counsel after equifax
play

Counsel After Equifax TUESDAY, JANUARY 23, 2018 1pm Eastern | - PowerPoint PPT Presentation

Jul 15, 2023 •237 likes •814 views

Presenting a live 90-minute webinar with interactive Q&A Data Security Compliance and Responding To a Data Breach: Lessons for Corporate Counsel After Equifax TUESDAY, JANUARY 23, 2018 1pm Eastern | 12pm Central | 11am Mountain

  1. Presenting a live 90-minute webinar with interactive Q&A Data Security Compliance and Responding To a Data Breach: Lessons for Corporate Counsel After Equifax TUESDAY, JANUARY 23, 2018 1pm Eastern | 12pm Central | 11am Mountain | 10am Pacific Today’s faculty features: Robert D. Brownstone, Technology & eDiscovery Counsel, Fenwick & West , Mountain View, Calif. Brent E. Kidwell, Partner, Jenner & Block , Chicago The audio portion of the conference may be accessed via the telephone or by using your computer's speakers. Please refer to the instructions emailed to registrants for additional information. If you have any questions, please contact Customer Service at 1-800-926-7926 ext. 1 .

  2. Tips for Optimal Quality FOR LIVE EVENT ONLY Sound Quality If you are listening via your computer speakers, please note that the quality of your sound will vary depending on the speed and quality of your internet connection. If the sound quality is not satisfactory, you may listen via the phone: dial 1-866-961-8499 and enter your PIN when prompted. Otherwise, please send us a chat or e-mail sound@straffordpub.com immediately so we can address the problem. If you dialed in and have any difficulties during the call, press *0 for assistance. Viewing Quality To maximize your screen, press the F11 key on your keyboard. To exit full screen, press the F11 key again.

  3. Continuing Education Credits FOR LIVE EVENT ONLY In order for us to process your continuing education credit, you must confirm your participation in this webinar by completing and submitting the Attendance Affirmation/Evaluation after the webinar. A link to the Attendance Affirmation/Evaluation will be in the thank you email that you will receive immediately following the program. For additional information about continuing education, call us at 1-800-926-7926 ext. 2.

  4. Program Materials FOR LIVE EVENT ONLY If you have not printed the conference materials for this program, please complete the following steps: Click on the ^ symbol next to “Conference Materials” in the middle of the left - • hand column on your screen. • Click on the tab labeled “Handouts” that appears, and there you will see a PDF of the slides for today's program. • Double click on the PDF and a separate page will open. Print the slides by clicking on the printer icon. •

  5. Agenda I. The Big Picture A. Breaches’ Prevalence B. Liability Risks & Data Leakage – Big 3 C. Modern Threats II. US. & International Law – Overview A. Different Premises in U.S. & EU B. Scattershot U.S. Privacy Protections C. Potential Liability for Data Breaches D. International Law – Summary E. Contracts’ Ability to Reallocate Risks 5

  6. Agenda III. Proactive Prevention Introduction A. Data Protection Overview B. Protecting Data at Rest & in Transit C. 10 Specific Steps IV. Reactive-Remedies/Incident-Response • TOP Ten Q&A/Conclusion 6

  7. I. The Big Picture A. Breaches’ Prevalence • Should only retailers be worried? NO • 1/1/05 to 12/28/17: • > 7,800 breaches; > 10 Billion records • E.g. Yahoo!, Anthem, Target, Verizon & Neiman • 2017 alone: • 550 breaches; ≈ 2 Billion records • E.g. Equifax, T- Mobile, Dunn & Bradstreet, Arby’s, Boeing, Stanford U., Oklahoma HHS & UNC Health Care Systems • . . . per Privacy Rights Clearinghouse, DATA BREACHES (last visited 1/18/18) (searchable/filterable) 7

  8. I. The Big Picture A. Breaches’ Prevalence • Cyber Crime Costs in FY ’16 (237 cos. surveyed across 8 countries): • $17.36M average in US alone • 2 largest costs (on average): • information loss: 39 percent • business disruption: 36 percent • . . . per Ponemon Inst. o/b/o HP Enterprise Security, 2016 Cost of Cyber Crime Study (2016) 8

