SlideShare una empresa de Scribd logo

Law Firm Data Privacy Overview

Descargar como PPTX, PDF
David Cunningham
David Cunningham

The document provides an overview of data privacy regulations and obligations for law firms. It discusses requirements around protecting client data, firm confidential information, and sensitive data. The presentation notes that firms must establish policies and controls around data collection, use, storage, and sharing to ensure compliance with various privacy laws and standards, including HIPAA, GDPR, and state privacy statutes. It also emphasizes the importance of training employees, conducting security audits, and establishing responsibilities and guidelines for handling personal information.

TecnologíaNoticias y política
1 de 16
Law Firm Data Privacy Overview Presented by David Cunningham Hildebrandt Baker Robbins
Data Privacy Overview Regulatory Obligations Data Privacy Client Confidential Firm Confidential Information Information
Data Privacy Data Privacy Regulations HITECH / HIPAA Protected Health Information (PHI) Health and Human Services and Governing Body Federal Trade Commission State Privacy Laws Personally Identifiable Information (PII) Protected Health Information Sensitive Data • Internal HR data • Client data EU Data Protection Directive / Safe Harbor Personally Identifiable Information (PII) Compliance Date February 17, 2010 Red Flag $100 - $50,000 per incident; $1.5M Personally Identifiable Information (PII) Penalty max per year. Plus potential criminal penalties ITAR Classified Defense Information
Data Privacy Data Privacy Regulations HITECH / HIPAA Protected Health Information (PHI) State of Massachusetts Governing Body (example state) State Privacy Laws Personally Identifiable Information (PII) Personal information about a Sensitive Data resident of the Commonwealth of Massachusetts EU Data Protection Directive / Safe Harbor Compliance Date March 1, 2010 Personally Identifiable Information (PII) Red Flag $5,000 per incident plus costs of Personally Identifiable Information (PII) Penalty investigation, litigation and legal fees, plus potential civil penalties ITAR Classified Defense Information
Data Privacy Data Privacy Regulations HITECH / HIPAA Protected Health Information (PHI) US Dept of Commerce / Governing Body Federal Trade Commission State Privacy Laws Personally Identifiable Information (PII) Personal information transferred to Sensitive Data or from 27 Members States of the European Union EU Data Protection Directive / Voluntary Safe Harbor Compliance Date (replaces Data Transfer Agreements) Red Flag Personally Identifiable Information (PII) Penalty Up to $12,000 per day for violations ITAR Classified Defense Information
Data Privacy Data Privacy Regulations - Federal Trade Commission HITECH / HIPAA Governing Body Protected Health Information (PHI) via Fair Credit Reporting Act State Privacy Laws - Require financial institutions and Personally Identifiable Information (PII) creditors to create a program that provides for the identification, detection, and response to patterns, EU Data Protection Sensitive Data practices, or specific activities – Directive / known as “red flags.” Safe Harbor Personally Identifiable Information (PII) -The purpose of the Red Flags Rules is to help avoid identity theft. Red Flag Personally Identifiable Information (PII) Compliance Date - June 1, 2010 (law firms exempt) ITAR Classified Defense Information - $2,500 - $3,500 per violation, then Penalty up to $16,000 per violation for continued non-compliance
Data Privacy Data Privacy Regulations HITECH / HIPAA Protected Health Information (PHI) Governing Body US Department of State State Privacy Laws Personally Identifiable Information (PII) “Export of technical data and Sensitive Data classified defense articles”, as defined by the US Munitions List EU Data Protection Directive / 60 days in advance of any intended Safe Harbor Personally Identifiable Information (PII) Compliance Date sale or transfer to a foreign person of ownership or control Red Flag Personally Identifiable Information (PII) Per violation, civil fines up to $500K; Penalty criminal penalties up to $1M and 10 ITAR years imprisonment Classified Defense Information
Data Privacy Data Privacy Regulations Protection of Sensitive Data HITECH / HIPAA Protected Health Information (PHI) Client Data Leaks Client and Case / Transaction Data State Privacy Laws Personally Identifiable Information (PII) Firm Data Leaks Firm and Partner Confidential Data EU Data Protection Directive / Safe Harbor Personally Identifiable Information (PII) Red Flag Personally Identifiable Information (PII) ITAR Classified Defense Information
Data Privacy Data Privacy Regulations Protection of Sensitive Data HITECH / HIPAA Protected Health Information (PHI) Client Data Leaks Client and Case / Transaction Data State Privacy Laws Personally Identifiable Information (PII) Firm Data Leaks Firm and Partner Confidential Data EU Data Protection Directive / Safe Harbor Preservation Orders Personally Identifiable Information (PII) Litigation, Subpoena or Client Requests Red Flag Personally Identifiable Information (PII) Confidential Walls - Inclusionary Walls for Privacy and Subpoenas - Exclusionary Walls for Conflicts ITAR Classified Defense Information
Data Privacy Data Privacy Regulations Protection of Sensitive Data Standards Data HITECH / HIPAA Protected Health Information (PHI) Client Data Leaks Client and Case / Transaction Data State Privacy Laws Personally Identifiable Information (PII) Firm Data Leaks Firm and Partner Confidential Data EU Data Protection ISO 27001 Directive / Competence in Addressing Data Safe Harbor Preservation Orders Confidentiality Personally Identifiable Information (PII) Litigation, Subpoena or Client Requests Red Flag Personally Identifiable Information (PII) Confidential Walls - Inclusionary Walls for Privacy and Subpoenas - Exclusionary Walls for Conflicts ITAR Classified Defense Information
Data Privacy Solutions
Data Privacy - General Adequacy Questions • Does your firm need the personal data that it is collecting about an individual? • Can you firm document what it will use the personal data for? • Do these individuals know that the firm has their personal data and do they understand what it will be used for? • If the firm is asked to pass on personal data, would these individuals expect the firm to do this? • Is the firm satisfied that the information is being held securely, whether it is on paper, on computer, or during transfer? Is the firm willing to face a regulatory audit on this security? • Is it secure and are proper contracts with the third parties in place? • Is access to personal data limited to those with a strict need to know at the firm? • Is the firm sure that all personal data is accurate and up to date? • Does the firm delete or destroy personal information as soon as it has no more need for it? • Has the firm trained all of its attorneys and staff in their duties and responsibilities under all relevant data protection laws and are all of its attorneys and staff satisfying their duties and responsibilities? • Are all notifications to all Data or Information Commissioners current?
Data Privacy – Vendor Agreements Terms Before Negotiation Terms After Negotiation Limitations on liability Security and privacy standards Limited warranties Data ownership and return of data No performance standards Permissible use and disclosure of data Ability to change terms without Service level standards notice Control of security incidents Weak termination rights Audit rights Automatic contract renewal Proper allocation of liability Choice of law/forum
Data Privacy Roadmap • Start with broadest areas of risk – Protect portable devices: PCs, USB drives, and PDAs – Conduct an account audit; enact password policies – Use third party to perform penetration testing • Inventory PII, PHI, confidential, and sensitive information • Establish Firm‟s privacy stance – Establish data privacy roles and responsibilities – Draft privacy policy • Incorporate data privacy in agreements with: – Employees – Clients – Firm‟s vendors
Data Privacy Roadmap (continued) • Educate employees • Address broader aspects of data privacy – Processes (manual or automated) – Physical security – „Data at Rest‟ and „Data in Motion‟ – Security monitoring • Register with data privacy authorities • Maintain security program
David Cunningham Managing Director, Hildebrandt Baker Robbins dcunningham@hbrconsulting.com

