SlideShare une entreprise Scribd logo

Data breaches at home and abroad

Law Practice Strategy
Law Practice Strategy
TechnologieBusiness
1  sur  29
Télécharger pour lire hors ligne
Data Breaches at Home and Abroad: This Can Mean You Too! Lessons Learned from the Past, and What’s Coming Up in the Future for US and Multi-National Entities Mark E. Schreiber, Chair, Privacy and Data Protection Group Theodore P. Augustinos, Co-Chair Laurie A. Kamaiko, Co-Chair David S. Szabo Socheth Sor
Agenda  Current Breach Landscape  Breach Response Tips  Massachusetts Data Security Requirements: Update  Credit Card Issues  HIPAA and HITECH Developments  Data Breach Litigation  Cyber Risk Insurance  Foreign and International Data breach Considerations 1
Current Breach Landscape  Company records containing personal information of individuals  increasingly exposed to malevolent or inadvertent disclosures  costs going up drastically  96% avoidable through simple to intermediate security controls  88% of U.S. companies said to have experienced data breach in 2010  some multiple times  About 40% of executives in one recent Deloitte survey said they expected their company to have an electronic security breach in next 12 months  Roughly ½ said they were not adequately prepared for it 2
Cost of Breaches Increasing  2011 had troubled beginning  9.5M records exposed (excluding 100M plus in Sony)  Sony  Google  Epsilon  Citibank  Anonymous/LulzSec  Massachusetts Executive Office of Labor and Workforce Development and other government agencies  Multiple Hospitals and other Healthcare providers  Average total cost per US company: $7.2 M (2010) up from $6.75 M (2009)  $3.4 M in Germany, $2.5 M in UK and France (2009)  329 organizations reported 86,455 laptops lost (2010)  Avg. cost of $6.4 million per company  222 million records repeatedly compromised in US in 2009 (likely undercounts)  10 million patient records in 272 events (OCR report)  $6B cost annually Ponemon, 2010 Annual Study: U.S. Cost of a Data Breach; Global 2009 Annual Study on Cost of a Data Breach 3 Verizon, April 2011: 2011 Data Breach Investigations Report
Responsibility for Breaches According to Ponemon Studies:  Third Party Outsourcers – 39% of breaches (slight decline from 2009), but cost up 39%.  Lost/Stolen laptops and other mobile devices – 35% (36% in 2009, but cost up 15%).  Systems failure – 27%, a 9% decline as companies work harder on prevention and more technologies are available.  Negligence – 41% (1% increase); costs up 27%.  Malicious/Criminal – 31% (7%/highest increase) 2010 was first time malicious attacks are not least frequent cause. They are the most expensive; increasingly stealthy and successful, requiring more resources. 4
Breach Response Tips  Assemble the team  Decision-maker level of management  IT  Data Forensics  Legal Counsel  Breach Response Services  Call center  Processing  Mailing  Customer, Public, Media and Governmental Relations  Containment  Find and stop the cause of the breach.  First priority is to stop the loss of data, preferably by taking steps that will preserve the information needed for the investigation 5
Breach Response Tips (cont.)  Investigation  What happened?  What information was affected?  Where do affected individuals reside?  Analysis – Review results of the investigation under applicable requirements, and contractual requirements, including PCI-DSS.  Remediation  Choice of products and services to be offered to affected individuals, if any  Credit Monitoring  Credit Restoration Services  Credit Insurance  Other 6
Breach Response Tips (cont.)  Communication  Affected Individuals  State Agencies  FTC, HHS, as appropriate.  Card Brands, Merchant Bankers and Card Processors  Employees  Other Constituents  Reaction to Inquiries  Affected Individuals and other consumers or clients  Media  Governmental Agencies 7
Breach Response Tips (cont.)  Experience at all levels is critical (even the call center)  Benefits of a third-party forensics team  Credible third party assessment  Reliable Chain of Custody  Backups of all pertinent system logs  Attorney-client privilege  Review availability of insurance coverage and affect any required notification.  Conduct the Investigation  Legal, Analysis and Decision-Making  Draft and Effect Required Notices 8
Breach Response Tips (cont.)  Top Five Ways to Avoid a Breach  Assemble the Team and Assess the Data  Develop Policies and Procedures  Control Hardware and Software  Mitigate Risk  Train, Test, Update and Monitor. Repeat 9
Breach Response Tips (cont.)  Top Five Ways to Respond to a Breach  Assemble the Response Team  Do the Forensics and Assess the Data  Develop and Effectuate Remediation  Draft and Effect Notices  Review Preventative Measures 10
Massachusetts Data Security Requirements: Update  State of the Art in Policies and Procedures  Massachusetts requirements for comprehensive written information security programs are both more broad and more specific than those of other states  More Broad – Extend to areas not covered by others  Written Policy Requirements  Technology and other security requirements  Vendor Contracts  More Specific – Impose specific requirements for security  Encryption  Specific requirements for vendor selection, contracting and management  Different – Unique breach notice requirements and limitations 11
Massachusetts Data Security Requirements: Update (cont.)  State of the Art in Enforcement?  Briar Group, LLC  Chain of restaurants and bars allegedly suffered malware intrusion  Allegedly continued to accept credit cards after knowledge of attack and prior to effective remediation, without notifying patrons of risk  Consent order entered by Mass AG included significant fine  Breach pre-dated MA Data Security Regulation  Enforcement pursued under general consumer protection statute  Enforcement posture based in part on apparent position that failure to comply with PCI-DSS = violations of consumer protection statute  Effectively adopts PCI-DSS as legal standard of conduct in the Commonwealth? 12
Credit Card Issues  PCI-DSS  Industry Standard imposed by merchant banking contracts  Incorporated into Nevada law by statute  Imposed by Massachusetts enforcement posture?  Credit Card Breaches  Brand, Merchant Bank and Processor Notifications  Involvement of QIRA and QSA  Self-Assessment Questionnaire and Certification 13
HIPAA Enforcement  Cignet Healthcare -- $4.3 million penalty  Partners Health Care System -- $1 million settlement  Interesting Questions  What is an “ongoing violation?”  How should penalties be calculated?  Does the statute authorize daily penalties? 14
Resolution Agreements  Five agreements on OCR website  Settlements range from $35,000 to $2.25 million  Four are fundamentally based on security failures (lost or stolen information, improper disposal of information).  One is predominantly a privacy case (unauthorized use of PHI for marketing).  All have a corrective action plan. Terms for CAPs are three years (4) and two years (1). 15
HITECH Rulemaking  Accounting for Disclosures—proposed rule issued May 31, 2011. Includes two rights: right to an accounting of disclosures, and right to receive an electronic medical records access report  Period for accounting reduced to three years from six years.  Disclosures to be accounted for to be explicitly listed in the final rule. Comment is requested on specific items to be added or excluded from the list. 16
HITECH Rulemaking (cont.)  Access Reports  OCR proposes a report of every time a person accesses electronic data in a designated record set, whether a disclosure is made or not.  OCR takes the position that access logs already are required by the Security Rule—such that the regulation only requires access to a document that should be readily available.  Individuals can request reports reflecting access on specific dates or by specific individuals.  Reports must be aggregated if data resides on more than one information system (EMR, billing, etc). 17
HITECH Rulemaking (cont.)  Still pending: Final rule for a large number of other HITECH mandated changes, including:  Marketing Authorizations  Business Associate Agreements  Transition Provisions  Sale of PHI  Research Authorizations  Decedents  Immunizations  Minimum Necessary  Fundraising  Notice Requirements 18  Access Rights for Individuals
Data Breach Litigation Article III Standing Required  Data breach class actions  Tend to be in federal court due to Class Action Fairness Act. 28 U.S.C. § 1332(d)  If in state court, may be removable  Federal lawsuits must satisfy Article III standing requirement  Requires a “case or controversy” requiring an injury in fact that is actual or imminent, not conjectural or hypothetical. 19
Data Breach Litigation Article III Standing Required (cont.)  Several lower federal courts have found that increased risk of identity theft as result of data breach not an injury in fact  Two federal appellate courts found increased risk of identity theft satisfies injury in fact requirement  Sixth Circuit suggested increased risk of identity theft too conjectural to be injury in fact 20
Data Breach Litigation Cognizable Injury Also Required  If standing requirements satisfied  Plaintiffs still need to allege injury for which state law provides remedy  Injuries not cognizable (generally) under state common law:  Increased risk of identity theft  Time and effort spent closing accounts/protecting credit ratings  Court finds cognizable injury in statutory claim  Doe 1 v. AOL LLC, 719 F.Supp.2d 1102 (N.D. Ca. 2010)  Claim under California Consumers Legal Remedy Act  Statute says consumer suffering “any damage” may bring a claim  Defendant exposed “highly sensitive” personal information of plaintiffs  Sufficient allegation of injury under statute  Moral: state law on injury may determine outcome of motion 21 to dismiss
Data Breach Litigation Class Certification  Plaintiffs’ attorneys need financial incentive of class action in order to pursue data breach action  Individual losses will generally be too small  Court may not certify class  May not be worth proceeding without class 22
Cyber Risk Insurance  Specialty cyber risk/data protection/tech policies  Personal information breaches  Network security  Cyber extortion  Business Disruption  Often can be sub-limits and other limitations on coverage  Terms/Scope of coverage vary 23
Other Insurance  Claims often made under more traditional lines (although frequently exclusions/coverage defenses apply)  Property  Crime/Fidelity  K&R  CGL  Coverage A –property damage/BI-emotional distress  Coverage B – injury arising out of publication that violated the data owners privacy  Professional liability  Lawyers, real estate agents, A&E, etc.  D&O  Approval/Lack of security plans  How a breach is handled  What is said about the cause and remediation 24
Other Insurance Issues  Aggregation of risk on policies issued  The cyber hurricane (simultaneous attack on multiple targets)  Multiple insureds impacted  Multiple lines have claims made under them  Regulatory scrutiny  Includes data security  Insurance depts. such as Connecticut want to know within 5 days of breach of insurer  Increasing accumulation of protected information increase risk of breach of insurers  Medical records and PI of claimants/insureds/beneficiaries  Medicare secondary payer reporting requirements 25
Foreign and International Breach Considerations  Global Transactions, Operations, Data Processing and Storage  U.S. – styled breach notice requirements are being adopted in EU and elsewhere  EU Data Protection Directive may change by year end  Art. 29 W.P., April 2011, recommends breach notification  Definition of Personal Information is broader than U.S. definitions  India  New Data Security Rules issued under Information Technology Act of 2000 effective April 11, 2011  Requires “reasonable security practices” to protect “sensitive personal data” and  Imposes restrictions and requirements for  Collection of data  Disclosure of data  Transfer of data  Security practices and procedures 26
Foreign and International Breach Considerations (cont.)  Notification Considerations  Does the Company have operations there?  Is the Company a data controller or processor in the country?  Does DPA have jurisdiction?  Would it help mitigate reputational risk to notify affected individuals?  Would the Company’s posture in enforcement be improved by notifying government agencies?  Method of Notifying Individuals: Mail or Email: Translated or English?  Remediation Issues  Limited credit monitoring  Call center operations: Toll free? Foreign language capabilities? 27
Thank you Mark E. Schreiber, Partner Theodore P. Augustinos, Partner Laurie A. Kamaiko, Partner mschreiber@eapdlaw.com taugustinos@eapdlaw.com lkamaiko@eapdlaw.com 617.239.0585 860.541.7710 212.912.2768 David S. Szabo, Partner Socheth Sor, Associate dszabo@eapdlaw.com ssor@eapdlaw.com 617.239.0414 860.541.7773 28

