SlideShare une entreprise Scribd logo

Your've Been Hacked in Florida! Now What?

Schellman & Company
Schellman & Company

Navigating Florida's new data privacy law when a data breach strikes.

Business
1  sur  21
Télécharger pour lire hors ligne
1 YOU’VE BEEN HACKED IN FLORIDA! NOW WHAT? Navigating Florida’s new data privacy law when a data breach strikes
2 CYBER THREAT LANDSCAPE
3 TARGET: Stolen information involved at least 70 million people
4 CYBER THREATS • Inexperienced • Limited funding • Opportunistic behavior • Target known vulnerabilities • Use viruses, worms, rudimentary trojans, bots • Acting for thrills, bragging rights • Easily detected Threat Level 1: Garden Variety • Higher-order skills • Well financed • Targeted activity • Target known vulnerabilities • Use viruses, worms, trojans, bots as means to introduce more sophisticated tools • Target and exploit valuable data • Detectable, but hard to attribute Threat Level 2: Mercenary • Very sophisticated tradecraft • Foreign intel agencies • Very well financed • Target technology as well as info • Use wide range of tradecraft • Establish covert presence on sensitive networks • Difficult to detect • Supply Interdiction/hardware implants Threat Level 3: Nation State
5 SOURCES OF DATA BREACH Lost laptop or other device 49% Third party or outsourcer 16% Paper records 9% Malicious insider 9% Electronic backup 7% Hacked systems 5% Malicious code 4% Undisclosed 2%
6 Data Breach Fact Pattern Atlanta based restaurant company has chains throughout the east coast, including Florida. Company learns that hacker has obtained access to credit card information used by restaurants in Florida. Assume that only Florida residents have been impacted. The company has also learned that an employee has absconded with the social security numbers and names of other employees of the company. This information was contained in paper files of the company, not electronic form.
7 WHAT DO YOU DO?
8 Florida’s new data breach law • Florida Information Protection Act of 2014 • Effective July 1, 2014 • Applies to covered entities
9 Florida’s new data breach law • How does the law define a breach? • How does the law define personally identifying information? • Does Florida’s new data breach law apply to businesses operating outside of Florida
10 Law enforcement? • What obligations do you have to notify the Florida Attorney General’s office? • What should the notice say? • How soon must the notice be issued to the Florida AG? • Handling forensic reports
11 Notifying the public • When must the public be notified? • How should the public be notified? • What should the notification say?
12 Litigation concerns • Does the statute create a private right of action? • Could the Florida AG enforce the statute against businesses? • Who has the right to enforce the statute? • How could the statute be used by plaintiffs’ lawyers?
13 COMPLIANCE
14 Why do you need internal controls • Increased regulatory requirements • Mandated by user entity (i.e., VMO) • Increased outsourcing relationships • Need for insight into internal controls
15 Education • Webinars / training • Perform training and awareness • Communication plans • Set expectations
16 Risk Assessment • Identify in-scope services / locations • Identify subservice organizations • Identify risks • Document processes • Identify control objectives / activities • Identify timeline
17 Compliance/Attestation Reviews • SOC 1/ SSAE 16 • PCI • HIPAA/HITECH • ISO
18 Benefits • Demonstrate design and operational effectiveness • Meet regulatory or contractual mandates • Bolster trust and confidence • Demonstrates management’s responsibility and accountability • Promote a stronger control environment
19 Challenges • Lack of executive / management buy-in • Lack of accountability to manage the process • Insufficient documentation or evidence of a control • Trying to meet multiple compliance efforts • Cost of compliance
20 Conclusion This is just the beginning for data protection
21 WWW.BRIGHTLINE.COM

Recommandé

Cyber security and fl data breach
Cyber security and fl data breachCyber security and fl data breach
Cyber security and fl data breachRob Jackson
 
Identity thefts
Identity theftsIdentity thefts
Identity theftsHHSome
 
Roadshow2013 revised 2 - miis
Roadshow2013 revised 2 - miisRoadshow2013 revised 2 - miis
Roadshow2013 revised 2 - miismcgilla
 
Common Fraud Schemes - Presentation
Common Fraud Schemes - PresentationCommon Fraud Schemes - Presentation
Common Fraud Schemes - PresentationChristopher Hoina
 
Credit card frauds in hospitality
Credit card frauds in hospitalityCredit card frauds in hospitality
Credit card frauds in hospitalityVishal Sharma
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11pdewitte
 
Divorce in the Digital Era
Divorce in the Digital EraDivorce in the Digital Era
Divorce in the Digital EraFrederick Lane
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentDonald E. Hester
 

Recommandé

Cyber security and fl data breach
Cyber security and fl data breachCyber security and fl data breach
Cyber security and fl data breachRob Jackson
 
Identity thefts
Identity theftsIdentity thefts
Identity theftsHHSome
 
Roadshow2013 revised 2 - miis
Roadshow2013 revised 2 - miisRoadshow2013 revised 2 - miis
Roadshow2013 revised 2 - miismcgilla
 
Common Fraud Schemes - Presentation
Common Fraud Schemes - PresentationCommon Fraud Schemes - Presentation
Common Fraud Schemes - PresentationChristopher Hoina
 
Credit card frauds in hospitality
Credit card frauds in hospitalityCredit card frauds in hospitality
Credit card frauds in hospitalityVishal Sharma
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11pdewitte
 
Divorce in the Digital Era
Divorce in the Digital EraDivorce in the Digital Era
Divorce in the Digital EraFrederick Lane
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentDonald E. Hester
 
Facts about computer forensic investigator
Facts about computer forensic investigatorFacts about computer forensic investigator
Facts about computer forensic investigatorcclgroup
 
Investigating & proving cybercrime
Investigating & proving cybercrimeInvestigating & proving cybercrime
Investigating & proving cybercrimeJenny Reid
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidanceAmy Purcell
 
Privacy issues and internet privacy
Privacy issues and internet privacyPrivacy issues and internet privacy
Privacy issues and internet privacyvinyas87
 
“Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation “Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation tomasztopa
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Identity Theft nigerian fraud cross border fraud
Identity Theft nigerian fraud cross border fraudIdentity Theft nigerian fraud cross border fraud
Identity Theft nigerian fraud cross border fraudMatt Smith
 
2015-06-16 IT Security - What You Need to Know
2015-06-16 IT Security - What You Need to Know2015-06-16 IT Security - What You Need to Know
2015-06-16 IT Security - What You Need to KnowRaffa Learning Community
 
2015-03-24 IT Security - What You Need to Know
2015-03-24 IT Security - What You Need to Know2015-03-24 IT Security - What You Need to Know
2015-03-24 IT Security - What You Need to KnowRaffa Learning Community
 
74 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.1674 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.16Glenn E. Davis
 
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...Winston & Strawn LLP
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
Cybercrime and the Healthcare Industry
Cybercrime and the Healthcare IndustryCybercrime and the Healthcare Industry
Cybercrime and the Healthcare IndustryEMC
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacyprimeteacher32
 
cyber crime
cyber crime cyber crime
cyber crime shobhapalpari123
 
Fulcrum Rotary Club- Identity Theft
Fulcrum Rotary Club- Identity TheftFulcrum Rotary Club- Identity Theft
Fulcrum Rotary Club- Identity TheftSteve Meek
 
Recent Legal Cyber Attacks Presented by Accellis Technology Group
Recent Legal Cyber Attacks Presented by Accellis Technology GroupRecent Legal Cyber Attacks Presented by Accellis Technology Group
Recent Legal Cyber Attacks Presented by Accellis Technology GroupAccellis Technology Group
 
The "Current" State of Privacy Law
The "Current" State of Privacy LawThe "Current" State of Privacy Law
The "Current" State of Privacy LawChuck Kunz
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidanceAmy Purcell
 
Protect the Unexpected
Protect the UnexpectedProtect the Unexpected
Protect the UnexpectedCharles Mok
 
Are You Prepared For a Data Breach
Are You Prepared For a Data BreachAre You Prepared For a Data Breach
Are You Prepared For a Data BreachBrian Heidelberger
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyResilient Systems
 

Contenu connexe

Tendances

Facts about computer forensic investigator
Facts about computer forensic investigatorFacts about computer forensic investigator
Facts about computer forensic investigatorcclgroup
 
Investigating & proving cybercrime
Investigating & proving cybercrimeInvestigating & proving cybercrime
Investigating & proving cybercrimeJenny Reid
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidanceAmy Purcell
 
Privacy issues and internet privacy
Privacy issues and internet privacyPrivacy issues and internet privacy
Privacy issues and internet privacyvinyas87
 
“Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation “Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation tomasztopa
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Identity Theft nigerian fraud cross border fraud
Identity Theft nigerian fraud cross border fraudIdentity Theft nigerian fraud cross border fraud
Identity Theft nigerian fraud cross border fraudMatt Smith
 
2015-06-16 IT Security - What You Need to Know
2015-06-16 IT Security - What You Need to Know2015-06-16 IT Security - What You Need to Know
2015-06-16 IT Security - What You Need to KnowRaffa Learning Community
 
2015-03-24 IT Security - What You Need to Know
2015-03-24 IT Security - What You Need to Know2015-03-24 IT Security - What You Need to Know
2015-03-24 IT Security - What You Need to KnowRaffa Learning Community
 
74 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.1674 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.16Glenn E. Davis
 
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...Winston & Strawn LLP
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
Cybercrime and the Healthcare Industry
Cybercrime and the Healthcare IndustryCybercrime and the Healthcare Industry
Cybercrime and the Healthcare IndustryEMC
 
Fulcrum Rotary Club- Identity Theft
Fulcrum Rotary Club- Identity TheftFulcrum Rotary Club- Identity Theft
Fulcrum Rotary Club- Identity TheftSteve Meek
 
Recent Legal Cyber Attacks Presented by Accellis Technology Group
Recent Legal Cyber Attacks Presented by Accellis Technology GroupRecent Legal Cyber Attacks Presented by Accellis Technology Group
Recent Legal Cyber Attacks Presented by Accellis Technology GroupAccellis Technology Group
 
The "Current" State of Privacy Law
The "Current" State of Privacy LawThe "Current" State of Privacy Law
The "Current" State of Privacy LawChuck Kunz
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidanceAmy Purcell
 
Protect the Unexpected
Protect the UnexpectedProtect the Unexpected
Protect the UnexpectedCharles Mok
 

Tendances (20)

Facts about computer forensic investigator
Facts about computer forensic investigatorFacts about computer forensic investigator
Facts about computer forensic investigator
 
Investigating & proving cybercrime
Investigating & proving cybercrimeInvestigating & proving cybercrime
Investigating & proving cybercrime
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and Avoidance
 
Privacy issues and internet privacy
Privacy issues and internet privacyPrivacy issues and internet privacy
Privacy issues and internet privacy
 
“Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation “Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
 
Identity Theft nigerian fraud cross border fraud
Identity Theft nigerian fraud cross border fraudIdentity Theft nigerian fraud cross border fraud
Identity Theft nigerian fraud cross border fraud
 
2015-06-16 IT Security - What You Need to Know
2015-06-16 IT Security - What You Need to Know2015-06-16 IT Security - What You Need to Know
2015-06-16 IT Security - What You Need to Know
 
2015-03-24 IT Security - What You Need to Know
2015-03-24 IT Security - What You Need to Know2015-03-24 IT Security - What You Need to Know
2015-03-24 IT Security - What You Need to Know
 
74 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.1674 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.16
 
