible before, during and after the incident. Alex Ricardo, CIPP/US Breach Response Services What we are NOT doing today Providing Legal Advice o Informational Purposes

More information

The Data Breach: How to stay defensible before, during and after the incident. Alex Ricardo, CIPP/US Breach Response Services

The Data Breach: How to stay defensible before, during and after the incident. Alex Ricardo, CIPP/US Breach Response Services The Data Breach: How to stay defensible before, during and after the incident. Alex Ricardo, CIPP/US Breach Response Services What we are NOT doing today Providing Legal Advice o Informational Purposes

More information

Beazley presentation master

Beazley presentation master The Art of Breach Management Beazley presentation master February 2008 A Brief Review of Data Breaches What is a Data Breach? Actual release or disclosure of information to an unauthorized individual/entity

More information

THE DATA BREACH: How to stay defensible before, during and after the incident. after the incident.

THE DATA BREACH: How to stay defensible before, during and after the incident. after the incident. THE DATA BREACH: How to stay defensible before, during and after the incident. after the incident. September 22, 2015 Erica Ouellette Beazley Technology, Media & Business Services Alyson Newton, Executive

More information

Network Security & Privacy Landscape

Network Security & Privacy Landscape Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies

More information

Data Breach Cost. Risks, costs and mitigation strategies for data breaches

Data Breach Cost. Risks, costs and mitigation strategies for data breaches Data Breach Cost Risks, costs and mitigation strategies for data breaches Tim Stapleton, CIPP/US Deputy Global Head of Professional Liability Zurich General Insurance Data Breaches: Greater frequency,

More information

Data Breach and Senior Living Communities May 29, 2015

Data Breach and Senior Living Communities May 29, 2015 Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs

More information

SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry

SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry DATA BREACH A FICTIONAL CASE STUDY THE FIRST SIGNS OF TROUBLE Friday, 5.20 pm :

More information

Privacy Legislation and Industry Security Standards

Privacy Legislation and Industry Security Standards Privacy Legislation and Issue No. 3 01010101 01010101 01010101 Information is generated about and collected from individuals at an unprecedented rate in the ordinary course of business. In most cases,

More information

Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer?

Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer? Minnesota Society for Healthcare Risk Management September 22, 2011 Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer? Melissa Krasnow, Partner, Dorsey & Whitney, and Certified Information

More information

plantemoran.com What School Personnel Administrators Need to know

plantemoran.com What School Personnel Administrators Need to know plantemoran.com Data Security and Privacy What School Personnel Administrators Need to know Tomorrow s Headline Let s hope not District posts confidential data online (Tech News, May 18, 2007) In one of

More information

Network Security & Privacy Landscape

Network Security & Privacy Landscape Network Security & Privacy Landscape Presented By: Pam Townley, AVP / Eastern Zonal Manager AIG Professional Liability Division Jennifer Bolling, Account Executive Gallagher Management Liability Division

More information

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 TOPICS 1. Threats to your business s data 2. Legal obligations

More information

Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked

Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked Linda Vincent, R.N., P.I., CITRMS Vincent & Associates Founder The Identity Advocate San Pedro, California The opinions expressed

More information

Cyber Security for Non- Profit Organizations. Scott Lawler CISSP- ISSAP, ISSMP, HCISPP Copyright 2015 LP3

Cyber Security for Non- Profit Organizations. Scott Lawler CISSP- ISSAP, ISSMP, HCISPP Copyright 2015 LP3 Cyber Security for Non- Profit Organizations Scott Lawler CISSP- ISSAP, ISSMP, HCISPP Copyright 2015 LP3 May 2015 Agenda IT Security Basics e- Discovery Compliance Legal Risk Disaster Plans Non- Profit

More information

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches

More information

Cyber/Information Security Insurance. Pros / Cons and Facts to Consider

Cyber/Information Security Insurance. Pros / Cons and Facts to Consider 1 Cyber/Information Security Insurance Pros / Cons and Facts to Consider 2 Presenters Calvin Rhodes, Georgia Chief Information Officer Ron Baldwin, Montana Chief Information Officer Ted Kobus, Partner

More information

6/17/2013 PRESENTED BY: Updates on HIPAA, Data, IT and Security Technology. June 25, 2013

6/17/2013 PRESENTED BY: Updates on HIPAA, Data, IT and Security Technology. June 25, 2013 Updates on HIPAA, Data, IT and Security Technology June 25, 2013 1 The material appearing in this presentation is for informational purposes only and should not be construed as advice of any kind, including,

