SlideShare una empresa de Scribd logo
1 de 44
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
Insert the cover image for this webinar on this slide entirely
1
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
Practical and entertaining education for
attorneys, accountants, business owners
and executives, and investors.
2
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
DISCLAIMER
The material in this webinar is for informational purposes only. It should not be
considered legal, financial or other professional advice. You should consult with an
attorney or other appropriate professional to determine what may be best for your
individual needs. While Financial Poise™ takes reasonable steps to ensure the information
it publishes is accurate, Financial Poise™ makes no guaranty in this regard.
About this PowerPoint: if you are looking at this PowerPoint without the benefit of
listening to the conversation that surrounded it then you are doing yourself a disservice.
This PowerPoint was prepared in contemplation of being viewed in conjunction with
listening to a one hour webinar on the topic
3
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
MEET THE FACULTY
Moderator:
Max Stein – Boodell & Domanskis LLC
Panelists:
Cassandra Porter – Cognizant
David Ross – Baker Tilly Virchow Krause, LLP
Elizabeth Vandesteeg – Sugar Felsenthal Grais & Helsinger, LLP
4
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
ABOUT THIS WEBINAR:
Data Privacy & Security – 101
Information technology systems are at the core of the way we live, work, and play; they impact
virtually every aspect of our lives today, and businesses of all kinds are increasingly data
driven. But businesses must understand and protect against the legal, business and
reputational risks from actual or perceived misuse of such data. And they must navigate these
waters in a world where data knows no boundaries, and in which governments and others
apply differing standards and have carry differing expectations. Experts further warn (and
sometimes daily news seems to suggest) that data breaches are inevitable, and businesses must
plan for the operational, legal and reputational fallout of such events. Get up to speed with us
on a topic that will continue to grow in importance in today’s data-driven marketplace.
5
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
ABOUT THIS SERIES: One Hour Law
School 2.0 – Tell Me What I Need to
Know
Looking for a practical introduction to some of the issues facing business people and
businesses of all sizes? In this program, you’ll learn (1) the obligations and key considerations
with regard to data privacy and security, both as a consumer and a vendor; (2) considerations
for safe use of copyrighted material in advertising, earned media, and professional
communications; (3) establishing and maintaining non-profit organizations; and (4) RICO
related issues that may impact business practices, and (5) best practices and business
considerations with regards to Fair Debt Credit Reporting Act.
6
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
EPISODES IN THIS SERIES
6/18/19 Episode #1: Data Privacy & Security -101
7/16/19 Episode #2: Using Copyrighted Material Without Violating
Copyright Law: The Fair Use Doctrine
8/13/19 Episode #3: Representing a Not-For-Profit
9/17/19 Episode #4: RICO
10/15/19 Episode #5: Fair Debt Credit Reporting Act
7
Dates shown are premiere dates.
All webinars will be available
On Demand approximately 4 weeks
after they premiere.
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
Episode #1:
Data Privacy & Security – 101
8
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
JARGON
• Information Governance
• Information Security/Cyber Security
• Data Privacy
9
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
DATA GOVERNANCE
• The
✓ Structures,
✓ Policies,
✓ Procedures,
✓ Processes and
✓ Controls
• that are implemented to manage information at an enterprise level, supporting an
organization's immediate and future regulatory, legal, risk, environmental and
operational requirements.
1
0
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
INFORMATION SECURITY
The prevention of unauthorized access, use, disclosure, disruption,
modification, inspection, recording or destruction of information
1
1
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
DATA PRIVACY
Standards and expectations (both personal and societal) governing the
collection and dissemination of data
1
2
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
SENSITIVE DATA
• What types of information and data do all companies need to protect?
✓ Personally identifiable information (PII): information that can be linked to a
specific individual
o Includes name, birthdate, social security number, driver’s license number,
account numbers
✓ Non-personally identifiable information: cannot by itself be used to identify a
specific individual
o Aggregate data, zip code, area code, city, state, gender, age
✓ Gray area – “anomyzed data”
o Non-PII that, when linked with other data, can effectively identify a person