Recomendados

Lex mundi 2011 confidentiality and knowledge collaboration presentation - f...
Lex mundi 2011 confidentiality and knowledge collaboration presentation - f...Lex mundi 2011 confidentiality and knowledge collaboration presentation - f...
Lex mundi 2011 confidentiality and knowledge collaboration presentation - f...David Cunningham
 
Federal Data Protection Act (FDPA)
Federal Data Protection Act (FDPA)Federal Data Protection Act (FDPA)
Federal Data Protection Act (FDPA)AMIPCI
 
Massachusetts New Data Security Laws Presentation
Massachusetts New Data Security Laws PresentationMassachusetts New Data Security Laws Presentation
Massachusetts New Data Security Laws Presentationbillanetworks
 
California Privacy Law: Resources & Protections
California Privacy Law: Resources & ProtectionsCalifornia Privacy Law: Resources & Protections
California Privacy Law: Resources & Protectionsipspat
 
Ecommerce Chap 10
Ecommerce Chap 10Ecommerce Chap 10
Ecommerce Chap 10Pimsat University
 
Cyber & Privacy Liability for Health Care Industry
Cyber & Privacy Liability for Health Care IndustryCyber & Privacy Liability for Health Care Industry
Cyber & Privacy Liability for Health Care IndustryFerrariT1
 
Privacy - USC 2005
Privacy - USC 2005Privacy - USC 2005
Privacy - USC 2005Internet Law Center
 
What happens to our virtual account or digital asset or data after our death ?
What happens to our virtual account or digital asset or data after our death ?What happens to our virtual account or digital asset or data after our death ?
What happens to our virtual account or digital asset or data after our death ?Bivas Chatterjee
 

Recomendados

Lex mundi 2011 confidentiality and knowledge collaboration presentation - f...
Lex mundi 2011 confidentiality and knowledge collaboration presentation - f...Lex mundi 2011 confidentiality and knowledge collaboration presentation - f...
Lex mundi 2011 confidentiality and knowledge collaboration presentation - f...David Cunningham
 
Federal Data Protection Act (FDPA)
Federal Data Protection Act (FDPA)Federal Data Protection Act (FDPA)
Federal Data Protection Act (FDPA)AMIPCI
 
Massachusetts New Data Security Laws Presentation
Massachusetts New Data Security Laws PresentationMassachusetts New Data Security Laws Presentation
Massachusetts New Data Security Laws Presentationbillanetworks
 
California Privacy Law: Resources & Protections
California Privacy Law: Resources & ProtectionsCalifornia Privacy Law: Resources & Protections
California Privacy Law: Resources & Protectionsipspat
 
Ecommerce Chap 10
Ecommerce Chap 10Ecommerce Chap 10
Ecommerce Chap 10Pimsat University
 
Cyber & Privacy Liability for Health Care Industry
Cyber & Privacy Liability for Health Care IndustryCyber & Privacy Liability for Health Care Industry
Cyber & Privacy Liability for Health Care IndustryFerrariT1
 
Privacy - USC 2005
Privacy - USC 2005Privacy - USC 2005
Privacy - USC 2005Internet Law Center
 
What happens to our virtual account or digital asset or data after our death ?
What happens to our virtual account or digital asset or data after our death ?What happens to our virtual account or digital asset or data after our death ?
What happens to our virtual account or digital asset or data after our death ?Bivas Chatterjee
 
Texas Privacy Laws - Tough New Changes
Texas Privacy Laws - Tough New ChangesTexas Privacy Laws - Tough New Changes
Texas Privacy Laws - Tough New ChangesJim Brashear
 
Developing a Legal Framework to Combat Cybercrime
Developing a Legal Framework to Combat CybercrimeDeveloping a Legal Framework to Combat Cybercrime
Developing a Legal Framework to Combat CybercrimeMarcelo Gomes Freire
 
Regulatory compliance 2018
Regulatory compliance 2018Regulatory compliance 2018
Regulatory compliance 2018ProColombia
 
Privacy Impact Assessment Methodologies for Protection of Personal Data
Privacy Impact Assessment Methodologies for Protection of Personal DataPrivacy Impact Assessment Methodologies for Protection of Personal Data
Privacy Impact Assessment Methodologies for Protection of Personal DataH. T. Besik
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislationUlf Mattsson
 
Privacy in India: Legal issues
Privacy in India: Legal issuesPrivacy in India: Legal issues
Privacy in India: Legal issuesSagar Rahurkar
 
Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009brentcarey
 
10 Things You Need To Know About Privacy
10 Things You Need To Know About Privacy10 Things You Need To Know About Privacy
10 Things You Need To Know About PrivacyNow Dentons
 
HIPAA vs GDPR The How, What, and Why ?
HIPAA vs GDPR The How, What, and Why ? HIPAA vs GDPR The How, What, and Why ?
HIPAA vs GDPR The How, What, and Why ? Magda CHELLY, Ph.D, S-CISO, CISSP®
 
Privacy introduction
Privacy introduction Privacy introduction
Privacy introduction brentcarey
 
eDiscovery and Records Oh...My!
eDiscovery and Records Oh...My!eDiscovery and Records Oh...My!
eDiscovery and Records Oh...My!J. David Morris
 
Advisory April Showers 02.19.2009
Advisory April Showers 02.19.2009Advisory April Showers 02.19.2009
Advisory April Showers 02.19.2009Davis Wright Tremaine LLP
 
Electronic data & record management
Electronic data & record managementElectronic data & record management
Electronic data & record managementGreenLeafInst
 
Week Of 2009 08 31
Week Of 2009 08 31Week Of 2009 08 31
Week Of 2009 08 31mbarreto13
 
Kurnava_Law+Ethics+and+Cybersecurity_Research+Paper
Kurnava_Law+Ethics+and+Cybersecurity_Research+PaperKurnava_Law+Ethics+and+Cybersecurity_Research+Paper
Kurnava_Law+Ethics+and+Cybersecurity_Research+PaperMatthew Kurnava
 
Popi and Sharepoint 2010
Popi and Sharepoint 2010Popi and Sharepoint 2010
Popi and Sharepoint 2010Willem Burger
 
The Case for Mandatory Data Breach Disclosure Laws
The Case for Mandatory Data Breach Disclosure LawsThe Case for Mandatory Data Breach Disclosure Laws
The Case for Mandatory Data Breach Disclosure LawsBrian Honan
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_indiaAltacit Global
 
10. law invest & ethics
10. law invest & ethics10. law invest & ethics
10. law invest & ethics7wounders
 
4. florence dupre new usagesprivacy legal framework fd
4. florence dupre new usagesprivacy legal framework fd4. florence dupre new usagesprivacy legal framework fd
4. florence dupre new usagesprivacy legal framework fdGlobalForum
 
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfAll_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfJakeAldrinDegala1
 
Hildebrandt baker robbins presentation for coo roundtable 2010 by dave cunn...
Hildebrandt baker robbins presentation for coo roundtable 2010 by dave cunn...Hildebrandt baker robbins presentation for coo roundtable 2010 by dave cunn...
Hildebrandt baker robbins presentation for coo roundtable 2010 by dave cunn...David Cunningham
 

Más contenido relacionado

La actualidad más candente

Texas Privacy Laws - Tough New Changes
Texas Privacy Laws - Tough New ChangesTexas Privacy Laws - Tough New Changes
Texas Privacy Laws - Tough New ChangesJim Brashear
 
Developing a Legal Framework to Combat Cybercrime
Developing a Legal Framework to Combat CybercrimeDeveloping a Legal Framework to Combat Cybercrime
Developing a Legal Framework to Combat CybercrimeMarcelo Gomes Freire
 
Regulatory compliance 2018
Regulatory compliance 2018Regulatory compliance 2018
Regulatory compliance 2018ProColombia
 
Privacy Impact Assessment Methodologies for Protection of Personal Data
Privacy Impact Assessment Methodologies for Protection of Personal DataPrivacy Impact Assessment Methodologies for Protection of Personal Data
Privacy Impact Assessment Methodologies for Protection of Personal DataH. T. Besik
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislationUlf Mattsson
 
Privacy in India: Legal issues
Privacy in India: Legal issuesPrivacy in India: Legal issues
Privacy in India: Legal issuesSagar Rahurkar
 
Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009brentcarey
 
10 Things You Need To Know About Privacy
10 Things You Need To Know About Privacy10 Things You Need To Know About Privacy
10 Things You Need To Know About PrivacyNow Dentons
 
Privacy introduction
Privacy introduction Privacy introduction
Privacy introduction brentcarey
 
eDiscovery and Records Oh...My!
eDiscovery and Records Oh...My!eDiscovery and Records Oh...My!
eDiscovery and Records Oh...My!J. David Morris
 
Electronic data & record management
Electronic data & record managementElectronic data & record management
Electronic data & record managementGreenLeafInst
 
Week Of 2009 08 31
Week Of 2009 08 31Week Of 2009 08 31
Week Of 2009 08 31mbarreto13
 
Kurnava_Law+Ethics+and+Cybersecurity_Research+Paper
Kurnava_Law+Ethics+and+Cybersecurity_Research+PaperKurnava_Law+Ethics+and+Cybersecurity_Research+Paper
Kurnava_Law+Ethics+and+Cybersecurity_Research+PaperMatthew Kurnava
 
Popi and Sharepoint 2010
Popi and Sharepoint 2010Popi and Sharepoint 2010
Popi and Sharepoint 2010Willem Burger
 
The Case for Mandatory Data Breach Disclosure Laws
The Case for Mandatory Data Breach Disclosure LawsThe Case for Mandatory Data Breach Disclosure Laws
The Case for Mandatory Data Breach Disclosure LawsBrian Honan
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_indiaAltacit Global
 
10. law invest & ethics
10. law invest & ethics10. law invest & ethics
10. law invest & ethics7wounders
 