More information

Managing Cyber & Privacy Risks

Managing Cyber & Privacy Risks Managing Cyber & Privacy Risks NAATP Conference 2013 NSM Insurance Group Sean Conaboy Rich Willetts SEAN CONABOY INSURANCE BROKER NSM INSURANCE GROUP o Sean has been with NSM Insurance Group for the past

More information

Cyber Exposure for Credit Unions

Cyber Exposure for Credit Unions Cyber Exposure for Credit Unions What it is and how to protect yourself L O C K T O N 2 0 1 2 www.lockton.com Add Cyber Title Exposure Here Overview #1 financial risk for Credit Unions Average cost of

More information

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd Data breach, cyber and privacy risks Brian Wright Lloyd Wright Consultants Ltd Contents Data definitions and facts Understanding how a breach occurs How insurance can help to manage potential exposures

More information

Managing Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec

Managing Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec Managing Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec Jeremy Ong Divisional Vice-President Great American Insurance Company November 13, 2010 1 Agenda Overview of data breach statistics

More information

Cyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day

Cyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day Lloyd s of London (Reuters) May 8, 2000 Cyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day Rivers Casino, Pittsburgh November 17, 2014

More information

Data Privacy: What your nonprofit needs to know. Donna Balaguer and Ed Lavergne Washington, D.C. February 5, 2015

Data Privacy: What your nonprofit needs to know. Donna Balaguer and Ed Lavergne Washington, D.C. February 5, 2015 Data Privacy: What your nonprofit needs to know Donna Balaguer and Ed Lavergne Washington, D.C. February 5, 2015 Overview 2 Data privacy versus data security Privacy polices and best practices Data security

More information

Lessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd

Lessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd Lessons Learned from Recent HIPAA and Big Data Breaches Briar Andresen Katie Ilten Ann Ladd Recent health care breaches Breach reports to OCR as of February 2015 1,144 breaches involving 500 or more individual

More information

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the

More information

Cybersecurity: Protecting Your Business. March 11, 2015

Cybersecurity: Protecting Your Business. March 11, 2015 Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks

More information

Cyber Insurance: How to Investigate the Right Coverage for Your Company

Cyber Insurance: How to Investigate the Right Coverage for Your Company 6-11-2015 Cyber Insurance: How to Investigate the Right Coverage for Your Company Presented by: Faith M. Heikkila, Ph.D., CISM, CIPM, CIPP-US, ABCP Greenleaf Trust Chief Information Security Officer (CISO)

More information

Privacy and Data Breach Protection Modular application form

Privacy and Data Breach Protection Modular application form Instructions The Hiscox Technology, Privacy and Cyber Portfolio Policy may be purchased on an a-la-carte basis. Some organizations may require coverage for their technology errors and omissions, while

More information

Discussion on Network Security & Privacy Liability Exposures and Insurance

Discussion on Network Security & Privacy Liability Exposures and Insurance Discussion on Network Security & Privacy Liability Exposures and Insurance Presented By: Kevin Violette Errors & Omissions Senior Broker, R.T. Specialty, LLC February, 25 2014 HFMA Washington-Alaska Chapter

More information

What Data? I m A Trucking Company!

What Data? I m A Trucking Company! What Data? I m A Trucking Company! Presented by: Marc C. Tucker 434 Fayetteville Street, Suite 2800 Raleigh, NC, 27601 919.755.8713 marc.tucker@smithmoorelaw.com Presented by: Rob D. Moseley, Jr. 2 West

More information

Don t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks

Don t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks Don t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks Thank you for joining us. We have a great many participants in today s call. Your phone is currently

More information

Jefferson Glassie, FASAE Whiteford, Taylor & Preston

Jefferson Glassie, FASAE Whiteford, Taylor & Preston Jefferson Glassie, FASAE Whiteford, Taylor & Preston 2 * 3 PII = An individuals first name and last name or first initial and last name in combination with any one or more of the following data elements

More information

Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014

Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014 Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014 Nikos Georgopoulos Privacy Liability & Data Breach Management wwww.privacyrisksadvisors.com October 2014

More information

Best practices and insight to protect your firm today against tomorrow s cybersecurity breach

Best practices and insight to protect your firm today against tomorrow s cybersecurity breach Best practices and insight to protect your firm today against tomorrow s cybersecurity breach July 8, 2015 Baker Tilly Virchow Krause, LLP Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently

More information

DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT

DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT Advisor Article DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT By James R. Carroll, David S. Clancy and Christopher G. Clark* Skadden, Arps, Slate, Meagher & Flom Customer data security

More information

RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION

RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION October 23, 2015 THREAT ENVIRONMENT Growing incentive for insiders to abuse access to sensitive data for financial gain Disgruntled current and former

More information

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C. Belmont Savings Bank Are there Hackers at the gate? 2013 Wolf & Company, P.C. MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2013 Wolf & Company, P.C. About Wolf & Company, P.C.

More information

Privacy Rights Clearing House

Privacy Rights Clearing House 10/13/15 Cybersecurity in Education What you face as educational organizations How to Identify, Monitor and Protect Presented by Jamie Gershon Sr. Vice President Education Practice Group 1 Privacy Rights

More information

12/4/2013. Regulatory Updates. Eric M. Wright, CPA, CITP. Schneider Downs & Co., Inc. December 5, 2013

12/4/2013. Regulatory Updates. Eric M. Wright, CPA, CITP. Schneider Downs & Co., Inc. December 5, 2013 Regulatory Updates Eric M. Wright, CPA, CITP Schneider Downs & Co., Inc. December 5, 2013 Eric M. Wright, CPA, CITP Eric has been involved with Information Technology with Schneider Downs since 1983. He

More information

CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS

CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS 1 As regulators around the world move to tighten compliance requirements for financial institutions, improvement in cyber security controls will become

More information

Anatomy of a Privacy and Data Breach

Anatomy of a Privacy and Data Breach Anatomy of a Privacy and Data Breach Understanding the Risk and Managing a Crisis Adam Kardash: Partner, Heenan Blaikie LLP Robert Parisi: Senior Vice President, Marsh Leadership, Knowledge, Solutions

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

CYBER & PRIVACY LIABILITY INSURANCE GUIDE

CYBER & PRIVACY LIABILITY INSURANCE GUIDE CYBER & PRIVACY LIABILITY INSURANCE GUIDE 01110000 01110010 011010010111011001100001 01100 01110000 01110010 011010010111011001100001 0110 Author Gamelah Palagonia, Founder CIPM, CIPT, CIPP/US, CIPP/G,

More information

Top Ten Technology Risks Facing Colleges and Universities

Top Ten Technology Risks Facing Colleges and Universities Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology

More information

Cyber Liability. Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group 877-337-3200 Ext. 7029

Cyber Liability. Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group 877-337-3200 Ext. 7029 Cyber Liability Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group 877-337-3200 Ext. 7029 Today s Agenda What is Cyber Liability? What are the exposures? Reality of a

More information

Data Security 101. Christopher M. Brubaker. A Lawyer s Guide to Ethical Issues in the Digital Age. cbrubaker@clarkhill.com

Data Security 101. Christopher M. Brubaker. A Lawyer s Guide to Ethical Issues in the Digital Age. cbrubaker@clarkhill.com Data Security 101 A Lawyer s Guide to Ethical Issues in the Digital Age Christopher M. Brubaker cbrubaker@clarkhill.com November 4-5, 2015 Pennsylvania Bar Institute 21 st Annual Business Lawyers Institute

More information

Privacy Law Basics and Best Practices

Privacy Law Basics and Best Practices Privacy Law Basics and Best Practices Information Privacy in a Digital World Stephanie Skaff sskaff@fbm.com What Is Information Privacy? Your name? Your phone number or home address? Your email address?

More information

Hackers, Slackers & Packers: Preventing Data Loss & Dealing with the Inevitable. Data Breaches Are All Too Common

Hackers, Slackers & Packers: Preventing Data Loss & Dealing with the Inevitable. Data Breaches Are All Too Common Hackers, Slackers & Packers: Preventing Data Loss & Dealing with the Inevitable Steven J. Fox (sjfox@postschell.com) Peter D. Hardy (phardy@postschell.com) Robert Brandfass (BrandfassR@wvuh.com) (Mr. Brandfass

More information

Why Lawyers? Why Now?