o Includes geolocation data, site history, and viewing patterns from IP addresses
1
3
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
PERSONALLY IDENTIFIABLE
INFORMATION (PII)
• Social Security number
• Drivers license number
• Credit/debit card numbers
• Passport number
• Bank Account Information
• Date of Birth
• Medical Information
1
4
• Mother’s maiden name
• Biometric data (i.e., fingerprint)
• E-mail/username in combination with
password/security question & answer
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
BUSINESS INFORMATION
• Payment Card Information (PCI)
✓ Primary Account Number (PAN)
✓ Cardholder Name
✓ Expiration Date
✓ Service Code (3 or 4 digit code)
✓ PIN
1
5
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
BUSINESS INFORMATION (cont’d)
• Business Information
• Customer lists
• Prospect lists
• Trade secrets
• Pricing information
• Business plans and strategies
• Employee lists
1
6
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
PRIMARY TYPES OF SECURITY INCIDENTS
• Physical loss: Stolen or lost laptop, PDA, thumb drive, or other portable media
containing PII or other sensitive data
✓ Mitigation
o Encrypt
o Prohibit/minimize/block saving PII on portable media
o Records management
• Hard copies: mis-mail, misplaced, stolen, or “disposal fail”
✓ Mitigation
o Handling policy and training
o Disposal policy and training
o Diligence/contracts with records management/disposal vendors
1
7
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
PRIMARY TYPES OF SECURITY INCIDENTS
(cont’d)
• Unintended Disclosures
✓ “computer glitch”
✓ Incorrect permission settings
✓ Misdirected email/fax
o Mitigation
▪ Regular systems and/or vulnerability testing
▪ Encrypt or password-protect files
▪ Outlook delay
1
8
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
PRIMARY TYPES OF SECURITY INCIDENTS
(cont’d)
• Vendors: negligence, physical loss, database/server breach or stolen data at a vendor’s
location or server
✓ Increases response costs about 20%
o Mitigation
▪ Vendor contract provisions
▪ Appropriate review of vendors to confirm safeguards are in place
1
9
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
PRIMARY TYPES OF SECURITY INCIDENTS
(cont’d)
• Stolen Data by Otherwise Authorized Users: rogue employee or other malicious insider
with access downloads or sends personal or sensitive data to another unauthorized
location for an improper purpose
✓ Mitigation
o Systems activity review – logging and periodic monitoring
o Access reviews
2
0
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
PRIMARY TYPES OF SECURITY INCIDENTS
(cont’d)
• Database/server breach: Unauthorized person accesses or hacks into a data server that
stores personal or other sensitive data
✓ Malware, hackers, phishing, ransomware
o Mitigation
▪ Penetration testing, firewalls, intrusion detection, etc.
▪ Systems activity review – logging and periodic monitoring
▪ Training of employees
2
1
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
INCIDENCE OF BREACH
2
2
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
WHAT IS A DATA BREACH?
• Definition varies from state to state, but typically includes:
✓ Unauthorized acquisition/access/use
✓ Of Personally Identifiable Information (PII)
✓ Unencrypted
✓ Compromising the security, confidentiality or integrity of PII
✓ Does not include good faith acquisition of PII
2
3
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
WHAT IS A DATA BREACH (cont’d)
• … that may trigger state notification laws…
• Unauthorized acquisition of PII that compromises the security, confidentiality or
integrity of PII…
✓ That results or could result in identity theft or fraud (OH)
✓ Unless PII is not used or subject to further unauthorized disclosure (NE)
✓ Unless no misuse of PII has occurred or is not reasonably likely to occur (NJ)
✓ Unless no reasonable likelihood of harm to consumer whose PII was acquired has
resulted or will result (CT)
2
4
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
WHAT IS A DATA BREACH (cont’d)
✓ That has caused or is likely to cause loss or injury to resident (MI)
✓ That causes or is reasonably likely to cause substantial economic loss to the
individual (AZ)
✓ Unless no reasonable likelihood of financial harm to consumer whose PII was
acquired has resulted or will result (IA)
2
5
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
CAUSING AN INCIDENT: A “BREACH”
HAS CONSEQUENCES
• Why we should be careful with the word “breach”
✓ Using “breach” to describe a data-privacy related incident assumes the incident
meets the definition of a security breach which triggers various notification
requirements
✓ An “incident” does not always rise to the level of “breach” (i.e., encryption safe
harbor)
✓ “Incident” is better received by the public than “breach”
2
6
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
CAUSING AN INCIDENT: A “BREACH” HAS
CONSEQUENCES (cont’d)
• Breach Notification Laws:
✓ State laws differ with respect to:
o Deadline for notifying (14, 30, 45 days; reasonable time)
o Notification to Attorney General
o Notification to other State agencies
o Including Attorney General contact information
