SlideShare una empresa de Scribd logo

Keeping Client Data Safe (Final)

Descargar como PPS, PDF
A
AdvogadaZuretti
1 de 19
Keeping Client (and employee) Data Safe What attorneys must do to comply with the Massachusetts Data Breach Notification Law
[object Object]
G.L.c. 93H and 210 C.M.R. 17.00 ,[object Object],[object Object]
G.L.c. 93H requires that: ,[object Object]
Does G.L.c. 93H apply to lawyers? ,[object Object],[object Object],[object Object]
“ Personal information” means: ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
“ Personal information” does not include public record information Information lawfully obtained from generally available public records is not considered “personal information” under G.L.c. 93H. (For example, title information, assessors records, or published telephone and address information (in print or on the internet)).
Your WISP must: ,[object Object],[object Object],[object Object]
 
Administrative safeguards include: ,[object Object],[object Object],[object Object],[object Object],[object Object]
 
Technical safeguards include: ,[object Object],[object Object],[object Object]
Technical safeguards also include: ,[object Object],[object Object],[object Object],[object Object]
 
Physical safeguards include: ,[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object]
“ As soon as practicable and without unreasonable delay” you must notify: ,[object Object],[object Object],[object Object],[object Object],[object Object]
 
There’s no penalty for not having a WISP, but G.L.c. 93H ,[object Object],[object Object]

Recomendados

Confidentiality
ConfidentialityConfidentiality
ConfidentialityJasleen Khalsa
 
Tech Matrix 20080523
Tech Matrix 20080523Tech Matrix 20080523
Tech Matrix 20080523samsontamwaiho
 
Data security
Data securityData security
Data securityAbdulBasit938
 
Information Security Fundamentals
Information Security FundamentalsInformation Security Fundamentals
Information Security FundamentalsThe Avi Sharma
 
Patient confidentiality training
Patient confidentiality trainingPatient confidentiality training
Patient confidentiality trainingwrightjr02
 
Data Security
Data SecurityData Security
Data Securityankita_kashyap
 
Data Security
Data SecurityData Security
Data SecurityMark Waltzer
 
Data security
Data securityData security
Data securityForeSolutions
 

Recomendados

Confidentiality
ConfidentialityConfidentiality
ConfidentialityJasleen Khalsa
 
Tech Matrix 20080523
Tech Matrix 20080523Tech Matrix 20080523
Tech Matrix 20080523samsontamwaiho
 
Data security
Data securityData security
Data securityAbdulBasit938
 
Information Security Fundamentals
Information Security FundamentalsInformation Security Fundamentals
Information Security FundamentalsThe Avi Sharma
 
Patient confidentiality training
Patient confidentiality trainingPatient confidentiality training
Patient confidentiality trainingwrightjr02
 
Data Security
Data SecurityData Security
Data Securityankita_kashyap
 
Data Security
Data SecurityData Security
Data SecurityMark Waltzer
 
Data security
Data securityData security
Data securityForeSolutions
 
Security and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPOSecurity and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPOAtlantic Training, LLC.
 
Goals of security
Goals of securityGoals of security
Goals of securitySavyasachi14
 
Data Security
Data SecurityData Security
Data SecurityqmsWrapper
 
Handling information Standard by Skills for Care
Handling information Standard by Skills for CareHandling information Standard by Skills for Care
Handling information Standard by Skills for CareAtlantic Training, LLC.
 
Week 1 discussion 2 confidentiality final
Week 1 discussion 2 confidentiality finalWeek 1 discussion 2 confidentiality final
Week 1 discussion 2 confidentiality finalLucy Lacy
 
03 cia
03 cia03 cia
03 ciaJadavsejal
 
A Case For Information Protection Programs
A Case For Information Protection ProgramsA Case For Information Protection Programs
A Case For Information Protection ProgramsMichael Annis
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemSecurityMetrics
 
Data security
Data securityData security
Data securityTapan Khilar
 
Cloud and Data Privacy
Cloud and Data PrivacyCloud and Data Privacy
Cloud and Data PrivacyMaganathin Veeraragaloo
 
Security Industry Association Privacy Framework
Security Industry Association Privacy FrameworkSecurity Industry Association Privacy Framework
Security Industry Association Privacy Framework- Mark - Fullbright
 
Data Security Explained
Data Security ExplainedData Security Explained
Data Security ExplainedHappiest Minds Technologies
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issuesHaseeb Ahmed Awan
 
Information security
Information securityInformation security
Information securitySanjay Tiwari
 
Personally owned devices at work
Personally owned devices at workPersonally owned devices at work
Personally owned devices at workERADAR
 