4. florence dupre new usagesprivacy legal framework fd
4. florence dupre new usagesprivacy legal framework fd4. florence dupre new usagesprivacy legal framework fd
4. florence dupre new usagesprivacy legal framework fdGlobalForum
 

La actualidad más candente (20)

Texas Privacy Laws - Tough New Changes
Texas Privacy Laws - Tough New ChangesTexas Privacy Laws - Tough New Changes
Texas Privacy Laws - Tough New Changes
 
Developing a Legal Framework to Combat Cybercrime
Developing a Legal Framework to Combat CybercrimeDeveloping a Legal Framework to Combat Cybercrime
Developing a Legal Framework to Combat Cybercrime
 
Regulatory compliance 2018
Regulatory compliance 2018Regulatory compliance 2018
Regulatory compliance 2018
 
Privacy Impact Assessment Methodologies for Protection of Personal Data
Privacy Impact Assessment Methodologies for Protection of Personal DataPrivacy Impact Assessment Methodologies for Protection of Personal Data
Privacy Impact Assessment Methodologies for Protection of Personal Data
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislation
 
Privacy in India: Legal issues
Privacy in India: Legal issuesPrivacy in India: Legal issues
Privacy in India: Legal issues
 
Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009
 
10 Things You Need To Know About Privacy
10 Things You Need To Know About Privacy10 Things You Need To Know About Privacy
10 Things You Need To Know About Privacy
 
HIPAA vs GDPR The How, What, and Why ?
HIPAA vs GDPR The How, What, and Why ? HIPAA vs GDPR The How, What, and Why ?
HIPAA vs GDPR The How, What, and Why ?
 
Privacy introduction
Privacy introduction Privacy introduction
Privacy introduction
 
eDiscovery and Records Oh...My!
eDiscovery and Records Oh...My!eDiscovery and Records Oh...My!
eDiscovery and Records Oh...My!
 
Advisory April Showers 02.19.2009
Advisory April Showers 02.19.2009Advisory April Showers 02.19.2009
Advisory April Showers 02.19.2009
 
Electronic data & record management
Electronic data & record managementElectronic data & record management
Electronic data & record management
 
Week Of 2009 08 31
Week Of 2009 08 31Week Of 2009 08 31
Week Of 2009 08 31
 
Kurnava_Law+Ethics+and+Cybersecurity_Research+Paper
Kurnava_Law+Ethics+and+Cybersecurity_Research+PaperKurnava_Law+Ethics+and+Cybersecurity_Research+Paper
Kurnava_Law+Ethics+and+Cybersecurity_Research+Paper
 
Popi and Sharepoint 2010
Popi and Sharepoint 2010Popi and Sharepoint 2010
Popi and Sharepoint 2010
 
The Case for Mandatory Data Breach Disclosure Laws
The Case for Mandatory Data Breach Disclosure LawsThe Case for Mandatory Data Breach Disclosure Laws
The Case for Mandatory Data Breach Disclosure Laws
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_india
 
10. law invest & ethics
10. law invest & ethics10. law invest & ethics
10. law invest & ethics
 
4. florence dupre new usagesprivacy legal framework fd
4. florence dupre new usagesprivacy legal framework fd4. florence dupre new usagesprivacy legal framework fd
4. florence dupre new usagesprivacy legal framework fd
 

Similar a Law Firm Data Privacy Overview

All_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfAll_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfJakeAldrinDegala1
 
Hildebrandt baker robbins presentation for coo roundtable 2010 by dave cunn...
Hildebrandt baker robbins presentation for coo roundtable 2010 by dave cunn...Hildebrandt baker robbins presentation for coo roundtable 2010 by dave cunn...
Hildebrandt baker robbins presentation for coo roundtable 2010 by dave cunn...David Cunningham
 
Protecting PHI with encryption for HIPAA compliance
Protecting PHI with encryption for HIPAA complianceProtecting PHI with encryption for HIPAA compliance
Protecting PHI with encryption for HIPAA complianceTodd Merrill
 
Personally Identifiable Information – FTC: Identity theft is the most common ...
Personally Identifiable Information – FTC: Identity theft is the most common ...Personally Identifiable Information – FTC: Identity theft is the most common ...
Personally Identifiable Information – FTC: Identity theft is the most common ...Jan Carroza
 
India’s Digital Personal Data Protection Bill-New.pdf
India’s Digital Personal Data Protection Bill-New.pdfIndia’s Digital Personal Data Protection Bill-New.pdf
India’s Digital Personal Data Protection Bill-New.pdfInfosec train
 
Jamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business communityJamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business communityEmerson Bryan
 
Deconstructing the cost of a data breach
Deconstructing the cost of a data breachDeconstructing the cost of a data breach
Deconstructing the cost of a data breachPatrick Florer
 
Gagnier's Portion of TechWeek Chicago Presentation
Gagnier's Portion of TechWeek Chicago PresentationGagnier's Portion of TechWeek Chicago Presentation
Gagnier's Portion of TechWeek Chicago PresentationChristina Gagnier
 
Privacy And Security Laws For Sm And Lbs (110120)
Privacy And Security Laws For Sm And Lbs (110120)Privacy And Security Laws For Sm And Lbs (110120)
Privacy And Security Laws For Sm And Lbs (110120)JNicholson
 
John Nicholson Presentation
John Nicholson PresentationJohn Nicholson Presentation
John Nicholson PresentationMediabistro
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentDonald E. Hester
 
Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000n|u - The Open Security Community
 
IBM Smarter Commerce Florida 2014 The Furture of Privacy by Aurélie Pols & Bl...
IBM Smarter Commerce Florida 2014 The Furture of Privacy by Aurélie Pols & Bl...IBM Smarter Commerce Florida 2014 The Furture of Privacy by Aurélie Pols & Bl...
IBM Smarter Commerce Florida 2014 The Furture of Privacy by Aurélie Pols & Bl...FLUZO
 
