POSITION PAPER. A Full Recovery Approach to Data Breach Response
|
|
- Julius Price
- 8 years ago
- Views:
Transcription
1 POSITION PAPER A Full Recovery Approach to Data Breach Response
2 In data breach situations, organizations have typically responded with damage control : legally required notification of the individuals whose data was lost, plus public relations efforts to mitigate bad publicity over the breach. While damage control is an understandable response to a data breach emergency, studies indicate that the greatest risk of a data breach is not legal liability or short-term public perception. The greatest risk, and cost, comes when the breach victims have a bad experience, take their business elsewhere, and tell their friends and family why. Businesses can avoid this lost business and abnormal customer churn by adopting a proactive, full recovery breach response model that leaves the business and the breach victims whole. ID Experts Breach Services: A Full Recovery Approach to Data Breach Response 2
3 The Triple Threat of Data Breach Data breaches are a reality of life for US organizations. While Etiolated.org reports that the number of publicized breaches appeared to be leveling off in , the number of records lost per breach more than doubled from less than 150,000 in 2006 to more than 340,000 in In these situations, most companies respond to the obvious threats the legal and regulatory risks and the damage to their public image but most fail to deal with the costly and insidious threat of long-term business loss. While corporate data may be lost in a breach, it is more difficult to assess the financial and emotional risk to customers, employees, patients, and other individuals whose personal data has been compromised. These risks are serious enough that about 30% of U.S. corporations have a formal privacy department, and more than 25% have a Chief Privacy Officer, Chief Security Officer or Chief Information Security Officer. These guardians of privacy are well aware of their corporate duty in the event of a data breach. A majority of states have some form of legislation requiring notification of individuals affected by a privacy breach, and in certain industries customers are protected by national regulations such as the Red Flag Rules in the Fair Credit Reporting Act (FCRA), the Health Information Portability and Accountability Act (HIPAA), and the Gramm-Leach- Bliley Act (GLBA). Failure to comply with these notification requirements can leave an organization open to regulatory action and also to legal action from the affected individuals. Organizations also recognize the threat of a data breach to their public reputation, and they tend to invest in PR efforts to prevent or mitigate the effects of negative PR. Unfortunately, many organizations spend their breach response budgets on bare-bones notification and PR, unaware that the most devastating effect of a data breach is the long-term loss of business caused not by public perception, but by the very personal experiences of the people affected by the breach. True Costs of Data Breach Response According to a recent study by the Ponemon Institute, the costs of data breach response (as shown in Figure 1) are rising: average cost in 2007 was $197 per lost record, an 8% increase over 2006 and a 43% increase over Businesses are trying to save breach response costs through reductions in notification costs (mail vs. call center services) and credit monitoring services. However, Ponemon found that lost business, not response costs, now accounts for 65% of data breach costs, and that lost business costs are increasing at a rate of 30% each year. Figure 1: Data Breach Costs The study found that the first wave of lost business results from customers who are increasingly prone to terminate their business relationship due to lost data, producing consistently higher abnormal churn rates. After a breach, people are increasingly likely to take their business elsewhere; Ponemon found that almost ID Experts Breach Services: A Full Recovery Approach to Data Breach Response 3
4 60% of respondents had or were contemplating ending their business relationship with the breached organization. In the worst case, they may take legal action, as reflected by the rising costs of legal defense after data breaches. Over time, the cost of acquiring new customers also increases, due to bad PR from the breach and as the individuals affected by the breach share their experiences with others. A data breach can put an organization in legal and regulatory jeopardy, and it does cause unanticipated costs that affect short-term financial results. But the greater risk is that a data breach injures an organization s credibility and long-term business prospects, and it injures the people whose data has been lost. The Trust Factor Customer experience is the key to avoiding or containing long-term business loss from a data breach. Statistically, a minority of data breaches led to largescale identity theft, yet a 2005 study by Ponemon Institute found that more than 86% of those affected by a data breach are fearful of potential negative effect on themselves and their families, and over 58% felt it had diminished their trust in the organization reporting the breach. Breach victims cited a whole range of reasons for these negative perceptions: confusing and/or incomplete communication, delays in notification, and support or assistance that was not perceived as helpful. The bottom line is that in almost 60% of cases, the victims were left feeling vulnerable, unsupported, and/or damaged. While businesses are seeking to reduce the up-front costs of data breaches, it