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
 
Cybercrime and the Healthcare Industry
Cybercrime and the Healthcare IndustryCybercrime and the Healthcare Industry
Cybercrime and the Healthcare Industry
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacy
 
cyber crime
cyber crime cyber crime
cyber crime
 
Fulcrum Rotary Club- Identity Theft
Fulcrum Rotary Club- Identity TheftFulcrum Rotary Club- Identity Theft
Fulcrum Rotary Club- Identity Theft
 
Recent Legal Cyber Attacks Presented by Accellis Technology Group
Recent Legal Cyber Attacks Presented by Accellis Technology GroupRecent Legal Cyber Attacks Presented by Accellis Technology Group
Recent Legal Cyber Attacks Presented by Accellis Technology Group
 
The "Current" State of Privacy Law
The "Current" State of Privacy LawThe "Current" State of Privacy Law
The "Current" State of Privacy Law
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and Avoidance
 
Protect the Unexpected
Protect the UnexpectedProtect the Unexpected
Protect the Unexpected
 

Similaire à Your've Been Hacked in Florida! Now What?

Are You Prepared For a Data Breach
Are You Prepared For a Data BreachAre You Prepared For a Data Breach
Are You Prepared For a Data BreachBrian Heidelberger
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyResilient Systems
 
Putting The Consumer First
Putting The Consumer FirstPutting The Consumer First
Putting The Consumer FirstVivastream
 
Deconstructing Data Breach Cost
Deconstructing Data Breach CostDeconstructing Data Breach Cost
Deconstructing Data Breach CostResilient Systems
 
The Start-Up’s Guide to Privacy - MaRS Best Practices
The Start-Up’s Guide to Privacy - MaRS Best PracticesThe Start-Up’s Guide to Privacy - MaRS Best Practices
The Start-Up’s Guide to Privacy - MaRS Best PracticesMaRS Discovery District
 
Cybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law FirmCybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law FirmNext Dimension Inc.
 
Data Breach Response is a Team Sport
Data Breach Response is a Team SportData Breach Response is a Team Sport
Data Breach Response is a Team SportQuarles & Brady
 
Putting the Consumer First
Putting the Consumer FirstPutting the Consumer First
Putting the Consumer FirstVivastream
 
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Diana Maier
 
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceCorporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceFinancial Poise
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response PlanNext Dimension Inc.
 
Hiperstation Application Audit: Privileged User or Insider Risk
Hiperstation Application Audit: Privileged User or Insider RiskHiperstation Application Audit: Privileged User or Insider Risk
Hiperstation Application Audit: Privileged User or Insider RiskCompuware
 
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018Next Dimension Inc.
 
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the RiskPrivacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the Riskduffeeandeitzen
 
Trade Secret Theft – Protecting the Crown Jewels
Trade Secret Theft – Protecting the Crown JewelsTrade Secret Theft – Protecting the Crown Jewels
Trade Secret Theft – Protecting the Crown JewelsWinston & Strawn LLP
 

Similaire à Your've Been Hacked in Florida! Now What? (20)

Are You Prepared For a Data Breach
Are You Prepared For a Data BreachAre You Prepared For a Data Breach
Are You Prepared For a Data Breach
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The Ugly
 
Putting The Consumer First
Putting The Consumer FirstPutting The Consumer First
Putting The Consumer First
 
Deconstructing Data Breach Cost
Deconstructing Data Breach CostDeconstructing Data Breach Cost
Deconstructing Data Breach Cost
 
Co3 rsc r5
Co3 rsc r5Co3 rsc r5
Co3 rsc r5
 
The Start-Up’s Guide to Privacy - MaRS Best Practices
The Start-Up’s Guide to Privacy - MaRS Best PracticesThe Start-Up’s Guide to Privacy - MaRS Best Practices
The Start-Up’s Guide to Privacy - MaRS Best Practices
 