2014-04-16 Protection of Personal Information Act Readiness Workshop
2014-04-16 Protection of Personal Information Act Readiness Workshop2014-04-16 Protection of Personal Information Act Readiness Workshop
2014-04-16 Protection of Personal Information Act Readiness WorkshopPaul Jacobson
 
How Will Privacy Regulation Impact Your Business in 2012
How Will Privacy Regulation Impact Your Business in 2012How Will Privacy Regulation Impact Your Business in 2012
How Will Privacy Regulation Impact Your Business in 2012Vivastream
 
Privacy in a Human Rights and Social Justice Context
Privacy in a Human Rights and Social Justice ContextPrivacy in a Human Rights and Social Justice Context
Privacy in a Human Rights and Social Justice ContextInfo_Studies_Aberystwyth
 
Data Security and Regulatory Compliance
Data Security and Regulatory ComplianceData Security and Regulatory Compliance
Data Security and Regulatory ComplianceLifeline Data Centers
 
Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...David Cunningham
 
Lily lim data privacy ownership and ethics
Lily lim data privacy ownership and ethicsLily lim data privacy ownership and ethics
Lily lim data privacy ownership and ethicsMassTLC
 
Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw bu...
Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw bu...Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw bu...
Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw bu...DDMA
 

Similar a Law Firm Data Privacy Overview (20)

All_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfAll_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
 
Hildebrandt baker robbins presentation for coo roundtable 2010 by dave cunn...
Hildebrandt baker robbins presentation for coo roundtable 2010 by dave cunn...Hildebrandt baker robbins presentation for coo roundtable 2010 by dave cunn...
Hildebrandt baker robbins presentation for coo roundtable 2010 by dave cunn...
 
Protecting PHI with encryption for HIPAA compliance
Protecting PHI with encryption for HIPAA complianceProtecting PHI with encryption for HIPAA compliance
Protecting PHI with encryption for HIPAA compliance
 
Personally Identifiable Information – FTC: Identity theft is the most common ...
Personally Identifiable Information – FTC: Identity theft is the most common ...Personally Identifiable Information – FTC: Identity theft is the most common ...
Personally Identifiable Information – FTC: Identity theft is the most common ...
 
India’s Digital Personal Data Protection Bill-New.pdf
India’s Digital Personal Data Protection Bill-New.pdfIndia’s Digital Personal Data Protection Bill-New.pdf
India’s Digital Personal Data Protection Bill-New.pdf
 
Jamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business communityJamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business community
 
Deconstructing the cost of a data breach
Deconstructing the cost of a data breachDeconstructing the cost of a data breach
Deconstructing the cost of a data breach
 
Gagnier's Portion of TechWeek Chicago Presentation
Gagnier's Portion of TechWeek Chicago PresentationGagnier's Portion of TechWeek Chicago Presentation
Gagnier's Portion of TechWeek Chicago Presentation
 
Privacy And Security Laws For Sm And Lbs (110120)
Privacy And Security Laws For Sm And Lbs (110120)Privacy And Security Laws For Sm And Lbs (110120)
Privacy And Security Laws For Sm And Lbs (110120)
 
John Nicholson Presentation
John Nicholson PresentationJohn Nicholson Presentation
John Nicholson Presentation
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local Government
 
Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000
 
IBM Smarter Commerce Florida 2014 The Furture of Privacy by Aurélie Pols & Bl...
IBM Smarter Commerce Florida 2014 The Furture of Privacy by Aurélie Pols & Bl...IBM Smarter Commerce Florida 2014 The Furture of Privacy by Aurélie Pols & Bl...
IBM Smarter Commerce Florida 2014 The Furture of Privacy by Aurélie Pols & Bl...
 
2014-04-16 Protection of Personal Information Act Readiness Workshop
2014-04-16 Protection of Personal Information Act Readiness Workshop2014-04-16 Protection of Personal Information Act Readiness Workshop
2014-04-16 Protection of Personal Information Act Readiness Workshop
 
How Will Privacy Regulation Impact Your Business in 2012
How Will Privacy Regulation Impact Your Business in 2012How Will Privacy Regulation Impact Your Business in 2012
How Will Privacy Regulation Impact Your Business in 2012
 
Privacy in a Human Rights and Social Justice Context
Privacy in a Human Rights and Social Justice ContextPrivacy in a Human Rights and Social Justice Context
Privacy in a Human Rights and Social Justice Context
 
Data Security and Regulatory Compliance
Data Security and Regulatory ComplianceData Security and Regulatory Compliance
Data Security and Regulatory Compliance
 
Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...
 
Lily lim data privacy ownership and ethics
Lily lim data privacy ownership and ethicsLily lim data privacy ownership and ethics
Lily lim data privacy ownership and ethics
 
Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw bu...
Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw bu...Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw bu...
Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw bu...
 

Más de David Cunningham

The business of data analytics and business intelligence 15 nov 2016
The business of data analytics and business intelligence 15 nov 2016The business of data analytics and business intelligence 15 nov 2016
The business of data analytics and business intelligence 15 nov 2016David Cunningham
 
CLOC Legal Project Management and Simple RFPs
CLOC Legal Project Management and Simple RFPsCLOC Legal Project Management and Simple RFPs
CLOC Legal Project Management and Simple RFPsDavid Cunningham
 
Iltacon cio corporate legal operations consortium (cloc) metrics aug 2015
Iltacon cio corporate legal operations consortium (cloc) metrics aug 2015Iltacon cio corporate legal operations consortium (cloc) metrics aug 2015
Iltacon cio corporate legal operations consortium (cloc) metrics aug 2015David Cunningham
 
ALA 2005 Outsourcing - Making a Decision that Fits by Dave Cunningham Apr 2005
ALA 2005 Outsourcing - Making a Decision that Fits by Dave Cunningham Apr 2005ALA 2005 Outsourcing - Making a Decision that Fits by Dave Cunningham Apr 2005
ALA 2005 Outsourcing - Making a Decision that Fits by Dave Cunningham Apr 2005David Cunningham
 