  9. I. The Big Picture B. Leakage Risks – Big 3 1. Intentionally Harmful Intentional Disclosures 2. Inadvertently Harmful Intentional Disclosures (“Netiquette”; Loose Lips; Social -Media; Sock-Puppeting; P2P) 3. Unintentional Losses of Sensitive Info. = primary focus here 9

  10. I. The Big Picture C. Modern Threats • Biggest ones? • Social Engineering [including (Spear-) phishing and Ransomware)] 10

  11. I. The Big Picture C. Modern Threats • Phishing : • W-2 Scam Adapted from screenshot at <http://www.linkstechnology.com/blog/its-baaack-the- form-w-2-email-scam> • IRS warning (1/25/17) • Cinthia Motley 10 Ways to Avoid W-2 Phishing Schemes (LTN 3/20/17) (including “Pick up the phone”) 11

  12. I. The Big Picture C. Modern Threats • Phishing – Training: • When in doubt : • do not click on a link or open an attachment; and • forward the message as an attachment to InfoSec or IT department • If you are suspicious about the purported sender • place a call to (or meet with) purported sender to confirm message is legit 12

  13. I. The Big Picture A. Default in U.S. & EU • U.S. Perspective • Data presumptively not protected unless rendered otherwise by specific rule of law • Many rules are sector-based • EU Perspective • Data presumptively “personal” and thus private, even in employer/employee setting . . . 13

  14. II. U.S. & International Law B. Scattershot U.S. Laws • Federal law sector examples: • Health/medical = HIPAA (60 days notice) • covered entities and business associates • HITECH ACT expansion Jan. ’09 • HHS Final Regs. Sep. ‘13 • Financial services = Gramm-Leach-Bliley • Consumer credit reports, etc. = FCRA/FACTA 14

  15. II. U.S. & International Law B. U.S. Rules • Potential Liability  consumer and/or employee class actions re: PII (PHI)  corporate customer suits  shareholder derivative suits  bad press and/or blog buzz  reputational hit 15

  16. II. U.S. & International Law B. Notice-of-Breach Laws • Specific combo of elements – expanded in, e.g., California multiple times in Civ. Code § 1798.82 et al. . . . • Trigger usually automatic (as in Cal.) rather than risk-based • Notice requirements • If > X no. of people affected, tell AG • Might have to describe circumstances 16

  17. II. U.S. & International Law B. Health Info (PHI) • Protecting Individuals’ PHI • HIPAA Final HHS Regs (9/23/13) • HHS active under HIPAA • > 10 states: • AR, CA, FL, MO, ND, NV, TX, VA • WY (state agencies only) • CT (regs.) & NJ re: insurers 17

  18. II. U.S. & International Law B. U.S. Rules • Potential Liability • Difficulty in proving “injury” (damages): • Even CFAA claim in suit against hacker • “loss” hard to show • remediation and down-time? • “Standing” (”Injury”) difficult to show based on mere concern data will be used: • trade secrets damages theory • identity-theft theory, including theft decisions re: Cal. Medical Info. Act (CMIA) – Cal. Civ. Code 56.36 . . . 18

  19. II. U.S. & International Law B. U.S. Rules • Newer Case Law: • Spokeo, Inc. v. Robins , 136 S. Ct. 1540 (2016) (injury must be concrete and not “abstract” to satisfy U.S. Const. Article III, but intangible injuries can be concrete) • Post- Spokeo (examples) . . . • Beck v. McDonald , 848 F.3d 262 (4th Cir. 2/6/17) (allegations of increased risk of identity theft: NOT substantial risk of harm) 19

  20. II. U.S. & International Law C. Typical Breach Exposure Items • Aside from viability of legal theories, custom and usage has been . . . • Potential monetary liability for breach of unsecured personally identifiable information (PII) estimated at $221 per affected person • Ponemon Institute, 2016 Cost of Data Breach Study: Global Analysis , Ponemon Institute LLC (June 2016) • Data breach cost calculators  <http://www.privacyrisksadvisors.com/data-breach-toolkit/data-breach-calculators/>  <http://cyberscout.com/expensecalc/start.aspx>  <https://eriskhub.com/mini-dbcc> 20