is clear that the most costly response is a response that does not meet the needs and expectations of the breach victims. To formulate a financially sound response to a data breach, businesses need to consider what it will take to maintain a positive relationship with the breach population. A Full-Recovery Model For their own financial health, organizations need to take a more proactive, outcome-oriented approach to data breach response, aiming for full recovery for themselves and those affected by the breach. In a full recovery model, the affected population is informed promptly, clearly, and in a manner appropriate to their needs; they are provided with protection against and recovery from ID theft; and at the end of the experience, they remain as loyal customers, employees, clients, or patients. Full recovery for the breached organization means that public credibility, business relationships, and business prospects are preserved, and the cost of breach response services is far outweighed by the goodwill it engenders and the income streams that it protects. Full recovery from data breaches depends on targeted, well-executed responses at each stage of the data breach lifecycle (as shown in Figure 2). Figure 2: The Data Breach Lifecycle BREACH ASSESSMENT: During this phase, businesses need to determine the nature of the breach, the level of exposure and the probable risks to the organization and to the breach population. The recovery plan should be aimed at meeting the unique needs of the breach population and at achieving the best return on breach recovery costs (more about this below). ID Experts Breach Services: A Full Recovery Approach to Data Breach Response 4
5 BREACH RESPONSE: Response activities center around notification of the breach population. Communications should be tailored to the needs and concerns of the breach population. For example, an elderly population may need accommodations for hearing or sight issues, or care-givers may need to be included in the communication. If the breach population includes people for whom English is a second language, notification letters may need to be translated, and call centers should have staff fluent in the needed languages. Call center staff should be fully prepared to handle notification, questions, concerns, and problem resolution. Face-to-face meetings may also be appropriate for breach victims at high-risk or with special needs. BREACH VICTIM PROTECTION: ID theft protection for the breach population can include a variety of services, including advice on how to use credit monitoring, enrollment-based protection packages that includes services such as credit monitoring and public database monitoring, and insurance to cover any financial losses and/or legal costs directly associated with the identity theft. ID THEFT RECOVERY: For an individual to recover from identity theft it can take months or years, hundreds of hours of their time, and untold stress. If the worst happens, and any members of the breach population do become victims of identity theft, recovery services should be available to restore their financial status. The victim should have only to fill out some basic paperwork and sign a very limited power of attorney. With these in hand, a qualified recovery services team can handle all the other paperwork and communications required to restore the victim s identity. Optimizing Return-on-Response Organizations tend to weigh their liability against the costs of responding to a breach. The costs considered generally include notification, PR efforts, administrative costs of changing account numbers, etc., and the costs of providing services such as credit monitoring for a year, but not the long-term costs of lost business. Breached organizations have tended to view credit monitoring as the "standard" protection to be provided in a breach situation. But Ponemon Institute research finds that consumers are not highly valuing credit monitoring as a complete corrective solution, as indicated by low and declining rates at which breach members opt-in to a credit monitoring offer. Since the greatest costs of breach come from consumer dissatisfaction with breach response, the best returnon-response is achieved by investing in high-value assessment and high-touch response services that properly inform and reassure breach victims, then choosing protection and recovery services that are appropriate to the actual risk and that are bulk-priced based on the size of the breach population. This kind of offering will also be more cost effective and more predictable for the breached organization. In contrast with credit monitoring alone, recovery services in conjunction with monitoring has an excellent return on response cost. Not unlike the case for insurance, in most breach situations the odds are relatively low that any given individual will have their identity stolen. But pre-paid recovery services can provide all breach victims with greater peace of mind, and the small minority who may fall victim to ID theft will be far less inclined to publicize their plight or litigate if they have the benefit of fully-managed recovery services. And expert recovery services can also protect the breached organization from spurious claims of identity theft, helping prevent litigation because of the elimination of damages, and providing comprehensive documentation and expert testimony, if litigation should occur. The breach response funnel (as shown in Figure 3) tracks the breach population (and associated costs) through the response lifecycle. In a poorly managed ID Experts Breach Services: A Full Recovery Approach to Data Breach Response 5