Ilta 2005 - Evaluating Managed Services - Benchmarks and Case Studies by Dave...
Ilta 2005 - Evaluating Managed Services - Benchmarks and Case Studies by Dave...Ilta 2005 - Evaluating Managed Services - Benchmarks and Case Studies by Dave...
Ilta 2005 - Evaluating Managed Services - Benchmarks and Case Studies by Dave...David Cunningham
 
Ilta06 developing and selling an enterprise risk management approach by dave ...
Ilta06 developing and selling an enterprise risk management approach by dave ...Ilta06 developing and selling an enterprise risk management approach by dave ...
Ilta06 developing and selling an enterprise risk management approach by dave ...David Cunningham
 
Establishing a framework for it governance by dave cunningham 2007
Establishing a framework for it governance by dave cunningham 2007Establishing a framework for it governance by dave cunningham 2007
Establishing a framework for it governance by dave cunningham 2007David Cunningham
 
Ilta 2008 challenges in demonstrating it payoff presentation by dave cunningh...
Ilta 2008 challenges in demonstrating it payoff presentation by dave cunningh...Ilta 2008 challenges in demonstrating it payoff presentation by dave cunningh...
Ilta 2008 challenges in demonstrating it payoff presentation by dave cunningh...David Cunningham
 
Lit con 2009 collaborate to mitigate panel - facilitated by dave cunningham...
Lit con 2009 collaborate to mitigate panel - facilitated by dave cunningham...Lit con 2009 collaborate to mitigate panel - facilitated by dave cunningham...
Lit con 2009 collaborate to mitigate panel - facilitated by dave cunningham...David Cunningham
 
Ilta 2009 law firm risk management can it grow profitability - panel member...
Ilta 2009 law firm risk management can it grow profitability - panel member...Ilta 2009 law firm risk management can it grow profitability - panel member...
Ilta 2009 law firm risk management can it grow profitability - panel member...David Cunningham
 
Out with the old it in with the new by david cunningham - sep 2009
Out with the old it in with the new by david cunningham - sep 2009Out with the old it in with the new by david cunningham - sep 2009
Out with the old it in with the new by david cunningham - sep 2009David Cunningham
 
Managing partner retreat using technology to streamline the practice of law...
Managing partner retreat using technology to streamline the practice of law...Managing partner retreat using technology to streamline the practice of law...
Managing partner retreat using technology to streamline the practice of law...David Cunningham
 
Law journal news it is dead article; long live it controlling costs while g...
Law journal news it is dead article; long live it controlling costs while g...Law journal news it is dead article; long live it controlling costs while g...
Law journal news it is dead article; long live it controlling costs while g...David Cunningham
 
Risk management for law firms chapter 1 ark 2009 by dave cunningham
Risk management for law firms chapter 1 ark 2009 by dave cunninghamRisk management for law firms chapter 1 ark 2009 by dave cunningham
Risk management for law firms chapter 1 ark 2009 by dave cunninghamDavid Cunningham
 
Risk management for law firms chapter 2 ark 2009 by meg block
Risk management for law firms chapter 2 ark 2009 by meg blockRisk management for law firms chapter 2 ark 2009 by meg block
Risk management for law firms chapter 2 ark 2009 by meg blockDavid Cunningham
 
Trends shaping the future of legal risk management by dave cunningham and m...
Trends shaping the future of legal risk management by dave cunningham and m...Trends shaping the future of legal risk management by dave cunningham and m...
Trends shaping the future of legal risk management by dave cunningham and m...David Cunningham
 
Ltn 2010 02 risk glossary by dave cunningham on page 23
Ltn 2010 02 risk glossary by dave cunningham on page 23Ltn 2010 02 risk glossary by dave cunningham on page 23
Ltn 2010 02 risk glossary by dave cunningham on page 23David Cunningham
 
Ala 2005 rfp best practices by dave cunningham apr 2005
Ala 2005 rfp best practices by dave cunningham apr 2005Ala 2005 rfp best practices by dave cunningham apr 2005
Ala 2005 rfp best practices by dave cunningham apr 2005David Cunningham
 
It sourcing threat or opportunity by dave cunningham- feb 2004
It sourcing threat or opportunity by dave cunningham- feb 2004It sourcing threat or opportunity by dave cunningham- feb 2004
It sourcing threat or opportunity by dave cunningham- feb 2004David Cunningham
 

Más de David Cunningham (20)

The business of data analytics and business intelligence 15 nov 2016
The business of data analytics and business intelligence 15 nov 2016The business of data analytics and business intelligence 15 nov 2016
The business of data analytics and business intelligence 15 nov 2016
 
50 Shades of Metrics
50 Shades of Metrics50 Shades of Metrics
50 Shades of Metrics
 
CLOC Legal Project Management and Simple RFPs
CLOC Legal Project Management and Simple RFPsCLOC Legal Project Management and Simple RFPs
CLOC Legal Project Management and Simple RFPs
 
Iltacon cio corporate legal operations consortium (cloc) metrics aug 2015
Iltacon cio corporate legal operations consortium (cloc) metrics aug 2015Iltacon cio corporate legal operations consortium (cloc) metrics aug 2015
Iltacon cio corporate legal operations consortium (cloc) metrics aug 2015
 
ALA 2005 Outsourcing - Making a Decision that Fits by Dave Cunningham Apr 2005
ALA 2005 Outsourcing - Making a Decision that Fits by Dave Cunningham Apr 2005ALA 2005 Outsourcing - Making a Decision that Fits by Dave Cunningham Apr 2005
ALA 2005 Outsourcing - Making a Decision that Fits by Dave Cunningham Apr 2005
 
Ilta 2005 - Evaluating Managed Services - Benchmarks and Case Studies by Dave...
Ilta 2005 - Evaluating Managed Services - Benchmarks and Case Studies by Dave...Ilta 2005 - Evaluating Managed Services - Benchmarks and Case Studies by Dave...
Ilta 2005 - Evaluating Managed Services - Benchmarks and Case Studies by Dave...
 