Why Lawyers? Why Now? TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business

More information

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC Data breach! cyber and privacy risks Brian Wright Michael Guidry Lloyd Guidry LLC Collaborative approach Objective: To develop your understanding of a data breach, and risk transfer options to help you

More information

DATA BREACH COVERAGE

DATA BREACH COVERAGE THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ THIS CAREFULLY. DATA BREACH COVERAGE SCHEDULE OF COVERAGE LIMITS Coverage Limits of Insurance Data Breach Coverage $50,000 Legal Expense Coverage $5,000

More information

Cyber Threats: Exposures and Breach Costs

Cyber Threats: Exposures and Breach Costs Issue No. 2 THREAT LANDSCAPE Technological developments do not only enhance capabilities for legitimate business they are also tools that may be utilized by those with malicious intent. Cyber-criminals

More information

Cyber Liability. What School Districts Need to Know

Cyber Liability. What School Districts Need to Know Cyber Liability What School Districts Need to Know Data Breaches Growing In Number Between January 1, 2008 and April 4, 2012 314,216,842 reported records containing sensitive personal information have

More information

TRENDS IN CYBER LIABILITY Presented by Chris DiIenno Data Privacy and Network Security Group Lewis Brisbois Bisgaard & Smith

TRENDS IN CYBER LIABILITY Presented by Chris DiIenno Data Privacy and Network Security Group Lewis Brisbois Bisgaard & Smith TRENDS IN CYBER LIABILITY Presented by Chris DiIenno Data Privacy and Network Security Group Lewis Brisbois Bisgaard & Smith Types of Data at Stake Residents, constituents, employees PII Personally Identifiable

More information

IDENTIFYING AND RESPONDING TO DATA BREACHES

IDENTIFYING AND RESPONDING TO DATA BREACHES IDENTIFYING AND RESPONDING TO DATA BREACHES Michael P. Hindelang Honigman Miller Schwartz and Cohn LLP October 14, 2015 Merit Security Summit DATA SECURITY RISKS, THREATS & REAL WORLD EXAMPLES OVERVIEW

More information

Cyber Insurance: How to Investigate the

Cyber Insurance: How to Investigate the 10-26-2015 Cyber Insurance: How to Investigate the Right Coverage for Your Company Presented by: Faith M. Heikkila, Ph.D., CISM, CIPM, CIPP-US, ABCP Greenleaf Trust Chief Information Security Officer (CISO)

More information

Data security: A growing liability threat

Data security: A growing liability threat Data security: A growing liability threat Data security breaches occur with alarming frequency in today s technology-laden world. Even a comparatively moderate breach can cost a company millions of dollars

More information

How-To Guide: Cyber Security. Content Provided by

How-To Guide: Cyber Security. Content Provided by How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses

More information

DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH

DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH Andy Watson Grant Thornton LLP. All rights reserved. CYBERSECURITY 2 SURVEY OF CHIEF AUDIT EXECUTIVES (CAEs) GRANT THORNTON'S 2014 CAE SURVEY Data privacy and

More information

Mitigating and managing cyber risk: ten issues to consider

Mitigating and managing cyber risk: ten issues to consider Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed

More information

Brief. The BakerHostetler Data Security Incident Response Report 2015

Brief. The BakerHostetler Data Security Incident Response Report 2015 Brief The BakerHostetler Data Security Incident Response Report 2015 The rate of disclosures of security incidents in 2015 continues at a pace that caused many to call 2013 and then 2014 the year of the

More information

4/9/2015. One Year After the HIPAA Omnibus Rule: Lessons Learned in Breach Notification. Agenda

4/9/2015. One Year After the HIPAA Omnibus Rule: Lessons Learned in Breach Notification. Agenda One Year After the HIPAA Omnibus Rule: Lessons Learned in Breach Notification Adam H. Greene, JD, MPH Partner Davis Wright Tremaine HCCA Compliance Institute April 22, 2015 Doug Pollack Chief Strategy

More information

THE HARTFORD ASSET MANAGEMENT CHOICE sm POLICY NETWORK

THE HARTFORD ASSET MANAGEMENT CHOICE sm POLICY NETWORK THE HARTFORD ASSET MANAGEMENT CHOICE sm POLICY NETWORK SECURITY AND THEFT OF DATA COVERAGE APPLICATION Name of Insurance Company to which application is made NOTICE: THIS POLICY PROVIDES CLAIMS MADE COVERAGE.

More information

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance Date: 07/19/2011 The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance PCI and HIPAA Compliance Defined Understand

More information

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Melissa J. Krasnow, Dorsey & Whitney LLP

More information

HOW SECURE IS YOUR PAYMENT CARD DATA?

