SlideShare une entreprise Scribd logo

Cyber Security for Your Clients: Business Lawyers Advising Business Clients

Shawn Tuma
Shawn Tuma

This presentation focused on cyber security protections for businesses and other law firm clients. Cybersecurity and data privacy attorney Shawn Tuma presented this continuing legal education session on March 10, 2017. It was delivered live at the TexasBarCLE presents the 8th Annual Course Essentials of Business Law:Four Modules for a Robust Practice Cosponsored by the Business Law Section of the State Bar of Texas.

Droit
1  sur  20
Télécharger pour lire hors ligne
www.solidcounsel.com
www.solidcounsel.com “Security and IT protect companies’ data; Legal protects companies from their data.”
Recent Legal Developments
“An ounce of prevention is cheaper than the first day of litigation.”
www.solidcounsel.com KEY POINT: Attorney’s may have privilege “Target has demonstrated . . . that the work of the Data Breach Task Force was focused not on remediation of the breach . . . but on informing Target’s in-house and outside counsel about the breach so that Target’s attorneys could provide the company with legal advice and prepare to defend the company in litigation that was already pending and was reasonably expected to follow.” In re Target Corp. Customer Data Breach Litigation A.C. Privilege / Work Product
www.solidcounsel.com Peters v. St. Joseph Services (S.D. Tex. 2015) Remijas v. Neiman Marcus Group, LLC (7th Cir. 2015) Whalen v. Michael Stores Inc. (E.D.N.Y. 2015) In re SuperValu, Inc. (D. Minn. 2016) Anthem Data Breach Litigation (N.D. Cal. 2016) (Koh) Data Breach Consumer Litigation Battleship Spokeo v. Robins, 136 S.Ct. 1540 (2016) Tangible or intangible harm but concrete & particularized Lewert v. P.F. Chang’s China Bistro Inc. (7th Cir. 2016) Galaria v. Nationwide Mutual Ins. Co. (6th Cir. 2016)
www.solidcounsel.com Recent Legal Developments Takeaway: Standard is reasonableness. • In re Target Data Security Breach Litigation (Financial Institutions) (Dec. 2, 2014) • Companies have a duty to be reasonably informed and take reasonable measures to protect against cybersecurity risks. • It’s the diligence, not the breach, that counts. • The court found duties to • Reasonably protect others’ data • Not disable security devices (i.e., if have it, use it) • Respond when alerted of an attack
www.solidcounsel.com Recent Legal Developments Takeaway: Must have basic IT security. • F.T.C. v. Wyndham Worldwide Corp., 799 F.3d 236 (3rd Cir. Aug. 24, 2015). • The FTC has authority to regulate cybersecurity under the unfairness prong of § 45(a) of the FTC Act. • Companies have fair notice that their specific cybersecurity practices could fall short of that provision. • 3 breaches / 619,000 records / $10.6 million in fraud • Rudimentary practices v. 2007 guidebook • Website Privacy Policy misrepresentations
www.solidcounsel.com Recent Legal Developments Takeaway: Must have internal network controls. • F.T.C. v. LabMD (July 2016 FTC Commission Order) • LabMD had 1 employee using LimeWire, Tiversa obtained file with PHI information and provided to the FTC. • “LabMD’s data security practices constitute an unfair act or practice within the meaning of Section 5 of the FTC Act. We enter an order requiring that LabMD notify affected consumers, establish a comprehensive information security program reasonably designed to protect the security and confidentiality of the personal consumer information in its possession, and obtain independent assessments regarding its implementation of the program.”
www.solidcounsel.com Recent Legal Developments Takeaway: Must have written policies & procedures. • S.E.C. v. R.T. Jones Capital Equities Management, Consent Order (Sept. 22, 2015). • “R.T. Jones failed to adopt written policies and procedures reasonably designed to safeguard customer information.” • R.T. Jones violated the Securities Act’s “Safeguards Rule” • 100,000 records vulnerable; no reports of actual harm • $75,000 penalty • Cease and desist having any future violations
www.solidcounsel.com Recent Legal Developments Takeaway: Must have written incident response plan. • S.E.C. v. R.T. Jones Capital Equities Management, Consent Order (Sept. 22, 2015). • Firms “need to anticipate potential cybersecurity events and have clear procedures in place rather than waiting to react once a breach occurs.”
www.solidcounsel.com Recent Legal Developments Takeaway: Must evaluate third-parties’ security. • In re GMR Transcription Svcs., Inc., Consent Order (Aug. 14, 2014). • FTC’s Order requires business to follow 3 steps when working with third-party service providers: • Investigate before hiring data service providers • Obligate data service providers to adhere to the appropriate level of data security protections • Verify (AUDIT!) that the data service providers are complying with obligations (contracts)
www.solidcounsel.com Recent Legal Developments Takeaway: Know your contractual obligations. • Addendum to business contracts • Common names: Data Security & Privacy Agreement; Data Privacy; Cybersecurity; Privacy; Information Security • Common features: • Defines subject “Data” being protected in categories • Describes acceptable and prohibited uses for Data • Describes standards for protecting Data • Describes obligations and responsibility for breach of Data • Requires binding third-parties to similar provisions
KEY POINT: Attorney’s may have privilege “Target has demonstrated . . . that the work of the Data Breach Task Force was focused not on remediation of the breach . . . but on informing Target’s in-house and outside counsel about the breach so that Target’s attorneys could provide the company with legal advice and prepare to defend the company in litigation that was already pending and was reasonably expected to follow.” In re Target Corp. Customer Data Breach Litigation Recent Legal Developments
Officer & Director Liability
www.solidcounsel.com Officer & Director Liability KEY POINT: “boards that choose to ignore, or minimize, the importance of cybersecurity oversight responsibility, do so at their own peril.” SEC Commissioner Luis A. Aguilar, June 10, 2014. • Heartland Payment Systems, TJ Maxx, Target, Home Depot, Wyndham • Derivative claims premised on the harm to the company from data breach. • Caremark Claims: ▪ Premised on lack of oversight = breach of the duty of loyalty and good faith ▪ Cannot insulate the officers and directors = PERSONAL LIABILITY! ▪ Standard: (1) “utterly failed” to implement reporting system or controls; or (2) “consciously failed” to monitor or oversee system. $4.8 Billion Deal?
www.solidcounsel.com Game Changer?
www.solidcounsel.com The Game Changer? New York Department of Financial Services Cybersecurity Requirements for Financial Services Companies + [fill in] • All NY “financial institutions” + third party service providers • Third party service providers – examine, obligate, audit • Establish Cybersecurity Program (w/ specifics) • Logging, Data Classification, IDS, IPS • Pen Testing, Vulnerability Assessments, Risk Assessment • Encryption, Access Controls • Adopt Cybersecurity Policies • Designate qualified CISO to be responsible • Adequate cybersecurity personnel and intelligence • Personnel Policies & Procedures, Training, Written IRP • Board or Senior Officer Certify Compliance
www.solidcounsel.com “You don’t drown by falling in the water; You drown by staying there.” – Edwin Louis Cole
www.solidcounsel.com • Board of Directors & General Counsel, Cyber Future Foundation • Board of Advisors, NorthTexas Cyber Forensics Lab • Cybersecurity & Data Privacy LawTrailblazers, National LawJournal (2016) • SuperLawyersTop 100 Lawyers in Dallas (2016) • SuperLawyers 2015-16 (IP Litigation) • Best Lawyers in Dallas 2014-16, D Magazine (Digital Information Law) • Council, Computer &Technology Section, State Bar ofTexas • Privacy and Data Security Committee of the State Bar ofTexas • College of the State Bar ofTexas • Board of Directors, CollinCounty Bench Bar Foundation • Past Chair, Civil Litigation & Appellate Section, Collin County Bar Association • Information Security Committee of the Section on Science &Technology Committee of the American Bar Association • NorthTexas Crime Commission, Cybercrime Committee • Infragard (FBI) • International Association of Privacy Professionals (IAPP) • Board of Advisors Office of CISO, Optiv Security • Editor, Business Cybersecurity Business Law Blog Shawn Tuma Cybersecurity Partner Scheef & Stone, L.L.P. 214.472.2135 shawn.tuma@solidcounsel.com @shawnetuma blog: www.shawnetuma.com web: www.solidcounsel.com