Recommandé

Envisioning the Future of Law: Critical Lessons from the 2020 Legal Trends Re...
Envisioning the Future of Law: Critical Lessons from the 2020 Legal Trends Re...Envisioning the Future of Law: Critical Lessons from the 2020 Legal Trends Re...
Envisioning the Future of Law: Critical Lessons from the 2020 Legal Trends Re...Clio - Cloud-Based Legal Technology
 
Key Insights from the 2021 Legal Trends Report
Key Insights from the 2021 Legal Trends ReportKey Insights from the 2021 Legal Trends Report
Key Insights from the 2021 Legal Trends ReportClio - Cloud-Based Legal Technology
 
Client Portal: Delivering the Complete Wealth Picture
Client Portal: Delivering the Complete Wealth PictureClient Portal: Delivering the Complete Wealth Picture
Client Portal: Delivering the Complete Wealth PictureSS&C Advent
 
Legal Tech Innovators Showcase @ ABA TECHSHOW
Legal Tech Innovators Showcase @ ABA TECHSHOWLegal Tech Innovators Showcase @ ABA TECHSHOW
Legal Tech Innovators Showcase @ ABA TECHSHOWEvolve Law
 
Customer experience drives e-signature adoption
Customer experience drives e-signature adoptionCustomer experience drives e-signature adoption
Customer experience drives e-signature adoptionDocuSign
 
