data security breaches the growing liability threat
play

Data Security Breaches: The Growing Liability Threat Crafting and - PowerPoint PPT Presentation

Nov 21, 2023 •344 likes •1.06k views

Data Security Breaches: The Growing Liability Threat Crafting and Implementing Policies to Prevent and Crafting and Implementing Policies to Prevent and presents presents Respond to Inadvertent Disclosures A Live 90-Minute

  1. Data Security Breaches: The Growing Liability Threat Crafting and Implementing Policies to Prevent and Crafting and Implementing Policies to Prevent and presents presents Respond to Inadvertent Disclosures A Live 90-Minute Teleconference/Webinar with Interactive Q&A Today's panel features: Jonathan T. Rubens, Of Counsel, Bullivant Houser Bailey , San Francisco Catherine D. Meyer, Counsel, Pillsbury Winthrop Shaw Pittman , Los Angeles Aaron P. Simpson , Hunton & Williams , New York Thursday, February 11, 2010 The conference begins at: 1 pm Eastern p 12 pm Central 11 am Mountain 10 am Pacific You can access the audio portion of the conference on the telephone or by using your computer's speakers. Please refer to the dial in/ log in instructions emailed to registrations. CLICK ON EACH FILE IN THE LEFT HAND COLUMN TO SEE INDIVIDUAL PRESENTATIONS. If no column is present: click Bookmarks or Pages on the left side of the window. If no icons are present: Click View , select Navigational Panels , and chose either Bookmarks or Pages . If you need assistance or to register for the audio portion, please call Strafford customer service at 800-926-7926 ext. 10

  2. For CLE purposes, please let us know how many people are listening at your location by • closing the notification box • and typing in the chat box your company name and the number of attendees. • Then click the blue icon beside the box to send.

  3. DATA SECURITY BREACHES: THE GROWING THREAT DATA SECURITY BREACHES: THE GROWING THREAT DATA SECURITY BREACHES: THE GROWING THREAT DATA SECURITY BREACHES: THE GROWING THREAT PART I: RECENT STATE LEGISLATION AND CIVIL PART I: RECENT STATE LEGISLATION AND CIVIL LITIGATION LITIGATION LITIGATION LITIGATION Jonathan T. Rubens h b Bullivant Houser Bailey PC San Francisco Jonathan.rubens@bullivant.com

  4. Key Federal Key Federal Legislation Addressing Data Legislation Addressing Data Security Practices Security Practices i i i i • Fair Credit Reporting Act of 1970 • Video Privacy Protection Act of 1988 • Electronic Communications Privacy Act of 1986 • Telemarketing and Consumer Fraud and Abuse T l k ti d C F d d Ab Prevention Act of 1994 • HIPAA (1996) ( ) • Gramm ‐ Leach ‐ Bliley (1999) • Fair and Accurate Credit Transactions Act of 2003 • Red Flags Rule (2009) R d Fl R l (2009) • Hi ‐ Tech Act (2010) 2

  5. CA Data Security / Breach Law CA Data Security / Breach Law CA Data Security / Breach Law CA Data Security / Breach Law • California – where it started California where it started – Requires data security procedures and practices that are “reasonable” and “appropriate to the that are reasonable and appropriate to the nature of the information”. Civil Code Section 1798.81(5)(b) – Requires notice following breach. Section 1798.82; 3

  6. California Data Security / Breach Law California Data Security / Breach Law California Data Security / Breach Law California Data Security / Breach Law • California: “personal information” means: Ca o a: pe so a o at o ea s: – First name or first initial and last name, in combination with any of: • SSN • Drivers License No. • Credit Card #, Debit Card # along with login and password; , g g p ; • Medical Info (added more recently): – Notice required following breach regardless of d f ll b h dl f evidence of harm 4

  7. Massachusetts Massachusetts Massachusetts Massachusetts • New Mass Law effective March 1, 2010 – MGL Ch 93H ‐ • Requires notice following breach to consumers and state: – Notice required, from a person that owns or stores information ot ce equ ed, o a pe so t at o s o sto es o at o about a resident, to the owner or licensor of the information, when the person knows or has reason to know that the information was acquired or used by an unauthorized person or for an unauthorized purpose; for an unauthorized purpose; – From the owner or licensor, to the attorney general, the director of consumer affairs and business regulation and to the resident of consumer affairs and business regulation and to the resident. (Ch 93H section 3) 5

  8. Massachusetts Massachusetts Massachusetts Massachusetts • Defines Personal Information as: – A resident’s first name or first initial, plus last name, with one or more of • SSN • SSN • DL or State ID Card number • CC #, Debit Card #, financial account #, with or without any required security or access code PIN or password required security or access code, PIN, or password • Applies to any person, corporation, or other legal entity that owns, licenses, maintains, or stores the personal information of a resident of Massachusetts (whether or ( not such person is present in Massachusetts). 6

  9. Massachusetts Massachusetts Massachusetts Massachusetts • Statute directs dept. of consumer affairs to adopt regs: p p g – to “safeguard the personal information of residents of the Commonwealth” – to be consistent with the safeguards for protection of to be “consistent with the safeguards for protection of personal information set forth in the federal regulations by which the person is regulated” (Section 2(a)) – to “insure the security and confidentiality of customer information in a manner fully consistent with industry standards ” (Ch 93H Section 2(a)) 7

  10. Massachusetts Massachusetts ‐ Regulations Massachusetts Massachusetts Regulations Regulations Regulations • 201 Mass Code Regs. 17.00 et seq. impose 0 ass Code egs. .00 et seq. pose “minimum standards to safeguard personal information in both paper and electronic records” on companies that collect, store or transmit h ll personal information concerning Massachusetts residents residents. • Regs require development of a comprehensive “written information security program” (WISP) written information security program (WISP) for records with personal information 8

  11. Mass Regs Mass Regs Mass Regs Mass Regs • WISP must include: – Designation of a employee in charge of WISP – Identifying internal and external risks to security of records containing PI; records containing PI; – Employee policies and discipline; – Preventing terminated employee access to PI; – Service provider oversight; – Data storage; – Monitoring, Updating; Monitoring Updating; – Documenting response to breach. 9

  12. Mass Regs Mass Regs Mass Regs Mass Regs • WISP must include a security plan that addresses: – Encryption of all personal information transmitted across public networks or stored on laptops, portable devices; – Secure user authentication protocols; – Secure access control measures; – Monitoring for unauthorized system access; – “Reasonably up ‐ to ‐ date firewall protection and OS system patches” for a network connected to the Internet; h ” f k d h – “Reasonably up ‐ to ‐ date” system security agent software that includes malware protection and “reasonably up ‐ to ‐ date patches and virus definitions”; patches and virus definitions ; – Employee training on the security system and protection of PI; 10

  13. Massachusetts Massachusetts Massachusetts Massachusetts • Compliance deadline: Mach 1, 2010 Co p a ce dead e: ac , 0 0 • Attorney general may bring action “to remedy violations of this Chapter and for other relief that p may be appropriate.” • Attorney General may seek injunctive relief against the person involved in an unauthorized act or practice at issue. • Court may impose $5,000 civil penalty for each C t i $5 000 i il lt f h violation 11

  14. Nevada Nevada Nevada Nevada • Businesses must encrypt personal information us esses ust e c ypt pe so a o at o – on data storage or mobile devices moved beyond the “physical or logical controls” of the business; or – When data is transferred “through an electronic non ‐ voice transmission other than a facsimile” outside the secure system of the business y • Business that accept payment cards must comply with PCI DSS • Defines acceptable levels of encryption 12

  15. Minnesota Minnesota Minnesota Minnesota • Prohibits retention of security codes and other o b ts ete t o o secu ty codes a d ot e credit card data after processing transactions • Requires merchants to reimburse credit ‐ card q issuing financial institutions for costs incurred following a data breach • Creates private right of action for financial institutions following noncompliance by merchants merchants • Minn. Stat. 365E.64. 13