  21. II. U.S. & International Law C. Typical Breach Exposure • Custom/usage • Sample set of expense items (from here ) • Internal Investigation • Regulatory/Compliance • Cybercrime consulting • Credit monitoring for affected customers • Attorney Fees • Regulatory investigation defense • Notification/Crisis Management • State/Federal fines or fees • Customer notification • Call center support • Crisis management consulting 21

  22. II. U.S. & International Law D. International Summary • Privacy protected more e.g. • Europe: • EU: France/Germany/Italy • UK (post-Brexit) • Elsewhere: • Brazil • Constitution • “ Marco Civil ” • Israel 22

  23. II. U.S. & International Law D. Laws Overseas • DATA-BREACH NOTIFICATION LAWS • less diffused, broader in scope & often shorter/clearer deadlines than U.S. . . . e.g. • Australia (Feb. ’18) • Canada • India • Israel (Mar. ’18) • Mexico • South Korea 23

  24. II. U.S. & International Law D. EU Data Directive Compliance • EU, Directive 95/46/EC (1995) • PLUS laws of individual EU countries • BROAD definitions of “personal data,” “processing” and “transfer” • Being replaced 5/25/18 by General Data Protection Regulation (GDPR) • Stricter • Penalties tied to worldwide revenue • Notice of breach – timing, etc. • Consent rules 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Equifax Breach and Credit Union Involvement Gene Fredriksen CISM,CRISC 1 10/25/2017

The Equifax Breach and Credit Union Involvement Gene Fredriksen CISM,CRISC 1 10/25/2017

The Equifax Breach and Credit Union Involvement Gene Fredriksen CISM,CRISC 1 10/25/2017 Equifax Information Overload 2 10/25/2017 Equifax Timeline Feb Mar Apr May Jun Jul Aug Sep Time to Patch Vulnerability 138 Days Time to

463 views • 18 slides
Pre-Trial Issues Timelines for Appointment of Counsel 1 or 3 1 48 hours 24 hours workdays

Pre-Trial Issues Timelines for Appointment of Counsel 1 or 3 1 48 hours 24 hours workdays

Pre-Trial Issues Timelines for Appointment of Counsel 1 or 3 1 48 hours 24 hours workdays workday Appointing Request for Appointed Magistration Authority Counsel Counsel (Request for Determines Received by Contacts Arrest Counsel

406 views • 18 slides
IRC Section 338(h)(10) Election Strategies for Tax Counsel Strategies for Tax Counsel Leveraging

IRC Section 338(h)(10) Election Strategies for Tax Counsel Strategies for Tax Counsel Leveraging

Presenting a live 110 minute teleconference with interactive Q&amp;A IRC Section 338(h)(10) Election Strategies for Tax Counsel Strategies for Tax Counsel Leveraging the Election in Structuring Acquisitions, Dispositions and Asset and Stock

338 views • 29 slides
3/15/19 The Right to Counsel in Housing Cases: The View from Other Jurisdictions By John Pollock

3/15/19 The Right to Counsel in Housing Cases: The View from Other Jurisdictions By John Pollock

3/15/19 The Right to Counsel in Housing Cases: The View from Other Jurisdictions By John Pollock Coordinator, Natl Coalition for a Civil Right to Counsel 3/20/19 Right to counsel legislation San Francisco (2018) Purpose: Right to

629 views • 15 slides
Budget Presentation to Council Office of Corporation Counsel May 9, 2018 CORPORATION COUNSEL

Budget Presentation to Council Office of Corporation Counsel May 9, 2018 CORPORATION COUNSEL

City of Hartford FY2019 Recommended Budget Budget Presentation to Council Office of Corporation Counsel May 9, 2018 CORPORATION COUNSEL MISSION To provide quality legal assistance and advice to City departments, offices, agencies, boards

227 views • 8 slides
(VOTE) ED DEANGELO General Counsel MERRITT DATTEL MCGOWAN Assistant General Counsel Board of

(VOTE) ED DEANGELO General Counsel MERRITT DATTEL MCGOWAN Assistant General Counsel Board of

Repeal of Regulations Governing the Commonwealth Care Program (VOTE) ED DEANGELO General Counsel MERRITT DATTEL MCGOWAN Assistant General Counsel Board of Directors Meeting, April 9, 2015 Background and Agenda Health Connector staff

383 views • 7 slides
REPORTING? o CSR with deponent together and counsel in a different location o CSR with counsel