6 breach response, even though individual breach victims are notified and offered a number to call, they often end up dissatisfied with the quality of response and become distrustful of the organization. This causes response costs to increase due to inefficiencies of dealing with disgruntled and concerned individuals in the midsection of this funnel. This results in the use of more call center time and customer dissatisfaction leads to lost business and litigation. Summary Data breaches take their toll on a business, but the heaviest toll comes from a breach badly handled. Customer reactions may range from loss of trust to offense, outrage and even litigation. Data breaches in large, highly visible organizations often get media attention, and breach victims will talk to others about their experiences. The combination of word-of-mouth and public perception can greatly affect future business prospects. When responding to a breach, organizations need to think in terms of protecting current and future business and getting the best return-on-response. And since breach response presumably isn t (and shouldn t become) one of your core business competencies, consider hiring a full service breach services vendor who can help you achieve full recovery for both breach victims and your business. Figure 3: Best Return-on-Response Achieved when each Stage of Funnel is Optimized With a full recovery model, in contrast, a more personal and tailored response causes the breached individuals to maintain very high levels of customer satisfaction at every stage. As breach victims regain trust with the organization, they spend less time with call center staff, often enroll in fewer protection services, and are less likely to pursue litigation and/or take their business elsewhere. So an optimized full recovery approach to responding to a data breach will often be no more costly than a less complete approach in terms of out-of-pocket costs, and will also typically result in a better return-on-response because of the reduction in longer term costs of lost business and litigation. ID Experts Breach Services: A Full Recovery Approach to Data Breach Response 6
7 About ID Experts We have assembled a team of people who are passionate about helping people avoid (and if necessary, recover from) identity theft. The problem has reached epidemic proportions in the U.S. We take a uniquely personal approach to fight identity theft. Our experienced recovery advocates help our customers take all practical steps to safeguard their identities. And if a customer's identity is stolen, we personally work with them every step of the way to get them back where they belong. Our mission is to help people keep their identities personal. Contact Us ID Experts 8625 SW Cascade Avenue Beaverton, Oregon p: f: info@idexpertscorp.com 1. Source: 2. Source: Why your company needs a Chief Privacy Officer by Cara Garretson, Network World magazine, May Effective January 1, 2008, the Red Flag provisions of the Fair and Accurate Credit Transactions Act of 2003 (FACTA), require that financial institutions and creditors develop and deploy an Identity Theft Prevention Program for combating ID theft on new and existing accounts. However, a broad interpretation of these rules could eventually affect any business that has employees. 4. Ponemon Institute, LLC Annual Study: U.S. Cost of a Data Breach. November, Ibid. 6. The Ponemon study reports that legal defense accounted for 8% of breach response costs in Ponemon Institute, LLC. National Survey on Data Security Breach Notification. September, ID Experts. All rights reserved.
Identity Theft Security and Compliance: Issues for Business
Identity Theft Security and Compliance: Issues for Business The Facts Six Common Uses for Stolen Information Financial Criminal Medical DMV Social Security Terrorist The Facts A Chronology of Data Breaches
More informationSafeBiz. Identity Theft and Data Breach Program For Small & Medium Size Businesses (SMB)
SafeBiz Identity Theft and Data Breach Program For Small & Medium Size Businesses (SMB) 1 About Us Since 2003 we have helped victims of identity theft recover fully from this devastating crime, and continue
More informationIntroduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide
Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide by Christopher Wolf Directors, Privacy and Information Management Practice Hogan Lovells US LLP christopher.wolf@hoganlovells.com
More informationData Breach and Senior Living Communities May 29, 2015
Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs
More information2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security
2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security Commissioned by ID Experts November 2009 INTRODUCTION Healthcare breaches are on the rise; according to the 2009
More informationReputation Impact of a Data Breach Executive Summary
Reputation Impact of a Data Breach Executive Summary Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: October 2011 Ponemon Institute Research
More informationGALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability
GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the
More informationYour Personal Guide To Your Personal Injury Lawsuit
Your Personal Guide To Your Personal Injury Lawsuit Know How To Do Things Right When You ve Been Wronged You have questions. And most likely, you have a lot of them. The good news is that this is completely
More informationData Security Breaches: Learn more about two new regulations and how to help reduce your risks
Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches
More informationDATA BREACH: hy you should care!
