SlideShare una empresa de Scribd logo

Cybersecurity: Managing Risk Around New Data Threats

Descargar como PPTX, PDF
Ethisphere
Ethisphere

This document summarizes a webcast on cybersecurity risks and strategies for managing them. It discusses the development of the NIST cybersecurity framework to encourage voluntary adoption of best practices. It also notes incentives recommended to the President to promote framework adoption, such as cyber insurance, grants, liability limitations, and streamlined regulations. The document then provides brief biographies of the three speakers on the webcast, who are experts on cybersecurity law and policy from large law firms and companies.

Empresariales
1 de 31
GOOD. SMART.BUSINESS. PROFIT. TM
Cybersecurity: Managing Risk Around New Data Threats January 8, 2014
www.paulhastings.com ©2013 Paul Hastings LLP Chelsie Chmela Events Manager Chelsie.Chmela@ethisphere.com 703.960.2360 We encourage you to engage during the Q&A portion of today’s webcast by using the “Submit Question” button located within your viewing experience. HOST QUESTIONS MATERIALS Included in your registration: • Event recording and deck: West LegalEdcenter provides on-demand event access for 180 days or until the end of your subscription, if sooner The opinions expressed in this presentation are those of the panelist and do not reflect the opinions, practices or policies of the panelists' respective employers, nor do they constitute legal advice. 3
Edward R. McNicholas Co-Chair, Privacy, Data Security, and Information Law practice, Sidley Austin LLP Leslie Thornton Vice President & General Counsel, WGL Holdings, Inc. & Washington Gas Light Company Jeffrey C. Sharer Partner, Sidley Austin LLP SPEAKING TODAY
Speaker: Edward R. McNicholas EDWARD R. MCNICHOLAS is a global coordinator of Sidley’s Privacy, Data Security, and Information Law practice. His practice focused on clients facing complex information technology, constitutional and privacy issues in civil and white-collar criminal matters. Ed has significant experience with a wide-range of complex Internet and information law matters involving privacy and data protection, electronic surveillance, cybersecurity, cloud computing, trade secrets, online advertising, “big data” and national security. Examples of his matters include: – a constitutional challenge to portions of the HIPAA final rules (Adheris v. Sebelius, (D.D.C. 2013)), – a consumer class action challenging Internet advertising cookie techniques (In re: Google Inc. Cookie Placement Consumer Privacy Litigation, MDL No. 2358 (D. Del. 2012-13)), – defense of a telecommunications carrier against alleged participation in NSA surveillance (In re National Security Agency Telecommunications Records Litigation, MDL 1791 (N.D.Cal. and 9th Cir. 2006-12)), and – briefing in more than a dozen cases before the U.S. Supreme Court. His practice has been recognized by numerous rankings including Chambers USA (since 2008), Chambers Global (since 2011), and the US Legal 500. Prior to joining Sidley, Mr. McNicholas served as an Associate Counsel to President Clinton. In that capacity, he advised senior White House staff regarding various Independent Counsel, congressional and grand jury investigations. Mr. McNicholas received his J.D. (cum laude) from Harvard Law School, where he was an editor of the Harvard Law Review. He received his A.B. (summa cum laude) from Princeton University, and served as a clerk for the Honorable Paul Niemeyer on the U.S. Court of Appeals for the Fourth Circuit. 5
Speaker: Leslie Thornton Leslie Thornton has been Vice President and General Counsel of WGL Holdings, Inc. and Washington Gas Light Company since January 1, 2012, having joined the company as Counsel to the Chairman in November 2011. Prior to joining the company, Ms. Thornton served as a partner with prominent Washington D.C. law firms. Ms. Thornton also served as Chief of Staff to U.S. Secretary of Education Richard W. Riley, after starting her service in 1992 as Deputy Chief of Staff and Counselor. During her nearly eight years with the Clinton Administration, Ms. Thornton advised the Secretary on all administration and agency matters serving as the liaison between the Secretary and the White House on policy, political, ethics, personnel and other issues. Holding a top secret clearance, Ms. Thornton served as her agency's representative in the Continuity of Operations of Government program. In 1995, Ms. Thornton was selected by the White House in 1995 to serve on the President's White House Budget Working Group, and in 1996 was selected to serve in a senior role on President Clinton's Presidential Debate Team. Ms. Thornton is a member of numerous associations and boards in the Washington, D.C. community, and has been widely published in legal and other newspapers including the Legal Times, The Wall Street Journal, and the Boson Globe. She holds a Bachelor of Arts from the University of Pennsylvania and a law degree from Georgetown University. 6
Speaker: Jeffrey C. Sharer JEFFREY SHARER is a partner in Sidley currently very cold Chicago office. He concentrates his practice in litigation and regulatory enforcement matters as well as in matters related to electronic discovery, computer forensics, and information governance. Jeffrey frequently advises and advocates on behalf of clients in matters related to the governance, preservation, and discovery of electronically stored information. In litigation, Jeffrey has handled matters at all stages of the Electronic Discovery Reference Model, with particular emphasis on the development and implementation of best practices and on the use of artificial intelligence, statistical sampling, and related tools and techniques to reduce costs and burdens and increase quality of results and defensibility of process throughout the discovery lifecycle. Jeffrey also advises in the areas of records retention, data privacy, and information governance, including defensible deletion of data stores. Jeffrey is a member of Sidley’s Electronic Discovery Task Force; a longtime member of The Sedona Conference, the nation’s leading nonpartisan law and policy think tank in the area of electronic discovery. He holds degrees from the University of Chicago Law School, and the University of Michigan. 7
Opening Comments of Edward McNicholas 8
Where are we on cybersecurity? • Congressional action remains pending • Focus on implementation of President Obama’s Executive Order 13636 (February 2013) – Development of NIST “Cybersecurity Framework” and programs to encourage voluntary adoption of the framework – DHS designation of CI companies (with right of reconsideration) – Establishment of regulatory standards by agencies with statutory authority – Increased threat information sharing to CI operators 9
NIST Framework • Implements Feb. 2, 2013 Executive Order • Final framework due in February 2014 • Discussion Framework: – Provide common language for expressing, understanding, and managing cybersecurity risk internally and externally – Develop consistent approach: Identify, Protect, Detect, Respond, Recover – Prioritize actions for reducing cybersecurity risk – Create tools to align policy, business, and technological approaches to managing risk 10
Incentives Recommended to President • Cybersecurity Insurance — build underwriting practices that promote the adoption of cyber risk- reducing measures and risk-based pricing and foster a competitive cyber insurance market. • Grants — leverage federal grant programs. • Process Preference — consider expediting and prioritizing existing government service delivery; technical assistance to critical infrastructure; incident response situations. • Liability Limitation — reduced tort liability, limited indemnity, higher burdens of proof, or the creation of a federal legal privilege that preempts State disclosure requirements. 11
Incentives – cont’d • Streamline Regulations — make compliance easier; eliminate overlaps among existing laws and regulation; enable equivalent adoption across regulatory structures; reduce audit burdens. • Public Recognition — optional public recognition. • Rate Recovery for Price Regulated Industries — dialogue with federal, state, and local regulators and sector specific agencies on whether the regulatory agencies that set utility rates should consider allowing utilities recovery for cybersecurity investments. • Cybersecurity Research — emphasize research and development to meet the most pressing cybersecurity challenges where commercial solutions are not currently available. 12
Opening Comments of Leslie Thornton, General Counsel of Washington Gas 13
Opening Comments of Jeffrey Sharer 14
Cybersecurity and Information Governance • Increasing threats of data breach and other cyberincidents, along with other risks and costs associated with electronic information systems (such as electronic discovery in legal and regulatory proceedings), are driving greater focus on governance of data across organization • Cyberthreats, in particular, increase both risk and severity of potential loss associated with over-retention of customer PII and other sensitive information • Loss of protected or sensitive information in data breach can result in notification obligations, regulatory or civil exposure, damage to reputation, and other harm to company • Risks are only growing with passage of time, especially as concepts such as purpose limitations and the so-called “right to be forgotten” gain legislative traction 15
Information Governance At 30,000 Feet • For most organizations, mitigation of cyberrisk through effective information governance requires cross-functional approach • Stakeholders at most organizations include (at least) legal and compliance; IT; RIM; privacy; security; and business • People, process, and technology • Surging emphasis on remediation – often referred to as “defensible disposition” – of data that does not have ongoing business value and is not subject to legal or regulatory retention requirements (including litigation holds) 16
Mitigating Risk Through Defensible Disposition • As a general rule, if data has no business value and is not subject to legal or regulatory retention requirements, it can (and usually should) be deleted in the normal course of business • Organizations have wide latitude: Legal standards are reasonableness, proportionality, and good faith • Recent benchmarking of Global 1000 companies estimated that for corporate information at any given time, 1% is on legal hold, 5% is subject to regulatory retention requirements, and 25% has current business value—this means that approximately 70% of data that organizations are managing and storing, and that is at risk of loss through data breach or other security incident, is unnecessary 17
Discussion 18
Questions about Simulation Lessons • On November 13-14, 2013, the so-called GridEx II exercise tested governmental and industry crisis response plans, and included both cybersecurity and physical security components. – Are these sorts of exercises helpful? If so, what did you take away from it? – How do you manage both the low probability / enormous risks of cybersecurity issues, and the more mundane but significant risks of activist or less-sophisticated hackers? • The report on the first GridEx exercise, noted that “Significant horizontal communication occurs across industry, but vertical information sharing to NERC and government agencies is limited due to concerns about compliance implications.” That nicely sums up one of the key information sharing issues that inhibit cybersecurity preparation. – Has the information sharing gotten more or less risky for companies? – Have the Snowden revelations altered the wisdom of sharing cybersecurity information with the government? 19
Managing Risk Questions • Does cybersecurity governance need to fit into an overall information governance strategy? How are they integrated? • Businesses must adapt to a rapidly evolving technology environment, but the legal restrictions are developing slowly. How do you manage this tension? • How significant a role does insurance play in your management of the cybersecurity threat? • The SAFETY Act (www.SafetyAct.Gov) was designed to support development and deployment of effective anti-terrorism technologies by designating and certifying Qualified Anti- Terrorism Technologies (“QATTs”) that receive important legal liability protections against claims arising out of an act of terrorism. Is that an effective piece of cybersecurity risk management strategies? 20
Legal Standards Questions • We continue to have a regime of multiple state data breach laws with slightly different tests. Are these statutes helpful? Would a preemptive federal test be better? • Is it better to have multiple, voluntary cybersecurity standards and widespread variation or would standardization be better? • The Massachusetts information security regulations take the unique tact of specifying ISO-based minimum measures. Is this helpful because it is definite or an overly-simplistic check-box approach? Which should companies follow? • Payment card security is almost entirely self- regulatory via the PCI-DSS. Would this approach work for cybsecurity? • Have the SEC guidance requiring disclosure of material incidents helped to increase the level of cybersecurity? 21
Future Developments Questions • Have you altered your approach to privacy / security in light of the coming Internet of Things, such as smart electrical meters? How? • How should companies factor in these complex cybsecurity issues in moving to the cloud? What do you think are the biggest concerns with cloud computing? Has it made you less likely to move to the cloud? • What is the top item on your cybsecurity agenda for 2014? 22
Questions for General Counsels to Ask and a Cybersecurity To-Do List 23
Cybersecurity Questions GCs Should Ask • Are we “critical infrastructure” operators? • Do we have IP assets, trade secrets, account records, consumer data that could be subject to cyber-attack? Could our facilities be misused as part of an attack? • What past incidents have we experienced? Are our incident response procedures effective and well understood throughout the organization? • Do we have an up-to-date cybersecurity risk assessment in hand? • Who is responsible and accountable for cybersecurity, and does he/she have sufficient resources? • Is the Board of Directors adequately focused on cybersecurity; has it established satisfactory internal controls and governance structures? 24
More Cybersecurity Questions • Do we know what existing and prospective laws apply to cybersecurity? • Are we subject to specific cybersecurity regulation? • Do we know what our contracts say about cybersecurity; do our existing customer / vendor contracts protect us on cybersecurity? Obligate us? • Do we have relevant government contracts? • Do we know the necessary government points of contact? Do we have appropriately cleared persons? • Who is monitoring NIST developments and best industry practices? • What do we need to include in our SEC filings on cybersecurity? 25
More Cybersecurity Questions • Do we have special international exposure and/or obligations? • Are we going to participate in the voluntary White House and NIST cybersecurity framework? • Could the White House cybersecurity “incentives” benefit us? Hurt us? • Do we have good cybersecurity awareness and personal responsibility throughout our company? • Do we understand what our legal exposure and potential liability is? • Have we considered cyber-insurance? • Are we at risk for FTC “failure to secure” enforcement? 26
More Cybersecurity Questions • Do we have an effective information governance function and are the right stakeholders involved? • Do our information governance systems effectively mitigate risk of loss from data breach or other incident? • Have we considered and addressed defensible disposition of legacy data stores and other sources that have outlived business value and legal and regulatory requirements? 27
Lawyer To-Do List For Cybersecurity  Ensuring legal risks are considered in cybersecurity risk assessments  Oversight and readiness for incident response  Have you vetted and tested your response ability?  Are you mitigating risk in the ordinary course through effective information governance?  Analyzing and explaining the complex legal environment  Coordination of relationships with government  Development of standards and internal policies  Managing protections and obligations in contracts, customer and vendor relationships  Addressing “Hack Back” options  Managing legal/reputational issues  Required disclosures and reporting  Risks and rewards of cooperation with government  Privilege and selective waivers  Securities issues 28
Sidley Austin LLP, a Delaware limited liability partnership which operates at the firm’s offices other than Chicago, New York, Los Angeles, San Francisco, Palo Alto, Dallas, London, Hong Kong, Houston, Singapore and Sydney, is affiliated with other partnerships, including Sidley Austin LLP, an Illinois limited liability partnership (Chicago); Sidley Austin (NY) LLP, a Delaware limited liability partnership (New York); Sidley Austin (CA) LLP, a Delaware limited liability partnership (Los Angeles, San Francisco, Palo Alto); Sidley Austin (TX) LLP, a Delaware limited liability partnership (Dallas, Houston); Sidley Austin LLP, a separate Delaware limited liability partnership (London); Sidley Austin LLP, a separate Delaware limited liability partnership (Singapore); Sidley Austin, a New York general partnership (Hong Kong); Sidley Austin, a Delaware general partnership of registered foreign lawyers restricted to practicing foreign law (Sydney); and Sidley Austin Nishikawa Foreign Law Joint Enterprise (Tokyo). The affiliated partnerships are referred to herein collectively as Sidley Austin, Sidley, or the firm. For purposes of compliance with New York State Bar rules, Sidley Austin LLP’s headquarters are 787 Seventh Avenue, New York, NY 10019, 212.839.5300 and One South Dearborn, Chicago, IL 60603, 312.853.7000. Questions? Edward McNicholas: 202.736.8010 eMcNicholas@sidley.com Jeffrey C. Sharer: 312.853.7028 jcSharer@sidley.com www.Sidley.com/InfoLaw This presentation has been prepared by Sidley Austin LLP as of January 2014 for educational and informational purposes only. It does not constitute legal advice. This information is not intended to create, and receipt of it does not constitute, a lawyer-client relationship. Readers should not act upon this without seeking personalized advice from professional advisers. BEIJING BOSTON BRUSSELS CHICAGO DALLAS FRANKFURT GENEVA HONG KONG HOUSTON LONDON LOS ANGELES NEW YORK PALO ALTO SAN FRANCISCO SHANGHAI SINGAPORE SYDNEY TOKYO WASHINGTON, D.C.
January 17, 2014 Information Lifecycle Governance – Minimize Risks & Improve Readiness All upcoming Ethisphere events can be found at: http://ethisphere.com/events/ PLEASE JOIN US FOR
THANK YOU

