Risk Management Stephen Vono - Principal Notification Laws - PowerPoint PPT Presentation

Information Security Risk Management Stephen Vono - Principal

Notification Laws • Definition of ‘PII’ • Compliance www.mcgowanprofessional.com

Information Security Liability • Paper Files • Wi-Fi Networks • Servers • Portable Media www.mcgowanprofessional.com

First Party Liability vs. Third Party Liability First Party Third Party Accountant/Owner Non-client Client Client Information Information Information www.mcgowanprofessional.com

Insurance Policy Response First Party = Third Party = Information Security Liability Professional Liability Policy Policy www.mcgowanprofessional.com

Insurance Policy Gaps • Professional Liability = Limited First Party coverage, fraud exclusion • Employee Dishonesty = Employee fraud and theft of client funds (not client information) • Information Security Liability Policy = First Party coverage AND unauthorized use of confidential information www.mcgowanprofessional.com

Information Security Liability Policy ü 1 Intentional Acts ü 2 Suit from non - professional ü 3 respond to loss of information ü 4 Media/PR ü 5 Call Center/Resources www.mcgowanprofessional.com

Best Practices Policies ü Notification Letter ü WISP ü Portal Usage Policy ü Mobile Media Usage Policy ü Technical Safeguards www.mcgowanprofessional.com

Thank you! www.naplia.com Stephen Vono stevev@naplia.com www.mcgowanprofessional.com