The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection Jim Kaplan CIA CFE
 
LoanResolve Brief Presentation
LoanResolve Brief PresentationLoanResolve Brief Presentation
LoanResolve Brief Presentationjimmymac935
 
Implementing Collaboration And Social Computing Into The Enterprise Microsoft
Implementing Collaboration And Social Computing Into The Enterprise MicrosoftImplementing Collaboration And Social Computing Into The Enterprise Microsoft
Implementing Collaboration And Social Computing Into The Enterprise MicrosoftScott Carruth
 

Recommandé

Envisioning the Future of Law: Critical Lessons from the 2020 Legal Trends Re...
Envisioning the Future of Law: Critical Lessons from the 2020 Legal Trends Re...Envisioning the Future of Law: Critical Lessons from the 2020 Legal Trends Re...
Envisioning the Future of Law: Critical Lessons from the 2020 Legal Trends Re...Clio - Cloud-Based Legal Technology
 
Key Insights from the 2021 Legal Trends Report
Key Insights from the 2021 Legal Trends ReportKey Insights from the 2021 Legal Trends Report
Key Insights from the 2021 Legal Trends ReportClio - Cloud-Based Legal Technology
 
Client Portal: Delivering the Complete Wealth Picture
Client Portal: Delivering the Complete Wealth PictureClient Portal: Delivering the Complete Wealth Picture
Client Portal: Delivering the Complete Wealth PictureSS&C Advent
 
Legal Tech Innovators Showcase @ ABA TECHSHOW
Legal Tech Innovators Showcase @ ABA TECHSHOWLegal Tech Innovators Showcase @ ABA TECHSHOW
Legal Tech Innovators Showcase @ ABA TECHSHOWEvolve Law
 
Customer experience drives e-signature adoption
Customer experience drives e-signature adoptionCustomer experience drives e-signature adoption
Customer experience drives e-signature adoptionDocuSign
 
The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection Jim Kaplan CIA CFE
 
LoanResolve Brief Presentation
LoanResolve Brief PresentationLoanResolve Brief Presentation
LoanResolve Brief Presentationjimmymac935
 
Implementing Collaboration And Social Computing Into The Enterprise Microsoft
Implementing Collaboration And Social Computing Into The Enterprise MicrosoftImplementing Collaboration And Social Computing Into The Enterprise Microsoft
Implementing Collaboration And Social Computing Into The Enterprise MicrosoftScott Carruth
 
Proactively improve reporting access with data accuracy tools and best practices
Proactively improve reporting access with data accuracy tools and best practicesProactively improve reporting access with data accuracy tools and best practices
Proactively improve reporting access with data accuracy tools and best practicesExperian
 
The Winning Case for (Law Firm) Online Document Management
The Winning Case for (Law Firm) Online Document Management The Winning Case for (Law Firm) Online Document Management
The Winning Case for (Law Firm) Online Document Management LexisNexis Software Division
 
Ibm odm fraud detection & management system
Ibm odm fraud detection & management systemIbm odm fraud detection & management system
Ibm odm fraud detection & management systemsflynn073
 
Collaborative business development for mid size and large law firms
Collaborative business development for mid size and large law firmsCollaborative business development for mid size and large law firms
Collaborative business development for mid size and large law firmsClio - Cloud-Based Legal Technology
 
Intro to Credit
Intro to CreditIntro to Credit
Intro to CreditSelf Financial, Inc.
 
How Finance is driving growth in the Digital Age via OpenText
How Finance is driving growth in the Digital Age via OpenTextHow Finance is driving growth in the Digital Age via OpenText
How Finance is driving growth in the Digital Age via OpenTextOpenText
 
Streamlining Technology at Mid-Sized Law Firms
Streamlining Technology at Mid-Sized Law FirmsStreamlining Technology at Mid-Sized Law Firms
Streamlining Technology at Mid-Sized Law FirmsClio - Cloud-Based Legal Technology
 
VMworld 2013: Transform IT Into a Service Broker – Key Success Factors
VMworld 2013: Transform IT Into a Service Broker – Key Success Factors VMworld 2013: Transform IT Into a Service Broker – Key Success Factors
VMworld 2013: Transform IT Into a Service Broker – Key Success Factors VMworld
 
The Future of Underwriting
The Future of Underwriting The Future of Underwriting
The Future of Underwriting EIJAZ MUHAMMAD
 
PCI_Presentation_OASIS
PCI_Presentation_OASISPCI_Presentation_OASIS
PCI_Presentation_OASISDermot Clarke
 
Glenndenning Morgage Final Submission
Glenndenning Morgage Final SubmissionGlenndenning Morgage Final Submission
Glenndenning Morgage Final SubmissionPeter.J Quarelli
 
Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10) Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10) Jim Kaplan CIA CFE
 
Seminar fico and credit scores presentation new for posting
Seminar fico and credit scores presentation new for postingSeminar fico and credit scores presentation new for posting
Seminar fico and credit scores presentation new for postingnokio
 
FRaCT Webinar Deck
FRaCT Webinar DeckFRaCT Webinar Deck
FRaCT Webinar DeckTeradata
 
Lightwell Healthcare B2B Gateway Solution Guide
Lightwell Healthcare B2B Gateway Solution GuideLightwell Healthcare B2B Gateway Solution Guide
Lightwell Healthcare B2B Gateway Solution GuideLightwell
 
CEB Legal Executive Webinar - A conversation with Axiom and The Vanguard Group
CEB Legal Executive Webinar - A conversation with Axiom and The Vanguard GroupCEB Legal Executive Webinar - A conversation with Axiom and The Vanguard Group
CEB Legal Executive Webinar - A conversation with Axiom and The Vanguard GroupAxiom_Global
 
Corporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityCorporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityJoan Weber
 
Legal Entity Risk and Counter-Party Exposure April 2016
Legal Entity Risk and Counter-Party Exposure April 2016Legal Entity Risk and Counter-Party Exposure April 2016
Legal Entity Risk and Counter-Party Exposure April 2016bfreeman1987
 
Tracking down outliers
Tracking down outliersTracking down outliers
Tracking down outliersJim Kaplan CIA CFE
 
VaR of Operational Risk
VaR of Operational RiskVaR of Operational Risk
VaR of Operational RiskRahmat Mulyana
 
Operational Risk for Bank
Operational Risk for BankOperational Risk for Bank
Operational Risk for BankRahmat Mulyana
 