Recomendados

CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White Paper
Dmcenter
 
ALERT: Health Care Cybersecurity Reform and Regulations on the Horizon
ALERT: Health Care Cybersecurity Reform and Regulations on the HorizonALERT: Health Care Cybersecurity Reform and Regulations on the Horizon
ALERT: Health Care Cybersecurity Reform and Regulations on the Horizon
Patton Boggs LLP
 
Cyber-Security: A Shared Responsibility -- November 2013
Cyber-Security: A Shared Responsibility -- November 2013Cyber-Security: A Shared Responsibility -- November 2013
Cyber-Security: A Shared Responsibility -- November 2013
Amy Purcell
 
GDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATIONGDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATION
Saurabh Pandey
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Financial Poise
 
Consumer Privacy
Consumer PrivacyConsumer Privacy
Consumer Privacy
Ashish Jain
 
Mwlug Compliance And E Discovery Policies
Mwlug Compliance And E Discovery PoliciesMwlug Compliance And E Discovery Policies
Mwlug Compliance And E Discovery Policies
LotusDR
 
Privacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldPrivacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital World
Arab Federation for Digital Economy
 

Recomendados

CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White Paper
Dmcenter
 
ALERT: Health Care Cybersecurity Reform and Regulations on the Horizon
ALERT: Health Care Cybersecurity Reform and Regulations on the HorizonALERT: Health Care Cybersecurity Reform and Regulations on the Horizon
ALERT: Health Care Cybersecurity Reform and Regulations on the Horizon
Patton Boggs LLP
 
Cyber-Security: A Shared Responsibility -- November 2013
Cyber-Security: A Shared Responsibility -- November 2013Cyber-Security: A Shared Responsibility -- November 2013
Cyber-Security: A Shared Responsibility -- November 2013
Amy Purcell
 
GDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATIONGDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATION
Saurabh Pandey
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Financial Poise
 
Consumer Privacy
Consumer PrivacyConsumer Privacy
Consumer Privacy
Ashish Jain
 
Mwlug Compliance And E Discovery Policies
Mwlug Compliance And E Discovery PoliciesMwlug Compliance And E Discovery Policies
Mwlug Compliance And E Discovery Policies
LotusDR
 
Privacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldPrivacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital World
Arab Federation for Digital Economy
 
Charity Regulation Conference | NCVO
Charity Regulation Conference | NCVOCharity Regulation Conference | NCVO
Charity Regulation Conference | NCVO
NCVO - National Council for Voluntary Organisations
 
Get you and your business GDPR ready
Get you and your business GDPR readyGet you and your business GDPR ready
Get you and your business GDPR ready
Harrison Clark Rickerbys
 
GDPR and EA Commissioning a web site part 2 - Legal Environment
GDPR and EA Commissioning a web site part 2 - Legal EnvironmentGDPR and EA Commissioning a web site part 2 - Legal Environment
GDPR and EA Commissioning a web site part 2 - Legal Environment
Allen Woods
 
How to get started with being GDPR compliant
How to get started with being GDPR compliantHow to get started with being GDPR compliant
How to get started with being GDPR compliant
Siddharth Ram Dinesh
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Financial Poise
 
