breach like a pro
play

Breach Like a Pro: complying with new requirements, without making - PowerPoint PPT Presentation

Dec 10, 2022 •346 likes •500 views

How to Handle a Data Breach Like a Pro: complying with new requirements, without making things worse Co-presented by: Timothy Banks, Partner, nNovation LLP Sarah Eisen, CIPP/C, CIPM, Content Lawyer (Corporate) Lexis Practice Advisor Canada

  1. How to Handle a Data Breach Like a Pro: complying with new requirements, without making things worse Co-presented by: Timothy Banks, Partner, nNovation LLP Sarah Eisen, CIPP/C, CIPM, Content Lawyer (Corporate) Lexis Practice Advisor Canada Sarah Dale-Harris, Director of Content, Large and Mid-Law Lexis Practice Advisor Canada Tuesday, November 20, 2018

  2. Preparing for data breaches Timothy Banks Sarah Eisen Sarah Dale-Harris Partner Content Lawyer (Corporate) Director of Content nNovation LLP Lexis Practice Advisor Canada Large and Mid-Law Lexis Practice Advisor Canada Today’s speaker Co-presenter Co-presenter 2

  3. Data breach laws are becoming the norm • Personal Information Protection Act (Alberta) • Health Information Act (Alberta) • Personal Health Information Protection Act (Ontario) • All 50 U.S. States • E.U. General Data Protection Regulation 3

  4. Breach of security safeguards Breach of security safeguards means the loss of, unauthorized access to or unauthorized disclosure of personal information resulting from a breach of an organization’s security safeguards that are referred to in clause 4.7 of Schedule 1 or from a failure to establish those safeguards. 4

  5. Clause 4.7, Schedule 1 • Personal information shall be protected by security safeguards appropriate to the sensitivity of the information. • The methods of protection should include (a) physical measures, for example, locked filing cabinets and restricted access to offices; (b) organizational measures, for example, security clearances and limiting access on a “need -to- know” basis; and(c) technological measures, for example, the use of passwords and encryption. 5

  6. Key obligations • Create a record of each breach of security safeguards • Assess whether there is a real risk of significant harm (RROSH) to an affected individual • As soon as feasible after determining the breach has occurred, report breaches with a RROSH to: • the Office of the Privacy Commissioner of Canada • affected individuals • third parties (if it could reduce the risk of harm) 6

  7. Who has to report? • The organization that is in control of the personal information (there may be more than one) • Ask: • Who decides what information is collected and how it is used? • To whom does the individual provide consent? • Does the service organization use the information solely on behalf of another organization or for its own purposes 7

  8. Timelines for reporting Law Timeline PIPEDA “as soon as feasible after the organization determines that the breach has occurred” Alberta PIPA “without unreasonable delay” GDPR “without undue delay and, where feasible, not later than 72 hours after having become aware of it” Processors: “without undue delay after becoming aware “ California “in the most expedient time possible and without unreasonable delay” Hosts: immediately following discovery 8

  9. Traps! • Blinders with respect to all of the potentially applicable laws • Failing to take the record-keeping requirement seriously (and instituted comprehensive policies, procedures, education and vendor management) • Not practicing or planning 9

  10. Contents of the breach record Sufficient detail for the OPC to assess whether an organization has correctly applied the RROSH standard and met its obligations. At a minimum: • date or estimated date of the breach • general description of the circumstances of the breach • nature of information involved in the breach • whether or not the breach was reported to the OPC and individuals were notified and brief reasoning 10

  11. Mistakes lead to a loss of trust • Getting stuck in denial • Keeping critical internal stakeholders in the dark (the cloak of secrecy) • Hesitating or being unclear about what you are going to do for affected individuals 11

  12. Responding and earning trust • Clear lines of reporting internally with pre-determined thresholds for board reporting, proactive public announcements, proactive discussions with OPC • Clear communication that focuses on the individual • Don’t feed the story with flip/flops or by prioritizing the press or the OPC – focus on the individual • Spend the money on assisting individuals and plan for the ones who are sensitive or unable to help themselves 12

  13. Get prepared now • Map your data breach obligations to your business now • Internal reporting chains and training • Templates for employee communications and public communications in the event of a breach • Estimate the cost of a breach and what you will need for different sized breaches 13

  14. Questions? Feel free to contact us at any time Sarah Eisen Timothy Banks Partner Content Lawyer (Corporate) nNovation LLP Lexis Practice Advisor Canada tbanks@nnovation.com sarah.eisen@lexisnexis.ca 14

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

MANDATORY BREACH REPORTING: REVIEW OF THE REQUIREMENTS UNDER PHIPA OVERVIEW OF BREACH

MANDATORY BREACH REPORTING: REVIEW OF THE REQUIREMENTS UNDER PHIPA OVERVIEW OF BREACH

MANDATORY BREACH REPORTING: REVIEW OF THE REQUIREMENTS UNDER PHIPA OVERVIEW OF BREACH NOTIFICATION AND IPC STATISTICS Fida Hindi, Legal Counsel Office of the Information and Privacy Commissioner of Ontario This presentation is

352 views • 23 slides
CYBER INSURANCE Luxury or necessary protection? What is a data breach? A breach is defined as an