o Substitute notice (email, website, media)
o Specific facts of incident and type of PII compromised
o Maintaining records of incident (for 3-5 years)
✓ Countries also differ with notice requirements
2
7
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
NATIONAL INSTITUTE OF STANDARDS AND
TECHNOLOGY (NIST) FRAMEWORK
• Identify: develop the organizational understanding to manage cybersecurity risk to
systems, assets, data, and capabilities
• Protect: develop and implement the appropriate safeguards to ensure delivery of
critical infrastructure services
• Detect: develop and implement the appropriate activities to identify the occurrence of
a cybersecurity event
• Transfer: develop and implement appropriate insurance program that deals with
cyber and privacy events
• Respond: develop and implement the appropriate activities to take action regarding a
detected cybersecurity event
• Recover: develop and implement the appropriate activities to maintain plans for
resilience and to restore any capabilities or services that were impaired due to a
cybersecurity event
2
8
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
NIST FRAMEWORK IMPLEMENTATION TIERS
2
9
Tier 1 Tier 2 Tier 3 Tier 4
Risk Management
Process
Risk management practices are not
formalized.
Risk is managed in an ad hoc and
sometimes reactive manner.
Prioritization of cybersecurity activities may
not be directly informed by organizational
risk objectives, the threat environment, or
business/mission requirements.
Risk management practices are approved by
management but may not be established as
organizational-wide policy.
Prioritization of cybersecurity activities is directly
informed by organizational risk objectives, the
threat environment, or business/mission
requirements.
The organization’s risk management practices are
formally approved and expressed as policy.
Organizational cybersecurity practices are
regularly updated based on the application of risk
management processes to changes in
business/mission requirements and a changing
threat and technology landscape.
The organization adapts its cybersecurity
practices based on lessons learned and predictive
indicators derived from previous and current
cybersecurity activities.
Through a process of continuous improvement
incorporating advanced cybersecurity
technologies and practices, the organization
actively adapts to a changing cybersecurity
landscape and responds to evolving and
sophisticated threats in a timely manner.
Integrated Risk
Management
Program Limited organizational awareness of
cybersecurity risk; organization-wide
approach to managing cybersecurity risk
has not been established.
Cybersecurity risk management
implemented on an irregular, case-by-case
basis due to varied experience or
information gained from outside sources.
May not have processes that enable
cybersecurity information to be shared
within the organization.
Organizational awareness of cybersecurity risk, but
organization-wide approach to managing
cybersecurity risk has not been established.
Risk-informed, management-approved processes
and procedures are defined and implemented, and
staff has adequate resources to perform their
cybersecurity duties.
Cybersecurity information is shared within the
organization on an informal basis.
Organization-wide approach to manage
cybersecurity risk.
Risk-informed policies, processes, and
procedures are defined, implemented as
intended, and reviewed.
Consistent methods are in place to respond
effectively to changes in risk.
Personnel possess the knowledge and skills to
perform their appointed roles and
responsibilities.
Organization-wide approach to managing
cybersecurity risk that uses risk-informed
policies, processes, and procedures to address
potential cybersecurity events.
Cybersecurity risk management is part of the
organizational culture and evolves from an
awareness of previous activities, information
shared by other sources, and continuous
awareness of activities on their systems and
networks.
External
Participation
May not have the processes in place to
participate in coordination or collaboration
with other entities.
Organizational understanding of its role in the
larger ecosystem, but has not formalized its
capabilities to interact and share information
externally
Organizational understanding of its dependencies
and partners and receives information from these
partners that enables collaboration and risk-
based management decisions within the
organization in response to events.
Manages risk and actively shares information
with partners to ensure that accurate, current
information is being distributed and consumed
to improve cybersecurity before a cybersecurity
event occurs.
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
PROACTIVE MEASURES
• A Written Information Security Program (WISP): required by Massachusetts law,
GLBA, and FTC Red Flags Rule
• Incident Response Plan: required by PCI DSS, GLBA, and HIPAA
• Carefully drafted Confidentiality Agreements for employees, vendors, and visitors
• Proper and ongoing training for employees on company’s data security programs &