2008 12 08 2008 Privacy
2008 12 08 2008 Privacy2008 12 08 2008 Privacy
2008 12 08 2008 Privacy
Lance Hoffman
 
Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert Proposed EU Data Protection Regulation-20120214Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and Avoidance
Amy Purcell
 
GDPR Demystified
GDPR Demystified GDPR Demystified
GDPR Demystified
Terence O'Sullivan - The Employment Lawyer
 
The 5 Things All In-House Counsel Need to Know about Privacy + Data Security
The 5 Things All In-House Counsel Need to Know about Privacy + Data SecurityThe 5 Things All In-House Counsel Need to Know about Privacy + Data Security
The 5 Things All In-House Counsel Need to Know about Privacy + Data Security
Kegler Brown Hill + Ritter
 
Cybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law FirmCybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law Firm
Next Dimension Inc.
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability Presentation
Sean Graham
 
GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.
Matthias Dobbelaere-Welvaert
 
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
Kenneth Riley
 
Privacy and Data Protection CLE Presentation for Touro Law Center
Privacy and Data Protection CLE Presentation for Touro Law CenterPrivacy and Data Protection CLE Presentation for Touro Law Center
Privacy and Data Protection CLE Presentation for Touro Law Center
Jonathan Ezor
 
Binding corporate rules
Binding corporate rulesBinding corporate rules
Binding corporate rules
LYNX advokatfirma DA
 
Personal Data Privacy and Information Security
Personal Data Privacy and Information SecurityPersonal Data Privacy and Information Security
Personal Data Privacy and Information Security
Charles Mok
 
Hot Topics in Data Breach Litigation
Hot Topics in Data Breach LitigationHot Topics in Data Breach Litigation
Hot Topics in Data Breach Litigation
Bradley Arant Boult Cummings LLP
 
Cloud primer
Cloud primerCloud primer
Cloud primer
Zeno Idzerda
 
Data Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident SimulationData Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident Simulation
Bradley Arant Boult Cummings LLP
 
Data Breaches: The Cost of Being Unprepared
Data Breaches: The Cost of Being UnpreparedData Breaches: The Cost of Being Unprepared
Data Breaches: The Cost of Being Unprepared
haynormania
 
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
Eric Vanderburg
 

Más contenido relacionado

La actualidad más candente

Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Financial Poise
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and Avoidance
Amy Purcell
 
The 5 Things All In-House Counsel Need to Know about Privacy + Data Security
The 5 Things All In-House Counsel Need to Know about Privacy + Data SecurityThe 5 Things All In-House Counsel Need to Know about Privacy + Data Security
The 5 Things All In-House Counsel Need to Know about Privacy + Data Security
Kegler Brown Hill + Ritter
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability Presentation
Sean Graham
 
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
Kenneth Riley
 
Hot Topics in Data Breach Litigation
Hot Topics in Data Breach LitigationHot Topics in Data Breach Litigation
Hot Topics in Data Breach Litigation
Bradley Arant Boult Cummings LLP
 
Data Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident SimulationData Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident Simulation
Bradley Arant Boult Cummings LLP
 

La actualidad más candente (20)

Charity Regulation Conference | NCVO
Charity Regulation Conference | NCVOCharity Regulation Conference | NCVO
Charity Regulation Conference | NCVO
 
Get you and your business GDPR ready
Get you and your business GDPR readyGet you and your business GDPR ready
Get you and your business GDPR ready
 
GDPR and EA Commissioning a web site part 2 - Legal Environment
GDPR and EA Commissioning a web site part 2 - Legal EnvironmentGDPR and EA Commissioning a web site part 2 - Legal Environment
GDPR and EA Commissioning a web site part 2 - Legal Environment
 
How to get started with being GDPR compliant
How to get started with being GDPR compliantHow to get started with being GDPR compliant
How to get started with being GDPR compliant
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
 
2008 12 08 2008 Privacy
2008 12 08 2008 Privacy2008 12 08 2008 Privacy
2008 12 08 2008 Privacy
 
Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert Proposed EU Data Protection Regulation-20120214Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert Proposed EU Data Protection Regulation-20120214
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and Avoidance
 
GDPR Demystified
GDPR Demystified GDPR Demystified
GDPR Demystified
 
The 5 Things All In-House Counsel Need to Know about Privacy + Data Security
The 5 Things All In-House Counsel Need to Know about Privacy + Data SecurityThe 5 Things All In-House Counsel Need to Know about Privacy + Data Security
The 5 Things All In-House Counsel Need to Know about Privacy + Data Security
 
Cybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law FirmCybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law Firm
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability Presentation
 
GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.
 
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
 
Privacy and Data Protection CLE Presentation for Touro Law Center
Privacy and Data Protection CLE Presentation for Touro Law CenterPrivacy and Data Protection CLE Presentation for Touro Law Center
Privacy and Data Protection CLE Presentation for Touro Law Center
 
Binding corporate rules
Binding corporate rulesBinding corporate rules
Binding corporate rules
 
Personal Data Privacy and Information Security
Personal Data Privacy and Information SecurityPersonal Data Privacy and Information Security
Personal Data Privacy and Information Security
 
Hot Topics in Data Breach Litigation
Hot Topics in Data Breach LitigationHot Topics in Data Breach Litigation
Hot Topics in Data Breach Litigation
 
Cloud primer
Cloud primerCloud primer
Cloud primer
 
Data Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident SimulationData Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident Simulation
 

Similar a Cybersecurity: Managing Risk Around New Data Threats

Data Breaches: The Cost of Being Unprepared
Data Breaches: The Cost of Being UnpreparedData Breaches: The Cost of Being Unprepared
Data Breaches: The Cost of Being Unprepared
haynormania
 
Matt Blaine, Dennis Garcia, Ann Gorr, & Donald Knight - #InfoGov17 - Navigati...
Matt Blaine, Dennis Garcia, Ann Gorr, & Donald Knight - #InfoGov17 - Navigati...Matt Blaine, Dennis Garcia, Ann Gorr, & Donald Knight - #InfoGov17 - Navigati...
Matt Blaine, Dennis Garcia, Ann Gorr, & Donald Knight - #InfoGov17 - Navigati...
ARMA International
 
Data Privacy Compliance
Data Privacy ComplianceData Privacy Compliance
Data Privacy Compliance
Financial Poise
 
Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...
Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...
Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...
William Tanenbaum
 
