Cyber Security: Compliance and Protection 2012 A Complimentary LexisNexis Webinar December 11, 2012

Size: px

Start display at page:

Download "Cyber Security: Compliance and Protection 2012 A Complimentary LexisNexis Webinar December 11, 2012"

Amy Collins
8 years ago
Views:

1 Cyber Security: Compliance and Protection 2012 A Complimentary LexisNexis Webinar December 11, 2012 David Chatfield, Vice President, Cyber Security Services, NetDiligence Linda Clark, Esq., U.S. Senior Counsel for Data Security and Compliance, Reed Elsevier Group Atlas Lee, Director of Information Technology & Business Continuity at Shook, Hardy & Bacon Heather Zachary, Esq., WilmerHale, Regulatory and Government Affairs Department and the Communications, Privacy and Internet Law Practice Group

2 Section 1: The Legal Landscape

3 Legal Landscape: Section Overview This initial section will survey the legal landscape with respect to both (1) preventative data-security measures; and (2) responses to data-security incidents Both subjects are regulated under federal, state, and international law The law in each of these realms is currently evolving 2

4 Legal Landscape: Federal Law There is no comprehensive regime at the federal level governing data security or data incident response. Instead, there are a number of sector-specific laws and rules. Financial sector Gramm-Leach-Bliley Act Federal Trade Commission regulations Interagency Guidelines and Guidance Health sector HIPAA Health Insurance Portability and Accountability Act HITECH Act Health Information Technology for Economic and Clinical Health Act HHS and FTC rules 3

5 Legal Landscape: Federal Law Communications sector Cable TV Privacy Act of 1984 Customer Proprietary Network Information Rules Securities and Exchange Commission reporting obligations Other legal requirements Contractual obligations stemming from federal or private contracts American Bar Association Model Rules of Professional Conduct Children s Online Privacy Protection Act 4

6 Legal Landscape: State Law Many states mandate preventative data-security measures Nearly all states have data-breach notice and response laws These laws differ markedly in their scope and application: Types of data covered from social security numbers to financial data to fingerprints to health insurance information Forms of protected data computerized vs. hard copy Risk triggers potential for harm from breach often required Required responses from consumer notice to alerting state agencies Exclusions and limitations e.g., entities regulated under GLBA 5

7 Legal Landscape: International Law The European Union Data Protection Directive requires entities that manage personal data to employ appropriate technical and organizational measures to ensure the security of that data Different countries in the EU have implemented this requirement in different ways A number of non-eu countries have adopted specific datasecurity requirements as well Data breach response and notification laws are also gaining traction worldwide 6

8 Section 5: The Threats and Legal Ramifications

9 Data Security Threats to Law Firms According to press reports, approximately 80 major law firms were victims of cyber attacks in 2011 Law firms are a favorite target of state-sponsored and nonstate-sponsored cyber attacks Law firms obtain a great deal of proprietary or otherwise sensitive data from their clients and from other parties in discovery and transactions Law firms are also viewed as softer targets than the companies that they represent Hackers sometimes infiltrate law firm networks to halt an acquisition or interfere with a business deal 8

10 Consequences of Data Security Lapses Data security lapses have very real consequences, imposed by both regulators and the marketplace Reputational harm Breach of contract Burdensome public notice and remediation measures Federal Trade Commission enforcement, including significant monetary penalties and burdensome audit requirements State enforcement with a range of penalties Enforcement by international Data Protection Authorities Private litigation brought by identity-theft victims and class-action plaintiffs 9

11 Question and Answer Session Thank You! Heather Zachary, WilmerHale Speaker, Firm Speaker address Speaker, Firm Speaker address Speaker, Firm Speaker address 10

Data Breach and Senior Living Communities May 29, 2015

Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs