privacy by deletion 5 steps to reducing data risk
play

Privacy by Deletion: 5 Steps to Reducing Data Risk July 19, 2017 - PowerPoint PPT Presentation

Feb 22, 2024 •408 likes •664 views

Privacy by Deletion: 5 Steps to Reducing Data Risk July 19, 2017 Agenda Introductions The Risks Involved with Over-Retention 5 Steps to Reduce Data Risk Understanding what exists Focusing on risks Leveraging lower cost storage

  1. Privacy by Deletion: 5 Steps to Reducing Data Risk July 19, 2017

  2. Agenda Introductions The Risks Involved with Over-Retention 5 Steps to Reduce Data Risk – Understanding what exists – Focusing on risks – Leveraging lower cost storage tiers that support a range of business users – Developing and executing a defensible disposition strategy – Measuring ROI Open Q&A 2

  3. Introductions Anthony Diana Partner, Reed Smith Anthony is a litigation partner in the Records & E-Discovery and IP, Information & Innovation groups. He focuses his practice on commercial litigation, internal and regulatory investigations, electronic discovery and information governance, and data privacy and security. Anthony has counseled clients on policies and procedures designed to protect sensitive information and comply with various laws and regulations throughout the world, from storage, to transfer, to production to third-parties. Anthony has represented clients before courts to ensure adequate protections are in place for this information, or to defend the protections that the clients have implemented. Anthony also has conducted investigations regarding data breaches and assisted in the remediation of the breaches. Anthony holds a B.A.B.S. from the University of Pennsylvania and a J.D. from Columbia Law School. 3

  4. Introductions Jim McGann Vice President, Marketing and Business Development, Index Engines Jim has extensive experience with the eDiscovery and Information Management in the Fortune 2000 sector. Before joining Index Engines in 2004, he worked for leading software firms, including Information Builders and the French based engineering software provider Dassault Systemes. In recent years he has worked for technology based start-ups that provided financial services and information management solutions. Prior to Index Engines, Jim was responsible for the business development of Scopeware at Mirror Worlds Technologies, the knowledge management software firm founded by Dr. David Gelernter of Yale University. Jim graduated from Villanova University with a degree in Mechanical Engineering. Jim is a frequent writer and speaker on the topics of big data, backup tape remediation, electronic discovery and records management. Jim shares his thoughts on information governance and data profiling in his blog www.PowerOverInformation.com. 4

  5. Introductions Jake Frazier Senior Managing Director, FTI Technology Jake Frazier leads FTI Technology’s Information Governance & Compliance practice. Jake assists corporations and governmental organizations with IG&C initiatives. For example, Jake consulted with 3 Top 5 Global Financial Services firms to assess information governance initiatives and corresponding cost and risk, focusing recommendations on quick wins that further the clients’ objectives while demonstrating demonstrable progress to critical stakeholders. He participated as a faculty member of the Compliance Governance & Oversight Council and as a member of the Sedona Conference. Jake holds his Juris Doctor from the Arizona State College of Law, and his Master of Business Administration from the University of Texas at Dallas. 5

  6. Audience Poll #1 Q: Is your organization (or, if you are with a law firm, are your clients) actively deleting data today? • Yes • No • Don’t know 6

  7. Audience Poll #2 Q: If yes, what is the main driver for your data deletion program (select all that apply)? • Industry regulations • GDPR • Cost-savings • Data breach prevention • Other 7

  8. Risks of Over-Retention Practical Reality for Most Companies: Balancing Competing Needs Easy access to data for Protect data business purposes & against breaches regulatory responses 8

  9. Risks of Over-Retention: Litigation Liability Unlike the Risk Landscape 10-15 Years Ago, Litigation Liability and eDiscovery Costs Are Increasingly Viewed as Weighing in Favor of Better Data Management and Against Over-Retention Litigation Liability : Seemingly innocent comments, jokes, or candid opinions expressed by non-legal personnel can be taken out of context or look unlawful in hindsight, with significant consequences in later litigation Oracle v. Google (N.D. Cal). Suit filed in 2010 relying on informal email discussions between engineers in the 2005-2007 time • frame, survived several appeals and again in trial, with the initial damage estimate almost doubled to $9.3 billion DOJ v. Standard & Poor’s (C.D. Cal.). DOJ’s $5 Billion lawsuit filed in 2013 against Standard & Poor’s used documents from • 2004 and 2007 to demonstrate executives criticizing investment-grade ratings and documenting deterioration in housing markets before 2008 financial crisis; lawsuit settled for $1.4 Billion with lengthy stipulation reflecting damaging facts revealed in “voluminous” discovery E-Discovery Costs: When accounting for e-discovery costs across all legal matters, the cost exposure for over-retention of email can exceed tens of millions of dollars For a single case with 10 custodians who have 1 year of retained email, the overall e-discovery cost could range from • $75,000 to $450,000. For 6 years of data, the cost balloons to a range of $450,000 to $2,700,000, according to survey by RAND Corp. 9

  10. Government Audit & Enforcement FINRA, OCC, CFPB, SEC, Federal Reserve, FDIC, SEC Are All Actively Engaged in Cybersecurity Supervision and Enforcement; Cybersecurity Supervision Includes Not Just Identifying, Preventing or Remediating Threats, But Also Identifying Data Risk, Managing Data Flows and Data Deletion FINRA and SEC imposed fines for failure to effectively manage customer personal information as part of larger investigation E*Trade division fined $900K by FINRA for not doing enough to ensure data about customers’ trades were handled properly • and failing to protect customer privacy Morgan Stanley fined $1mm by SEC for alleged failure to adopt written policies and procedures reasonably designed to • protect customer data, allowing employee to access and transfer data to personal server, which was hacked by third parties FINRA 12 firms a total of $14.4 million for significant deficiencies relating to the preservation of broker-dealer and customer • records in a format that prevents alteration. FINRA found that at various times, and in most cases for prolonged periods, the firms failed to maintain electronic records in ‘write once, read many,’ or WORM, format State regulators are ( and are expected to ) taking on a more active role in regulating cybersecurity controls at financial institutions. For example: DFS recently proposed new rules on cybersecurity for covered financial institutions to establish cybersecurity programs; Focus • on information (not just information systems) and expressly calls out deletion of data no longer needed for business purposes Expected to be the first of many similar regulations • 10

  11. Audience Poll #3 Q: What data are you prioritizing for remediation (select all that apply)? • Email • Messaging • Back-up tapes • File servers • Legacy applications • Other 11

  12. Data Pitfalls 56% 70% >50% 1/2 Information that is eligible More information than More than half of organizations Half of organizations over- to be destroyed cannot be be ne necessary is typically over-preserve information pr preserve e-mails, IMs and readily separated from retained due to how legal pursuant to a legal holds electronic legal holds at 56% of holds are written or communications organizations. applied at 70% of organizations 68% over-preserve content/documents from ECM 61% 78% 53% from collaboration tools (SharePoint) 65% network files 61% of organizations do do no not Important/official ESI 56% desktop/laptop files regularly de delete eligible ESI cannot be be located d and nd using standardized processes needed at 78% us used d whe hen ne 62% from backup tapes of organizations SOURCE : http://www.ironmountain.com/Knowledge-Center/Reference-Library/ View-by-Document-Type/White-Papers-Briefs/C/Compliance-Benchmark-Report.aspx 12

  13. 5 Steps to Reducing Risk

  14. Understanding What Exists Data of Value − Active and dark data (old reports and research data) − Ensure it is available and accessible by those who need it Aged/Redundant Data − Data has outlived its business value − Migrate to cheaper storage environment Sensitive Data − Email and files containing PII, PSTs, contracts, etc. − Migrate to archive for long term preservation 14

  15. Focusing on Risks 15 Source: Information Economics Process Kit, CGOC

  16. Storage in Tiers 16

  17. Change in Deletion Risks: Amended FRCP New FRCP Amendments protect against inadvertent deletion of legal hold • electronic data and deletion of electronic data as part of an overall deletion program ( See Fed. R. Civ. P. 26(b)(1), 37(e)) New FRCP support proportionality in preservation ( See Fed. R. Civ. P. 37(e) • Advisory Committee Notes) New FRCP amendments do not protect against the failure to identify and • produce responsive data. Many cases where severe sanction cases were imposed by the court, such as Qualcomm , involved the failure to identify and produce data, not the failure to preserve data More risk in not being able to locate responsive data than in deleting data • as part of program 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Mitigating D&O Liability Exposure for Data Privacy and Cybersecurity Breaches Reducing

Mitigating D&O Liability Exposure for Data Privacy and Cybersecurity Breaches Reducing

Presenting a live 90-minute webinar with interactive Q&A Mitigating D&O Liability Exposure for Data Privacy and Cybersecurity Breaches Reducing D&O Risk With Internal Controls, Insurance, and Indemnification; Defending Derivative

1.28k views • 79 slides
An Empirical Analysis of Data Deletion and Opt-Out Choices on 150 Websites Hana Habib, Yixin Zou

An Empirical Analysis of Data Deletion and Opt-Out Choices on 150 Websites Hana Habib, Yixin Zou

An Empirical Analysis of Data Deletion and Opt-Out Choices on 150 Websites Hana Habib, Yixin Zou , Aditi Jannu, Chelse Swoopes, Alessandro Acquisti, Lorrie Cranor, Norman Sadeh, Florian Schaub 1 Privacy Choices Are Mandated European Union

542 views • 51 slides
Reducing birdstrike risk Ian Witter, BAA Airside Operations Reducing birdstrike risk You

Reducing birdstrike risk Ian Witter, BAA Airside Operations Reducing birdstrike risk You

Reducing birdstrike risk Ian Witter, BAA Airside Operations Reducing birdstrike risk You cannot guarantee to prevent birdstrikes, but you can do things to reduce the risk. Numbers of birdstrikes do not tell you much about the risk

556 views • 23 slides
Addressing Your Number 1 Security Risk: Data Privacy, Data Encryption A Complimentary

Addressing Your Number 1 Security Risk: Data Privacy, Data Encryption A Complimentary

Addressing Your Number 1 Security Risk: Data Privacy, Data Encryption A Complimentary Webinar From healthsystemCIO.com Sponsored by Proofpoint Your Line Will Be Silent Until Our Event Begins at 12:00 ET Thank You! Slide Deck:

468 views • 22 slides
RIF: Reducing Risk When You Are Reducing Your Workforce John F. Birmingham, Jr. David J.B.

RIF: Reducing Risk When You Are Reducing Your Workforce John F. Birmingham, Jr. David J.B.

RIF: Reducing Risk When You Are Reducing Your Workforce John F. Birmingham, Jr. David J.B. Froiland Overview Cost saving options other than RIF Developing RIF plan and RIF documentation Releasing Age Discrimination Claims

868 views • 51 slides
On Privacy Risk of Releasing Data and Models Ashish Dandekar Supervised by: A/P St ephane

On Privacy Risk of Releasing Data and Models Ashish Dandekar Supervised by: A/P St ephane

Introduction Publication of data Publication of models Privacy at risk Conclusion References On Privacy Risk of Releasing Data and Models Ashish Dandekar Supervised by: A/P St ephane Bressan July 18, 2019 1 / 36 Introduction

912 views • 70 slides
Call to Action Reducing Radon Risk in America December 9, 2011 1 Reducing Radon Risk in

Call to Action Reducing Radon Risk in America December 9, 2011 1 Reducing Radon Risk in

Call to Action Reducing Radon Risk in America December 9, 2011 1 Reducing Radon Risk in America The Federal Action Plan a basic foundation for nation-wide progress Adoption of radon resistant construction requirements for Zones 1

367 views • 26 slides
Conducting DPIAs to Reduce Business Risk Lecio de Paula Director of Data Privacy, FIP,

Conducting DPIAs to Reduce Business Risk Lecio de Paula Director of Data Privacy, FIP,

Conducting DPIAs to Reduce Business Risk Lecio de Paula Director of Data Privacy, FIP, CIPP/E, CIPP/US, CIPP/C, CIPM, AWS Certified Todays Presentation Discuss benefits of conducting data privacy impact assessments Why

497 views • 26 slides
Differen'al Privacy and Risk Ra'os: The seman'cs of privacy

Differen'al Privacy and Risk Ra'os: The seman'cs of privacy

Differen'al Privacy and Risk Ra'os: The seman'cs of privacy CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 5 : 590.03 Fall 16 1

345 views • 30 slides
Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No

Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No

Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No privacy breaches! Public Data Anonymization Data representation? Privacy breach? Value of data? Data publisher Privacy Analyst Work by: Elena

80 views • 3 slides
EU Art.29 Data Protection Users care about privacy Working Party From: Special Eurobarometer

EU Art.29 Data Protection Users care about privacy Working Party From: Special Eurobarometer

28/05/15 Outline Data privacy and the evolving regulation Privacy threats from LBS to geoSN EveryWare Lab Main (location) privacy protection techniques Data Management for Mobile Protecting geo-tagged resource publication

411 views • 7 slides
Data Privacy for IEEE Volunteer Data Managers 2 Overview Changes in Data Privacy IEEE

Data Privacy for IEEE Volunteer Data Managers 2 Overview Changes in Data Privacy IEEE

Data Privacy for IEEE Volunteer Data Managers 2 Overview Changes in Data Privacy IEEE Privacy Policy Terms & Conditions and Subscriptions Consent Structure and Preferences Meetings, Conferences, and Events

926 views • 36 slides
Transparency and disclosure risk in data privacy c Torra 1 Vicen March, 2015 1 School of

Transparency and disclosure risk in data privacy c Torra 1 Vicen March, 2015 1 School of

PAIS 2015 Transparency and disclosure risk in data privacy c Torra 1 Vicen March, 2015 1 School of Informatics, University of Sk ovde, Sweden Outline Outline Outline Quantitative measures of risk: record linkage Transparency principle:

1.35k views • 91 slides
EHR Privacy Risk Assessment Using Qualitative Methods Maria Madsen CQUniversity, Gladstone,

EHR Privacy Risk Assessment Using Qualitative Methods Maria Madsen CQUniversity, Gladstone,

EHR Privacy Risk Assessment Using Qualitative Methods Maria Madsen CQUniversity, Gladstone, Queensland EHR Privacy Risk Assessment A Systems Perspective Perform privacy risk Few people have Perform privacy risk Few people

356 views • 13 slides
Rain, Wind, and Fire: Reducing risk and learning from experience in Ontarios Cottage Country Dan

Rain, Wind, and Fire: Reducing risk and learning from experience in Ontarios Cottage Country Dan

Rain, Wind, and Fire: Reducing risk and learning from experience in Ontarios Cottage Country Dan Sandink, Director of Research FOCA, Toronto, October 27 2018 Topics Reducing risk at lot-level, largely straight-forward measures

601 views • 30 slides
Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in many ways over the years. Usually privacy is concerned with the individual human being. We may talk about privacy as the control over your own

230 views • 21 slides
Form P-18/Form T-1 Deborah Davis August 2020 1 Railroad Commission of Texas | June 27, 2016

Form P-18/Form T-1 Deborah Davis August 2020 1 Railroad Commission of Texas | June 27, 2016

Form P-18/Form T-1 Deborah Davis August 2020 1 Railroad Commission of Texas | June 27, 2016 (Change Date In First Master Slide) 1 P-18 Report Class Description What is a P-18 report? When the P-18 report is due? Who needs to file a

1.03k views • 69 slides
Semantic Web technologies in Unit-net IEDI Vadim Ermolayev http://eva.zsu.zp.ua/

Semantic Web technologies in Unit-net IEDI Vadim Ermolayev http://eva.zsu.zp.ua/

Semantic Web technologies in Unit-net IEDI Vadim Ermolayev http://eva.zsu.zp.ua/ http://www.zsu.edu.ua/ Zaporozhye State University, Ukraine UnIT-Net: IT in University http://www.unit-net.org.ua/ Management Network TEMPUS/ TACIS

1.17k views • 38 slides
Computing for Decentralized Systems Alejandro Avils (@OmeGak)

Computing for Decentralized Systems Alejandro Avils (@OmeGak)

Computing for Decentralized Systems Alejandro Avils (@OmeGak) Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) Generally, in this series of lectures I'm going to speak about: Fault tolerance Internet and

963 views • 50 slides
INTRODUCTION TO INFORMATION SYSTEMS THEORIES 1 Silvia Masiero University of Oslo, Department

INTRODUCTION TO INFORMATION SYSTEMS THEORIES 1 Silvia Masiero University of Oslo, Department

INTRODUCTION TO INFORMATION SYSTEMS THEORIES 1 Silvia Masiero University of Oslo, Department of Informatics silvima@ifi.uio.no 26 August 2020 IN5210 Information Systems Overview Introductions IS: what sort of science is it?

700 views • 29 slides
DESI V WORKSHOP 2013 Similar Document Detection and Electronic Discovery: So Many Documents, So

DESI V WORKSHOP 2013 Similar Document Detection and Electronic Discovery: So Many Documents, So

DESI V WORKSHOP 2013 Similar Document Detection and Electronic Discovery: So Many Documents, So Little Time Michael Sperling, Rong Jin, Illya Rayvych, Jianghong Li and Jinfeng Yi Predictive Coding: Turning Knowledge into Power Thomas I.

687 views • 24 slides
Discovery and Exploration in the VO Christopher J. Miller Asst. Professor, Astronomy University

Discovery and Exploration in the VO Christopher J. Miller Asst. Professor, Astronomy University

T HE V IRTUAL O BSERVATORY (VO) Discovery and Exploration in the VO Christopher J. Miller Asst. Professor, Astronomy University of Michigan Why Discovery and Exploration? Astronomy is a resource intensive research field We require

436 views • 25 slides
Cryptographic Cloud Storage: a proposal a proposal Seny Kamara, Kristin Lauter Cryptography

Cryptographic Cloud Storage: a proposal a proposal Seny Kamara, Kristin Lauter Cryptography

Cryptographic Cloud Storage: a proposal a proposal Seny Kamara, Kristin Lauter Cryptography Group Microsoft Research Applications/Scenarios Secure Outsourcing for Business Electronic Health Records Interactive Scientific Publishing

452 views • 4 slides
The Novel Materials Discovery (NOMAD) Laboratory maintains the largest Repository for input and

The Novel Materials Discovery (NOMAD) Laboratory maintains the largest Repository for input and

The Novel Materials Discovery (NOMAD) Laboratory maintains the largest Repository for input and output files of all important computational materials science codes. From its open-access data it builds several Big-Data Services helping to advance

304 views • 14 slides

More recommend