Whitepaper: The Enlightened Legal Hold 2014
Whitepaper: The Enlightened Legal Hold 2014Whitepaper: The Enlightened Legal Hold 2014
Whitepaper: The Enlightened Legal Hold 2014
Zapproved
 
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
Shawn Tuma
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Financial Poise
 
LAC15032_WBINQ_Legal_Tech_Toronto
LAC15032_WBINQ_Legal_Tech_TorontoLAC15032_WBINQ_Legal_Tech_Toronto
LAC15032_WBINQ_Legal_Tech_Toronto
Patrick Crummey
 
Ruble resume (10276)
Ruble resume (10276)Ruble resume (10276)
Ruble resume (10276)
Joe Ruble
 
DAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) DataDAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) Data
DATAVERSITY
 
Preservation and Proportionality: Lowering the Burden of Preserving Data in C...
Preservation and Proportionality: Lowering the Burden of Preserving Data in C...Preservation and Proportionality: Lowering the Burden of Preserving Data in C...
Preservation and Proportionality: Lowering the Burden of Preserving Data in C...
Zapproved
 

Similar a Cybersecurity: Managing Risk Around New Data Threats (20)

Data Breaches: The Cost of Being Unprepared
Data Breaches: The Cost of Being UnpreparedData Breaches: The Cost of Being Unprepared
Data Breaches: The Cost of Being Unprepared
 
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
 
Matt Blaine, Dennis Garcia, Ann Gorr, & Donald Knight - #InfoGov17 - Navigati...
Matt Blaine, Dennis Garcia, Ann Gorr, & Donald Knight - #InfoGov17 - Navigati...Matt Blaine, Dennis Garcia, Ann Gorr, & Donald Knight - #InfoGov17 - Navigati...
Matt Blaine, Dennis Garcia, Ann Gorr, & Donald Knight - #InfoGov17 - Navigati...
 
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
 
Cybersecurity & Data Protection: Thinking About Risk & Compliance
Cybersecurity & Data Protection: Thinking About Risk & ComplianceCybersecurity & Data Protection: Thinking About Risk & Compliance
Cybersecurity & Data Protection: Thinking About Risk & Compliance
 
Data Privacy Compliance
Data Privacy ComplianceData Privacy Compliance
Data Privacy Compliance
 
Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...
Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...
Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...
 
Whitepaper: The Enlightened Legal Hold 2014
Whitepaper: The Enlightened Legal Hold 2014Whitepaper: The Enlightened Legal Hold 2014
Whitepaper: The Enlightened Legal Hold 2014
 
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
 
LAC15032_WBINQ_Legal_Tech_Toronto
LAC15032_WBINQ_Legal_Tech_TorontoLAC15032_WBINQ_Legal_Tech_Toronto
LAC15032_WBINQ_Legal_Tech_Toronto
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
 
Ruble resume (10276)
Ruble resume (10276)Ruble resume (10276)
Ruble resume (10276)
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data Breach
 
EVERFI/Jackson Lewis: How to Comply with GDPR Requirements: What every U.S. C...
EVERFI/Jackson Lewis: How to Comply with GDPR Requirements: What every U.S. C...EVERFI/Jackson Lewis: How to Comply with GDPR Requirements: What every U.S. C...
EVERFI/Jackson Lewis: How to Comply with GDPR Requirements: What every U.S. C...
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
 
DAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) DataDAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) Data
 
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
 
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the RiskPrivacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
 
Preservation and Proportionality: Lowering the Burden of Preserving Data in C...
Preservation and Proportionality: Lowering the Burden of Preserving Data in C...Preservation and Proportionality: Lowering the Burden of Preserving Data in C...
Preservation and Proportionality: Lowering the Burden of Preserving Data in C...
 

Más de Ethisphere

Más de Ethisphere (20)

Compliance Strategy and Performance
Compliance Strategy and PerformanceCompliance Strategy and Performance
Compliance Strategy and Performance
 
Safe Harbor Webinar
Safe Harbor WebinarSafe Harbor Webinar
Safe Harbor Webinar
 
Corruption In China: Recovery-Led Investigations
Corruption In China: Recovery-Led InvestigationsCorruption In China: Recovery-Led Investigations
Corruption In China: Recovery-Led Investigations
 
Key Steps to Creating a Strong Compliance Culture Through Effective Leadership
Key Steps to Creating a Strong Compliance Culture Through Effective LeadershipKey Steps to Creating a Strong Compliance Culture Through Effective Leadership
Key Steps to Creating a Strong Compliance Culture Through Effective Leadership
 
Building on the Foundation of Ethics and Compliance to Achieve Sustainability
Building on the Foundation of Ethics and Compliance to Achieve SustainabilityBuilding on the Foundation of Ethics and Compliance to Achieve Sustainability
Building on the Foundation of Ethics and Compliance to Achieve Sustainability
 
Special Challenges of Doing Business in Russia
Special Challenges of Doing Business in RussiaSpecial Challenges of Doing Business in Russia
Special Challenges of Doing Business in Russia
 
Russian Sanctions: What the U.S. and OFAC Directives Mean for Global Companies
Russian Sanctions: What the U.S. and OFAC Directives Mean for Global CompaniesRussian Sanctions: What the U.S. and OFAC Directives Mean for Global Companies
Russian Sanctions: What the U.S. and OFAC Directives Mean for Global Companies
 
Risk Containment: Tailoring Contract Provisions with Third Parties to Minimiz...
Risk Containment: Tailoring Contract Provisions with Third Parties to Minimiz...Risk Containment: Tailoring Contract Provisions with Third Parties to Minimiz...
Risk Containment: Tailoring Contract Provisions with Third Parties to Minimiz...
 
Reputation Risk: Why Companies Need to Care
Reputation Risk: Why Companies Need to CareReputation Risk: Why Companies Need to Care
Reputation Risk: Why Companies Need to Care
 
Doing Business in Mexico: Compliance Implications of the Pact for Mexico
Doing Business in Mexico: Compliance Implications of the Pact for MexicoDoing Business in Mexico: Compliance Implications of the Pact for Mexico
Doing Business in Mexico: Compliance Implications of the Pact for Mexico
 
Optimizing Compliance Programs in Organizations: A Top Down Approach
Optimizing Compliance Programs in Organizations: A Top Down ApproachOptimizing Compliance Programs in Organizations: A Top Down Approach
Optimizing Compliance Programs in Organizations: A Top Down Approach
 
Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...
Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...
Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...
 