cyber awareness
• Perform a data privacy review & risk assessment, including penetration testing
• Review your employee exit process
3
0
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
DATA BREACH RESPONSE METHADOLOGY
3
1
Phase 4
Defense
Phase 3
Response
Phase 2
Investigation
Phase 1
Discovery
Theft, loss, or Unauthorized
Disclosure of Personally
Identifiable Non-Public
Information or Third Party
Corporate Information that is in
the care, custody or control of
the Insured Organization, or a
third party for whom the
Insured Organization is legally
liable
Forensic
Investigation and
Legal Review
Notification and
Credit Monitoring
Class-Action
Lawsuits
Regulatory Fines,
Penalties, and
Consumer Redress
Public Relations
Reputational
Damage
Income Loss
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
INCIDENT RESPONSE TEAM
• Because the issue impacts almost every component of the organization, and failure to
properly manage can result in both long and short term consequences, the team should
include “C” level decision makers in the following areas:
✓ Legal
✓ IT
✓ Risk management/insurance
✓ HR
✓ Marketing
✓ Public relations
3
2
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
INCIDENT RESPONSE TEAM (cont’d)
✓ Compliance & internal audit
✓ Physical security
✓ Other executive, as appropriate
✓ Third party response services (e.g., forensics, privacy counsel, notification
3
3
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
VENDOR AGREEMENTS
• Compliance with data privacy standards for the protection of PII, PHI, and/or
PCI
• Return or destruction of PII, PHI, and/or PCI
• Use of subcontractors with access to PII, PHI, and/or PCI
• Notice of security and/or privacy incident within ____ hours
• Indemnification
• Cyber liability insurance
3
4
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
PRIVACY AND DATA PROTECTION LAWS
• EU Data Protection Directive,
• HIPAA or the Health Insurance Portability and Accountability Act,
• The Sarbanes Oxley Act,
• Federal Information Security Management Act of 2002 (FISMA),
• Family Educational Rights and Privacy Act (FERPA),
• Gramm Leach Bliley Act (GLBA),
• Payment Card Industry Data Security Standard (PCI-DSS),
• Proposed State Laws (NY).
3
5
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
EU GENERAL DATA PROTECTION REGULATION
• Effective, May 25, 2018, law extends the scope of the EU data protection law to all
foreign companies processing data of EU residents
• Applies to organizations based outside the EU if they collect or process personal data of
EU residents
• Regulations apply the following EU data protection principles to all custodians of EU
personal data:
✓ Notice - Individuals must be informed that their data is being collected and how it
will be used. The organization must provide information about how individuals can
contact the organization with any inquiries or complaints.
✓ Choice - Individuals must have the option to opt out of the collection and forward
transfer of the data to third parties.
3
6
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
EU GENERAL DATA PROTECTION REGULATION
(cont’d)
✓ Onward Transfer - Transfers of data to third parties may only occur to other
organizations that follow adequate data protection principles.
✓ Security - Reasonable efforts must be made to prevent loss of collected information.
✓ Data Integrity - Data must be relevant and reliable for the purpose it was collected.
✓ Access - Individuals must be able to access information held about them, and
correct or delete it, if it is inaccurate.
✓ Enforcement - There must be effective means of enforcing these rules
• US Companies previously relied on the International Safe Harbor Principles, which the
ECJ invalidated, for cross-Atlantic data transfer.
✓ Safe Harbor replaced by EU-U.S. Privacy Shield
3
7
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
ABOUT THE FACULTY
3
8
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
Max Stein – MStein@boodlaw.com
Max Stein, a member of Boodell & Domanskis, LLC, is a business litigator focused on
meeting clients’ business objectives, helping them resolve disputes at the most opportune
times. Max represents clients as both plaintiffs and defendants in a wide variety of forums.
Additionally, Max notes that one advantage of practicing at a smaller firm, is that he is able
to offer his clients high-quality, nimble representation at reasonable rates. To aid his
clients in achieving their business objectives, Max approaches cases as though they will go
to trial, utilizing his extensive trial experience. Max also counsels his clients, helping to
identify and navigate legal risks to achieve their business goals and protect their
competitive interests while managing and, where possible, avoiding the expense and
uncertainty of litigation.
3
9
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
Cassandra Porter – Cassandra.Porter@cognizant.com
Cassandra M. Porter is the Americas/APAC data privacy lead attorney for a Fortune 100 Tech company working
to transform clients’ businesses, operations and technology models for the digital era. She counsels internal