Operational Risk Management Under Basel II & Basel III
Operational Risk Management Under Basel II & Basel IIIOperational Risk Management Under Basel II & Basel III
Operational Risk Management Under Basel II & Basel IIIEneni Oduwole
 

Contenu connexe

Tendances

Proactively improve reporting access with data accuracy tools and best practices
Proactively improve reporting access with data accuracy tools and best practicesProactively improve reporting access with data accuracy tools and best practices
Proactively improve reporting access with data accuracy tools and best practicesExperian
 
The Winning Case for (Law Firm) Online Document Management
The Winning Case for (Law Firm) Online Document Management The Winning Case for (Law Firm) Online Document Management
The Winning Case for (Law Firm) Online Document Management LexisNexis Software Division
 
Ibm odm fraud detection & management system
Ibm odm fraud detection & management systemIbm odm fraud detection & management system
Ibm odm fraud detection & management systemsflynn073
 
Collaborative business development for mid size and large law firms
Collaborative business development for mid size and large law firmsCollaborative business development for mid size and large law firms
Collaborative business development for mid size and large law firmsClio - Cloud-Based Legal Technology
 
How Finance is driving growth in the Digital Age via OpenText
How Finance is driving growth in the Digital Age via OpenTextHow Finance is driving growth in the Digital Age via OpenText
How Finance is driving growth in the Digital Age via OpenTextOpenText
 
VMworld 2013: Transform IT Into a Service Broker – Key Success Factors
VMworld 2013: Transform IT Into a Service Broker – Key Success Factors VMworld 2013: Transform IT Into a Service Broker – Key Success Factors
VMworld 2013: Transform IT Into a Service Broker – Key Success Factors VMworld
 
The Future of Underwriting
The Future of Underwriting The Future of Underwriting
The Future of Underwriting EIJAZ MUHAMMAD
 
PCI_Presentation_OASIS
PCI_Presentation_OASISPCI_Presentation_OASIS
PCI_Presentation_OASISDermot Clarke
 
Glenndenning Morgage Final Submission
Glenndenning Morgage Final SubmissionGlenndenning Morgage Final Submission
Glenndenning Morgage Final SubmissionPeter.J Quarelli
 
Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10) Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10) Jim Kaplan CIA CFE
 
Seminar fico and credit scores presentation new for posting
Seminar fico and credit scores presentation new for postingSeminar fico and credit scores presentation new for posting
Seminar fico and credit scores presentation new for postingnokio
 
FRaCT Webinar Deck
FRaCT Webinar DeckFRaCT Webinar Deck
FRaCT Webinar DeckTeradata
 
Lightwell Healthcare B2B Gateway Solution Guide
Lightwell Healthcare B2B Gateway Solution GuideLightwell Healthcare B2B Gateway Solution Guide
Lightwell Healthcare B2B Gateway Solution GuideLightwell
 
CEB Legal Executive Webinar - A conversation with Axiom and The Vanguard Group
CEB Legal Executive Webinar - A conversation with Axiom and The Vanguard GroupCEB Legal Executive Webinar - A conversation with Axiom and The Vanguard Group
CEB Legal Executive Webinar - A conversation with Axiom and The Vanguard GroupAxiom_Global
 
Corporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityCorporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityJoan Weber
 
Legal Entity Risk and Counter-Party Exposure April 2016
Legal Entity Risk and Counter-Party Exposure April 2016Legal Entity Risk and Counter-Party Exposure April 2016
Legal Entity Risk and Counter-Party Exposure April 2016bfreeman1987
 

Tendances (19)

Proactively improve reporting access with data accuracy tools and best practices
Proactively improve reporting access with data accuracy tools and best practicesProactively improve reporting access with data accuracy tools and best practices
Proactively improve reporting access with data accuracy tools and best practices
 
The Winning Case for (Law Firm) Online Document Management
The Winning Case for (Law Firm) Online Document Management The Winning Case for (Law Firm) Online Document Management
The Winning Case for (Law Firm) Online Document Management
 
Ibm odm fraud detection & management system
Ibm odm fraud detection & management systemIbm odm fraud detection & management system
Ibm odm fraud detection & management system
 
Collaborative business development for mid size and large law firms
Collaborative business development for mid size and large law firmsCollaborative business development for mid size and large law firms
Collaborative business development for mid size and large law firms
 
Intro to Credit
Intro to CreditIntro to Credit
Intro to Credit
 
How Finance is driving growth in the Digital Age via OpenText
How Finance is driving growth in the Digital Age via OpenTextHow Finance is driving growth in the Digital Age via OpenText
How Finance is driving growth in the Digital Age via OpenText
 
Streamlining Technology at Mid-Sized Law Firms
Streamlining Technology at Mid-Sized Law FirmsStreamlining Technology at Mid-Sized Law Firms
Streamlining Technology at Mid-Sized Law Firms
 
VMworld 2013: Transform IT Into a Service Broker – Key Success Factors
VMworld 2013: Transform IT Into a Service Broker – Key Success Factors VMworld 2013: Transform IT Into a Service Broker – Key Success Factors
VMworld 2013: Transform IT Into a Service Broker – Key Success Factors
 
The Future of Underwriting
The Future of Underwriting The Future of Underwriting
The Future of Underwriting
 
PCI_Presentation_OASIS
PCI_Presentation_OASISPCI_Presentation_OASIS
PCI_Presentation_OASIS
 
Glenndenning Morgage Final Submission
Glenndenning Morgage Final SubmissionGlenndenning Morgage Final Submission
Glenndenning Morgage Final Submission
 
Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10) Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10)
 
Seminar fico and credit scores presentation new for posting
Seminar fico and credit scores presentation new for postingSeminar fico and credit scores presentation new for posting
Seminar fico and credit scores presentation new for posting
 
FRaCT Webinar Deck
FRaCT Webinar DeckFRaCT Webinar Deck
FRaCT Webinar Deck
 
Lightwell Healthcare B2B Gateway Solution Guide
Lightwell Healthcare B2B Gateway Solution GuideLightwell Healthcare B2B Gateway Solution Guide
Lightwell Healthcare B2B Gateway Solution Guide
 
CEB Legal Executive Webinar - A conversation with Axiom and The Vanguard Group
CEB Legal Executive Webinar - A conversation with Axiom and The Vanguard GroupCEB Legal Executive Webinar - A conversation with Axiom and The Vanguard Group
CEB Legal Executive Webinar - A conversation with Axiom and The Vanguard Group
 
Corporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityCorporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber Security
 
Legal Entity Risk and Counter-Party Exposure April 2016
Legal Entity Risk and Counter-Party Exposure April 2016Legal Entity Risk and Counter-Party Exposure April 2016
Legal Entity Risk and Counter-Party Exposure April 2016
 
Tracking down outliers
Tracking down outliersTracking down outliers
Tracking down outliers
 

En vedette

VaR of Operational Risk
VaR of Operational RiskVaR of Operational Risk
VaR of Operational RiskRahmat Mulyana
 
Operational Risk for Bank
Operational Risk for BankOperational Risk for Bank
Operational Risk for BankRahmat Mulyana
 
Operational Risk Management Under Basel II & Basel III
Operational Risk Management Under Basel II & Basel IIIOperational Risk Management Under Basel II & Basel III
Operational Risk Management Under Basel II & Basel IIIEneni Oduwole
 
Chapter 5 operational aspects & practices of Islamic banking system
Chapter 5 operational aspects & practices of Islamic banking systemChapter 5 operational aspects & practices of Islamic banking system
Chapter 5 operational aspects & practices of Islamic banking systemIzzuddin Norrahman
 
10 Key Principles of Operational Risk Management
10 Key Principles of Operational Risk Management10 Key Principles of Operational Risk Management
10 Key Principles of Operational Risk ManagementColleen Beck-Domanico
 
Operational Risk & Basel Ii
Operational Risk & Basel IiOperational Risk & Basel Ii
Operational Risk & Basel Iijhsiddiqi2003
 
Identifikasi risiko
Identifikasi risikoIdentifikasi risiko
Identifikasi risikoyy rahmat
 
Risk Management - Bahasa Indonesia
Risk Management - Bahasa IndonesiaRisk Management - Bahasa Indonesia
Risk Management - Bahasa IndonesiaAngga Abyasa
 
Operation Risk Management in Banking Sector
Operation Risk Management in Banking SectorOperation Risk Management in Banking Sector
Operation Risk Management in Banking SectorSanjay Kumbhar
 
Analisis risiko kuantitatif
Analisis risiko kuantitatifAnalisis risiko kuantitatif
Analisis risiko kuantitatifyy rahmat
 
Operational Risk Management
Operational Risk ManagementOperational Risk Management
Operational Risk Managementarsqureshi
 
PPT Pengukuran Resiko
PPT Pengukuran ResikoPPT Pengukuran Resiko
PPT Pengukuran Resikosssf
 
MITIGATING OPERATIONAL RISK: RISK TRANSFER SOLUTIONS
MITIGATING OPERATIONAL RISK: RISK TRANSFER SOLUTIONSMITIGATING OPERATIONAL RISK: RISK TRANSFER SOLUTIONS
MITIGATING OPERATIONAL RISK: RISK TRANSFER SOLUTIONSMichel Rochette
 

En vedette (15)

VaR of Operational Risk
VaR of Operational RiskVaR of Operational Risk
VaR of Operational Risk
 
Operational Risk for Bank
Operational Risk for BankOperational Risk for Bank
Operational Risk for Bank
 
Operational Risk Management Under Basel II & Basel III
Operational Risk Management Under Basel II & Basel IIIOperational Risk Management Under Basel II & Basel III
Operational Risk Management Under Basel II & Basel III
 
Chapter 5 operational aspects & practices of Islamic banking system
Chapter 5 operational aspects & practices of Islamic banking systemChapter 5 operational aspects & practices of Islamic banking system
Chapter 5 operational aspects & practices of Islamic banking system
 
10 Key Principles of Operational Risk Management
10 Key Principles of Operational Risk Management10 Key Principles of Operational Risk Management
10 Key Principles of Operational Risk Management
 
Operational Risk & Basel Ii
Operational Risk & Basel IiOperational Risk & Basel Ii
Operational Risk & Basel Ii
 
Key risk indicators shareslide
Key risk indicators shareslideKey risk indicators shareslide
Key risk indicators shareslide
 
Risk Management - Islamic Banking
Risk Management - Islamic BankingRisk Management - Islamic Banking
Risk Management - Islamic Banking
 
Identifikasi risiko
Identifikasi risikoIdentifikasi risiko
Identifikasi risiko
 
Risk Management - Bahasa Indonesia
Risk Management - Bahasa IndonesiaRisk Management - Bahasa Indonesia
Risk Management - Bahasa Indonesia
 
Operation Risk Management in Banking Sector
Operation Risk Management in Banking SectorOperation Risk Management in Banking Sector
Operation Risk Management in Banking Sector
 
Analisis risiko kuantitatif
Analisis risiko kuantitatifAnalisis risiko kuantitatif
Analisis risiko kuantitatif
 
Operational Risk Management
Operational Risk ManagementOperational Risk Management
Operational Risk Management
 
PPT Pengukuran Resiko
PPT Pengukuran ResikoPPT Pengukuran Resiko
PPT Pengukuran Resiko
 
MITIGATING OPERATIONAL RISK: RISK TRANSFER SOLUTIONS
MITIGATING OPERATIONAL RISK: RISK TRANSFER SOLUTIONSMITIGATING OPERATIONAL RISK: RISK TRANSFER SOLUTIONS
MITIGATING OPERATIONAL RISK: RISK TRANSFER SOLUTIONS
 

Similaire à Data breaches at home and abroad

The Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTThe Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTCompliancy Group
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White PaperTodd Ruback
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paperspencerharry
 
Date Use Rules in Different Business Scenarios:It's All Contextual
Date Use Rules in Different Business Scenarios:It's All Contextual Date Use Rules in Different Business Scenarios:It's All Contextual
Date Use Rules in Different Business Scenarios:It's All Contextual William Tanenbaum
 
Date Use Rules in Different Business Scenarios: It's All Contextual
Date Use Rules in Different Business Scenarios: It's All ContextualDate Use Rules in Different Business Scenarios: It's All Contextual
Date Use Rules in Different Business Scenarios: It's All ContextualWilliam Tanenbaum
 
Wm Tanenbaum Data Business Cases
Wm Tanenbaum Data Business CasesWm Tanenbaum Data Business Cases
Wm Tanenbaum Data Business CasesWilliam Tanenbaum
 
William Tanenbaum Data Use Rules in Different Business Scenarios: It's All C...
William Tanenbaum Data Use Rules in Different Business Scenarios: It's All C...William Tanenbaum Data Use Rules in Different Business Scenarios: It's All C...
William Tanenbaum Data Use Rules in Different Business Scenarios: It's All C...William Tanenbaum
 