GDPR & IBM i Security
GDPR & IBM i SecurityGDPR & IBM i Security
GDPR & IBM i SecurityPrecisely
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
Week 1 discussion 2 confidentiality
Week 1 discussion 2 confidentialityWeek 1 discussion 2 confidentiality
Week 1 discussion 2 confidentialityLucy Lacy
 
Are you GDPR ready?
Are you GDPR ready?Are you GDPR ready?
Are you GDPR ready?INSZoom
 
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...Steve Werby
 
Mandatory data breach notification for Australia
Mandatory data breach notification for AustraliaMandatory data breach notification for Australia
Mandatory data breach notification for AustraliaPatrick Dwyer
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera... SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...AlienVault
 

Más contenido relacionado

La actualidad más candente

Security and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPOSecurity and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPOAtlantic Training, LLC.
 
Handling information Standard by Skills for Care
Handling information Standard by Skills for CareHandling information Standard by Skills for Care
Handling information Standard by Skills for CareAtlantic Training, LLC.
 
Week 1 discussion 2 confidentiality final
Week 1 discussion 2 confidentiality finalWeek 1 discussion 2 confidentiality final
Week 1 discussion 2 confidentiality finalLucy Lacy
 
A Case For Information Protection Programs
A Case For Information Protection ProgramsA Case For Information Protection Programs
A Case For Information Protection ProgramsMichael Annis
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemSecurityMetrics
 
Security Industry Association Privacy Framework
Security Industry Association Privacy FrameworkSecurity Industry Association Privacy Framework
Security Industry Association Privacy Framework- Mark - Fullbright
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issuesHaseeb Ahmed Awan
 
Information security
Information securityInformation security
Information securitySanjay Tiwari
 
Personally owned devices at work
Personally owned devices at workPersonally owned devices at work
Personally owned devices at workERADAR
 
GDPR & IBM i Security
GDPR & IBM i SecurityGDPR & IBM i Security
GDPR & IBM i SecurityPrecisely
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
Week 1 discussion 2 confidentiality
Week 1 discussion 2 confidentialityWeek 1 discussion 2 confidentiality
Week 1 discussion 2 confidentialityLucy Lacy
 
Are you GDPR ready?
Are you GDPR ready?Are you GDPR ready?
Are you GDPR ready?INSZoom
 

La actualidad más candente (19)

Security and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPOSecurity and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPO
 
Goals of security
Goals of securityGoals of security
Goals of security
 
Data Security
Data SecurityData Security
Data Security
 
Handling information Standard by Skills for Care
Handling information Standard by Skills for CareHandling information Standard by Skills for Care
Handling information Standard by Skills for Care
 
Week 1 discussion 2 confidentiality final
Week 1 discussion 2 confidentiality finalWeek 1 discussion 2 confidentiality final
Week 1 discussion 2 confidentiality final
 
03 cia
03 cia03 cia
03 cia
 
A Case For Information Protection Programs
A Case For Information Protection ProgramsA Case For Information Protection Programs
A Case For Information Protection Programs
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your Problem
 
Data security
Data securityData security
Data security
 
Cloud and Data Privacy
Cloud and Data PrivacyCloud and Data Privacy
Cloud and Data Privacy
 
Security Industry Association Privacy Framework
Security Industry Association Privacy FrameworkSecurity Industry Association Privacy Framework
Security Industry Association Privacy Framework
 
Data Security Explained
Data Security ExplainedData Security Explained
Data Security Explained
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issues
 
Information security
Information securityInformation security
Information security
 
Personally owned devices at work
Personally owned devices at workPersonally owned devices at work
Personally owned devices at work
 
GDPR & IBM i Security
GDPR & IBM i SecurityGDPR & IBM i Security
GDPR & IBM i Security
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
 
Week 1 discussion 2 confidentiality
Week 1 discussion 2 confidentialityWeek 1 discussion 2 confidentiality
Week 1 discussion 2 confidentiality
 
Are you GDPR ready?
Are you GDPR ready?Are you GDPR ready?
Are you GDPR ready?
 

Destacado

Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...Steve Werby
 
Mandatory data breach notification for Australia
Mandatory data breach notification for AustraliaMandatory data breach notification for Australia
Mandatory data breach notification for AustraliaPatrick Dwyer
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera... SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...AlienVault
 
Incident Response Swimlanes
Incident Response SwimlanesIncident Response Swimlanes
Incident Response SwimlanesDaniel P Wallace
 
Incident Response Triage
Incident Response TriageIncident Response Triage
Incident Response TriageAlbert Hui
 
The Six Stages of Incident Response
The Six Stages of Incident Response The Six Stages of Incident Response
The Six Stages of Incident Response Darren Pauli
 

Destacado (6)

Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...
 