Recommandé

Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionCybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionShawn Tuma
 
Cyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach ResponseCyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach ResponseShawn Tuma
 
Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowShawn Tuma
 
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...Shawn Tuma
 
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsCybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsShawn Tuma
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossShawn Tuma
 
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...Shawn Tuma
 
Justin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
Justin Harvey - Apple vs DOJ: Privacy in Today's EnterpriseJustin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
Justin Harvey - Apple vs DOJ: Privacy in Today's Enterprisecentralohioissa
 

Recommandé

Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionCybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionShawn Tuma
 
Cyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach ResponseCyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach ResponseShawn Tuma
 
Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowShawn Tuma
 
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...Shawn Tuma
 
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsCybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsShawn Tuma
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossShawn Tuma
 
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...Shawn Tuma
 
Justin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
Justin Harvey - Apple vs DOJ: Privacy in Today's EnterpriseJustin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
Justin Harvey - Apple vs DOJ: Privacy in Today's Enterprisecentralohioissa
 
Government Notification of Data Breach
Government Notification of Data BreachGovernment Notification of Data Breach
Government Notification of Data BreachShawn Tuma
 
Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016Dan Michaluk
 
Cas cyber prez
Cas cyber prezCas cyber prez
Cas cyber prezDan Michaluk
 
Working with law enforcement
Working with law enforcementWorking with law enforcement
Working with law enforcementMeg Weber
 
Working with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security StrategiesWorking with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security StrategiesMeg Weber
 
Cybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowCybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowShawn Tuma
 
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the RiskPrivacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the Riskduffeeandeitzen
 
Cyber legal update oct 7 2015
Cyber legal update oct 7 2015Cyber legal update oct 7 2015
Cyber legal update oct 7 2015Dan Michaluk
 
Cybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The ConvergenceCybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The ConvergenceShawn Tuma
 
Data Privacy Micc Presentation
Data Privacy Micc PresentationData Privacy Micc Presentation
Data Privacy Micc Presentationashishjoshi
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam ComplianceDan Michaluk
 
What to do after a data breach
What to do after a data breachWhat to do after a data breach
What to do after a data breachOregon Law Practice Management
 
A Guide to Disaster Preparedness for Businesses
A Guide to Disaster Preparedness for BusinessesA Guide to Disaster Preparedness for Businesses
A Guide to Disaster Preparedness for BusinessesAdvanced Imaging Solutions & Pinnacle
 
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...Shawn Tuma
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber InsuranceHB Litigation Conferences
 
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...Shawn Tuma
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianPECB
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Shawn Tuma
 
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Dan Michaluk
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability PresentationSean Graham
 
Фізичні властивості карбонових кислот
Фізичні властивості карбонових кислотФізичні властивості карбонових кислот
Фізичні властивості карбонових кислотЕлена Мешкова
 
Arts and crafts
Arts and craftsArts and crafts
Arts and craftsteacher56
 

Contenu connexe

Tendances

Government Notification of Data Breach
Government Notification of Data BreachGovernment Notification of Data Breach
Government Notification of Data BreachShawn Tuma
 
Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016Dan Michaluk
 
Working with law enforcement
Working with law enforcementWorking with law enforcement
Working with law enforcementMeg Weber
 
Working with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security StrategiesWorking with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security StrategiesMeg Weber
 
Cybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowCybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowShawn Tuma
 
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the RiskPrivacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the Riskduffeeandeitzen
 
Cyber legal update oct 7 2015
Cyber legal update oct 7 2015Cyber legal update oct 7 2015
Cyber legal update oct 7 2015Dan Michaluk
 
Cybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The ConvergenceCybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The ConvergenceShawn Tuma
 
Data Privacy Micc Presentation
Data Privacy Micc PresentationData Privacy Micc Presentation
Data Privacy Micc Presentationashishjoshi
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam ComplianceDan Michaluk
 
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...Shawn Tuma
 
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...Shawn Tuma
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianPECB
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Shawn Tuma
 
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Dan Michaluk
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability PresentationSean Graham
 

Tendances (20)

Government Notification of Data Breach
Government Notification of Data BreachGovernment Notification of Data Breach
Government Notification of Data Breach
 
Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016
 
Cas cyber prez
Cas cyber prezCas cyber prez
Cas cyber prez
 
Working with law enforcement
Working with law enforcementWorking with law enforcement
Working with law enforcement
 
Working with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security StrategiesWorking with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security Strategies
 
Cybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowCybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to Know
 
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the RiskPrivacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
 
Cyber legal update oct 7 2015
Cyber legal update oct 7 2015Cyber legal update oct 7 2015
Cyber legal update oct 7 2015
 
Cybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The ConvergenceCybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The Convergence
 
Data Privacy Micc Presentation
Data Privacy Micc PresentationData Privacy Micc Presentation
Data Privacy Micc Presentation
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam Compliance
 
What to do after a data breach
What to do after a data breachWhat to do after a data breach
What to do after a data breach
 
A Guide to Disaster Preparedness for Businesses
A Guide to Disaster Preparedness for BusinessesA Guide to Disaster Preparedness for Businesses
A Guide to Disaster Preparedness for Businesses
 
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber Insurance
 
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
 
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability Presentation
 

En vedette

Фізичні властивості карбонових кислот
Фізичні властивості карбонових кислотФізичні властивості карбонових кислот
Фізичні властивості карбонових кислотЕлена Мешкова
 
Arts and crafts
Arts and craftsArts and crafts
Arts and craftsteacher56
 
Dental appointment
Dental appointmentDental appointment
Dental appointmentMaya
 
Marokko geißelt die algerischen gegenwahrheiten vor dem menschenrechtsrat
Marokko geißelt die algerischen gegenwahrheiten vor dem menschenrechtsratMarokko geißelt die algerischen gegenwahrheiten vor dem menschenrechtsrat
Marokko geißelt die algerischen gegenwahrheiten vor dem menschenrechtsratTanja Seidemann
 
FDA's Updated 'Nutrition Facts' Label
FDA's Updated 'Nutrition Facts' LabelFDA's Updated 'Nutrition Facts' Label
FDA's Updated 'Nutrition Facts' LabelDilip N
 
American Devised Curriculum by: Fraulo Fer D. Marcelo, LPT
American Devised Curriculum by: Fraulo Fer D. Marcelo, LPTAmerican Devised Curriculum by: Fraulo Fer D. Marcelo, LPT
American Devised Curriculum by: Fraulo Fer D. Marcelo, LPTFraulo Fer Marcelo
 
Cyber Security Expect the Unexpected
Cyber Security Expect the UnexpectedCyber Security Expect the Unexpected
Cyber Security Expect the Unexpectedisc2-hellenic
 
OMG CARRELLI ELEVATORI STANDARD BROCHURE
OMG CARRELLI ELEVATORI STANDARD BROCHUREOMG CARRELLI ELEVATORI STANDARD BROCHURE
OMG CARRELLI ELEVATORI STANDARD BROCHUREGloria Candela
 
3Com ETHERLINK/MC
3Com ETHERLINK/MC3Com ETHERLINK/MC
3Com ETHERLINK/MCsavomir
 
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ..."Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...Health IT Conference – iHT2
 
Is Cyber Security the Elephant in the Boardroom?
Is Cyber Security the Elephant in the Boardroom? Is Cyber Security the Elephant in the Boardroom?
Is Cyber Security the Elephant in the Boardroom? Rahul Neel Mani
 
The evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISOThe evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISOisc2-hellenic
 
A Preliminary Exploration of the Relationships Between Student-Created OER, S...
A Preliminary Exploration of the Relationships Between Student-Created OER, S...A Preliminary Exploration of the Relationships Between Student-Created OER, S...
A Preliminary Exploration of the Relationships Between Student-Created OER, S...Open Education Consortium
 
GIG economy - Human Resource management - Manu Melwin Joy
GIG economy - Human Resource management - Manu Melwin JoyGIG economy - Human Resource management - Manu Melwin Joy
GIG economy - Human Resource management - Manu Melwin Joymanumelwin
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringCyber Agency
 

En vedette (19)

Фізичні властивості карбонових кислот
Фізичні властивості карбонових кислотФізичні властивості карбонових кислот
Фізичні властивості карбонових кислот
 
Arts and crafts
Arts and craftsArts and crafts
Arts and crafts
 
Dental appointment
Dental appointmentDental appointment
Dental appointment
 
Marokko geißelt die algerischen gegenwahrheiten vor dem menschenrechtsrat
Marokko geißelt die algerischen gegenwahrheiten vor dem menschenrechtsratMarokko geißelt die algerischen gegenwahrheiten vor dem menschenrechtsrat
Marokko geißelt die algerischen gegenwahrheiten vor dem menschenrechtsrat
 
FDA's Updated 'Nutrition Facts' Label
FDA's Updated 'Nutrition Facts' LabelFDA's Updated 'Nutrition Facts' Label
FDA's Updated 'Nutrition Facts' Label
 
American Devised Curriculum by: Fraulo Fer D. Marcelo, LPT
American Devised Curriculum by: Fraulo Fer D. Marcelo, LPTAmerican Devised Curriculum by: Fraulo Fer D. Marcelo, LPT
American Devised Curriculum by: Fraulo Fer D. Marcelo, LPT
 
Cyber Security Expect the Unexpected
Cyber Security Expect the UnexpectedCyber Security Expect the Unexpected
Cyber Security Expect the Unexpected
 
OMG CARRELLI ELEVATORI STANDARD BROCHURE
OMG CARRELLI ELEVATORI STANDARD BROCHUREOMG CARRELLI ELEVATORI STANDARD BROCHURE
OMG CARRELLI ELEVATORI STANDARD BROCHURE
 
Get the Basics Right
Get the Basics RightGet the Basics Right
Get the Basics Right
 
3Com ETHERLINK/MC
3Com ETHERLINK/MC3Com ETHERLINK/MC
3Com ETHERLINK/MC
 
Automation lec3
Automation lec3Automation lec3
Automation lec3
 
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ..."Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
 
Sumit dhar
Sumit dharSumit dhar
Sumit dhar
 
Is Cyber Security the Elephant in the Boardroom?
Is Cyber Security the Elephant in the Boardroom? Is Cyber Security the Elephant in the Boardroom?
Is Cyber Security the Elephant in the Boardroom?
 
Ppt6
Ppt6Ppt6
Ppt6
 
The evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISOThe evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISO
 
A Preliminary Exploration of the Relationships Between Student-Created OER, S...
A Preliminary Exploration of the Relationships Between Student-Created OER, S...A Preliminary Exploration of the Relationships Between Student-Created OER, S...
A Preliminary Exploration of the Relationships Between Student-Created OER, S...
 
