Mastering Data Privacy, Protection, & Forensics Law



Similar documents
Mastering Data Privacy, Social Media, & Cyber Law

The Cyber Attack and Hacking Epidemic A Legal and Business Survival Guide

Updates within Network Security and Privacy Risk Management

Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer?

Chex Systems, Inc. does not currently charge a fee to place, lift or remove a freeze; however, we reserve the right to apply the following fees:

Data Breach 101 How to Avoid a Virtual Catastrophe

Auditing your institution's cybersecurity incident/breach response plan. Baker Tilly Virchow Krause, LLP

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

Disaster Design: How to Develop and Conduct an Effective Tabletop Exercise

Health Care Data Breach Discovery Strategies for Immediate Response

Data Privacy & Security: Essential Questions Every Business Must Ask

Data Security 101. Christopher M. Brubaker. A Lawyer s Guide to Ethical Issues in the Digital Age. cbrubaker@clarkhill.com

2014 INCOME EARNED BY STATE INFORMATION

SECTION 109 HOST STATE LOAN-TO-DEPOSIT RATIOS. The Board of Governors of the Federal Reserve System (Board), the Federal Deposit

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

The Obama Administration and Community Health Centers

SECTION 109 HOST STATE LOAN-TO-DEPOSIT RATIOS. or branches outside of its home state primarily for the purpose of deposit production.

Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide

Clients Legal Needs in HIPAA Security Compliance

Privacy Legislation and Industry Security Standards

Exhibit 57A. Approved Attorney Fees and Title Expenses

United States Department of Justice Executive Office for United States Trustees. Public Report:

Real Progress in Food Code Adoption

Model Regulation Service July 2005 LIFE INSURANCE MULTIPLE POLICY MODEL REGULATION

(In effect as of January 1, 2004*) TABLE 5a. MEDICAL BENEFITS PROVIDED BY WORKERS' COMPENSATION STATUTES FECA LHWCA

Executive Summary. Introduction

Intercountry Adoptions Finalized Abroad

NOTICE OF PROTECTION PROVIDED BY [STATE] LIFE AND HEALTH INSURANCE GUARANTY ASSOCIATION

Homeland Insurance Company of New York Homeland Insurance Company of Delaware (Stock companies owned by the OneBeacon Insurance Group)

Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked

Data Security Best Practices for In-House Counsel

Prepared by : Michael R. Fowlkes CBP / Fraudulent Document Officer San Ysidro Port of Entry 720 E. San Ysidro Blvd. San Ysidro, CA (619)

Insulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact. February 10, 2015

12/4/2013. Regulatory Updates. Eric M. Wright, CPA, CITP. Schneider Downs & Co., Inc. December 5, 2013

Full Medical Benefits**

A/B MAC Jurisdiction 1 Original Medicare Claims Processor

Model Regulation Service January 2006 DISCLOSURE FOR SMALL FACE AMOUNT LIFE INSURANCE POLICIES MODEL ACT

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

Updates on HITECH and State Breach Notification and Security Requirements Robin Campbell

Schedule B DS1 & DS3 Service

Cyber Insurance Presentation

Licensure Resources by State

Application for Automatic Extension of Time To File U.S. Individual Income Tax Return

Network Security & Privacy Landscape

OPT Extension Application Process 11/22/2010

CSU INFORMATION SECURITY. Presentation for 2012 CSU Auxiliary Conference January 11, 2012

Jefferson Glassie, FASAE Whiteford, Taylor & Preston

Data Breach Response Basic Principles Under U.S. State and Federal Law. ABA Litigation Section Core Knowledge January

State Pest Control/Pesticide Application Laws & Regulations. As Compiled by NPMA, as of December 2011

LLC Member/Manager Disclosure Question by: Cathy Beaudoin. Jurisdiction. Date: 01 March LLC Member/Manager Disclosure 2011 March 01

Who May Adopt, Be Adopted, or Place a Child for Adoption?

T H E R E A L C O S T O F A D ATA B R E A C H

Impacts of Sequestration on the States

THE HARTFORD ASSET MANAGEMENT CHOICE sm POLICY NETWORK

Best practices and insight to protect your firm today against tomorrow s cybersecurity breach

The Future of Data Breach Risk Management Response and Recovery. The Cybersecurity Forum April 14, 2016

Broadband Availability in America. With Rural Americans Looking for High-Speed Services, Adequate Broadband Speeds Remain Out of Reach for Many

TRENDS IN CYBER LIABILITY Presented by Chris DiIenno Data Privacy and Network Security Group Lewis Brisbois Bisgaard & Smith

Cyber/Information Security Insurance. Pros / Cons and Facts to Consider

The Importance of Privacy & Data Security in a Changing World

HIPAA Privacy and Security and Research

Public School Teacher Experience Distribution. Public School Teacher Experience Distribution

LLC Domestications. Date: March 23, [LLC Domestication] [March 23, 2015]