HOW SECURE IS YOUR PAYMENT CARD DATA? HOW SECURE IS YOUR PAYMENT CARD DATA? October 27, 2011 MOSS ADAMS LLP 1 TODAY S PRESENTERS Francis Tam, CPA, CISA, CISM, CITP, CRISC, PCI QSA Managing Director PCI Practice Leader Kevin Villanueva,, CISSP,

More information

Data Security Incident Response Plan. [Insert Organization Name]

Data Security Incident Response Plan. [Insert Organization Name] Data Security Incident Response Plan Dated: [Month] & [Year] [Insert Organization Name] 1 Introduction Purpose This data security incident response plan provides the framework to respond to a security

More information

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation MELISSA J. KRASNOW, DORSEY & WHITNEY LLP

More information

Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide

Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide by Christopher Wolf Directors, Privacy and Information Management Practice Hogan Lovells US LLP christopher.wolf@hoganlovells.com

More information

ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer

ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING By: Jerry Jackson Compliance and Privacy Officer 1 1 Introduction Welcome to Privacy and Security Training course. This course will help you

More information

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10) MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...

More information

www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14

www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14 www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the

More information

Cyber Liability. AlaHA Annual Meeting 2013

Cyber Liability. AlaHA Annual Meeting 2013 Cyber Liability AlaHA Annual Meeting 2013 Disclaimer We are not providing legal advise. This Presentation is a broad overview of health care cyber loss exposures, the process in the event of loss and coverages

More information

THE BEST PRACTICES FOR DATA SECURITY AND PRIVACY IN VENDOR/ CLIENT RELATIONSHIPS

THE BEST PRACTICES FOR DATA SECURITY AND PRIVACY IN VENDOR/ CLIENT RELATIONSHIPS THE BEST PRACTICES FOR DATA SECURITY AND PRIVACY IN VENDOR/ CLIENT RELATIONSHIPS Data Law Group, P.C. Kari Kelly Deborah Shinbein YOU CAN T OUTSOURCE COMPLIANCE! Various statutes and regulations govern

More information

CSR Breach Reporting Service Frequently Asked Questions

CSR Breach Reporting Service Frequently Asked Questions CSR Breach Reporting Service Frequently Asked Questions Quick and Complete Reporting is Critical after Data Loss Why do businesses need this service? If organizations don t have this service, what could

More information

The Dish on Data and Disks HIPAAPrivacy and Security Breach Developments. Robin B. Campbell Ethan P. Schulman Jennifer S. Romano

The Dish on Data and Disks HIPAAPrivacy and Security Breach Developments. Robin B. Campbell Ethan P. Schulman Jennifer S. Romano The Dish on Data and Disks HIPAAPrivacy and Security Breach Developments Robin B. Campbell Ethan P. Schulman Jennifer S. Romano HIPAAPrivacy and Security Breach Overview of the Laws Developments Incident

More information

Cybersecurity Workshop

Cybersecurity Workshop Cybersecurity Workshop February 10, 2015 E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. 150 West Main Street, Suite 2100 Norfolk, VA 23510 (757) 624-3153

More information

Cybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048

Cybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048 Cybersecurity Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048 Setting expectations Are you susceptible to a data breach? October 7, 2014 Setting expectations Victim Perpetrator

More information

10 Smart Ideas for. Keeping Data Safe. From Hackers

10 Smart Ideas for. Keeping Data Safe. From Hackers 0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000

More information

Data Security Basics for Small Merchants

Data Security Basics for Small Merchants Data Security Basics for Small Merchants 28 October 2015 Stan Hui Director, Merchant Risk Lester Chan Director, Merchant Risk Disclaimer The information or recommendations contained herein are provided

More information

Checklist for HIPAA/HITECH Compliance Best Practices for Healthcare Information Security

Checklist for HIPAA/HITECH Compliance Best Practices for Healthcare Information Security Checklist for HIPAA/HITECH Compliance Best Practices for Healthcare Information Security Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) For Daily Compliance & Security Tips, Follow ecfirst @ Agenda Review the

More information

IRONSHORE SPECIALTY INSURANCE COMPANY 75 Federal St. Boston, MA 02110 Toll Free: (877) IRON411

IRONSHORE SPECIALTY INSURANCE COMPANY 75 Federal St. Boston, MA 02110 Toll Free: (877) IRON411 IRONSHORE SPECIALTY INSURANCE COMPANY 75 Federal St. Boston, MA 02110 Toll Free: (877) IRON411 Enterprise PrivaProtector 9.0 Network Security and Privacy Insurance Application THE APPLICANT IS APPLYING