DATA BREACH: hy you should care! Bob Gregg CEO Bob.gregg@idexpertscorp.com 1 Overview Defining the cyber security and Data breach problem The threat source- surprising Potential business impact No one
More informationAftermath of a Data Breach Study
Aftermath of a Data Breach Study Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: January 2012 Ponemon Institute Research Report Aftermath
More informationIs Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution
Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: April 2013 Ponemon Institute Research Report
More informationA UNIQUE SERVICE PACKAGE FOR WHITE MOUNTAINS INSURANCE GROUP
A UNIQUE SERVICE PACKAGE FOR WHITE MOUNTAINS INSURANCE GROUP As part of your employee benefit package you are provided with a suite of OneBeacon Services! The suite of services provides help with avoiding
More informationInformation Protection Framework: Data Security Compliance and Today s Healthcare Industry
Information Protection Framework: Data Security Compliance and Today s Healthcare Industry Executive Summary Today s Healthcare industry is facing complex privacy and data security requirements. The movement
More informationAnatomy of a Privacy and Data Breach
Anatomy of a Privacy and Data Breach Understanding the Risk and Managing a Crisis Adam Kardash: Partner, Heenan Blaikie LLP Robert Parisi: Senior Vice President, Marsh Leadership, Knowledge, Solutions
More informationPrivacy Insurance. Avoiding the HMO Experience. cyber. More Differences. By Toby Merrill
Privacy Insurance Avoiding the HMO Experience By Toby Merrill Privacy, as it relates to an individual s personally identifiable information, such as Social Security numbers, credit card and healthcare
More informationSMB Data Breach Risk Management Best Practices. By Mark Pribish February 19, 2015
SMB Data Breach Risk Management Best Practices By Mark Pribish February 19, 2015 Presentation Agenda About Mark Pribish Information Governance The Threat Landscape Data Breach Trends Legislative and Regulatory
More informationNetwork Security & Privacy Landscape
Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies
More informationData breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC
Data breach! cyber and privacy risks Brian Wright Michael Guidry Lloyd Guidry LLC Collaborative approach Objective: To develop your understanding of a data breach, and risk transfer options to help you
More informationDATA BREACH COVERAGE
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ THIS CAREFULLY. DATA BREACH COVERAGE SCHEDULE OF COVERAGE LIMITS Coverage Limits of Insurance Data Breach Coverage $50,000 Legal Expense Coverage $5,000
More informationIs Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution
Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: March 2013 Ponemon Institute Research Report
More informationData breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd
Data breach, cyber and privacy risks Brian Wright Lloyd Wright Consultants Ltd Contents Data definitions and facts Understanding how a breach occurs How insurance can help to manage potential exposures
More informationPacific University. Policy Governing. Identity Theft Prevention Program. Red Flag Guidelines. Approved June 10, 2009
Pacific University Policy Governing Identity Theft Prevention Program Red Flag Guidelines Approved June 10, 2009 Program adoption Pacific University developed this identity Theft Prevention Program ( Program
More informationKeeping watch over your best business interests.
Keeping watch over your best business interests. 0101010 1010101 0101010 1010101 IT Security Services Regulatory Compliance Services IT Audit Services Forensic Services Risk Management Services Attestation
More informationDon t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks
Don t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks Thank you for joining us. We have a great many participants in today s call. Your phone is currently
More informationReducing Risk. Raising Expectations. CyberRisk and Professional Liability
Reducing Risk. Raising Expectations. CyberRisk and Professional Liability Are you exposed to CyberRisk? Like nearly every other business, you have likely capitalized on the advancements in technology today
More informationDATA BREACH POLICY IMPLENTATION GUIDE
DATA BREACH POLICY IMPLENTATION GUIDE OCTOBER 15, 2007 1 Data Breach Policy Implementation Guide Purpose The response to any breach of personally identifiable information (PII) can have a critical impact
More informationFACTA Identity Theft Red Flags Program. www.chs.acfei.com
1 FACTA Identity Theft Red Flags Program Module 1 Fair and Accurate Credit Transactions Act Overview Identity thieves use individual s personal identifiable information to open new accounts and misuse
More informationRed Flag Policy and Procedures for Alexander Orthopaedic Associates
Red Flag Policy and Procedures for Alexander Orthopaedic Associates The Identify Theft Prevention Program developed by Alexander Medical Group LLC dba Alexander Orthopaedic Associates referred throughout
More informationCyber Exposure for Credit Unions
Cyber Exposure for Credit Unions What it is and how to protect yourself L O C K T O N 2 0 1 2 www.lockton.com Add Cyber Title Exposure Here Overview #1 financial risk for Credit Unions Average cost of
More informationMetropolitan Living, LLC 151 W. Burnsville Parkway, Suite 101 Burnsville, MN 55337 Ph: (952) 564-3030 Fax: (651) 925-0031
The Health Insurance Portability and Accountability Act (HIPAA) and Client Privacy Statement This notice describes how your medical information may be used and disclosed and how you can get access to this
More informationBest Practices in Data Protection Survey of U.S. IT & IT Security Practitioners
Best Practices in Data Protection Survey of U.S. IT & IT Security Practitioners Sponsored by McAfee Independently conducted by Ponemon Institute LLC Publication Date: October 2011 Ponemon Institute Research.