Date Use Rules in Different Business Scenarios: It's All Contextual
Date Use Rules in Different Business Scenarios: It's All Contextual Date Use Rules in Different Business Scenarios: It's All Contextual
Date Use Rules in Different Business Scenarios: It's All Contextual William Tanenbaum
 
Date Use Rules in Different Business Scenarios: It's All Contextual
Date Use Rules in Different Business Scenarios: It's All Contextual Date Use Rules in Different Business Scenarios: It's All Contextual
Date Use Rules in Different Business Scenarios: It's All Contextual William Tanenbaum
 
Date Use Rules in Different Business Scenarios: It's All Contectual it is all...
Date Use Rules in Different Business Scenarios: It's All Contectual it is all...Date Use Rules in Different Business Scenarios: It's All Contectual it is all...
Date Use Rules in Different Business Scenarios: It's All Contectual it is all...William Tanenbaum
 
Date Use Rules in Different Business Scenarios: It's All Contextual
Date Use Rules in Different Business Scenarios: It's All Contextual Date Use Rules in Different Business Scenarios: It's All Contextual
Date Use Rules in Different Business Scenarios: It's All Contextual William Tanenbaum
 
Data Use Rules in Different Business Scenarios: It's All Contextual
Data Use Rules in Different Business Scenarios: It's All Contextual Data Use Rules in Different Business Scenarios: It's All Contextual
Data Use Rules in Different Business Scenarios: It's All Contextual William Tanenbaum
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White PaperDmcenter
 
Data Security Regulatory Lansdcape
Data Security Regulatory LansdcapeData Security Regulatory Lansdcape
Data Security Regulatory LansdcapeBrian Bauer
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Financial Poise
 
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdfThe Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdfProtected Harbor
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guideAdilsonSuende
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselCasey Ellis
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counselbugcrowd
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
 

Similaire à Data breaches at home and abroad (20)

The Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTThe Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOT
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
 
Date Use Rules in Different Business Scenarios:It's All Contextual
Date Use Rules in Different Business Scenarios:It's All Contextual Date Use Rules in Different Business Scenarios:It's All Contextual
Date Use Rules in Different Business Scenarios:It's All Contextual
 
Date Use Rules in Different Business Scenarios: It's All Contextual
Date Use Rules in Different Business Scenarios: It's All ContextualDate Use Rules in Different Business Scenarios: It's All Contextual
Date Use Rules in Different Business Scenarios: It's All Contextual
 
Wm Tanenbaum Data Business Cases
Wm Tanenbaum Data Business CasesWm Tanenbaum Data Business Cases
Wm Tanenbaum Data Business Cases
 
William Tanenbaum Data Use Rules in Different Business Scenarios: It's All C...
William Tanenbaum Data Use Rules in Different Business Scenarios: It's All C...William Tanenbaum Data Use Rules in Different Business Scenarios: It's All C...
William Tanenbaum Data Use Rules in Different Business Scenarios: It's All C...
 
Date Use Rules in Different Business Scenarios: It's All Contextual
Date Use Rules in Different Business Scenarios: It's All Contextual Date Use Rules in Different Business Scenarios: It's All Contextual
Date Use Rules in Different Business Scenarios: It's All Contextual
 
Date Use Rules in Different Business Scenarios: It's All Contextual
Date Use Rules in Different Business Scenarios: It's All Contextual Date Use Rules in Different Business Scenarios: It's All Contextual
Date Use Rules in Different Business Scenarios: It's All Contextual
 
Date Use Rules in Different Business Scenarios: It's All Contectual it is all...
Date Use Rules in Different Business Scenarios: It's All Contectual it is all...Date Use Rules in Different Business Scenarios: It's All Contectual it is all...
Date Use Rules in Different Business Scenarios: It's All Contectual it is all...
 
Date Use Rules in Different Business Scenarios: It's All Contextual
Date Use Rules in Different Business Scenarios: It's All Contextual Date Use Rules in Different Business Scenarios: It's All Contextual
Date Use Rules in Different Business Scenarios: It's All Contextual
 
Data Use Rules in Different Business Scenarios: It's All Contextual
Data Use Rules in Different Business Scenarios: It's All Contextual Data Use Rules in Different Business Scenarios: It's All Contextual
Data Use Rules in Different Business Scenarios: It's All Contextual
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White Paper
 
Data Security Regulatory Lansdcape
Data Security Regulatory LansdcapeData Security Regulatory Lansdcape
Data Security Regulatory Lansdcape
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
 
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdfThe Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guide
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
 

Plus de Law Practice Strategy

Solos and small firms, thrive in the new legal marketplace
Solos and small firms, thrive in the new legal marketplaceSolos and small firms, thrive in the new legal marketplace
Solos and small firms, thrive in the new legal marketplaceLaw Practice Strategy
 
Alternative Fee Arrangements: Pricing for a Win-Win Relationship
Alternative Fee Arrangements: Pricing for a Win-Win RelationshipAlternative Fee Arrangements: Pricing for a Win-Win Relationship
Alternative Fee Arrangements: Pricing for a Win-Win RelationshipLaw Practice Strategy
 
Virtual Law Office - What It Is & How to Use It
Virtual Law Office - What It Is & How to Use ItVirtual Law Office - What It Is & How to Use It
Virtual Law Office - What It Is & How to Use ItLaw Practice Strategy
 
Legal Blogging: How to Educate and Attract New Clients
Legal Blogging: How to Educate and Attract New ClientsLegal Blogging: How to Educate and Attract New Clients
Legal Blogging: How to Educate and Attract New ClientsLaw Practice Strategy
 
Lawyers as Entrepreneurs: Thriving in a Sea of Change ppp
Lawyers as Entrepreneurs: Thriving in a Sea of Change pppLawyers as Entrepreneurs: Thriving in a Sea of Change ppp
Lawyers as Entrepreneurs: Thriving in a Sea of Change pppLaw Practice Strategy
 

Plus de Law Practice Strategy (8)

Ethics for lawyers in the cloud
Ethics for lawyers in the cloudEthics for lawyers in the cloud
Ethics for lawyers in the cloud
 
Solos and small firms, thrive in the new legal marketplace
Solos and small firms, thrive in the new legal marketplaceSolos and small firms, thrive in the new legal marketplace
Solos and small firms, thrive in the new legal marketplace
 
Marketing your virtual law office
Marketing your virtual law officeMarketing your virtual law office
Marketing your virtual law office
 
Going Solo - Virtually
Going Solo - VirtuallyGoing Solo - Virtually
Going Solo - Virtually
 
Alternative Fee Arrangements: Pricing for a Win-Win Relationship
Alternative Fee Arrangements: Pricing for a Win-Win RelationshipAlternative Fee Arrangements: Pricing for a Win-Win Relationship
Alternative Fee Arrangements: Pricing for a Win-Win Relationship
 
Virtual Law Office - What It Is & How to Use It
Virtual Law Office - What It Is & How to Use ItVirtual Law Office - What It Is & How to Use It
Virtual Law Office - What It Is & How to Use It
 
Legal Blogging: How to Educate and Attract New Clients
Legal Blogging: How to Educate and Attract New ClientsLegal Blogging: How to Educate and Attract New Clients
Legal Blogging: How to Educate and Attract New Clients
 
Lawyers as Entrepreneurs: Thriving in a Sea of Change ppp
Lawyers as Entrepreneurs: Thriving in a Sea of Change pppLawyers as Entrepreneurs: Thriving in a Sea of Change ppp
Lawyers as Entrepreneurs: Thriving in a Sea of Change ppp
 

Dernier

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 

Dernier (20)

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 

Data breaches at home and abroad

  • 1. Data Breaches at Home and Abroad: This Can Mean You Too! Lessons Learned from the Past, and What’s Coming Up in the Future for US and Multi-National Entities Mark E. Schreiber, Chair, Privacy and Data Protection Group Theodore P. Augustinos, Co-Chair Laurie A. Kamaiko, Co-Chair David S. Szabo Socheth Sor
  • 2. Agenda  Current Breach Landscape  Breach Response Tips  Massachusetts Data Security Requirements: Update  Credit Card Issues  HIPAA and HITECH Developments  Data Breach Litigation  Cyber Risk Insurance  Foreign and International Data breach Considerations 1
  • 3. Current Breach Landscape  Company records containing personal information of individuals  increasingly exposed to malevolent or inadvertent disclosures  costs going up drastically  96% avoidable through simple to intermediate security controls  88% of U.S. companies said to have experienced data breach in 2010  some multiple times  About 40% of executives in one recent Deloitte survey said they expected their company to have an electronic security breach in next 12 months  Roughly ½ said they were not adequately prepared for it 2
  • 4. Cost of Breaches Increasing  2011 had troubled beginning  9.5M records exposed (excluding 100M plus in Sony)  Sony  Google  Epsilon  Citibank  Anonymous/LulzSec  Massachusetts Executive Office of Labor and Workforce Development and other government agencies  Multiple Hospitals and other Healthcare providers  Average total cost per US company: $7.2 M (2010) up from $6.75 M (2009)  $3.4 M in Germany, $2.5 M in UK and France (2009)  329 organizations reported 86,455 laptops lost (2010)  Avg. cost of $6.4 million per company  222 million records repeatedly compromised in US in 2009 (likely undercounts)  10 million patient records in 272 events (OCR report)  $6B cost annually Ponemon, 2010 Annual Study: U.S. Cost of a Data Breach; Global 2009 Annual Study on Cost of a Data Breach 3 Verizon, April 2011: 2011 Data Breach Investigations Report
  • 5. Responsibility for Breaches According to Ponemon Studies:  Third Party Outsourcers – 39% of breaches (slight decline from 2009), but cost up 39%.  Lost/Stolen laptops and other mobile devices – 35% (36% in 2009, but cost up 15%).  Systems failure – 27%, a 9% decline as companies work harder on prevention and more technologies are available.  Negligence – 41% (1% increase); costs up 27%.  Malicious/Criminal – 31% (7%/highest increase) 2010 was first time malicious attacks are not least frequent cause. They are the most expensive; increasingly stealthy and successful, requiring more resources. 4
  • 6. Breach Response Tips  Assemble the team  Decision-maker level of management  IT  Data Forensics  Legal Counsel  Breach Response Services  Call center  Processing  Mailing  Customer, Public, Media and Governmental Relations  Containment  Find and stop the cause of the breach.  First priority is to stop the loss of data, preferably by taking steps that will preserve the information needed for the investigation 5
  • 7. Breach Response Tips (cont.)  Investigation  What happened?  What information was affected?  Where do affected individuals reside?  Analysis – Review results of the investigation under applicable requirements, and contractual requirements, including PCI-DSS.  Remediation  Choice of products and services to be offered to affected individuals, if any  Credit Monitoring  Credit Restoration Services  Credit Insurance  Other 6
  • 8. Breach Response Tips (cont.)  Communication  Affected Individuals  State Agencies  FTC, HHS, as appropriate.  Card Brands, Merchant Bankers and Card Processors  Employees  Other Constituents  Reaction to Inquiries  Affected Individuals and other consumers or clients  Media  Governmental Agencies 7
  • 9. Breach Response Tips (cont.)  Experience at all levels is critical (even the call center)  Benefits of a third-party forensics team  Credible third party assessment  Reliable Chain of Custody  Backups of all pertinent system logs  Attorney-client privilege  Review availability of insurance coverage and affect any required notification.  Conduct the Investigation  Legal, Analysis and Decision-Making  Draft and Effect Required Notices 8
  • 10. Breach Response Tips (cont.)  Top Five Ways to Avoid a Breach  Assemble the Team and Assess the Data  Develop Policies and Procedures  Control Hardware and Software  Mitigate Risk  Train, Test, Update and Monitor. Repeat 9
  • 11. Breach Response Tips (cont.)  Top Five Ways to Respond to a Breach  Assemble the Response Team  Do the Forensics and Assess the Data  Develop and Effectuate Remediation  Draft and Effect Notices  Review Preventative Measures 10
  • 12. Massachusetts Data Security Requirements: Update  State of the Art in Policies and Procedures  Massachusetts requirements for comprehensive written information security programs are both more broad and more specific than those of other states  More Broad – Extend to areas not covered by others  Written Policy Requirements  Technology and other security requirements  Vendor Contracts  More Specific – Impose specific requirements for security  Encryption  Specific requirements for vendor selection, contracting and management  Different – Unique breach notice requirements and limitations 11
  • 13. Massachusetts Data Security Requirements: Update (cont.)  State of the Art in Enforcement?  Briar Group, LLC  Chain of restaurants and bars allegedly suffered malware intrusion  Allegedly continued to accept credit cards after knowledge of attack and prior to effective remediation, without notifying patrons of risk  Consent order entered by Mass AG included significant fine  Breach pre-dated MA Data Security Regulation  Enforcement pursued under general consumer protection statute  Enforcement posture based in part on apparent position that failure to comply with PCI-DSS = violations of consumer protection statute  Effectively adopts PCI-DSS as legal standard of conduct in the Commonwealth? 12