GIG economy - Human Resource management - Manu Melwin Joy
GIG economy - Human Resource management - Manu Melwin JoyGIG economy - Human Resource management - Manu Melwin Joy
GIG economy - Human Resource management - Manu Melwin Joy
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 

Similaire à Cyber Security for Your Clients: Business Lawyers Advising Business Clients

Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Shawn Tuma
 
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Shawn Tuma
 
Data breach protection from a DB2 perspective
Data breach protection from a DB2 perspectiveData breach protection from a DB2 perspective
Data breach protection from a DB2 perspectiveCraig Mullins
 
Legal Issues Associated with Third-Party Cyber Risk
Legal Issues Associated with Third-Party Cyber RiskLegal Issues Associated with Third-Party Cyber Risk
Legal Issues Associated with Third-Party Cyber RiskShawn Tuma
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
 
Crossing the streams: How security professionals can leverage the NZ Privacy ...
Crossing the streams: How security professionals can leverage the NZ Privacy ...Crossing the streams: How security professionals can leverage the NZ Privacy ...
Crossing the streams: How security professionals can leverage the NZ Privacy ...Chris Hails
 
Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)Jason Haislmaier
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsFinancial Poise
 
74 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.1674 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.16Glenn E. Davis
 
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...Shawn Tuma
 
CYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMSCYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMSScott Suhy
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 
Cyber security legal and regulatory environment - Executive Discussion
Cyber security legal and regulatory environment - Executive DiscussionCyber security legal and regulatory environment - Executive Discussion
Cyber security legal and regulatory environment - Executive DiscussionJoe Nathans
 
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...Lisa Abe-Oldenburg, B.Comm., JD.
 
The Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTThe Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTCompliancy Group
 
Legal issues of domain names & trademarks
Legal issues of domain names & trademarksLegal issues of domain names & trademarks
Legal issues of domain names & trademarksMatt Siltala
 
Enforcement and Litigation Trends and Developments in Privacy and Data Security
Enforcement and Litigation Trends and Developments in Privacy and Data Security Enforcement and Litigation Trends and Developments in Privacy and Data Security
Enforcement and Litigation Trends and Developments in Privacy and Data Security Richik Sarkar
 
Don't be a robot: You can't automate your ethical considerations
Don't be a robot: You can't automate your ethical considerationsDon't be a robot: You can't automate your ethical considerations
Don't be a robot: You can't automate your ethical considerationsNehal Madhani
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachJim Brashear
 

Similaire à Cyber Security for Your Clients: Business Lawyers Advising Business Clients (20)

Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
 
Cloud Security Law Issues--an Overview
Cloud Security Law Issues--an OverviewCloud Security Law Issues--an Overview
Cloud Security Law Issues--an Overview
 
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
 
Data breach protection from a DB2 perspective
Data breach protection from a DB2 perspectiveData breach protection from a DB2 perspective
Data breach protection from a DB2 perspective
 
Legal Issues Associated with Third-Party Cyber Risk
Legal Issues Associated with Third-Party Cyber RiskLegal Issues Associated with Third-Party Cyber Risk
Legal Issues Associated with Third-Party Cyber Risk
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
 
Crossing the streams: How security professionals can leverage the NZ Privacy ...
Crossing the streams: How security professionals can leverage the NZ Privacy ...Crossing the streams: How security professionals can leverage the NZ Privacy ...
Crossing the streams: How security professionals can leverage the NZ Privacy ...
 
Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and Requirements
 
74 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.1674 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.16
 
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
 
CYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMSCYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMS
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
 
Cyber security legal and regulatory environment - Executive Discussion
Cyber security legal and regulatory environment - Executive DiscussionCyber security legal and regulatory environment - Executive Discussion
Cyber security legal and regulatory environment - Executive Discussion
 
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...
 
The Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTThe Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOT
 
Legal issues of domain names & trademarks
Legal issues of domain names & trademarksLegal issues of domain names & trademarks
Legal issues of domain names & trademarks
 
Enforcement and Litigation Trends and Developments in Privacy and Data Security
Enforcement and Litigation Trends and Developments in Privacy and Data Security Enforcement and Litigation Trends and Developments in Privacy and Data Security
Enforcement and Litigation Trends and Developments in Privacy and Data Security
 
Don't be a robot: You can't automate your ethical considerations
Don't be a robot: You can't automate your ethical considerationsDon't be a robot: You can't automate your ethical considerations
Don't be a robot: You can't automate your ethical considerations
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data Breach
 

Plus de Shawn Tuma

Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Shawn Tuma
 
The Dark Side of Digital Engagement
The Dark Side of Digital EngagementThe Dark Side of Digital Engagement
The Dark Side of Digital EngagementShawn Tuma
 
Incident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware AttackIncident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware AttackShawn Tuma
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
 
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...Shawn Tuma
 
The Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data BreachThe Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data BreachShawn Tuma
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
 
Lawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for CybersecurityLawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for CybersecurityShawn Tuma
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
 
Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.Shawn Tuma
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeShawn Tuma
 
Cyber Hygiene Checklist
Cyber Hygiene ChecklistCyber Hygiene Checklist
Cyber Hygiene ChecklistShawn Tuma
 
Cyber Incident Response Checklist
Cyber Incident Response ChecklistCyber Incident Response Checklist
Cyber Incident Response ChecklistShawn Tuma
 
Cybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and ClientsCybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and ClientsShawn Tuma
 
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Shawn Tuma
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
 
Something is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid ThemSomething is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid ThemShawn Tuma
 
Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)Shawn Tuma
 
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500Shawn Tuma
 
Cybersecurity Update
Cybersecurity UpdateCybersecurity Update
Cybersecurity UpdateShawn Tuma
 

Plus de Shawn Tuma (20)

Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
 
The Dark Side of Digital Engagement
The Dark Side of Digital EngagementThe Dark Side of Digital Engagement
The Dark Side of Digital Engagement
 
Incident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware AttackIncident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware Attack
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
 
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
 
The Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data BreachThe Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data Breach
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
 
Lawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for CybersecurityLawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for Cybersecurity
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
 
Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should Include
 
Cyber Hygiene Checklist
Cyber Hygiene ChecklistCyber Hygiene Checklist
Cyber Hygiene Checklist
 
Cyber Incident Response Checklist
Cyber Incident Response ChecklistCyber Incident Response Checklist
Cyber Incident Response Checklist
 
Cybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and ClientsCybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and Clients
 
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
 
Something is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid ThemSomething is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid Them
 
Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)
 
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
 
Cybersecurity Update
Cybersecurity UpdateCybersecurity Update
Cybersecurity Update
 

Dernier

PPT- Voluntary Liquidation (Under section 59).pptx
PPT- Voluntary Liquidation (Under section 59).pptxPPT- Voluntary Liquidation (Under section 59).pptx
PPT- Voluntary Liquidation (Under section 59).pptxRRR Chambers
 
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptxCOPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptxRRR Chambers
 
CAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsCAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsAurora Consulting
 
IBC (Insolvency and Bankruptcy Code 2016)-IOD - PPT.pptx
IBC (Insolvency and Bankruptcy Code 2016)-IOD - PPT.pptxIBC (Insolvency and Bankruptcy Code 2016)-IOD - PPT.pptx
IBC (Insolvency and Bankruptcy Code 2016)-IOD - PPT.pptxRRR Chambers
 
一比一原版西澳大学毕业证学位证书
一比一原版西澳大学毕业证学位证书 一比一原版西澳大学毕业证学位证书
一比一原版西澳大学毕业证学位证书SS A
 
一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书 一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书SS A
 
BPA GROUP 7 - DARIO VS. MISON REPORTING.pdf
BPA GROUP 7 - DARIO VS. MISON REPORTING.pdfBPA GROUP 7 - DARIO VS. MISON REPORTING.pdf
BPA GROUP 7 - DARIO VS. MISON REPORTING.pdflaysamaeguardiano
 
pnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptx
pnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptxpnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptx
pnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptxPSSPRO12
 
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)Delhi Call girls
 
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
6th sem cpc notes for 6th semester students samjhe. Padhlo bhaiShashankKumar441258
 
CALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual serviceanilsa9823
 
THE FACTORIES ACT,1948 (2).pptx labour
THE FACTORIES ACT,1948 (2).pptx labourTHE FACTORIES ACT,1948 (2).pptx labour
THE FACTORIES ACT,1948 (2).pptx labourBhavikaGholap1
 
Human Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptxHuman Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptxfilippoluciani9
 
INVOLUNTARY TRANSFERS Kenya school of law.pptx
INVOLUNTARY TRANSFERS Kenya school of law.pptxINVOLUNTARY TRANSFERS Kenya school of law.pptx
INVOLUNTARY TRANSFERS Kenya school of law.pptxnyabatejosphat1
 
Essentials of a Valid Transfer.pptxmmmmmm
Essentials of a Valid Transfer.pptxmmmmmmEssentials of a Valid Transfer.pptxmmmmmm
Essentials of a Valid Transfer.pptxmmmmmm2020000445musaib
 
LITERAL RULE OF INTERPRETATION - PRIMARY RULE
LITERAL RULE OF INTERPRETATION - PRIMARY RULELITERAL RULE OF INTERPRETATION - PRIMARY RULE
LITERAL RULE OF INTERPRETATION - PRIMARY RULEsreeramsaipranitha
 
Transferable and Non-Transferable Property.pptx
Transferable and Non-Transferable Property.pptxTransferable and Non-Transferable Property.pptx
Transferable and Non-Transferable Property.pptx2020000445musaib
 
KEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptx
KEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptxKEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptx
KEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptxRRR Chambers
 

Dernier (20)

PPT- Voluntary Liquidation (Under section 59).pptx
PPT- Voluntary Liquidation (Under section 59).pptxPPT- Voluntary Liquidation (Under section 59).pptx
PPT- Voluntary Liquidation (Under section 59).pptx
 
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptxCOPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
 
CAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsCAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction Fails
 
IBC (Insolvency and Bankruptcy Code 2016)-IOD - PPT.pptx
IBC (Insolvency and Bankruptcy Code 2016)-IOD - PPT.pptxIBC (Insolvency and Bankruptcy Code 2016)-IOD - PPT.pptx
IBC (Insolvency and Bankruptcy Code 2016)-IOD - PPT.pptx
 
一比一原版西澳大学毕业证学位证书
一比一原版西澳大学毕业证学位证书 一比一原版西澳大学毕业证学位证书
一比一原版西澳大学毕业证学位证书
 
一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书 一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书
 
BPA GROUP 7 - DARIO VS. MISON REPORTING.pdf
BPA GROUP 7 - DARIO VS. MISON REPORTING.pdfBPA GROUP 7 - DARIO VS. MISON REPORTING.pdf
BPA GROUP 7 - DARIO VS. MISON REPORTING.pdf
 
pnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptx
pnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptxpnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptx
pnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptx
 
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
 
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
 
CALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual service
 
Russian Call Girls Rohini Sector 7 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...
Russian Call Girls Rohini Sector 7 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...Russian Call Girls Rohini Sector 7 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...
Russian Call Girls Rohini Sector 7 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...
 