clients on privacy-related matters such as data collection practices, online advertising, mobile commerce, along
with the development and acquisition of new technology, data incidents and management.
Cassandra is a member of the inaugural class of Privacy Law Specialists, a new specialty recognized by the
American Bar Association, and a Fellow of Information Privacy by the International Association of Privacy
Professionals (IAPP). Her IAPP credentials as a Certified Information Privacy Professional and Certified
Information Privacy Manager designate her as thought leader in the field. She is a former co-chair of the IAPP’s
New Jersey Chapter and member of the Bankruptcy Lawyers Advisory Committee for the District of New Jersey.
As a member of the United States Trustee’s Consumer Privacy Ombudsman (CPO) panel, she served as the CPO
in the Golfsmith International chapter 11 cases. Previously she was counsel at Lowenstein Sandler LLP where, in
addition to assisting clients with data privacy-related issues, she also regularly represented debtors in possession
and creditors in chapter 11 matters along with indigents in chapter 7 proceedings in association with the
Volunteer Lawyers for Justice.
To read more, go to https://www.financialpoise.com/financialpoisewebinars/faculty/cassandra-m-porter/
4
0
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
David Ross – David.Ross@bakertilly.com
David Ross, principal and cybersecurity and privacy practices leader, has been with
Baker Tilly Virchow Krause, LLP since 2017. David joins us from Deloitte’s cyber
risk practice, where he provided strategic insight, service design, business
development and engagement leadership. Previously, David was general manager
of General Dynamics Commercial Cyber Services, where he was not only
responsible for the design of the business, but also the launch and management of
the new commercial organization.
As a recognized thought leader and published author, David frequently speaks on
cybersecurity strategy, innovation, business strategy, building high performing
sales strategies, social media and critical problem solving for corporations.
4
1
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
Elizabeth Vandesteeg – evandesteeg@sfgh.com
Elizabeth (“Lisa”) B. Vandesteeg, partner at Sugar Felsenthal Grais & Helsinger, is a legal team leader and
tactical advisor for businesses. Coming from a commercial litigation background, her practice is focused on risk
identification and mitigation for her clients, primarily in the areas of business continuity and business tort,
data security and privacy, and bankruptcy and restructuring.
Lisa counsels businesses in a wide variety of industries on issues that arise on a day-to-day basis, such as
contracting with third parties or partnership/ownership disputes. She often adds value by acting in an external
general counsel role. And as a business litigator, she represents clients on both offense and defense, in state,
federal, and bankruptcy courts, in municipal and administrative proceedings, and using alternative dispute
resolution processes.
She also has experience in nearly every facet of commercial bankruptcy and restructuring, having represented
debtors, secured creditors, unsecured creditors, and unsecured creditors’ committees. Within the bankruptcy
arena, she has prosecuted complex adversary and contested litigation matters including, among others, actions
to pierce the corporate veil, to undo fraudulent transfers, and to avoid liens.
To read more, go to https://www.financialpoise.com/financialpoisewebinars/faculty/elizabeth-b-vandesteeg/
4
2
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
QUESTIONS OR COMMENTS?
If you have any questions about this webinar that you did not get to ask during
the live premiere, or if you are watching this webinar On Demand, please do
not hesitate to email us at info@financialpoise.com with any questions or
comments you may have. Please include the name of the webinar in your email
and we will do our best to provide a timely response.
IMPORTANT NOTE: The material in this presentation is for general educational purposes only. It has been prepared primarily
for attorneys and accountants for use in the pursuit of their continuing legal education and continuing professional education.
4
3
Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™
Receive our free weekly newsletter at www.financialpoise.com/subscribe
ABOUT FINANCIAL POISE
DailyDAC LLC, d/b/a Financial Poise™ provides
continuing education to attorneys, accountants,
business owners and executives, and investors. Its
websites, webinars, and books provide Plain
English, entertaining, explanations about legal,
financial, and other subjects of interest to these
audiences.
Visit us at www.financialpoise.com.
4
4
Our free weekly newsletter, Financial Poise
Weekly, educates readers about business,
business law, finance, and investing. To receive
it simply add yourself by going to:
https://www.financialpoise.com/newsletter/
Email addresses are never sold to or shared
with third parties.