More informationManaging Cyber Security as a Business Risk: Cyber Insurance in the Digital Age
Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: August 2013
More informationCYBERSECURITY: Is Your Business Ready?
CYBERSECURITY: Is Your Business Ready? Cybersecurity: Is your business ready? Cyber risk is just like any other corporate risk and it must be managed from the top. An organization will spend time monitoring
More informationData Breach Readiness
Data Breach Readiness 877.983.9850 Partner@Intersections.com www.intersections.com Introduction Few events can damage a company s reputation more than losing the personal confidential information entrusted
More informationWHITE PAPER BREACH, PRIVACY, AND CYBER COVERAGES: FACT AND FICTION CYBER COVERAGES
BREACH, PRIVACY, AND CYBER COVERAGES: FACT AND FICTION IDT911 1 DEFINITIONS 1. Cyber Programs - Focuses on services and systems related to technology and their use in business. Risks addressed include
More informationCyber Insurance: How to Investigate the Right Coverage for Your Company
6-11-2015 Cyber Insurance: How to Investigate the Right Coverage for Your Company Presented by: Faith M. Heikkila, Ph.D., CISM, CIPM, CIPP-US, ABCP Greenleaf Trust Chief Information Security Officer (CISO)
More informationCREDIT BUREAU REPORTING
MINIMIZING THE RISKS OF COLLECTIONS INDUSTRY CREDIT BUREAU REPORTING Minimizing Regulatory & Litigation Risk A White Paper by Jennifer Maisano, President & CEO, Credit Bureau Strategy Consulting, LLC 2008
More informationCorporate Incident Response. Why You Can t Afford to Ignore It
Corporate Incident Response Why You Can t Afford to Ignore It Whether your company needs to comply with new legislation, defend against financial loss, protect its corporate reputation or a combination
More informationLessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd
Lessons Learned from Recent HIPAA and Big Data Breaches Briar Andresen Katie Ilten Ann Ladd Recent health care breaches Breach reports to OCR as of February 2015 1,144 breaches involving 500 or more individual
More informationA Privacy and Data Security Checklist for All
July 2015 Many companies know they have to follow privacy and data security rules. Companies in the health care industry know about Health Insurance Portability and Accountability Act (HIPAA). Financial
More informationcyber invasions cyber risk insurance AFP Exchange
Cyber Risk With cyber invasions now a common place occurrence, insurance coverage isn t found in your liability policy. So many different types of computer invasions exist, but there is cyber risk insurance
More informationThe New Crisis Communication Challenge: Data Breach
The New Crisis Communication Challenge: Data Breach By Lisa MacKenzie When a data breach occurs, how an organization responds and communicates to its customer, patients or stakeholders can be the difference
More informationData Breach Cost. Risks, costs and mitigation strategies for data breaches
Data Breach Cost Risks, costs and mitigation strategies for data breaches Tim Stapleton, CIPP/US Deputy Global Head of Professional Liability Zurich General Insurance Data Breaches: Greater frequency,
More informationWhite Paper #6. Privacy and Security
The Complexity of America s Health Care Industry White Paper #6 Privacy and Security www.nextwavehealthadvisors.com 2015 Next Wave Health Advisors and Lynn Harold Vogel, Ph.D. The Complexity of America
More informationInternet Gaming: The New Face of Cyber Liability. Presented by John M. Link, CPCU Cottingham & Butler
Internet Gaming: The New Face of Cyber Liability Presented by John M. Link, CPCU Cottingham & Butler 1 Presenter John M. Link, Vice President jlink@cottinghambutler.com 2 What s at Risk? $300 billion in
More informationWelcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013
Welcome to ChiroCare s Fourth Annual Fall Business Summit October 3, 2013 HIPAA Compliance Regulatory Overview & Implementation Tips for Providers Agenda Green packet Overview of general HIPAA terms and
More informationCSR Breach Reporting Service Frequently Asked Questions
CSR Breach Reporting Service Frequently Asked Questions Quick and Complete Reporting is Critical after Data Loss Why do businesses need this service? If organizations don t have this service, what could
More informationBenefits Handbook Date March 1, 2016. Identity Theft Protection Benefit Program Marsh & McLennan Companies
Date March 1, 2016 Identity Theft Protection Benefit Program Marsh & McLennan Companies Marsh & McLennan Companies offers identity theft solutions, supplied by InfoArmor, to all eligible employees (family
More informationCyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?