Rohini Sector 25 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 25 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 25 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 25 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
THE FACTORIES ACT,1948 (2).pptx labour
THE FACTORIES ACT,1948 (2).pptx labourTHE FACTORIES ACT,1948 (2).pptx labour
THE FACTORIES ACT,1948 (2).pptx labour
 
Human Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptxHuman Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptx
 
INVOLUNTARY TRANSFERS Kenya school of law.pptx
INVOLUNTARY TRANSFERS Kenya school of law.pptxINVOLUNTARY TRANSFERS Kenya school of law.pptx
INVOLUNTARY TRANSFERS Kenya school of law.pptx
 
Essentials of a Valid Transfer.pptxmmmmmm
Essentials of a Valid Transfer.pptxmmmmmmEssentials of a Valid Transfer.pptxmmmmmm
Essentials of a Valid Transfer.pptxmmmmmm
 
LITERAL RULE OF INTERPRETATION - PRIMARY RULE
LITERAL RULE OF INTERPRETATION - PRIMARY RULELITERAL RULE OF INTERPRETATION - PRIMARY RULE
LITERAL RULE OF INTERPRETATION - PRIMARY RULE
 
Transferable and Non-Transferable Property.pptx
Transferable and Non-Transferable Property.pptxTransferable and Non-Transferable Property.pptx
Transferable and Non-Transferable Property.pptx
 
KEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptx
KEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptxKEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptx
KEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptx
 