REPORTING? o CSR with deponent together and counsel in a different location o CSR with counsel

WHAT IS REMOTE REPORTING? o CSR with deponent together and counsel in a different location o CSR with counsel together and third- party witness in a different location o CSR in one location and all participants in another location o CSR

228 views • 6 slides
SMS Agreements Selected Topics for Discussion Ben Esch, Legal Counsel Introduction Ben Esch

SMS Agreements Selected Topics for Discussion Ben Esch, Legal Counsel Introduction Ben Esch

SMS Agreements Selected Topics for Discussion Ben Esch, Legal Counsel Introduction Ben Esch Legal Counsel - Office of General Counsel Previously at Witten LLP, Edmonton (2012-16) At the University since June of 2016 - primarily

915 views • 23 slides
Complex Business Cases: A Case Study Insights From Plaintiff's Counsel, Defense Counsel and

Complex Business Cases: A Case Study Insights From Plaintiff's Counsel, Defense Counsel and

Presenting a live 90-minute webinar with interactive Q&amp;A Leveraging Discovery Special Masters in Complex Business Cases: A Case Study Insights From Plaintiff's Counsel, Defense Counsel and Discovery Special Master TUESDAY, JANUARY 12, 2016

260 views • 24 slides
Data)Strategy: The)Role)of)Legal)Counsel

Data)Strategy: The)Role)of)Legal)Counsel

Data)Strategy: The)Role)of)Legal)Counsel Ariane)Strombom,)Assistant)General)Counsel)|)Northwestern)Mutual Justin)Webb,)Cybersecurity)&amp;)Privacy)Law)Chair)|)Godfrey)&amp;)Kahn Andy)Schlidt,)Technology)Law)Chair)|)Godfrey)&amp;)Kahn

183 views • 14 slides
NCACC Legislative and Case Update Amy Bason NCACC Deputy Director &amp; General Counsel Paige

NCACC Legislative and Case Update Amy Bason NCACC Deputy Director &amp; General Counsel Paige

1/29/20 NCACC Legislative and Case Update Amy Bason NCACC Deputy Director &amp; General Counsel Paige Worsham, NCACC Associate General Counsel Adam Pridemore NCACC Legislative Counsel 1 1 Legislature 2019 Long session adjourned on

325 views • 10 slides
EPA Activities on Greenhouse Gas Emissions U.S. EPA Office of Regional Counsel Robert Kaplan,

EPA Activities on Greenhouse Gas Emissions U.S. EPA Office of Regional Counsel Robert Kaplan,

EPA Activities on Greenhouse Gas Emissions U.S. EPA Office of Regional Counsel Robert Kaplan, Regional Counsel Carbon Management and the Law Conference William Mitchell College of Law 1 February 10, 2011 Eco-Travel 2 Oiled Vegetation and

487 views • 27 slides
THE FIRST AMENDMENT AND CAMPUS UNREST Ray Bonilla, General Counsel , The Texas A&amp;M University

THE FIRST AMENDMENT AND CAMPUS UNREST Ray Bonilla, General Counsel , The Texas A&amp;M University

THE FIRST AMENDMENT AND CAMPUS UNREST Ray Bonilla, General Counsel , The Texas A&amp;M University System Bryan Heckenlively, Partner , Munger, Tolles &amp; Olson LLP Therese M. Leone, Deputy Campus Counsel , University of California, Berkeley

624 views • 46 slides
Ethics Training UW-LaCrosse Presented by: Quinn Williams, General Counsel Jennifer Lattis,

Ethics Training UW-LaCrosse Presented by: Quinn Williams, General Counsel Jennifer Lattis,

Ethics Training UW-LaCrosse Presented by: Quinn Williams, General Counsel Jennifer Lattis, Deputy General Counsel UW System Office of General Counsel Declaration of Policy 2 Declaration of Policy 3 Where are the relevant rules? The

416 views • 23 slides
Ray Sardo Kim Richardson Ian Ballon, JD, LLM, CIPP/US Senior Counsel, Assistant General

Ray Sardo Kim Richardson Ian Ballon, JD, LLM, CIPP/US Senior Counsel, Assistant General

Ray Sardo Kim Richardson Ian Ballon, JD, LLM, CIPP/US Senior Counsel, Assistant General Counsel, Greenberg Traurig LLP Privacy and Compliance (650) 289-7881 Privacy, Advertising &amp; Credit Karma (310) 586-6575 Marketing