Ilta06 developing and selling an enterprise risk management approach by dave ...
Ilta06 developing and selling an enterprise risk management approach by dave ...Ilta06 developing and selling an enterprise risk management approach by dave ...
Ilta06 developing and selling an enterprise risk management approach by dave ...
 
Establishing a framework for it governance by dave cunningham 2007
Establishing a framework for it governance by dave cunningham 2007Establishing a framework for it governance by dave cunningham 2007
Establishing a framework for it governance by dave cunningham 2007
 
Ilta 2008 challenges in demonstrating it payoff presentation by dave cunningh...
Ilta 2008 challenges in demonstrating it payoff presentation by dave cunningh...Ilta 2008 challenges in demonstrating it payoff presentation by dave cunningh...
Ilta 2008 challenges in demonstrating it payoff presentation by dave cunningh...
 
Lit con 2009 collaborate to mitigate panel - facilitated by dave cunningham...
Lit con 2009 collaborate to mitigate panel - facilitated by dave cunningham...Lit con 2009 collaborate to mitigate panel - facilitated by dave cunningham...
Lit con 2009 collaborate to mitigate panel - facilitated by dave cunningham...
 
Ilta 2009 law firm risk management can it grow profitability - panel member...
Ilta 2009 law firm risk management can it grow profitability - panel member...Ilta 2009 law firm risk management can it grow profitability - panel member...
Ilta 2009 law firm risk management can it grow profitability - panel member...
 
Out with the old it in with the new by david cunningham - sep 2009
Out with the old it in with the new by david cunningham - sep 2009Out with the old it in with the new by david cunningham - sep 2009
Out with the old it in with the new by david cunningham - sep 2009
 
Managing partner retreat using technology to streamline the practice of law...
Managing partner retreat using technology to streamline the practice of law...Managing partner retreat using technology to streamline the practice of law...
Managing partner retreat using technology to streamline the practice of law...
 
Law journal news it is dead article; long live it controlling costs while g...
Law journal news it is dead article; long live it controlling costs while g...Law journal news it is dead article; long live it controlling costs while g...
Law journal news it is dead article; long live it controlling costs while g...
 
Risk management for law firms chapter 1 ark 2009 by dave cunningham
Risk management for law firms chapter 1 ark 2009 by dave cunninghamRisk management for law firms chapter 1 ark 2009 by dave cunningham
Risk management for law firms chapter 1 ark 2009 by dave cunningham
 
Risk management for law firms chapter 2 ark 2009 by meg block
Risk management for law firms chapter 2 ark 2009 by meg blockRisk management for law firms chapter 2 ark 2009 by meg block
Risk management for law firms chapter 2 ark 2009 by meg block
 
Trends shaping the future of legal risk management by dave cunningham and m...
Trends shaping the future of legal risk management by dave cunningham and m...Trends shaping the future of legal risk management by dave cunningham and m...
Trends shaping the future of legal risk management by dave cunningham and m...
 
Ltn 2010 02 risk glossary by dave cunningham on page 23
Ltn 2010 02 risk glossary by dave cunningham on page 23Ltn 2010 02 risk glossary by dave cunningham on page 23
Ltn 2010 02 risk glossary by dave cunningham on page 23
 
Ala 2005 rfp best practices by dave cunningham apr 2005
Ala 2005 rfp best practices by dave cunningham apr 2005Ala 2005 rfp best practices by dave cunningham apr 2005
Ala 2005 rfp best practices by dave cunningham apr 2005
 
It sourcing threat or opportunity by dave cunningham- feb 2004
It sourcing threat or opportunity by dave cunningham- feb 2004It sourcing threat or opportunity by dave cunningham- feb 2004
It sourcing threat or opportunity by dave cunningham- feb 2004
 

Último

DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 

Último (20)

DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 

Law Firm Data Privacy Overview

  • 1. Law Firm Data Privacy Overview Presented by David Cunningham Hildebrandt Baker Robbins
  • 2. Data Privacy Overview Regulatory Obligations Data Privacy Client Confidential Firm Confidential Information Information
  • 3. Data Privacy Data Privacy Regulations HITECH / HIPAA Protected Health Information (PHI) Health and Human Services and Governing Body Federal Trade Commission State Privacy Laws Personally Identifiable Information (PII) Protected Health Information Sensitive Data • Internal HR data • Client data EU Data Protection Directive / Safe Harbor Personally Identifiable Information (PII) Compliance Date February 17, 2010 Red Flag $100 - $50,000 per incident; $1.5M Personally Identifiable Information (PII) Penalty max per year. Plus potential criminal penalties ITAR Classified Defense Information
  • 4. Data Privacy Data Privacy Regulations HITECH / HIPAA Protected Health Information (PHI) State of Massachusetts Governing Body (example state) State Privacy Laws Personally Identifiable Information (PII) Personal information about a Sensitive Data resident of the Commonwealth of Massachusetts EU Data Protection Directive / Safe Harbor Compliance Date March 1, 2010 Personally Identifiable Information (PII) Red Flag $5,000 per incident plus costs of Personally Identifiable Information (PII) Penalty investigation, litigation and legal fees, plus potential civil penalties ITAR Classified Defense Information
  • 5. Data Privacy Data Privacy Regulations HITECH / HIPAA Protected Health Information (PHI) US Dept of Commerce / Governing Body Federal Trade Commission State Privacy Laws Personally Identifiable Information (PII) Personal information transferred to Sensitive Data or from 27 Members States of the European Union EU Data Protection Directive / Voluntary Safe Harbor Compliance Date (replaces Data Transfer Agreements) Red Flag Personally Identifiable Information (PII) Penalty Up to $12,000 per day for violations ITAR Classified Defense Information
  • 6. Data Privacy Data Privacy Regulations - Federal Trade Commission HITECH / HIPAA Governing Body Protected Health Information (PHI) via Fair Credit Reporting Act State Privacy Laws - Require financial institutions and Personally Identifiable Information (PII) creditors to create a program that provides for the identification, detection, and response to patterns, EU Data Protection Sensitive Data practices, or specific activities – Directive / known as “red flags.” Safe Harbor Personally Identifiable Information (PII) -The purpose of the Red Flags Rules is to help avoid identity theft. Red Flag Personally Identifiable Information (PII) Compliance Date - June 1, 2010 (law firms exempt) ITAR Classified Defense Information - $2,500 - $3,500 per violation, then Penalty up to $16,000 per violation for continued non-compliance
  • 7. Data Privacy Data Privacy Regulations HITECH / HIPAA Protected Health Information (PHI) Governing Body US Department of State State Privacy Laws Personally Identifiable Information (PII) “Export of technical data and Sensitive Data classified defense articles”, as defined by the US Munitions List EU Data Protection Directive / 60 days in advance of any intended Safe Harbor Personally Identifiable Information (PII) Compliance Date sale or transfer to a foreign person of ownership or control Red Flag Personally Identifiable Information (PII) Per violation, civil fines up to $500K; Penalty criminal penalties up to $1M and 10 ITAR years imprisonment Classified Defense Information
  • 8. Data Privacy Data Privacy Regulations Protection of Sensitive Data HITECH / HIPAA Protected Health Information (PHI) Client Data Leaks Client and Case / Transaction Data State Privacy Laws Personally Identifiable Information (PII) Firm Data Leaks Firm and Partner Confidential Data EU Data Protection Directive / Safe Harbor Personally Identifiable Information (PII) Red Flag Personally Identifiable Information (PII) ITAR Classified Defense Information
  • 9. Data Privacy Data Privacy Regulations Protection of Sensitive Data HITECH / HIPAA Protected Health Information (PHI) Client Data Leaks Client and Case / Transaction Data State Privacy Laws Personally Identifiable Information (PII) Firm Data Leaks Firm and Partner Confidential Data EU Data Protection Directive / Safe Harbor Preservation Orders Personally Identifiable Information (PII) Litigation, Subpoena or Client Requests Red Flag Personally Identifiable Information (PII) Confidential Walls - Inclusionary Walls for Privacy and Subpoenas - Exclusionary Walls for Conflicts ITAR Classified Defense Information
  • 10. Data Privacy Data Privacy Regulations Protection of Sensitive Data Standards Data HITECH / HIPAA Protected Health Information (PHI) Client Data Leaks Client and Case / Transaction Data State Privacy Laws Personally Identifiable Information (PII) Firm Data Leaks Firm and Partner Confidential Data EU Data Protection ISO 27001 Directive / Competence in Addressing Data Safe Harbor Preservation Orders Confidentiality Personally Identifiable Information (PII) Litigation, Subpoena or Client Requests Red Flag Personally Identifiable Information (PII) Confidential Walls - Inclusionary Walls for Privacy and Subpoenas - Exclusionary Walls for Conflicts ITAR Classified Defense Information
  • 12. Data Privacy - General Adequacy Questions • Does your firm need the personal data that it is collecting about an individual? • Can you firm document what it will use the personal data for? • Do these individuals know that the firm has their personal data and do they understand what it will be used for? • If the firm is asked to pass on personal data, would these individuals expect the firm to do this? • Is the firm satisfied that the information is being held securely, whether it is on paper, on computer, or during transfer? Is the firm willing to face a regulatory audit on this security? • Is it secure and are proper contracts with the third parties in place? • Is access to personal data limited to those with a strict need to know at the firm? • Is the firm sure that all personal data is accurate and up to date? • Does the firm delete or destroy personal information as soon as it has no more need for it? • Has the firm trained all of its attorneys and staff in their duties and responsibilities under all relevant data protection laws and are all of its attorneys and staff satisfying their duties and responsibilities? • Are all notifications to all Data or Information Commissioners current?
  • 13. Data Privacy – Vendor Agreements Terms Before Negotiation Terms After Negotiation Limitations on liability Security and privacy standards Limited warranties Data ownership and return of data No performance standards Permissible use and disclosure of data Ability to change terms without Service level standards notice Control of security incidents Weak termination rights Audit rights Automatic contract renewal Proper allocation of liability Choice of law/forum
  • 14. Data Privacy Roadmap • Start with broadest areas of risk – Protect portable devices: PCs, USB drives, and PDAs – Conduct an account audit; enact password policies – Use third party to perform penetration testing • Inventory PII, PHI, confidential, and sensitive information • Establish Firm‟s privacy stance – Establish data privacy roles and responsibilities – Draft privacy policy • Incorporate data privacy in agreements with: – Employees – Clients – Firm‟s vendors
  • 15. Data Privacy Roadmap (continued) • Educate employees • Address broader aspects of data privacy – Processes (manual or automated) – Physical security – „Data at Rest‟ and „Data in Motion‟ – Security monitoring • Register with data privacy authorities • Maintain security program
  • 16. David Cunningham Managing Director, Hildebrandt Baker Robbins dcunningham@hbrconsulting.com

Notas del editor

  1. Data privacy is simple in concept – ensuring sensitive data is seen by only the correct people. It can also be called Data Security or Data Loss Prevention. For our discussion today, we’re not going to focus on related topics of perimeter security (firewalls, etc.) or protection from viruses. Specifically, we’ll focus on data privacy regulations and the protection of firm and client confidential data. First, I will outline the issues and obligations for law firms in these areas, then provide a perspective of what we see as an emerging solution to tackle most of the needs for law firms.