CYBER INSURANCE Luxury or necessary protection? What is a data breach? A breach is defined as an

CYBER INSURANCE Luxury or necessary protection? What is a data breach? A breach is defined as an event in which an individuals name plus personal information such as an address, phone number and/or financial record such as a social security

307 views • 16 slides
PRIVACY BREACH GUIDELINES Purpose The Privacy Breach Guidelines may provide to contain, assess

PRIVACY BREACH GUIDELINES Purpose The Privacy Breach Guidelines may provide to contain, assess

Office of the Saskatchewan Information and Privacy Commissioner PRIVACY BREACH GUIDELINES Purpose The Privacy Breach Guidelines may provide to contain, assess and analyze a privacy some guidance to government institutions, breach. The

291 views • 10 slides
Auditd for the Masses Philipp Krenn @xeraa Learn about a breach From the press or

Auditd for the Masses Philipp Krenn @xeraa Learn about a breach From the press or

Auditd for the Masses Philipp Krenn @xeraa Learn about a breach From the press or users Learn about a breach Attackers asking for a ransom Learn about a breach Cloud provider's bill Learn about a breach Yourself after the

942 views • 51 slides
SSL, GONE IN 30 SECONDS b r e a c h A BREACH beyond CRIME SSL, GONE IN 30 SECONDS AGENDA

SSL, GONE IN 30 SECONDS b r e a c h A BREACH beyond CRIME SSL, GONE IN 30 SECONDS AGENDA

Angelo Prado Neal Harris Yoel Gluck SSL, GONE IN 30 SECONDS b r e a c h A BREACH beyond CRIME SSL, GONE IN 30 SECONDS AGENDA Proceed with caution: Review of CRIME Introducing BREACH In the weeds Demo time! Mitigations b r e a c h SSL,

526 views • 40 slides
Class Actions on Data Breach Class Actions on Data Breach and Privacy on the Rise Litigating Class

Class Actions on Data Breach Class Actions on Data Breach and Privacy on the Rise Litigating Class

Presenting a live 90 minute webinar with interactive Q&A Class Actions on Data Breach Class Actions on Data Breach and Privacy on the Rise Litigating Class Claims, Alleging and Challenging Damages, and Evaluating Insurance Coverage WEDNES

735 views • 55 slides
Compliance Component Simon Bingham Development Unit Manager 4 th December, Golden Lion

Compliance Component Simon Bingham Development Unit Manager 4 th December, Golden Lion

Compliance Component Simon Bingham Development Unit Manager 4 th December, Golden Lion Compliance Assessment Scheme (CAS) No Breaches Minor Significant ELC Breach(es)/ Breach/ >1 Gross Breach or 1 Gross repeated minor Breach breach

1.91k views • 6 slides
Global Breach Response: How to Select Your Key Partners Sponsored By: Global Breach Response:

Global Breach Response: How to Select Your Key Partners Sponsored By: Global Breach Response:

Global Breach Response: How to Select Your Key Partners Sponsored By: Global Breach Response: How to Select Your Key Partners Visit www.advisenltd.com at the end of this webinar to download: Copy of these slides Recording of todays

722 views • 18 slides
Privacy Breach Coverage Commercial Lines 2 Agenda Evolving Need for Insurance Enhanced

Privacy Breach Coverage Commercial Lines 2 Agenda Evolving Need for Insurance Enhanced

Privacy Breach Coverage Commercial Lines 2 Agenda Evolving Need for Insurance Enhanced Privacy Breach Endorsements New Privacy Breach Liability Coverage Ease of Underwriting Value Added Services Whats Next?

669 views • 52 slides
CRYTON BREACH AND ATTACK SIMULATION Thursday 4 th October, 2018 Ivo Nutr Outline Breach &

CRYTON BREACH AND ATTACK SIMULATION Thursday 4 th October, 2018 Ivo Nutr Outline Breach &

CRYTON BREACH AND ATTACK SIMULATION Thursday 4 th October, 2018 Ivo Nutr Outline Breach & Attack Simulation Cryton Cryton Page 2 / 22 About me Where I work CSIRT-MU KYPO What I Do Cryton B&S Penetration testing CyberEx GT/RT

666 views • 22 slides
Breach Notification Response Information Security and Privacy Office January 2012 Agenda

Breach Notification Response Information Security and Privacy Office January 2012 Agenda

Breach Notification Response Information Security and Privacy Office January 2012 Agenda Your information has been breached Now what? Youve Got Mail Breach Notification Letters 46 states have breach notification laws 1 st

656 views • 14 slides
Local Government Pension Scheme Breaches Training What is a breach? an act of breaking or

Local Government Pension Scheme Breaches Training What is a breach? an act of breaking or

Local Government Pension Scheme Breaches Training What is a breach? an act of breaking or failing to observe a law, agreement or code of conduct Responsible for reporting a breach: Pension / Committee / Board Scheme Manager

359 views • 17 slides
Security, and Breach Notification Rules Office for Civil Rights (OCR) U.S. Department of Health

Security, and Breach Notification Rules Office for Civil Rights (OCR) U.S. Department of Health