  16. Other Jurisdictions; Potential Laws Other Jurisdictions; Potential Laws Other Jurisdictions; Potential Laws Other Jurisdictions; Potential Laws • Data breach notification statutes now on the Data breach notification statutes now on the books in 45 states • D.C., Puerto Rico, US V.I. • Federal legislation introduced in both the House and the Senate in 2009 based on state House and the Senate in 2009, based on state breach notification statutes 14

  17. FTC Enforcement FTC Enforcement FTC Enforcement FTC Enforcement • FTC’s Authority to Regulate Data Security FTC s Authority to Regulate Data Security Practices • Broad power under §5 of FTC Act to regulate "unfair or Broad power under §5 of FTC Act to regulate unfair or deceptive acts or practices in or affecting commerce” • Enforcement Responsibility for Specific Statutes • COPPA TCFAPA • CAN ‐ SPAM FCRA • GLB G FACTA / RED FLAGS RULE C / GS U 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Growing Class Action Threat: Breaches of Consumer Personally Identifiable Information Minimizing

Growing Class Action Threat: Breaches of Consumer Personally Identifiable Information Minimizing

Presenting a live 90-minute webinar with interactive Q&A Growing Class Action Threat: Breaches of Consumer Personally Identifiable Information Minimizing Litigation Risk and Maximizing Insurance Coverage TUESDAY, MARCH 18, 2014 1pm Eastern

682 views • 49 slides
Mitigating D&O Liability Exposure for Data Privacy and Cybersecurity Breaches Reducing

Mitigating D&O Liability Exposure for Data Privacy and Cybersecurity Breaches Reducing

Presenting a live 90-minute webinar with interactive Q&A Mitigating D&O Liability Exposure for Data Privacy and Cybersecurity Breaches Reducing D&O Risk With Internal Controls, Insurance, and Indemnification; Defending Derivative

1.28k views • 79 slides
Developments in CyberSecurity Law presented by www.udalllaw.com Security Breaches &

Developments in CyberSecurity Law presented by www.udalllaw.com Security Breaches &

Developments in CyberSecurity Law presented by www.udalllaw.com Security Breaches & Security Requirements Security Breaches Criminal Conduct -computer viruses (ransomware) -physical theft -server, laptops, flash drives -electronic

668 views • 31 slides
GDPR Data Security and Breaches 10 December 2019 Newcastle | Leeds | Manchester 2 What we

GDPR Data Security and Breaches 10 December 2019 Newcastle | Leeds | Manchester 2 What we

GDPR Data Security and Breaches 10 December 2019 Newcastle | Leeds | Manchester 2 What we will look at today Technical and Organisational Security Handling data breaches Case law Newcastle | Leeds | Manchester 3 Data

929 views • 76 slides
Responding to Skyrocketing Cyber Attacks Managing Risk, Responding to Breaches and OCR

Responding to Skyrocketing Cyber Attacks Managing Risk, Responding to Breaches and OCR

Presenting a live 90-minute webinar with interactive Q&A Data Breaches in Healthcare: Responding to Skyrocketing Cyber Attacks Managing Risk, Responding to Breaches and OCR Investigations, Minimizing HIPAA Liability THURSDAY, MARCH 24, 2016

795 views • 76 slides
Neutralize Data Breaches Using data-centric security on NonStop Prashanth Kamath U Sr. Product

Neutralize Data Breaches Using data-centric security on NonStop Prashanth Kamath U Sr. Product

Neutralize Data Breaches Using data-centric security on NonStop Prashanth Kamath U Sr. Product Manager NonStop Enterprise Division Forward-looking statements This is a rolling (up to three year) Roadmap and is subject to change without

400 views • 26 slides
Data Security Breaches: Problems And Solutions Steven C. Bennett With a combination of risk

Data Security Breaches: Problems And Solutions Steven C. Bennett With a combination of risk