More information

CYBER RISK SECURITY, NETWORK & PRIVACY

CYBER RISK SECURITY, NETWORK & PRIVACY CYBER RISK SECURITY, NETWORK & PRIVACY CYBER SECURITY, NETWORK & PRIVACY In the ever-evolving technological landscape in which we live, our lives are dominated by technology. The development and widespread

More information

Zurich Security And Privacy Protection Policy Application

Zurich Security And Privacy Protection Policy Application Zurich Security And Privacy Protection Policy Application COVERAGE A. AND COVERAGE F. OF THE POLICY FOR WHICH YOU ARE APPLYING IS WRITTEN ON A CLAIMS FIRST MADE AND REPORTED BASIS. ONLY CLAIMS FIRST MADE

More information

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)

More information

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Melissa J. Krasnow, Dorsey & Whitney LLP A Note discussing written information security programs (WISPs)

More information

Insurance for Data Breaches in the Hospitality Industry

Insurance for Data Breaches in the Hospitality Industry The Academy of Hospitality Industry Attorneys The Pl Palmer House Hilton Chicago, IL April 25, 2014 Insurance for Data Breaches in the Hospitality Industry Presenters: David P. Bender, Jr. dbender@andersonkill.com

More information

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS Read the Marsh Risk Management Research Briefing: Cyber Risks Extend Beyond Data and Privacy Exposures To access the report, visit www.marsh.com.

More information

The Age of Data Breaches:

The Age of Data Breaches: The Age of Data Breaches: HOW TO AVOID BEING THE NEXT HEADLINE MARCH 24, 2015 2015 Epstein Becker & Green, P.C. All Rights Reserved. ebglaw.com This presentation has been provided for informational purposes

More information

CYBER LIABILITY INSURANCE

CYBER LIABILITY INSURANCE CYBER LIABILITY INSURANCE CONTINUING EDUCATION CLASS MARCH 6, 2013 PRESENTED BY COUSINO HARRIS STEWART V. NELSON, Senior Risk Advisor Stewart.Nelson@Kapnick.com 734 929 6057 Class Objectives Understand

More information

Hot Topics and Trends in Cyber Security and Privacy

Hot Topics and Trends in Cyber Security and Privacy Hot Topics and Trends in Cyber Security and Privacy M. Darren Traub March 13, 2015 Cyber Attacks Ranked Top 5 Most Likely Risks in 2015 - The World Economic Forum Recent Global Headlines Include: 1 Where

More information

Data Security & PCI Compliance & PCI Compliance Securing Your Contact Center Securing Your Contact Session Name :

Data Security & PCI Compliance & PCI Compliance Securing Your Contact Center Securing Your Contact Session Name : Data Security & PCI Compliance Securing Your Contact Center Session Name : Title Introducing Trevor Horwitz Pi Principal, i TrustNet t trevor.horwitz@trustnetinc.com John Simpson CIO, Noble Systems Corporation

More information

Enterprise PrivaProtector 9.0

Enterprise PrivaProtector 9.0 IRONSHORE INSURANCE COMPANIES 75 Federal St Boston, MA 02110 Toll Free: (877) IRON411 Enterprise PrivaProtector 9.0 Network Security and Privacy Insurance Application THE APPLICANT IS APPLYING FOR A CLAIMS

More information

Cybersecurity: Emerging Exposures for Technology Companies. October 7, 2010

Cybersecurity: Emerging Exposures for Technology Companies. October 7, 2010 Cybersecurity: Emerging Exposures for Technology Companies October 7, 2010 Your panelists David Allred, Head of the Technology Segment for North America Commercial at Zurich Liesyl Franz, Vice President

More information

Cybercrime: risks, penalties and prevention

Cybercrime: risks, penalties and prevention Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,

More information

Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015

Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015 Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission June 25, 2015 1 Your Panelists Kenneth L. Chernof Partner, Litigation, Arnold & Porter LLP Nicholas

More information

Understanding the Business Risk

Understanding the Business Risk AAPA Cybersecurity Seminar Andaz Savannah Hotel March 11, 2015 10:30 am Noon Understanding the Business Risk Presenter: Joshua Gold, Esq. (212) 278-1886 jgold@andersonkill.com Disclaimer The views expressed

More information