Cyber Security for Your Clients: Business Lawyers Advising Business Clients

  • 2. www.solidcounsel.com “Security and IT protect companies’ data; Legal protects companies from their data.”
  • 4. “An ounce of prevention is cheaper than the first day of litigation.”
  • 5. www.solidcounsel.com KEY POINT: Attorney’s may have privilege “Target has demonstrated . . . that the work of the Data Breach Task Force was focused not on remediation of the breach . . . but on informing Target’s in-house and outside counsel about the breach so that Target’s attorneys could provide the company with legal advice and prepare to defend the company in litigation that was already pending and was reasonably expected to follow.” In re Target Corp. Customer Data Breach Litigation A.C. Privilege / Work Product
  • 6. www.solidcounsel.com Peters v. St. Joseph Services (S.D. Tex. 2015) Remijas v. Neiman Marcus Group, LLC (7th Cir. 2015) Whalen v. Michael Stores Inc. (E.D.N.Y. 2015) In re SuperValu, Inc. (D. Minn. 2016) Anthem Data Breach Litigation (N.D. Cal. 2016) (Koh) Data Breach Consumer Litigation Battleship Spokeo v. Robins, 136 S.Ct. 1540 (2016) Tangible or intangible harm but concrete & particularized Lewert v. P.F. Chang’s China Bistro Inc. (7th Cir. 2016) Galaria v. Nationwide Mutual Ins. Co. (6th Cir. 2016)
  • 7. www.solidcounsel.com Recent Legal Developments Takeaway: Standard is reasonableness. • In re Target Data Security Breach Litigation (Financial Institutions) (Dec. 2, 2014) • Companies have a duty to be reasonably informed and take reasonable measures to protect against cybersecurity risks. • It’s the diligence, not the breach, that counts. • The court found duties to • Reasonably protect others’ data • Not disable security devices (i.e., if have it, use it) • Respond when alerted of an attack
  • 8. www.solidcounsel.com Recent Legal Developments Takeaway: Must have basic IT security. • F.T.C. v. Wyndham Worldwide Corp., 799 F.3d 236 (3rd Cir. Aug. 24, 2015). • The FTC has authority to regulate cybersecurity under the unfairness prong of § 45(a) of the FTC Act. • Companies have fair notice that their specific cybersecurity practices could fall short of that provision. • 3 breaches / 619,000 records / $10.6 million in fraud • Rudimentary practices v. 2007 guidebook • Website Privacy Policy misrepresentations
  • 9. www.solidcounsel.com Recent Legal Developments Takeaway: Must have internal network controls. • F.T.C. v. LabMD (July 2016 FTC Commission Order) • LabMD had 1 employee using LimeWire, Tiversa obtained file with PHI information and provided to the FTC. • “LabMD’s data security practices constitute an unfair act or practice within the meaning of Section 5 of the FTC Act. We enter an order requiring that LabMD notify affected consumers, establish a comprehensive information security program reasonably designed to protect the security and confidentiality of the personal consumer information in its possession, and obtain independent assessments regarding its implementation of the program.”
  • 10. www.solidcounsel.com Recent Legal Developments Takeaway: Must have written policies & procedures. • S.E.C. v. R.T. Jones Capital Equities Management, Consent Order (Sept. 22, 2015). • “R.T. Jones failed to adopt written policies and procedures reasonably designed to safeguard customer information.” • R.T. Jones violated the Securities Act’s “Safeguards Rule” • 100,000 records vulnerable; no reports of actual harm • $75,000 penalty • Cease and desist having any future violations
  • 11. www.solidcounsel.com Recent Legal Developments Takeaway: Must have written incident response plan. • S.E.C. v. R.T. Jones Capital Equities Management, Consent Order (Sept. 22, 2015). • Firms “need to anticipate potential cybersecurity events and have clear procedures in place rather than waiting to react once a breach occurs.”
  • 12. www.solidcounsel.com Recent Legal Developments Takeaway: Must evaluate third-parties’ security. • In re GMR Transcription Svcs., Inc., Consent Order (Aug. 14, 2014). • FTC’s Order requires business to follow 3 steps when working with third-party service providers: • Investigate before hiring data service providers • Obligate data service providers to adhere to the appropriate level of data security protections • Verify (AUDIT!) that the data service providers are complying with obligations (contracts)
  • 13. www.solidcounsel.com Recent Legal Developments Takeaway: Know your contractual obligations. • Addendum to business contracts • Common names: Data Security & Privacy Agreement; Data Privacy; Cybersecurity; Privacy; Information Security • Common features: • Defines subject “Data” being protected in categories • Describes acceptable and prohibited uses for Data • Describes standards for protecting Data • Describes obligations and responsibility for breach of Data • Requires binding third-parties to similar provisions
  • 14. KEY POINT: Attorney’s may have privilege “Target has demonstrated . . . that the work of the Data Breach Task Force was focused not on remediation of the breach . . . but on informing Target’s in-house and outside counsel about the breach so that Target’s attorneys could provide the company with legal advice and prepare to defend the company in litigation that was already pending and was reasonably expected to follow.” In re Target Corp. Customer Data Breach Litigation Recent Legal Developments
  • 15. Officer & Director Liability
  • 16. www.solidcounsel.com Officer & Director Liability KEY POINT: “boards that choose to ignore, or minimize, the importance of cybersecurity oversight responsibility, do so at their own peril.” SEC Commissioner Luis A. Aguilar, June 10, 2014. • Heartland Payment Systems, TJ Maxx, Target, Home Depot, Wyndham • Derivative claims premised on the harm to the company from data breach. • Caremark Claims: ▪ Premised on lack of oversight = breach of the duty of loyalty and good faith ▪ Cannot insulate the officers and directors = PERSONAL LIABILITY! ▪ Standard: (1) “utterly failed” to implement reporting system or controls; or (2) “consciously failed” to monitor or oversee system. $4.8 Billion Deal?
  • 18. www.solidcounsel.com The Game Changer? New York Department of Financial Services Cybersecurity Requirements for Financial Services Companies + [fill in] • All NY “financial institutions” + third party service providers • Third party service providers – examine, obligate, audit • Establish Cybersecurity Program (w/ specifics) • Logging, Data Classification, IDS, IPS • Pen Testing, Vulnerability Assessments, Risk Assessment • Encryption, Access Controls • Adopt Cybersecurity Policies • Designate qualified CISO to be responsible • Adequate cybersecurity personnel and intelligence • Personnel Policies & Procedures, Training, Written IRP • Board or Senior Officer Certify Compliance
  • 19. www.solidcounsel.com “You don’t drown by falling in the water; You drown by staying there.” – Edwin Louis Cole
  • 20. www.solidcounsel.com • Board of Directors & General Counsel, Cyber Future Foundation • Board of Advisors, NorthTexas Cyber Forensics Lab • Cybersecurity & Data Privacy LawTrailblazers, National LawJournal (2016) • SuperLawyersTop 100 Lawyers in Dallas (2016) • SuperLawyers 2015-16 (IP Litigation) • Best Lawyers in Dallas 2014-16, D Magazine (Digital Information Law) • Council, Computer &Technology Section, State Bar ofTexas • Privacy and Data Security Committee of the State Bar ofTexas • College of the State Bar ofTexas • Board of Directors, CollinCounty Bench Bar Foundation • Past Chair, Civil Litigation & Appellate Section, Collin County Bar Association • Information Security Committee of the Section on Science &Technology Committee of the American Bar Association • NorthTexas Crime Commission, Cybercrime Committee • Infragard (FBI) • International Association of Privacy Professionals (IAPP) • Board of Advisors Office of CISO, Optiv Security • Editor, Business Cybersecurity Business Law Blog Shawn Tuma Cybersecurity Partner Scheef & Stone, L.L.P. 214.472.2135 shawn.tuma@solidcounsel.com @shawnetuma blog: www.shawnetuma.com web: www.solidcounsel.com