Data Security Breaches: Problems And Solutions Steven C. Bennett With a combination of risk assessment, technical solutions, and stafg training, it is possible to keep data secure. InformatIon Is the new currency of commerce. Sensitive data,

380 views • 6 slides
Law Firm Data Breaches and Legal Malpractice Risks Assessing Vulnerabilities, Defending

Law Firm Data Breaches and Legal Malpractice Risks Assessing Vulnerabilities, Defending

Presenting a live 90-minute webinar with interactive Q&A Law Firm Data Breaches and Legal Malpractice Risks Assessing Vulnerabilities, Defending Professional Liability Claims, Evaluating Insurance Coverage TUESDAY, MAY 3, 2016 1pm Eastern

942 views • 62 slides
Web Security What should be the Threat Model for the Web? Goal and Threat Model Much can go

Web Security What should be the Threat Model for the Web? Goal and Threat Model Much can go

Web Security What should be the Threat Model for the Web? Goal and Threat Model Much can go wrong on the web! Clients encounter malicious content Web servers are target of break-ins Fake content/servers trick users Data sent

446 views • 16 slides
Network Security & Privacy Liability: An Overview of Loss Mitigation Concepts and Data Breach

Network Security & Privacy Liability: An Overview of Loss Mitigation Concepts and Data Breach

Network Security & Privacy Liability: An Overview of Loss Mitigation Concepts and Data Breach Response Services March 20 th , 2012 Brian Cole, Managing Director Professional Liability Specialty Practice Overview of Topics Cyber Security

611 views • 21 slides
Securing Information Systems Barbarians at the Gateway Learning Objectives Security breaches

Securing Information Systems Barbarians at the Gateway Learning Objectives Security breaches

10/16/2013 Securing Information Systems Barbarians at the Gateway Learning Objectives Security breaches are on the rise Understand the potentially damaging impact of security breaches Security must be made a top organizational

610 views • 20 slides
Enterprise Security with Expanded Network Boundaries Dr. Zhijun (William) Zhang Lead Security

Enterprise Security with Expanded Network Boundaries Dr. Zhijun (William) Zhang Lead Security

Enterprise Security with Expanded Network Boundaries Dr. Zhijun (William) Zhang Lead Security Architect at The World Bank Group Data Breaches in the News Large-scale breaches are now a regular occurrence across industry and geography

221 views • 18 slides
https://xkcd.com/838/ Data Breaches This years study analyzed 524 breaches that occurred

https://xkcd.com/838/ Data Breaches This years study analyzed 524 breaches that occurred

https://xkcd.com/838/ Data Breaches This years study analyzed 524 breaches that occurred between August 2019 and April 2020, in organizations of all sizes, across 17 geographies and 17 industries. The 2020 Cost of a Data Breach

289 views • 17 slides
Cyber Insurance: Protect Your Wine Business Against Data Security Breaches and Other Cyber Risks

Cyber Insurance: Protect Your Wine Business Against Data Security Breaches and Other Cyber Risks

AUGUST 25, 2015 Cyber Insurance: Protect Your Wine Business Against Data Security Breaches and Other Cyber Risks Tyler Gerking, Partner David B. Smith, CPCU, ARM, Insurance & Risk Management Consultant What is Cyber Insurance?

368 views • 10 slides
Counterfeiting, Piracy & Smuggling - Growing Threat to National Security Agenda Menace of

Counterfeiting, Piracy & Smuggling - Growing Threat to National Security Agenda Menace of

Counterfeiting, Piracy & Smuggling - Growing Threat to National Security Agenda Menace of Counterfeiting, Piracy & Smuggling Terrorisms links with Counterfeiting, Piracy & Smuggling Framework for Preventing Financing of

630 views • 20 slides
INFORMATION SECURITY AND PRIVACY ADVISORY BOARD 1 Mega Breaches The Year of the Breach 2011

INFORMATION SECURITY AND PRIVACY ADVISORY BOARD 1 Mega Breaches The Year of the Breach 2011