POPI Seminar FINAL
POPI Seminar FINALPOPI Seminar FINAL
POPI Seminar FINAL
 
Cybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law FirmCybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law Firm
 
Data Breach Response is a Team Sport
Data Breach Response is a Team SportData Breach Response is a Team Sport
Data Breach Response is a Team Sport
 
Putting the Consumer First
Putting the Consumer FirstPutting the Consumer First
Putting the Consumer First
 
Privacy Compliance for Law Firms: Moving Beyond Confidentiality
Privacy Compliance for Law Firms: Moving Beyond ConfidentialityPrivacy Compliance for Law Firms: Moving Beyond Confidentiality
Privacy Compliance for Law Firms: Moving Beyond Confidentiality
 
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
 
nerfslides.pptx
nerfslides.pptxnerfslides.pptx
nerfslides.pptx
 
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceCorporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response Plan
 
Hiperstation Application Audit: Privileged User or Insider Risk
Hiperstation Application Audit: Privileged User or Insider RiskHiperstation Application Audit: Privileged User or Insider Risk
Hiperstation Application Audit: Privileged User or Insider Risk
 
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
 
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the RiskPrivacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
 
Data Privacy Compliance
Data Privacy ComplianceData Privacy Compliance
Data Privacy Compliance
 
Trade Secret Theft – Protecting the Crown Jewels
Trade Secret Theft – Protecting the Crown JewelsTrade Secret Theft – Protecting the Crown Jewels
Trade Secret Theft – Protecting the Crown Jewels
 

Plus de Schellman & Company

Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Schellman & Company
 
Determining Scope for PCI DSS Compliance
Determining Scope for PCI DSS ComplianceDetermining Scope for PCI DSS Compliance
Determining Scope for PCI DSS ComplianceSchellman & Company
 
Privacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataPrivacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataSchellman & Company
 
Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1Schellman & Company
 
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...Schellman & Company
 
PA-DSS and Application Penetration Testing
PA-DSS and Application Penetration TestingPA-DSS and Application Penetration Testing
PA-DSS and Application Penetration TestingSchellman & Company
 
The CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & AttestationThe CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & AttestationSchellman & Company
 
STAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 CertifiedSTAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 CertifiedSchellman & Company
 
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018Schellman & Company
 
Hitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationHitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationSchellman & Company
 
SOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSchellman & Company
 
PCI DSS 3.0 Overview and Key Updates
PCI DSS 3.0 Overview and Key UpdatesPCI DSS 3.0 Overview and Key Updates
PCI DSS 3.0 Overview and Key UpdatesSchellman & Company
 
10 Steps Toward FedRAMP Compliance
10 Steps Toward FedRAMP Compliance10 Steps Toward FedRAMP Compliance
10 Steps Toward FedRAMP ComplianceSchellman & Company
 

Plus de Schellman & Company (20)

Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018
 
Demystifying the Cyber NISTs
Demystifying the Cyber NISTsDemystifying the Cyber NISTs
Demystifying the Cyber NISTs
 
Determining Scope for PCI DSS Compliance
Determining Scope for PCI DSS ComplianceDetermining Scope for PCI DSS Compliance
Determining Scope for PCI DSS Compliance
 
Privacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataPrivacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU Data
 
Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1
 
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
 
PA-DSS and Application Penetration Testing
PA-DSS and Application Penetration TestingPA-DSS and Application Penetration Testing
PA-DSS and Application Penetration Testing
 
The CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & AttestationThe CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & Attestation
 
Get Ready Now for HITRUST 2017
Get Ready Now for HITRUST 2017Get Ready Now for HITRUST 2017
Get Ready Now for HITRUST 2017
 
STAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 CertifiedSTAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 Certified
 
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
 
SOC 2 and You
SOC 2 and YouSOC 2 and You
SOC 2 and You
 
Hitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationHitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST Certification
 