Mandatory data breach notification for Australia
Mandatory data breach notification for AustraliaMandatory data breach notification for Australia
Mandatory data breach notification for Australia
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera... SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
 
Incident Response Swimlanes
Incident Response SwimlanesIncident Response Swimlanes
Incident Response Swimlanes
 
Incident Response Triage
Incident Response TriageIncident Response Triage
Incident Response Triage
 
The Six Stages of Incident Response
The Six Stages of Incident Response The Six Stages of Incident Response
The Six Stages of Incident Response
 

Similar a Keeping Client Data Safe (Final)

Mass Information Security Requirements January 2010
Mass Information Security Requirements January 2010Mass Information Security Requirements January 2010
Mass Information Security Requirements January 2010madamseane
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4stevemeltzer
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4stevemeltzer
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4stevemeltzer
 
The new massachusetts privacy rules v5.35.1
The new massachusetts privacy rules v5.35.1The new massachusetts privacy rules v5.35.1
The new massachusetts privacy rules v5.35.1stevemeltzer
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age padler01
 
The New Massachusetts Privacy Rules (February 2, 2010)
The New Massachusetts Privacy Rules (February 2, 2010)The New Massachusetts Privacy Rules (February 2, 2010)
The New Massachusetts Privacy Rules (February 2, 2010)stevemeltzer
 
Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...David Cunningham
 
Mass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy LawMass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy Lawguest8b10a3
 
Privacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowPrivacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowThe Capital Network
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessSirius
 
ISSA Data Retention Policy Development
ISSA Data Retention Policy DevelopmentISSA Data Retention Policy Development
ISSA Data Retention Policy DevelopmentBill Lisse
 
FTC Protecting Info A Guide For Business Powerpoint
FTC Protecting Info A Guide For Business PowerpointFTC Protecting Info A Guide For Business Powerpoint
FTC Protecting Info A Guide For Business PowerpointBucacci Business Solutions
 
2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?Raffa Learning Community
 
2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance 2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance Raffa Learning Community
 
2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA Compliance2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA ComplianceRaffa Learning Community
 

Similar a Keeping Client Data Safe (Final) (20)

Mass Information Security Requirements January 2010
Mass Information Security Requirements January 2010Mass Information Security Requirements January 2010
Mass Information Security Requirements January 2010
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4
 
The new massachusetts privacy rules v5.35.1
The new massachusetts privacy rules v5.35.1The new massachusetts privacy rules v5.35.1
The new massachusetts privacy rules v5.35.1
 
Advisory April Showers 02.19.2009
Advisory April Showers 02.19.2009Advisory April Showers 02.19.2009
Advisory April Showers 02.19.2009
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age
 
The New Massachusetts Privacy Rules (February 2, 2010)
The New Massachusetts Privacy Rules (February 2, 2010)The New Massachusetts Privacy Rules (February 2, 2010)
The New Massachusetts Privacy Rules (February 2, 2010)
 
Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...
 
Mass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy LawMass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy Law
 
201 CMR 17.00
201 CMR 17.00201 CMR 17.00
201 CMR 17.00
 
Privacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowPrivacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to Know
 
Cissp notes
Cissp notesCissp notes
Cissp notes
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
 
ISSA Data Retention Policy Development
ISSA Data Retention Policy DevelopmentISSA Data Retention Policy Development
ISSA Data Retention Policy Development
 
FTC Protecting Info A Guide For Business Powerpoint
FTC Protecting Info A Guide For Business PowerpointFTC Protecting Info A Guide For Business Powerpoint
FTC Protecting Info A Guide For Business Powerpoint
 
2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?
 
08 pdf show-239
08 pdf show-23908 pdf show-239
08 pdf show-239
 
2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance 2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance
 
2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA Compliance2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA Compliance
 

Keeping Client Data Safe (Final)

  • 1. Keeping Client (and employee) Data Safe What attorneys must do to comply with the Massachusetts Data Breach Notification Law
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7. “ Personal information” does not include public record information Information lawfully obtained from generally available public records is not considered “personal information” under G.L.c. 93H. (For example, title information, assessors records, or published telephone and address information (in print or on the internet)).
  • 8.
  • 9.  
  • 10.
  • 11.  
  • 12.
  • 13.
  • 14.  
  • 15.
  • 16.
  • 17.
  • 18.  
  • 19.