Cyber Warfare David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Cyber crime is the fastest growing economic crime up more than 2300% since 2009 1 in 10 companies
More informationReputation Impact of a Data Breach U.S. Study of Executives & Managers
Reputation Impact of a Data Breach U.S. Study of Executives & Managers Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: November 2011 Ponemon
More informationHow To Buy Cyber Insurance
10-26-2015 Cyber Insurance: How to Investigate the Right Coverage for Your Company Presented by: Faith M. Heikkila, Ph.D., CISM, CIPM, CIPP-US, ABCP Greenleaf Trust Chief Information Security Officer (CISO)
More informationACCG Identity Theft Prevention Program. ACCG 50 Hurt Plaza, Suite 1000 Atlanta, Georgia 30303 (404)522-5022 (404)525-2477 www.accg.
ACCG Identity Theft Prevention Program ACCG 50 Hurt Plaza, Suite 1000 Atlanta, Georgia 30303 (404)522-5022 (404)525-2477 www.accg.org July 2009 Contents Summary of ACCG Identity Theft Prevention Program...
More informationACE Advantage PRIVACY & NETWORK SECURITY
ACE Advantage PRIVACY & NETWORK SECURITY SUPPLEMENTAL APPLICATION COMPLETE THIS APPLICATION ONLY IF REQUESTING COVERAGE FOR PRIVACY LIABILITY AND/OR NETWORK SECURITY LIABILITY COVERAGE. Please submit with
More informationAn Overview of the Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit Transactions Act of 2003 Final Rules
An Overview of the Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit Transactions Act of 2003 Final Rules By: Andrea J. Shaw, Esq., Compliance Officer, Gorham Savings
More informationMy Docs Online HIPAA Compliance
My Docs Online HIPAA Compliance Updated 10/02/2013 Using My Docs Online in a HIPAA compliant fashion depends on following proper usage guidelines, which can vary based on a particular use, but have several
More informationPROGRAM TO PREVENT, DETECT & MITIGATE IDENTITY THEFT
Office of Employee Benefits Administrative Manual PROGRAM TO PREVENT, DETECT & MITIGATE IDENTITY THEFT 150 EFFECTIVE DATE: AUGUST 1, 2009 REVISION DATE: PURPOSE: Ensure that the Office of Employee Benefits
More informationDSU Identity Theft Prevention Policy No. DSU 802.7.001
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 IDENTITY THEFT PREVENTION DSU Policy No. 802.7.001 SOURCE: Fair and Accurate
More informationIs Your Company Ready for a Big Data Breach?
Is Your Company Ready for a Big Data Breach? The Second Annual Study on Data Breach Preparedness Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication
More informationSINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry
SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry DATA BREACH A FICTIONAL CASE STUDY THE FIRST SIGNS OF TROUBLE Friday, 5.20 pm :
More informationEmploying Best Practices for Mainframe Tape Encryption
WHITE PAPER: DATA ENCRYPTION BEST PRACTICES FOR MAINFRAME TAPE Employing Best Practices for Mainframe Tape Encryption JUNE 2008 Stefan Kochishan CA MAINFRAME PRODUCT MARKETING John Hill CA MAINFRAME PRODUCT
More informationCYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131
CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 TOPICS 1. Threats to your business s data 2. Legal obligations
More informationFinding a Cure for Medical Identity Theft
Finding a Cure for Medical Identity Theft A look at the rise of medical identity theft and what small healthcare organizations are doing to address threats October 2014 www.csid.com TABLE OF CONTENTS SUMMARY
More informationNetwork Security & Privacy Landscape
Network Security & Privacy Landscape Presented By: Pam Townley, AVP / Eastern Zonal Manager AIG Professional Liability Division Jennifer Bolling, Account Executive Gallagher Management Liability Division
More informationIdentity Theft Protection Plans
Identity Theft Protection Plans Legal Resources has partnered with IdentityForce to offer two plan options for identity theft protection for employees at the City of Virginia Beach and Virginia Beach City
More informationApplication Security in the Software Development Lifecycle
Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO
More informationHow To Deal With Cloud Computing
A LEGAL GUIDE TO CLOUD COMPUTING INTRODUCTION Many companies are considering implementation of cloud computing services to decrease IT costs while providing the flexibility to scale usage on demand. The
More informationImplementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind
Page1 Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind The use of electronic medical records (EMRs) to maintain patient information is encouraged today and