Anti-Corruption Update: Naughty or Nice? When Giving Gifts Will Get You a Lum...
Anti-Corruption Update: Naughty or Nice? When Giving Gifts Will Get You a Lum...Anti-Corruption Update: Naughty or Nice? When Giving Gifts Will Get You a Lum...
Anti-Corruption Update: Naughty or Nice? When Giving Gifts Will Get You a Lum...
 
Whistleblower Best Practices: What Do Compliance and Business Leaders Need to...
Whistleblower Best Practices: What Do Compliance and Business Leaders Need to...Whistleblower Best Practices: What Do Compliance and Business Leaders Need to...
Whistleblower Best Practices: What Do Compliance and Business Leaders Need to...
 
Best Practices in Anti-Corruption Diligence on M&A Targets, Joint Venture Par...
Best Practices in Anti-Corruption Diligence on M&A Targets, Joint Venture Par...Best Practices in Anti-Corruption Diligence on M&A Targets, Joint Venture Par...
Best Practices in Anti-Corruption Diligence on M&A Targets, Joint Venture Par...
 
Essential Elements of Global Compliance Programs
Essential Elements of Global Compliance ProgramsEssential Elements of Global Compliance Programs
Essential Elements of Global Compliance Programs
 
Anti-Corruption and Third Parties: Mitigating the Risks
Anti-Corruption and Third Parties: Mitigating the RisksAnti-Corruption and Third Parties: Mitigating the Risks
Anti-Corruption and Third Parties: Mitigating the Risks
 
Corporate Cyber Attacks: Managing Risk to Avoid Reputation Harm
Corporate Cyber Attacks: Managing Risk to Avoid Reputation HarmCorporate Cyber Attacks: Managing Risk to Avoid Reputation Harm
Corporate Cyber Attacks: Managing Risk to Avoid Reputation Harm
 
Conflict Minerals: The First Year and What's to Come
Conflict Minerals: The First Year and What's to ComeConflict Minerals: The First Year and What's to Come
Conflict Minerals: The First Year and What's to Come
 
Conflict Minerals Update: Making Sense of the Appellate Court Decision and SE...
Conflict Minerals Update: Making Sense of the Appellate Court Decision and SE...Conflict Minerals Update: Making Sense of the Appellate Court Decision and SE...
Conflict Minerals Update: Making Sense of the Appellate Court Decision and SE...
 

Último

Mckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for ViewingMckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for Viewing
Nauman Safdar
 
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
pr788182
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
daisycvs
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
allensay1
 
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
pujan9679
 
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All TimeCall 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
gargpaaro
 
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service AvailableNashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
pr788182
 
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book nowPARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
kapoorjyoti4444
 
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur DubaiUAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
jaehdlyzca
 
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book nowGUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
kapoorjyoti4444
 
Pre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxPre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptx
Roofing Contractor
 
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan CytotecJual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
ZurliaSoop
 

Último (20)

Mckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for ViewingMckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for Viewing
 
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
Cannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 UpdatedCannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 Updated
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
CROSS CULTURAL NEGOTIATION BY PANMISEM NS
CROSS CULTURAL NEGOTIATION BY PANMISEM NSCROSS CULTURAL NEGOTIATION BY PANMISEM NS
CROSS CULTURAL NEGOTIATION BY PANMISEM NS
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
 
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
 
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All TimeCall 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
 
PHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation Final
 
Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...
Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...
Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...
 
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service AvailableNashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
 
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book nowPARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
PARK STREET 💋 Call Girl 9827461493 Call Girls in Escort service book now
 
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur DubaiUAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024
 
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book nowGUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
 
Pre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxPre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptx
 
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
 
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan CytotecJual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
 