Más contenido relacionado

Similar a Data Privacy & Security 101 (Series: One Hour Law School)

Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...Financial Poise
 
Foreign Corrupt Practices Act Compliance (Corporate & Regulatory Compliance B...
Foreign Corrupt Practices Act Compliance (Corporate & Regulatory Compliance B...Foreign Corrupt Practices Act Compliance (Corporate & Regulatory Compliance B...
Foreign Corrupt Practices Act Compliance (Corporate & Regulatory Compliance B...Financial Poise
 
The Intersection of IP & Bankruptcy (Series: Chapter 11 Potpourri)
The Intersection of IP & Bankruptcy (Series: Chapter 11 Potpourri)The Intersection of IP & Bankruptcy (Series: Chapter 11 Potpourri)
The Intersection of IP & Bankruptcy (Series: Chapter 11 Potpourri)Financial Poise
 
Show Them the Money: Wage & Hour Compliance (Series: HR, Talent Management & ...
Show Them the Money: Wage & Hour Compliance (Series: HR, Talent Management & ...Show Them the Money: Wage & Hour Compliance (Series: HR, Talent Management & ...
Show Them the Money: Wage & Hour Compliance (Series: HR, Talent Management & ...Financial Poise
 
Opportunity Amidst Crisis - Buying Distressed Assets, Claims, and Securities ...
Opportunity Amidst Crisis - Buying Distressed Assets, Claims, and Securities ...Opportunity Amidst Crisis - Buying Distressed Assets, Claims, and Securities ...
Opportunity Amidst Crisis - Buying Distressed Assets, Claims, and Securities ...Financial Poise
 
Securities Law: An Overview (Series: Securities Law Made Simple (Not Really))
Securities Law: An Overview (Series: Securities Law Made Simple (Not Really))   Securities Law: An Overview (Series: Securities Law Made Simple (Not Really))
Securities Law: An Overview (Series: Securities Law Made Simple (Not Really)) Financial Poise
 
Goal Based Investing: Planning for Key Life Events (Series: Personal Finance ...
Goal Based Investing: Planning for Key Life Events (Series: Personal Finance ...Goal Based Investing: Planning for Key Life Events (Series: Personal Finance ...
Goal Based Investing: Planning for Key Life Events (Series: Personal Finance ...Financial Poise
 
2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy Management2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy ManagementTrustArc
 
Leveraging & Protecting Trade Secrets in the 21st Century (Series: INTELLECTU...
Leveraging & Protecting Trade Secrets in the 21st Century (Series: INTELLECTU...Leveraging & Protecting Trade Secrets in the 21st Century (Series: INTELLECTU...
Leveraging & Protecting Trade Secrets in the 21st Century (Series: INTELLECTU...Financial Poise
 
Securities Law Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Securities Law Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Securities Law Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Securities Law Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Financial Poise
 
Intellectual Property in an Hour (Series: One Hour Law School)
Intellectual Property in an Hour (Series: One Hour Law School)Intellectual Property in an Hour (Series: One Hour Law School)
Intellectual Property in an Hour (Series: One Hour Law School)Financial Poise
 
Procurement & Government Contracting Compliance (Series: Corporate & Regulato...
Procurement & Government Contracting Compliance (Series: Corporate & Regulato...Procurement & Government Contracting Compliance (Series: Corporate & Regulato...
Procurement & Government Contracting Compliance (Series: Corporate & Regulato...Financial Poise
 
Cash Collateral and DIP Loan Contests (Series: Bankruptcy Battle Royale)
Cash Collateral and DIP Loan Contests (Series: Bankruptcy Battle Royale)Cash Collateral and DIP Loan Contests (Series: Bankruptcy Battle Royale)
Cash Collateral and DIP Loan Contests (Series: Bankruptcy Battle Royale)Financial Poise
 
Investing in Commercial Real Estate (Series: Real Estate Investing 101)
Investing in Commercial Real Estate (Series: Real Estate Investing 101) Investing in Commercial Real Estate (Series: Real Estate Investing 101)
Investing in Commercial Real Estate (Series: Real Estate Investing 101) Financial Poise
 