Brief. The BakerHostetler Data Security Incident Response Report 2015

Data Breach: Understanding the Risk and Managing a Crisis

Three-Year Moving Averages by States % Home Internet Access

Cyber Insurance: How to Investigate the Right Coverage for Your Company

Network Security and Privacy Liability: How to Prepare for a Cyber Breach

Definitions of Child Abuse and Neglect

Privacy Rights Clearing House

ALABAMA DEFENSE LAWYERS ASSOCIATION

Send the Form 8821, with a COPY of your Application to the IRS at the Following address:

RETAIL INSTALLMENT CREDIT AGREEMENT

Exploring the Impact of the RAC Program on Hospitals Nationwide

14-Sep-15 State and Local Tax Deduction by State, Tax Year 2013

List of State Residual Insurance Market Entities and State Workers Compensation Funds

Tax Research: Understanding Sources of Tax Law (Why my IRC beats your Rev Proc!)

Data Security Breach Notice Letter

********************

Written Testimony of Michael Menapace. Sen. Jerry Moran, Sen. Blumenthal, and other members of the Subcommittee -

Registered Nurses in Wyoming Fact Sheet Prepared for Statewide Nursing Summit University of Wyoming - June 18, 2004

Understanding the Business Risk

National Credit Union Administration. Tips to Safely Conduct Financial Transactions Over the Internet

MASS MARKETING OF PROPERTY AND LIABILITY INSURANCE MODEL REGULATION

I. VIOLATIONS OF THE FEDERAL BANK ROBBERY AND INCIDENTAL CRIMES STATUTE, TITLE 18, UNITED STATES CODE, SECTION 2113

Data Breach Reporting: Summary of Governing Bodies with Reporting Requirements in the United States

WHAT TO DO BEFORE AGREEING TO PERFORM WORK IN ANOTHER STATE. David M. Gersh

Cloud Computing: A Primer on Legal Issues, Including Privacy and Data Security Concerns. Privacy and Information Management Practice / Washington, DC

DOCUMENT CHECKLIST FOR LOANS $50,000 OR LESS: 1. BUSINESS LOAN APPLICATION FOR LOANS $50,000 OR LESS

Managing Cyber Threats Risk Management & Insurance Solutions. Presented by: Douglas R. Jones, CPCU, ARM Senior Vice President & Principal

Comparison of US State and Federal Security Breach Notification Laws. Current through August 26, 2015

CYBER SECURITY SPECIALREPORT

NON-RESIDENT INDEPENDENT, PUBLIC, AND COMPANY ADJUSTER LICENSING CHECKLIST

FACT SHEET. Language Assistance to Persons with Limited English Proficiency (LEP).

State Government Subsidies for Retirement Plans Sponsored by Local Governments. National Conference of State Legislatures, January 2010

Subject: Military Personnel Strengths in the Army National Guard

Government Focus on Cybersecurity Elevates Data Breach Legislation. by Experian Government Relations and Experian Data Breach Resolution

Cloudy With a Chance Of Risk Management

Transcription:

Mastering Data Privacy, Protection, & Forensics Law April 15, 2015 Data Breach Notification and Cybersecurity Developments in 2015 Melissa J. Krasnow, Dorsey & Whitney LLP, and Certified Information Privacy Professional/US This presentation was created by Dorsey & Whitney LLP, 50 South Sixth Street, Suite 1500, Minneapolis, MN 55402. This presentation is intended for general information purposes only and should not be construed as legal advice or legal opinions on any specific facts or circumstances. An attorney-client relationship is not created or continued by sending and/or receiving this presentation. Members of Dorsey & Whitney will be pleased to provide further information regarding the matters discussed in this presentation. 1

2015 state data breach notification requirements 18 state laws, plus Puerto Rico law, also require notification of a breach to a state attorney general or regulator in addition to the affected individuals Effective October 1, 2015: 19 state laws with the addition of Montana California and Florida laws define personal information as covering online account information Effective July 1, 2015: 3 state laws with the addition of Wyoming 2

Cybersecurity laws and guidance and provisions in contracts and policies Issued in January 2015: Federal: Federal Trade Commission Staff Report on Internet of Things 3

Resources (continued) Cybersecurity (continued) Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation http://www.dorsey.com/files/upload/krasnow-ma-data-security- Regulation-mar-2015.pdf Guidance for Managing Cybersecurity Risks http://www.irmi.com/expert/articles/2014/krasnow05-cyberprivacy-risk-insurance.aspx National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity http://www.nist.gov/cyberframework/upload/cybersecurityframework-021214.pdf Cybersecurity in the Golden State https://oag.ca.gov/cybersecurity 4

Resources (continued) Boards of Directors and Corporate Governance Board Oversight of Cyberrisks: Directors and Officers Litigation http://www.irmi.com/expert/articles/2015/krasnow02- cyber-privacy-risk-insurance.aspx Boards of Directors, Corporate Governance and Cyber- Risks: Sharpening the Focus http://www.sec.gov/news/speech/detail/speech/1370542 057946#.VDvmOa1OXct National Association of Corporate Directors 2014 Cyber- Risk Oversight Handbook http://www.nacdonline.org/cyber 5