CSA STAR Program
CSA STAR ProgramCSA STAR Program
CSA STAR Program
 
SOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSOC 2: Build Trust and Confidence
SOC 2: Build Trust and Confidence
 
SOC 1 Overview
SOC 1 OverviewSOC 1 Overview
SOC 1 Overview
 
12 Steps to Preparing for a QAR
12 Steps to Preparing for a QAR12 Steps to Preparing for a QAR
12 Steps to Preparing for a QAR
 
EPCS Overview
EPCS OverviewEPCS Overview
EPCS Overview
 
PCI DSS 3.0 Overview and Key Updates
PCI DSS 3.0 Overview and Key UpdatesPCI DSS 3.0 Overview and Key Updates
PCI DSS 3.0 Overview and Key Updates
 
10 Steps Toward FedRAMP Compliance
10 Steps Toward FedRAMP Compliance10 Steps Toward FedRAMP Compliance
10 Steps Toward FedRAMP Compliance
 

Dernier

Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting
 
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...NadhimTaha
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptxnandhinijagan9867
 
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...Falcon Invoice Discounting
 
Falcon Invoice Discounting: Aviate Your Cash Flow Challenges
Falcon Invoice Discounting: Aviate Your Cash Flow ChallengesFalcon Invoice Discounting: Aviate Your Cash Flow Challenges
Falcon Invoice Discounting: Aviate Your Cash Flow Challengeshemanthkumar470700
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1kcpayne
 
Buy Verified TransferWise Accounts From Seosmmearth
Buy Verified TransferWise Accounts From SeosmmearthBuy Verified TransferWise Accounts From Seosmmearth
Buy Verified TransferWise Accounts From SeosmmearthBuy Verified Binance Account
 
New 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck TemplateNew 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck TemplateCannaBusinessPlans
 
Falcon Invoice Discounting: Tailored Financial Wings
Falcon Invoice Discounting: Tailored Financial WingsFalcon Invoice Discounting: Tailored Financial Wings
Falcon Invoice Discounting: Tailored Financial WingsFalcon Invoice Discounting
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Centuryrwgiffor
 
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Oman
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in OmanMifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Oman
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Omaninstagramfab782445
 
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...meghakumariji156
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxCynthia Clay
 
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165meghakumariji156
 
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAIGetting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAITim Wilson
 
Structuring and Writing DRL Mckinsey (1).pdf
Structuring and Writing DRL Mckinsey (1).pdfStructuring and Writing DRL Mckinsey (1).pdf
Structuring and Writing DRL Mckinsey (1).pdflaloo_007
 

Dernier (20)

unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investors
 
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
Buy gmail accounts.pdf buy Old Gmail Accounts
Buy gmail accounts.pdf buy Old Gmail AccountsBuy gmail accounts.pdf buy Old Gmail Accounts
Buy gmail accounts.pdf buy Old Gmail Accounts
 
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
 
Falcon Invoice Discounting: Aviate Your Cash Flow Challenges
Falcon Invoice Discounting: Aviate Your Cash Flow ChallengesFalcon Invoice Discounting: Aviate Your Cash Flow Challenges
Falcon Invoice Discounting: Aviate Your Cash Flow Challenges
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1
 
Buy Verified TransferWise Accounts From Seosmmearth
Buy Verified TransferWise Accounts From SeosmmearthBuy Verified TransferWise Accounts From Seosmmearth
Buy Verified TransferWise Accounts From Seosmmearth
 
New 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck TemplateNew 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck Template
 
Falcon Invoice Discounting: Tailored Financial Wings
Falcon Invoice Discounting: Tailored Financial WingsFalcon Invoice Discounting: Tailored Financial Wings
Falcon Invoice Discounting: Tailored Financial Wings
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Oman
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in OmanMifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Oman
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Oman
 
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
 
!~+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUD...
!~+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUD...!~+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUD...
!~+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUD...
 