Structuring and Planning the M&A Transaction (Series: Private Company M&A Boo...
Structuring and Planning the M&A Transaction (Series: Private Company M&A Boo...Structuring and Planning the M&A Transaction (Series: Private Company M&A Boo...
Structuring and Planning the M&A Transaction (Series: Private Company M&A Boo...Financial Poise
 
2019 11-13 how to comply with ccpa as part of a global privacy strategy
2019 11-13 how to comply with ccpa as part of a global privacy strategy2019 11-13 how to comply with ccpa as part of a global privacy strategy
2019 11-13 how to comply with ccpa as part of a global privacy strategyTrustArc
 
Factoring (BUSINESS BORROWING BASICS 2018)
Factoring (BUSINESS BORROWING BASICS 2018)Factoring (BUSINESS BORROWING BASICS 2018)
Factoring (BUSINESS BORROWING BASICS 2018)Financial Poise
 
Focus on Single Asset Real Estate (Series: Chapter 11 Special Issues)
Focus on Single Asset Real Estate (Series: Chapter 11 Special Issues)Focus on Single Asset Real Estate (Series: Chapter 11 Special Issues)
Focus on Single Asset Real Estate (Series: Chapter 11 Special Issues)Financial Poise
 
It’s So Hard To Say Goodbye: Minimizing Risk When Terminating Employees (Seri...
It’s So Hard To Say Goodbye: Minimizing Risk When Terminating Employees (Seri...It’s So Hard To Say Goodbye: Minimizing Risk When Terminating Employees (Seri...
It’s So Hard To Say Goodbye: Minimizing Risk When Terminating Employees (Seri...Financial Poise
 
Forming a Company: How to Start a Business (SERIES: One Hour Law School 2018)
Forming a Company: How to Start a Business (SERIES: One Hour Law School 2018)Forming a Company: How to Start a Business (SERIES: One Hour Law School 2018)
Forming a Company: How to Start a Business (SERIES: One Hour Law School 2018)Financial Poise
 

Similar a Data Privacy & Security 101 (Series: One Hour Law School) (20)

Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...
 
Foreign Corrupt Practices Act Compliance (Corporate & Regulatory Compliance B...
Foreign Corrupt Practices Act Compliance (Corporate & Regulatory Compliance B...Foreign Corrupt Practices Act Compliance (Corporate & Regulatory Compliance B...
Foreign Corrupt Practices Act Compliance (Corporate & Regulatory Compliance B...
 
The Intersection of IP & Bankruptcy (Series: Chapter 11 Potpourri)
The Intersection of IP & Bankruptcy (Series: Chapter 11 Potpourri)The Intersection of IP & Bankruptcy (Series: Chapter 11 Potpourri)
The Intersection of IP & Bankruptcy (Series: Chapter 11 Potpourri)
 
Show Them the Money: Wage & Hour Compliance (Series: HR, Talent Management & ...
Show Them the Money: Wage & Hour Compliance (Series: HR, Talent Management & ...Show Them the Money: Wage & Hour Compliance (Series: HR, Talent Management & ...
Show Them the Money: Wage & Hour Compliance (Series: HR, Talent Management & ...
 
Opportunity Amidst Crisis - Buying Distressed Assets, Claims, and Securities ...
Opportunity Amidst Crisis - Buying Distressed Assets, Claims, and Securities ...Opportunity Amidst Crisis - Buying Distressed Assets, Claims, and Securities ...
Opportunity Amidst Crisis - Buying Distressed Assets, Claims, and Securities ...
 
Securities Law: An Overview (Series: Securities Law Made Simple (Not Really))
Securities Law: An Overview (Series: Securities Law Made Simple (Not Really))   Securities Law: An Overview (Series: Securities Law Made Simple (Not Really))
Securities Law: An Overview (Series: Securities Law Made Simple (Not Really))
 
Goal Based Investing: Planning for Key Life Events (Series: Personal Finance ...
Goal Based Investing: Planning for Key Life Events (Series: Personal Finance ...Goal Based Investing: Planning for Key Life Events (Series: Personal Finance ...
Goal Based Investing: Planning for Key Life Events (Series: Personal Finance ...
 