650 views • 22 slides
M&amp;A Deal Risks: Opinions of Counsel and Closing Preparedness Structuring Opinion Letters and

M&amp;A Deal Risks: Opinions of Counsel and Closing Preparedness Structuring Opinion Letters and

Presenting a live 90-minute webinar with interactive Q&amp;A M&amp;A Deal Risks: Opinions of Counsel and Closing Preparedness Structuring Opinion Letters and Other Documents to Avoid Closing Pitfalls and Counsel Liability WEDNESDAY, OCTOBER 30,

362 views • 33 slides
Capability testing of data transfer tools on a high latency 100 Gbit/s light path Kees de Jong

Capability testing of data transfer tools on a high latency 100 Gbit/s light path Kees de Jong

Capability testing of data transfer tools on a high latency 100 Gbit/s light path Kees de Jong University of Amsterdam MSc System and Network Engineering Research Project 1 Presentation Supervisor: dhr. dr. ing. Leon Gommans (KLM) February 6,

668 views • 33 slides
Hybrid workloads with NonStop Prashanth Kamath U (HPE Product Management) Thomas Burg (comForte

Hybrid workloads with NonStop Prashanth Kamath U (HPE Product Management) Thomas Burg (comForte

Hybrid workloads with NonStop Prashanth Kamath U (HPE Product Management) Thomas Burg (comForte 21 Gmbh) April 18, 2016 Forward-looking statements This is a rolling (up to three year) Roadmap and is subject to change without notice. This

1.29k views • 57 slides
Data-sharing for Improving Access to Housing Services Continuum of Care Board of Governance,

Data-sharing for Improving Access to Housing Services Continuum of Care Board of Governance,

Data-sharing for Improving Access to Housing Services Continuum of Care Board of Governance, Riverside County Roger Uminski IEHP AGENDA Brief background Update: IEHPs housing initiative Data-sharing: existing county

207 views • 10 slides
Interoperability between EGEE gLite and CNGrid GOS Yaodong CHENG IHEP, Chinese Academy of

Interoperability between EGEE gLite and CNGrid GOS Yaodong CHENG IHEP, Chinese Academy of

Interoperability between EGEE gLite and CNGrid GOS Yaodong CHENG IHEP, Chinese Academy of Sciences ISGC 2008 FP6 2004 Infrastructures 6-SSA-026634 Outline Major issues of interoperability between different grid infrastructures

407 views • 27 slides
North Fresno Rotary Presentation Form Instructions for Print and Handwritten Submission: You can

North Fresno Rotary Presentation Form Instructions for Print and Handwritten Submission: You can

North Fresno Rotary Presentation Form Service Year 2019-20 North Fresno Rotary Presentation Form Instructions for Print and Handwritten Submission: You can print and fill out the form by hand. Next You do not have to use our presentation scan

339 views • 3 slides
February 2020 Continuing Education Trusted advising resources Todays agenda 1. Learning

February 2020 Continuing Education Trusted advising resources Todays agenda 1. Learning

February 2020 Continuing Education Trusted advising resources Todays agenda 1. Learning objectives 2. Publications 3. Troubleshooting and sharing time 4. SHIBA issues and reference materials 5. SHIBA resources: Volunteer Handbook and

588 views • 40 slides
GBBA General Meeting Speaker Proposal Form If you are interested in speaking at an upcoming GBBA

GBBA General Meeting Speaker Proposal Form If you are interested in speaking at an upcoming GBBA

GBBA Speaker Proposal Form Greater Burnside Business Association (GBBA) welcomes proposals from qualified candidates to present fiduciary-related themes from their area of expertise or experience at our monthly general meeting. If you would like

263 views • 3 slides
APPLYING TO COLLEGE Class of 2018 OVERVIEW Housekeeping Items College Search College

APPLYING TO COLLEGE Class of 2018 OVERVIEW Housekeeping Items College Search College

APPLYING TO COLLEGE Class of 2018 OVERVIEW Housekeeping Items College Search College Visits Standardized Testing Application Triangle of Doom Common Application/Naviance Letters of Recommendation Financial

366 views • 14 slides

More recommend