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
 
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAIGetting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
 
Structuring and Writing DRL Mckinsey (1).pdf
Structuring and Writing DRL Mckinsey (1).pdfStructuring and Writing DRL Mckinsey (1).pdf
Structuring and Writing DRL Mckinsey (1).pdf
 
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pillsMifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
 

Your've Been Hacked in Florida! Now What?

  • 1. 1 YOU’VE BEEN HACKED IN FLORIDA! NOW WHAT? Navigating Florida’s new data privacy law when a data breach strikes
  • 2. 2 CYBER THREAT LANDSCAPE
  • 3. 3 TARGET: Stolen information involved at least 70 million people
  • 4. 4 CYBER THREATS • Inexperienced • Limited funding • Opportunistic behavior • Target known vulnerabilities • Use viruses, worms, rudimentary trojans, bots • Acting for thrills, bragging rights • Easily detected Threat Level 1: Garden Variety • Higher-order skills • Well financed • Targeted activity • Target known vulnerabilities • Use viruses, worms, trojans, bots as means to introduce more sophisticated tools • Target and exploit valuable data • Detectable, but hard to attribute Threat Level 2: Mercenary • Very sophisticated tradecraft • Foreign intel agencies • Very well financed • Target technology as well as info • Use wide range of tradecraft • Establish covert presence on sensitive networks • Difficult to detect • Supply Interdiction/hardware implants Threat Level 3: Nation State
  • 5. 5 SOURCES OF DATA BREACH Lost laptop or other device 49% Third party or outsourcer 16% Paper records 9% Malicious insider 9% Electronic backup 7% Hacked systems 5% Malicious code 4% Undisclosed 2%
  • 6. 6 Data Breach Fact Pattern Atlanta based restaurant company has chains throughout the east coast, including Florida. Company learns that hacker has obtained access to credit card information used by restaurants in Florida. Assume that only Florida residents have been impacted. The company has also learned that an employee has absconded with the social security numbers and names of other employees of the company. This information was contained in paper files of the company, not electronic form.
  • 7. 7 WHAT DO YOU DO?
  • 8. 8 Florida’s new data breach law • Florida Information Protection Act of 2014 • Effective July 1, 2014 • Applies to covered entities
  • 9. 9 Florida’s new data breach law • How does the law define a breach? • How does the law define personally identifying information? • Does Florida’s new data breach law apply to businesses operating outside of Florida
  • 10. 10 Law enforcement? • What obligations do you have to notify the Florida Attorney General’s office? • What should the notice say? • How soon must the notice be issued to the Florida AG? • Handling forensic reports
  • 11. 11 Notifying the public • When must the public be notified? • How should the public be notified? • What should the notification say?
  • 12. 12 Litigation concerns • Does the statute create a private right of action? • Could the Florida AG enforce the statute against businesses? • Who has the right to enforce the statute? • How could the statute be used by plaintiffs’ lawyers?
  • 14. 14 Why do you need internal controls • Increased regulatory requirements • Mandated by user entity (i.e., VMO) • Increased outsourcing relationships • Need for insight into internal controls
  • 15. 15 Education • Webinars / training • Perform training and awareness • Communication plans • Set expectations
  • 16. 16 Risk Assessment • Identify in-scope services / locations • Identify subservice organizations • Identify risks • Document processes • Identify control objectives / activities • Identify timeline
  • 17. 17 Compliance/Attestation Reviews • SOC 1/ SSAE 16 • PCI • HIPAA/HITECH • ISO
  • 18. 18 Benefits • Demonstrate design and operational effectiveness • Meet regulatory or contractual mandates • Bolster trust and confidence • Demonstrates management’s responsibility and accountability • Promote a stronger control environment
  • 19. 19 Challenges • Lack of executive / management buy-in • Lack of accountability to manage the process • Insufficient documentation or evidence of a control • Trying to meet multiple compliance efforts • Cost of compliance
  • 20. 20 Conclusion This is just the beginning for data protection