Cybersecurity: Managing Risk Around New Data Threats

  • 2. Cybersecurity: Managing Risk Around New Data Threats January 8, 2014
  • 3. www.paulhastings.com ©2013 Paul Hastings LLP Chelsie Chmela Events Manager Chelsie.Chmela@ethisphere.com 703.960.2360 We encourage you to engage during the Q&A portion of today’s webcast by using the “Submit Question” button located within your viewing experience. HOST QUESTIONS MATERIALS Included in your registration: • Event recording and deck: West LegalEdcenter provides on-demand event access for 180 days or until the end of your subscription, if sooner The opinions expressed in this presentation are those of the panelist and do not reflect the opinions, practices or policies of the panelists' respective employers, nor do they constitute legal advice. 3
  • 4. Edward R. McNicholas Co-Chair, Privacy, Data Security, and Information Law practice, Sidley Austin LLP Leslie Thornton Vice President & General Counsel, WGL Holdings, Inc. & Washington Gas Light Company Jeffrey C. Sharer Partner, Sidley Austin LLP SPEAKING TODAY
  • 5. Speaker: Edward R. McNicholas EDWARD R. MCNICHOLAS is a global coordinator of Sidley’s Privacy, Data Security, and Information Law practice. His practice focused on clients facing complex information technology, constitutional and privacy issues in civil and white-collar criminal matters. Ed has significant experience with a wide-range of complex Internet and information law matters involving privacy and data protection, electronic surveillance, cybersecurity, cloud computing, trade secrets, online advertising, “big data” and national security. Examples of his matters include: – a constitutional challenge to portions of the HIPAA final rules (Adheris v. Sebelius, (D.D.C. 2013)), – a consumer class action challenging Internet advertising cookie techniques (In re: Google Inc. Cookie Placement Consumer Privacy Litigation, MDL No. 2358 (D. Del. 2012-13)), – defense of a telecommunications carrier against alleged participation in NSA surveillance (In re National Security Agency Telecommunications Records Litigation, MDL 1791 (N.D.Cal. and 9th Cir. 2006-12)), and – briefing in more than a dozen cases before the U.S. Supreme Court. His practice has been recognized by numerous rankings including Chambers USA (since 2008), Chambers Global (since 2011), and the US Legal 500. Prior to joining Sidley, Mr. McNicholas served as an Associate Counsel to President Clinton. In that capacity, he advised senior White House staff regarding various Independent Counsel, congressional and grand jury investigations. Mr. McNicholas received his J.D. (cum laude) from Harvard Law School, where he was an editor of the Harvard Law Review. He received his A.B. (summa cum laude) from Princeton University, and served as a clerk for the Honorable Paul Niemeyer on the U.S. Court of Appeals for the Fourth Circuit. 5
  • 6. Speaker: Leslie Thornton Leslie Thornton has been Vice President and General Counsel of WGL Holdings, Inc. and Washington Gas Light Company since January 1, 2012, having joined the company as Counsel to the Chairman in November 2011. Prior to joining the company, Ms. Thornton served as a partner with prominent Washington D.C. law firms. Ms. Thornton also served as Chief of Staff to U.S. Secretary of Education Richard W. Riley, after starting her service in 1992 as Deputy Chief of Staff and Counselor. During her nearly eight years with the Clinton Administration, Ms. Thornton advised the Secretary on all administration and agency matters serving as the liaison between the Secretary and the White House on policy, political, ethics, personnel and other issues. Holding a top secret clearance, Ms. Thornton served as her agency's representative in the Continuity of Operations of Government program. In 1995, Ms. Thornton was selected by the White House in 1995 to serve on the President's White House Budget Working Group, and in 1996 was selected to serve in a senior role on President Clinton's Presidential Debate Team. Ms. Thornton is a member of numerous associations and boards in the Washington, D.C. community, and has been widely published in legal and other newspapers including the Legal Times, The Wall Street Journal, and the Boson Globe. She holds a Bachelor of Arts from the University of Pennsylvania and a law degree from Georgetown University. 6
  • 7. Speaker: Jeffrey C. Sharer JEFFREY SHARER is a partner in Sidley currently very cold Chicago office. He concentrates his practice in litigation and regulatory enforcement matters as well as in matters related to electronic discovery, computer forensics, and information governance. Jeffrey frequently advises and advocates on behalf of clients in matters related to the governance, preservation, and discovery of electronically stored information. In litigation, Jeffrey has handled matters at all stages of the Electronic Discovery Reference Model, with particular emphasis on the development and implementation of best practices and on the use of artificial intelligence, statistical sampling, and related tools and techniques to reduce costs and burdens and increase quality of results and defensibility of process throughout the discovery lifecycle. Jeffrey also advises in the areas of records retention, data privacy, and information governance, including defensible deletion of data stores. Jeffrey is a member of Sidley’s Electronic Discovery Task Force; a longtime member of The Sedona Conference, the nation’s leading nonpartisan law and policy think tank in the area of electronic discovery. He holds degrees from the University of Chicago Law School, and the University of Michigan. 7
  • 9. Where are we on cybersecurity? • Congressional action remains pending • Focus on implementation of President Obama’s Executive Order 13636 (February 2013) – Development of NIST “Cybersecurity Framework” and programs to encourage voluntary adoption of the framework – DHS designation of CI companies (with right of reconsideration) – Establishment of regulatory standards by agencies with statutory authority – Increased threat information sharing to CI operators 9
  • 10. NIST Framework • Implements Feb. 2, 2013 Executive Order • Final framework due in February 2014 • Discussion Framework: – Provide common language for expressing, understanding, and managing cybersecurity risk internally and externally – Develop consistent approach: Identify, Protect, Detect, Respond, Recover – Prioritize actions for reducing cybersecurity risk – Create tools to align policy, business, and technological approaches to managing risk 10
  • 11. Incentives Recommended to President • Cybersecurity Insurance — build underwriting practices that promote the adoption of cyber risk- reducing measures and risk-based pricing and foster a competitive cyber insurance market. • Grants — leverage federal grant programs. • Process Preference — consider expediting and prioritizing existing government service delivery; technical assistance to critical infrastructure; incident response situations. • Liability Limitation — reduced tort liability, limited indemnity, higher burdens of proof, or the creation of a federal legal privilege that preempts State disclosure requirements. 11
  • 12. Incentives – cont’d • Streamline Regulations — make compliance easier; eliminate overlaps among existing laws and regulation; enable equivalent adoption across regulatory structures; reduce audit burdens. • Public Recognition — optional public recognition. • Rate Recovery for Price Regulated Industries — dialogue with federal, state, and local regulators and sector specific agencies on whether the regulatory agencies that set utility rates should consider allowing utilities recovery for cybersecurity investments. • Cybersecurity Research — emphasize research and development to meet the most pressing cybersecurity challenges where commercial solutions are not currently available. 12
  • 13. Opening Comments of Leslie Thornton, General Counsel of Washington Gas 13
  • 15. Cybersecurity and Information Governance • Increasing threats of data breach and other cyberincidents, along with other risks and costs associated with electronic information systems (such as electronic discovery in legal and regulatory proceedings), are driving greater focus on governance of data across organization • Cyberthreats, in particular, increase both risk and severity of potential loss associated with over-retention of customer PII and other sensitive information • Loss of protected or sensitive information in data breach can result in notification obligations, regulatory or civil exposure, damage to reputation, and other harm to company • Risks are only growing with passage of time, especially as concepts such as purpose limitations and the so-called “right to be forgotten” gain legislative traction 15
  • 16. Information Governance At 30,000 Feet • For most organizations, mitigation of cyberrisk through effective information governance requires cross-functional approach • Stakeholders at most organizations include (at least) legal and compliance; IT; RIM; privacy; security; and business • People, process, and technology • Surging emphasis on remediation – often referred to as “defensible disposition” – of data that does not have ongoing business value and is not subject to legal or regulatory retention requirements (including litigation holds) 16