  • 14. Credit Card Issues  PCI-DSS  Industry Standard imposed by merchant banking contracts  Incorporated into Nevada law by statute  Imposed by Massachusetts enforcement posture?  Credit Card Breaches  Brand, Merchant Bank and Processor Notifications  Involvement of QIRA and QSA  Self-Assessment Questionnaire and Certification 13
  • 15. HIPAA Enforcement  Cignet Healthcare -- $4.3 million penalty  Partners Health Care System -- $1 million settlement  Interesting Questions  What is an “ongoing violation?”  How should penalties be calculated?  Does the statute authorize daily penalties? 14
  • 16. Resolution Agreements  Five agreements on OCR website  Settlements range from $35,000 to $2.25 million  Four are fundamentally based on security failures (lost or stolen information, improper disposal of information).  One is predominantly a privacy case (unauthorized use of PHI for marketing).  All have a corrective action plan. Terms for CAPs are three years (4) and two years (1). 15
  • 17. HITECH Rulemaking  Accounting for Disclosures—proposed rule issued May 31, 2011. Includes two rights: right to an accounting of disclosures, and right to receive an electronic medical records access report  Period for accounting reduced to three years from six years.  Disclosures to be accounted for to be explicitly listed in the final rule. Comment is requested on specific items to be added or excluded from the list. 16
  • 18. HITECH Rulemaking (cont.)  Access Reports  OCR proposes a report of every time a person accesses electronic data in a designated record set, whether a disclosure is made or not.  OCR takes the position that access logs already are required by the Security Rule—such that the regulation only requires access to a document that should be readily available.  Individuals can request reports reflecting access on specific dates or by specific individuals.  Reports must be aggregated if data resides on more than one information system (EMR, billing, etc). 17
  • 19. HITECH Rulemaking (cont.)  Still pending: Final rule for a large number of other HITECH mandated changes, including:  Marketing Authorizations  Business Associate Agreements  Transition Provisions  Sale of PHI  Research Authorizations  Decedents  Immunizations  Minimum Necessary  Fundraising  Notice Requirements 18  Access Rights for Individuals
  • 20. Data Breach Litigation Article III Standing Required  Data breach class actions  Tend to be in federal court due to Class Action Fairness Act. 28 U.S.C. § 1332(d)  If in state court, may be removable  Federal lawsuits must satisfy Article III standing requirement  Requires a “case or controversy” requiring an injury in fact that is actual or imminent, not conjectural or hypothetical. 19
  • 21. Data Breach Litigation Article III Standing Required (cont.)  Several lower federal courts have found that increased risk of identity theft as result of data breach not an injury in fact  Two federal appellate courts found increased risk of identity theft satisfies injury in fact requirement  Sixth Circuit suggested increased risk of identity theft too conjectural to be injury in fact 20
  • 22. Data Breach Litigation Cognizable Injury Also Required  If standing requirements satisfied  Plaintiffs still need to allege injury for which state law provides remedy  Injuries not cognizable (generally) under state common law:  Increased risk of identity theft  Time and effort spent closing accounts/protecting credit ratings  Court finds cognizable injury in statutory claim  Doe 1 v. AOL LLC, 719 F.Supp.2d 1102 (N.D. Ca. 2010)  Claim under California Consumers Legal Remedy Act  Statute says consumer suffering “any damage” may bring a claim  Defendant exposed “highly sensitive” personal information of plaintiffs  Sufficient allegation of injury under statute  Moral: state law on injury may determine outcome of motion 21 to dismiss
  • 23. Data Breach Litigation Class Certification  Plaintiffs’ attorneys need financial incentive of class action in order to pursue data breach action  Individual losses will generally be too small  Court may not certify class  May not be worth proceeding without class 22
  • 24. Cyber Risk Insurance  Specialty cyber risk/data protection/tech policies  Personal information breaches  Network security  Cyber extortion  Business Disruption  Often can be sub-limits and other limitations on coverage  Terms/Scope of coverage vary 23
  • 25. Other Insurance  Claims often made under more traditional lines (although frequently exclusions/coverage defenses apply)  Property  Crime/Fidelity  K&R  CGL  Coverage A –property damage/BI-emotional distress  Coverage B – injury arising out of publication that violated the data owners privacy  Professional liability  Lawyers, real estate agents, A&E, etc.  D&O  Approval/Lack of security plans  How a breach is handled  What is said about the cause and remediation 24
  • 26. Other Insurance Issues  Aggregation of risk on policies issued  The cyber hurricane (simultaneous attack on multiple targets)  Multiple insureds impacted  Multiple lines have claims made under them  Regulatory scrutiny  Includes data security  Insurance depts. such as Connecticut want to know within 5 days of breach of insurer  Increasing accumulation of protected information increase risk of breach of insurers  Medical records and PI of claimants/insureds/beneficiaries  Medicare secondary payer reporting requirements 25
  • 27. Foreign and International Breach Considerations  Global Transactions, Operations, Data Processing and Storage  U.S. – styled breach notice requirements are being adopted in EU and elsewhere  EU Data Protection Directive may change by year end  Art. 29 W.P., April 2011, recommends breach notification  Definition of Personal Information is broader than U.S. definitions  India  New Data Security Rules issued under Information Technology Act of 2000 effective April 11, 2011  Requires “reasonable security practices” to protect “sensitive personal data” and  Imposes restrictions and requirements for  Collection of data  Disclosure of data  Transfer of data  Security practices and procedures 26
  • 28. Foreign and International Breach Considerations (cont.)  Notification Considerations  Does the Company have operations there?  Is the Company a data controller or processor in the country?  Does DPA have jurisdiction?  Would it help mitigate reputational risk to notify affected individuals?  Would the Company’s posture in enforcement be improved by notifying government agencies?  Method of Notifying Individuals: Mail or Email: Translated or English?  Remediation Issues  Limited credit monitoring  Call center operations: Toll free? Foreign language capabilities? 27
  • 29. Thank you Mark E. Schreiber, Partner Theodore P. Augustinos, Partner Laurie A. Kamaiko, Partner mschreiber@eapdlaw.com taugustinos@eapdlaw.com lkamaiko@eapdlaw.com 617.239.0585 860.541.7710 212.912.2768 David S. Szabo, Partner Socheth Sor, Associate dszabo@eapdlaw.com ssor@eapdlaw.com 617.239.0414 860.541.7773 28