Questions & Answers Melissa J. Krasnow (612) 492-6106 krasnow.melissa@dorsey.com 6

Mastering Data Privacy, Social Media, & Cyber Law October 22, 2014 Data Breach Notification and Cybersecurity Developments in 2014 Melissa J. Krasnow, Dorsey & Whitney LLP, and Certified Information Privacy Professional/US 1

State breach notification laws 47 states, plus the District of Columbia, Guam, Puerto Rico and Virgin Islands, have breach notification laws (Alabama, New Mexico, and South Dakota do not have these laws) These laws require notification of a breach to affected individuals These laws cover breaches involving personal information in electronic format 2

2014 state breach notification law developments 18 state laws, plus Puerto Rico law, also require notification of a breach to a state attorney general or regulator in addition to the affected individuals 7 state laws cover breaches involving personal information in both electronic and paper formats California and Florida laws define personal information as covering online account information New Kentucky breach notification law 3

California breach notification law amendment effective January 1, 2015 Where a person or business was the source of a breach, the person or business providing breach notification must offer to provide appropriate identity theft prevention and mitigation services, if any, at no cost to an affected individual for not less than 12 months, along with all information necessary to take advantage of the offer to any person whose information was or may have been breached if the breach exposed or may have exposed his or her first name or first initial and last name, together with any of the following data elements, where the name or the data elements are not encrypted: SSN Driver's license number or California identification card number 4

Breach notification in federal and foreign laws and provisions in contracts and policies Federal HIPAA / HITECH Act breach notification for covered entities and business associates regarding protected health information Laws in other countries (e.g., Canada) Provisions in contracts and policies 5

Cybersecurity laws and guidance and provisions in contracts and policies State security procedures laws: Massachusetts and certain other states (e.g., California) Issued in February 2014: Federal: National Institute of Standards and Technology critical infrastructure cybersecurity framework California cybersecurity guidance Provisions in contracts and policies 6

Cyber liability insurance Main coverages in a traditional cyber liability insurance policy include: Security and privacy liability insurance that responds to third party liability Event management insurance that responds by paying costs for breach notification, public relations and other services to assist in managing a covered privacy or network security incident Cyber extortion insurance that pays to settle network securityrelated extortion demands made against the insured Network business interruption insurance that responds to an insured s loss of income and operating expenses when business operations are interrupted or suspended due to a failure of network security 7

Enforcement, litigation and other consequences Federal Trade Commission Department of Health and Human Services State attorneys general (e.g., California and Massachusetts) Foreign regulators Litigation Other consequences 8

Some steps companies are taking to prepare Preparing, revising and testing incident response plans Tabletop Exercise (TTX) A TTX is intended to generate discussion of various issues regarding a hypothetical, simulated emergency. TTXs can be used to enhance general awareness, validate plans and procedures, rehearse concepts, and/or assess the types of systems needed to guide the prevention of, protection from, mitigation of, response to, and recovery from a defined incident. Generally, TTXs are aimed at facilitating conceptual understanding, identifying strengths and areas for improvement, and/or achieving changes in perceptions. Source: Homeland Security Exercise and Evaluation Program (HSEEP) (April 2013) 9

Some steps companies are taking to prepare (continued) Preparing and revising company policies and programs, including training Procuring security and data breach services Considering or reviewing cyber liability insurance 10

Resources Data breach California Privacy Laws Change: Identity Theft Prevention and Mitigation Services http://www.irmi.com/expert/articles/2014/krasnow10-cyber-privacy-riskinsurance.aspx Changes in State Breach Notification Laws http://www.irmi.com/expert/articles/2014/krasnow08-cyber-privacy-riskinsurance.aspx California s Breach Notification Law Expands to Include Online Account Information http://www.dorsey.com/psm_ca_breach_online_account_info/ Verizon 2014 Data Breach Investigations Report http://www.verizonenterprise.com/dbir/2014/ Cybersecurity Cybersecurity White Paper http://www.dorsey.com/files/upload/cybersecurity-white-paper.pdf 11

Resources (continued) Cybersecurity (continued) Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation http://www.dorsey.com/files/upload/written%20information%20security%20progra ms%20compliance%20with%20the%20massachusetts%20%287-523- 1520%29.pdf Guidance for Managing Cybersecurity Risks http://www.irmi.com/expert/articles/2014/krasnow05-cyber-privacy-riskinsurance.aspx National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf Cybersecurity in the Golden State https://oag.ca.gov/cybersecurity Boards of Directors, Corporate Governance and Cyber-Risks: Sharpening the Focus http://www.sec.gov/news/speech/detail/speech/1370542057946#.vdvmoa1oxct National Association of Corporate Directors 2014 Cyber-Risk Oversight Handbook http://www.nacdonline.org/cyber 12

Questions & Answers Melissa J. Krasnow 612-492-6106 krasnow.melissa@dorsey.com 13

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information