More informationData Privacy and Security: A Primer for Law Firms
Data Privacy and Security: A Primer for Law Firms All We Do Is Work. Workplace Law. In four time zones and 46 major locations coast to coast. www.jacksonlewis.com JACKSON LEWIS SERVING THE DIVERSE NEEDS
More informationOklahoma State University Policy and Procedures. Red Flags Rules and Identity Theft Prevention
Oklahoma State University Policy and Procedures Rules and Identity Theft Prevention 3-0540 ADMINISTRATION & FINANCE July 2009 Introduction 1.01 Oklahoma State University developed this Identity Theft Prevention
More informationRed Flag Rules: A Step by Step Guide to Developing a Prevention & Training Program
Red Flag Rules: A Step by Step Guide to Developing a Prevention & Training Program A Case Study of Sam Houston State University s Red Flag Program Dr. Kristy L. Vienne Objective Participants will: Understand
More informationIdentity Theft Plan. Guidebook. Copyright 2013 Prepaid Plans All Rights Reserved
Identity Theft Plan Guidebook Copyright 2013 Prepaid Plans All Rights Reserved Identity Theft Solutions Identity Theft Insurance Claims When filing an identity theft claim please contact a claims administrator
More informationTHE CYBER SECURITY PLAYBOOK WHAT EVERY BOARD OF DIRECTORS SHOULD KNOW BEFORE, DURING, AND AFTER AN ATTACK SECURITY REIMAGINED
THE CYBER SECURITY PLAYBOOK WHAT EVERY BOARD OF DIRECTORS SHOULD KNOW BEFORE, DURING, AND AFTER AN ATTACK SECURITY REIMAGINED THE CYBER SECURITY PLAYBOOK 2 03 Introduction 04 Changing Roles, Changing Threat
More informationHCCA Compliance Institute 2013 Privacy & Security
HCCA Compliance Institute 2013 Privacy & Security 704 Conducting a Privacy Risk Assessment A Practical Guide to the Performance, Evaluation and Response April 23, 2013 Presented By Eric Dieterich Session
More informationIdentity Theft Red Flags Procedures
3 4 5 6 7 8 9 INTRODUCTION AND PURPOSE DEFINITIONS EXCEPTIONS PENALTIES RECORD RETENTION REQUIREMENTS A B D Identity Theft Red Flags Procedures 717.90 Duties Regarding the Detection, Prevention, and Mitigation
More informationFamily Protection Plan
Providing Customizable Products & Services Family Protection Plan The Most Comprehensive Discount Legal Product Available Legal Care Identity Theft Solutions Free & Discounted Legal Care Legal Club of
More informationNEW HSB FREESTYLE ADVANTAGE. Win and keep more customers with our broadest-ever equipment coverage and new coverage options
NEW HSB FREESTYLE ADVANTAGE Win and keep more customers with our broadest-ever equipment coverage and new coverage options About HSB and Munich Re Hartford Steam Boiler (HSB), a proud part of Munich Re,
More informationFacts About FACTA Red Flag Identity Theft Prevention Program
FACTA Red Flag Identity Theft Prevention Program FACTA Red Flag Policy Program, page 1 of 6 Contents Overview 3 Definition of Terms 3 Covered Accounts..3 List of Red Flags 3 Suspicious Documents...4 Suspicious
More informationCyber Threats: Exposures and Breach Costs
Issue No. 2 THREAT LANDSCAPE Technological developments do not only enhance capabilities for legitimate business they are also tools that may be utilized by those with malicious intent. Cyber-criminals
More informationIdentity Theft Prevention Program Red Flag Rules Policy P093.00 Issued: May 2009
Identity Theft Prevention Program Red Flag Rules Policy P093.00 Issued: May 2009 The Federal Trade Commission has issued a final rule (the Red Flag Rule) under the Fair and Accurate Credit Transactions
More information31-R-11 A RESOLUTION ADOPTING THE CITY OF EVANSTON IDENTITY PROTECTION POLICY. WHEREAS, The Fair and Accurate Credit Transactions Act of 2003,
5/23/2011 31-R-11 A RESOLUTION ADOPTING THE CITY OF EVANSTON IDENTITY PROTECTION POLICY WHEREAS, The Fair and Accurate Credit Transactions Act of 2003, Public Law 108-159, requires municipalities to promulgate
More informationUniversity of St. Thomas. Identity Theft Prevention Program. (Red Flags Regulation Response)
University of St. Thomas Identity Theft Prevention Program (Red Flags Regulation Response) Revised: January 10, 2013 Program Adoption and Administration The University of St. Thomas ( University ) established
More informationHealthcare Security: Improving Network Defenses While Serving Patients
White Paper Healthcare Security: Improving Network Defenses While Serving Patients What You Will Learn Safeguarding the privacy of patient information is critical for healthcare providers. However, Cisco