  • 17. Mitigating Risk Through Defensible Disposition • As a general rule, if data has no business value and is not subject to legal or regulatory retention requirements, it can (and usually should) be deleted in the normal course of business • Organizations have wide latitude: Legal standards are reasonableness, proportionality, and good faith • Recent benchmarking of Global 1000 companies estimated that for corporate information at any given time, 1% is on legal hold, 5% is subject to regulatory retention requirements, and 25% has current business value—this means that approximately 70% of data that organizations are managing and storing, and that is at risk of loss through data breach or other security incident, is unnecessary 17
  • 19. Questions about Simulation Lessons • On November 13-14, 2013, the so-called GridEx II exercise tested governmental and industry crisis response plans, and included both cybersecurity and physical security components. – Are these sorts of exercises helpful? If so, what did you take away from it? – How do you manage both the low probability / enormous risks of cybersecurity issues, and the more mundane but significant risks of activist or less-sophisticated hackers? • The report on the first GridEx exercise, noted that “Significant horizontal communication occurs across industry, but vertical information sharing to NERC and government agencies is limited due to concerns about compliance implications.” That nicely sums up one of the key information sharing issues that inhibit cybersecurity preparation. – Has the information sharing gotten more or less risky for companies? – Have the Snowden revelations altered the wisdom of sharing cybersecurity information with the government? 19
  • 20. Managing Risk Questions • Does cybersecurity governance need to fit into an overall information governance strategy? How are they integrated? • Businesses must adapt to a rapidly evolving technology environment, but the legal restrictions are developing slowly. How do you manage this tension? • How significant a role does insurance play in your management of the cybersecurity threat? • The SAFETY Act (www.SafetyAct.Gov) was designed to support development and deployment of effective anti-terrorism technologies by designating and certifying Qualified Anti- Terrorism Technologies (“QATTs”) that receive important legal liability protections against claims arising out of an act of terrorism. Is that an effective piece of cybersecurity risk management strategies? 20
  • 21. Legal Standards Questions • We continue to have a regime of multiple state data breach laws with slightly different tests. Are these statutes helpful? Would a preemptive federal test be better? • Is it better to have multiple, voluntary cybersecurity standards and widespread variation or would standardization be better? • The Massachusetts information security regulations take the unique tact of specifying ISO-based minimum measures. Is this helpful because it is definite or an overly-simplistic check-box approach? Which should companies follow? • Payment card security is almost entirely self- regulatory via the PCI-DSS. Would this approach work for cybsecurity? • Have the SEC guidance requiring disclosure of material incidents helped to increase the level of cybersecurity? 21
  • 22. Future Developments Questions • Have you altered your approach to privacy / security in light of the coming Internet of Things, such as smart electrical meters? How? • How should companies factor in these complex cybsecurity issues in moving to the cloud? What do you think are the biggest concerns with cloud computing? Has it made you less likely to move to the cloud? • What is the top item on your cybsecurity agenda for 2014? 22
  • 23. Questions for General Counsels to Ask and a Cybersecurity To-Do List 23
  • 24. Cybersecurity Questions GCs Should Ask • Are we “critical infrastructure” operators? • Do we have IP assets, trade secrets, account records, consumer data that could be subject to cyber-attack? Could our facilities be misused as part of an attack? • What past incidents have we experienced? Are our incident response procedures effective and well understood throughout the organization? • Do we have an up-to-date cybersecurity risk assessment in hand? • Who is responsible and accountable for cybersecurity, and does he/she have sufficient resources? • Is the Board of Directors adequately focused on cybersecurity; has it established satisfactory internal controls and governance structures? 24
  • 25. More Cybersecurity Questions • Do we know what existing and prospective laws apply to cybersecurity? • Are we subject to specific cybersecurity regulation? • Do we know what our contracts say about cybersecurity; do our existing customer / vendor contracts protect us on cybersecurity? Obligate us? • Do we have relevant government contracts? • Do we know the necessary government points of contact? Do we have appropriately cleared persons? • Who is monitoring NIST developments and best industry practices? • What do we need to include in our SEC filings on cybersecurity? 25
  • 26. More Cybersecurity Questions • Do we have special international exposure and/or obligations? • Are we going to participate in the voluntary White House and NIST cybersecurity framework? • Could the White House cybersecurity “incentives” benefit us? Hurt us? • Do we have good cybersecurity awareness and personal responsibility throughout our company? • Do we understand what our legal exposure and potential liability is? • Have we considered cyber-insurance? • Are we at risk for FTC “failure to secure” enforcement? 26
  • 27. More Cybersecurity Questions • Do we have an effective information governance function and are the right stakeholders involved? • Do our information governance systems effectively mitigate risk of loss from data breach or other incident? • Have we considered and addressed defensible disposition of legacy data stores and other sources that have outlived business value and legal and regulatory requirements? 27
  • 28. Lawyer To-Do List For Cybersecurity  Ensuring legal risks are considered in cybersecurity risk assessments  Oversight and readiness for incident response  Have you vetted and tested your response ability?  Are you mitigating risk in the ordinary course through effective information governance?  Analyzing and explaining the complex legal environment  Coordination of relationships with government  Development of standards and internal policies  Managing protections and obligations in contracts, customer and vendor relationships  Addressing “Hack Back” options  Managing legal/reputational issues  Required disclosures and reporting  Risks and rewards of cooperation with government  Privilege and selective waivers  Securities issues 28
  • 29. Sidley Austin LLP, a Delaware limited liability partnership which operates at the firm’s offices other than Chicago, New York, Los Angeles, San Francisco, Palo Alto, Dallas, London, Hong Kong, Houston, Singapore and Sydney, is affiliated with other partnerships, including Sidley Austin LLP, an Illinois limited liability partnership (Chicago); Sidley Austin (NY) LLP, a Delaware limited liability partnership (New York); Sidley Austin (CA) LLP, a Delaware limited liability partnership (Los Angeles, San Francisco, Palo Alto); Sidley Austin (TX) LLP, a Delaware limited liability partnership (Dallas, Houston); Sidley Austin LLP, a separate Delaware limited liability partnership (London); Sidley Austin LLP, a separate Delaware limited liability partnership (Singapore); Sidley Austin, a New York general partnership (Hong Kong); Sidley Austin, a Delaware general partnership of registered foreign lawyers restricted to practicing foreign law (Sydney); and Sidley Austin Nishikawa Foreign Law Joint Enterprise (Tokyo). The affiliated partnerships are referred to herein collectively as Sidley Austin, Sidley, or the firm. For purposes of compliance with New York State Bar rules, Sidley Austin LLP’s headquarters are 787 Seventh Avenue, New York, NY 10019, 212.839.5300 and One South Dearborn, Chicago, IL 60603, 312.853.7000. Questions? Edward McNicholas: 202.736.8010 eMcNicholas@sidley.com Jeffrey C. Sharer: 312.853.7028 jcSharer@sidley.com www.Sidley.com/InfoLaw This presentation has been prepared by Sidley Austin LLP as of January 2014 for educational and informational purposes only. It does not constitute legal advice. This information is not intended to create, and receipt of it does not constitute, a lawyer-client relationship. Readers should not act upon this without seeking personalized advice from professional advisers. BEIJING BOSTON BRUSSELS CHICAGO DALLAS FRANKFURT GENEVA HONG KONG HOUSTON LONDON LOS ANGELES NEW YORK PALO ALTO SAN FRANCISCO SHANGHAI SINGAPORE SYDNEY TOKYO WASHINGTON, D.C.
  • 30. January 17, 2014 Information Lifecycle Governance – Minimize Risks & Improve Readiness All upcoming Ethisphere events can be found at: http://ethisphere.com/events/ PLEASE JOIN US FOR