4/27/2017 Update on Administration and Enforcement of the HIPAA Privacy, Security, and Breach Notification Rules Office for Civil Rights (OCR) U.S. Department of Health and Human Services Updates Policy Development Breach Notification

176 views • 17 slides
Beazley Breach Response Select p g Making the connection on data breach complexities P

Beazley Breach Response Select p g Making the connection on data breach complexities P

1 Making the connection on data breach complexities Beazley Breach Response Select p g Making the connection on data breach complexities P Presented by d b Jeffrey Norton underwriter Jeffrey Norton, underwriter, Beazley US Private

533 views • 25 slides
Michael McCartney President, Avalon Cyber The Cyber Problem Data Breach Landscape

Michael McCartney President, Avalon Cyber The Cyber Problem Data Breach Landscape

Prentice Wealth Management Michael McCartney President, Avalon Cyber The Cyber Problem Data Breach Landscape Verizon VBIR 2015 Report Cyber Breach Trending Outsider v Insider Threat Personal Identity Protection

819 views • 12 slides
New developments on BREACH Dimitris Karakostas, Dionysis Zindros Stanford, Real World Crypto

New developments on BREACH Dimitris Karakostas, Dionysis Zindros Stanford, Real World Crypto

New developments on BREACH Dimitris Karakostas, Dionysis Zindros Stanford, Real World Crypto 2016 Overview BREACH review Our contributions Statistical attacks Attacking block ciphers Attacking noise Optimization

477 views • 33 slides
Improvement of the sunflower bound for 1-intersecting constant dimension subspace codes Leo

Improvement of the sunflower bound for 1-intersecting constant dimension subspace codes Leo

Improvement of the sunflower bound for 1-intersecting constant dimension subspace codes Leo Storme Ghent University Dept. of Mathematics Krijgslaan 281 9000 Ghent Belgium (joint work with D. Bartoli, A. Riet and P . Vandendriessche)

389 views • 22 slides
CS586: Distributed Computing Tutorial 5 Professor: Panagiota Fatourou TA: Eleftherios Kosmas

CS586: Distributed Computing Tutorial 5 Professor: Panagiota Fatourou TA: Eleftherios Kosmas

CS586: Distributed Computing Tutorial 5 Professor: Panagiota Fatourou TA: Eleftherios Kosmas CSD - December 2011 Snapshots - T-Opt da data *sca ta *scan (voi n (void) { d) { void update (data value, int i) { void update (data value, int

443 views • 18 slides
1 3ISP Industrial specialised distributor partners for industry active in the EMEA Region

1 3ISP Industrial specialised distributor partners for industry active in the EMEA Region

3 ISP INDUSTRIAL SPECIALISED PARTNERS EMEA Region 3 ISP- INDUSTRIAL SPECIALISED PARTNERS-EMEA Region 3 ISP is a joint venture that unites three leading distributors in the EMEA area, specialising in value-added products and services for

490 views • 11 slides
A peace building and health promotion project for youth from Switzerland and Bosnia and

A peace building and health promotion project for youth from Switzerland and Bosnia and

A peace building and health promotion project for youth from Switzerland and Bosnia and Hercegovina Intercultural Creative Weeks Interkulturelle Sommerwochen Interkulturalne kreativne sedmice/tjedni IKS The IKS-Project (Intercultural

45 views • 3 slides
Credit Scoring John Wilson, Director Analytics 1 What are Credit-based Insurance Scores? A

Credit Scoring John Wilson, Director Analytics 1 What are Credit-based Insurance Scores? A

CAS Ratemaking and Product Management Spring 2012 March 20 Credit Scoring John Wilson, Director Analytics 1 What are Credit-based Insurance Scores? A numeric representation of relative insurance claim risk based on consumer credit

479 views • 10 slides
Day Two Opening Remarks 10/03/17 I Tom Libretto, Chief Marketing Officer and Senior Vice President

Day Two Opening Remarks 10/03/17 I Tom Libretto, Chief Marketing Officer and Senior Vice President

Day Two Opening Remarks 10/03/17 I Tom Libretto, Chief Marketing Officer and Senior Vice President Future Empowered Intelligence, Automation, and Agility for Digital Transformation Engaging the digital customer is hard Weve

419 views • 10 slides
names speakers www.tensonetwork.eu www.tensonetwork.eu Tenso Network Europe founded in 2005 by

names speakers www.tensonetwork.eu www.tensonetwork.eu Tenso Network Europe founded in 2005 by

Tenso at Classical:NEXT connecting people names speakers www.tensonetwork.eu www.tensonetwork.eu Tenso Network Europe founded in 2005 by four choirs in 2017 : 19 members from 15 countries www.tensonetwork.eu www.tensonetwork.eu four

386 views • 25 slides
Acquiring second language proficiency - D. Pietropaolo The types of linguistic skills in a second

Acquiring second language proficiency - D. Pietropaolo The types of linguistic skills in a second

Acquiring second language proficiency - D. Pietropaolo The types of linguistic skills in a second language vary from project to project, and from discipline to discipline. In a graduate program, secondary languages can serve several purposes.

764 views • 3 slides

More recommend