INFORMATION SECURITY AND PRIVACY ADVISORY BOARD 1 Mega Breaches The Year of the Breach 2011 2012 2013 Breaches 208 156 253 Identities Exposed 232M 93M 552M Breaches >10M 5 1 8 2013 was the Year of the Mega Breach Internet

214 views • 5 slides
N Brown Group FY20 Results and Q1 FY21 Trading Update Transcript Steve Johnson: Good morning

N Brown Group FY20 Results and Q1 FY21 Trading Update Transcript Steve Johnson: Good morning

N Brown Group FY20 Results and Q1 FY21 Trading Update Transcript Steve Johnson: Good morning everybody and welcome to N Browns Preliminary results for FY20 and trading update for Q1 of this current financial year, FY21. Firstly, Id like

426 views • 16 slides
What The Hack! Aldo Leiva Jorge Rey Agenda Introduction Cybersecurity Trends Legal

What The Hack! Aldo Leiva Jorge Rey Agenda Introduction Cybersecurity Trends Legal

What The Hack! Aldo Leiva Jorge Rey Agenda Introduction Cybersecurity Trends Legal Framework For Cybersecurity Compliance How Are Organizations Getting Hacked Oops, you clicked on the link. Now what? Best Practices and

1.09k views • 36 slides
Protecting your Assets Sept 4th, 2014 Presented by: Chris Nyhuis Vigilant

Protecting your Assets Sept 4th, 2014 Presented by: Chris Nyhuis Vigilant

PSI Tech Expo Protecting your Assets Sept 4th, 2014 Presented by: Chris Nyhuis Vigilant LLC. 9/16/14 1 Chris Nyhuis cnyhuis@vigilantnow.com http://www.vigilantnow.com Owner of Vigilant

1.13k views • 35 slides
Is That a Worm or a Bot? Cyber Liability Insurance P R E S E N T E D T O C A S U A L T Y A C T

Is That a Worm or a Bot? Cyber Liability Insurance P R E S E N T E D T O C A S U A L T Y A C T

Is That a Worm or a Bot? Cyber Liability Insurance P R E S E N T E D T O C A S U A L T Y A C T U A R I A L S O C I E T Y B A L T I M O R E , M D O C T O B E R 4 , 2 0 1 2 B Y J O H N M E R C H A N T F R E E D O M S P E C I A L T Y I

326 views • 20 slides
DRAFT TABLE OF CONTENTS I. EXECUTIVE SUMMARY

DRAFT TABLE OF CONTENTS I. EXECUTIVE SUMMARY

DRAFT TABLE OF CONTENTS I. EXECUTIVE SUMMARY ....................................................................... 4 SPP Value

1.27k views • 107 slides
FORWARD-LOOKING STATEMENTS This presentation made by Hawaiian Electric Industries, Inc. (HEI) and

FORWARD-LOOKING STATEMENTS This presentation made by Hawaiian Electric Industries, Inc. (HEI) and

FORWARD-LOOKING STATEMENTS This presentation made by Hawaiian Electric Industries, Inc. (HEI) and Hawaiian Electric Company, Inc. (Hawaiian Electric) and their subsidiaries contain forward-looking statements, which include statements that

719 views • 50 slides
AGENDA FOR TODAY

AGENDA FOR TODAY

AGENDA FOR TODAY

900 views • 22 slides
1 SE L MA UNIF IE D SCHOOL DIST RICT 2020- 21 BUDGE T Ma y 20, 2020 2 AGE NDA IT E M

1 SE L MA UNIF IE D SCHOOL DIST RICT 2020- 21 BUDGE T Ma y 20, 2020 2 AGE NDA IT E M

Califor nia Se nator s Califor nia State Asse mbly Dr . Joaquin Ar ambula Anna M. Caballe r o Ca pito l Offic e , Ro o m 5155 Sta te Ca pito l, Ro o m 5052 P.O. Bo x 942849 Sa c ra me nto , CA 95814-4900 (916)651-4012 Sa c ra me

329 views • 20 slides

More recommend