More information2/9/2012. The Third International Conference on Technical and Legal Aspects of the e-society CYBERLAWS 2012
The Third International Conference on Technical and Legal Aspects of the e-society CYBERLAWS 2012 Legal Issues Involved in Creating Security Compliance Plans W. David Snead Attorney + Counselor Washington,
More informationFlorida International University. Identity Theft Prevention Program. Effective beginning August 1, 2009
Florida International University Identity Theft Prevention Program Effective beginning August 1, 2009 I. PROGRAM ADOPTION Florida International University developed this Identity Theft Prevention Program
More informationUA Identity Theft Prevention Program Records & Information Security Management
1 UA Identity Theft Prevention Program Records & Information Security Management Dr. Russell O Hare Chief Records Officer February 20-21, 2014 Presented to: Board of Regents Audit Committee Contents Covered
More informationWhitepaper. Best Practices for Securing Your Backup Data. BOSaNOVA Phone: 866-865-5250 Email: info@theq3.com Web: www.theq3.com
Whitepaper Best Practices for Securing Your Backup Data BOSaNOVA Phone: 866-865-5250 Email: info@theq3.com Web: www.theq3.com DATA PROTECTION CHALLENGE Encryption, the process of scrambling information
More informationidentity TheFT PREVENTION Programs and Response
IDENTITY THEFT PREVENTION PROGRAM This program is launched in response to the Federal Trade Commission Red Flag Rules and Address Discrepancy Rules in conjunction with the Fair and Accurate Credit Transaction
More informationIDENTIFYING AND RESPONDING TO DATA BREACHES
IDENTIFYING AND RESPONDING TO DATA BREACHES Michael P. Hindelang Honigman Miller Schwartz and Cohn LLP October 14, 2015 Merit Security Summit DATA SECURITY RISKS, THREATS & REAL WORLD EXAMPLES OVERVIEW
More informationMarch 22, 2013. Tennessee State Employees Association 627 Woodland Street Nashville, TN 37206
March 22, 2013 March 22, 2013 Tennessee State Employees Association 627 Woodland Street Nashville, TN 37206 InfoArmor is pleased to present the Tennessee State Employees Association (TSEA) with the following
More informationDERMATOLOGY ASSOCIATES, LLC 50 Sewall Street Portland, Maine 04102 (207) 775-3526 NOTICE OF PRIVACY PRACTICES
DERMATOLOGY ASSOCIATES, LLC 50 Sewall Street Portland, Maine 04102 (207) 775-3526 NOTICE OF PRIVACY PRACTICES THIS NOTICE OF PRIVACY PRACTICES DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND
More informationData Security - Trends and Remedies
1 Overvie w of Data Anonymiz ation Points to Ponder What is data anonymization? What are the drivers for data anonymization? Here are some startling statistics on security incidents and private data breaches:
More informationAn Executive Overview of GAPP. Generally Accepted Privacy Principles
An Executive Overview of GAPP Generally Accepted Privacy Principles Current Environment One of today s key business imperatives is maintaining the privacy of your customers personal information. As business
More informationManaging data security and privacy risk of third-party vendors
Managing data security and privacy risk of third-party vendors The use of third-party vendors for key business functions is here to stay. Routine sharing of critical information assets, including protected
More informationNOTICE OF HEALTH INFORMATION PRIVACY PRACTICES (HIPAA)
NOTICE OF HEALTH INFORMATION PRIVACY PRACTICES (HIPAA) THIS NOTICE OF PRIVACY PRACTICES DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
More information$194 per record lost* 3/15/2013. Global Economic Crime Survey. Data Breach Costs. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP
David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Global Cyber Crime is the fastest growing economic crime Cyber Crime is more lucrative than trafficking drugs!
More informationSecuring Your Business with Managed File Transfer
Why FTP/SFTP Solutions Are No Longer a Viable Option www.stonebranch.com Executive Summary This white paper sets out to explain the importance of a Managed File Transfer solution implementation within
More informationRisk Management Examiners
Risk Management Examiners Introduction to Red Flags Examination Procedures Section 615(e) requires the federal banking agencies and the NCUA (the Agencies) as well as the FTC to prescribe regulations and
More informationEmail Archiving Benefits
www.sonasoft.com INTRODUCTION In this digital age, small and medium businesses (SMBs) continue to rely heavily on e mail as their primary form of business communications. This has led to a proliferation
More information