2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy Management2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy Management
 
Leveraging & Protecting Trade Secrets in the 21st Century (Series: INTELLECTU...
Leveraging & Protecting Trade Secrets in the 21st Century (Series: INTELLECTU...Leveraging & Protecting Trade Secrets in the 21st Century (Series: INTELLECTU...
Leveraging & Protecting Trade Secrets in the 21st Century (Series: INTELLECTU...
 
Securities Law Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Securities Law Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Securities Law Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Securities Law Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
 
Intellectual Property in an Hour (Series: One Hour Law School)
Intellectual Property in an Hour (Series: One Hour Law School)Intellectual Property in an Hour (Series: One Hour Law School)
Intellectual Property in an Hour (Series: One Hour Law School)
 
Procurement & Government Contracting Compliance (Series: Corporate & Regulato...
Procurement & Government Contracting Compliance (Series: Corporate & Regulato...Procurement & Government Contracting Compliance (Series: Corporate & Regulato...
Procurement & Government Contracting Compliance (Series: Corporate & Regulato...
 
Cash Collateral and DIP Loan Contests (Series: Bankruptcy Battle Royale)
Cash Collateral and DIP Loan Contests (Series: Bankruptcy Battle Royale)Cash Collateral and DIP Loan Contests (Series: Bankruptcy Battle Royale)
Cash Collateral and DIP Loan Contests (Series: Bankruptcy Battle Royale)
 
Investing in Commercial Real Estate (Series: Real Estate Investing 101)
Investing in Commercial Real Estate (Series: Real Estate Investing 101) Investing in Commercial Real Estate (Series: Real Estate Investing 101)
Investing in Commercial Real Estate (Series: Real Estate Investing 101)
 
Structuring and Planning the M&A Transaction (Series: Private Company M&A Boo...
Structuring and Planning the M&A Transaction (Series: Private Company M&A Boo...Structuring and Planning the M&A Transaction (Series: Private Company M&A Boo...
Structuring and Planning the M&A Transaction (Series: Private Company M&A Boo...
 
2019 11-13 how to comply with ccpa as part of a global privacy strategy
2019 11-13 how to comply with ccpa as part of a global privacy strategy2019 11-13 how to comply with ccpa as part of a global privacy strategy
2019 11-13 how to comply with ccpa as part of a global privacy strategy
 
Factoring (BUSINESS BORROWING BASICS 2018)
Factoring (BUSINESS BORROWING BASICS 2018)Factoring (BUSINESS BORROWING BASICS 2018)
Factoring (BUSINESS BORROWING BASICS 2018)
 
Focus on Single Asset Real Estate (Series: Chapter 11 Special Issues)
Focus on Single Asset Real Estate (Series: Chapter 11 Special Issues)Focus on Single Asset Real Estate (Series: Chapter 11 Special Issues)
Focus on Single Asset Real Estate (Series: Chapter 11 Special Issues)
 
It’s So Hard To Say Goodbye: Minimizing Risk When Terminating Employees (Seri...
It’s So Hard To Say Goodbye: Minimizing Risk When Terminating Employees (Seri...It’s So Hard To Say Goodbye: Minimizing Risk When Terminating Employees (Seri...
It’s So Hard To Say Goodbye: Minimizing Risk When Terminating Employees (Seri...
 
Forming a Company: How to Start a Business (SERIES: One Hour Law School 2018)
Forming a Company: How to Start a Business (SERIES: One Hour Law School 2018)Forming a Company: How to Start a Business (SERIES: One Hour Law School 2018)
Forming a Company: How to Start a Business (SERIES: One Hour Law School 2018)
 

Más de Financial Poise

IP-301 POST-GRANT REVIEW TRIALS 2022 - Things to Consider Before You File
IP-301 POST-GRANT REVIEW TRIALS 2022 - Things to Consider Before You FileIP-301 POST-GRANT REVIEW TRIALS 2022 - Things to Consider Before You File
IP-301 POST-GRANT REVIEW TRIALS 2022 - Things to Consider Before You FileFinancial Poise
 
IP-301 POST-GRANT REVIEW TRIALS 2022 - PGRT Basics
IP-301 POST-GRANT REVIEW TRIALS 2022 - PGRT Basics  IP-301 POST-GRANT REVIEW TRIALS 2022 - PGRT Basics
IP-301 POST-GRANT REVIEW TRIALS 2022 - PGRT Basics Financial Poise
 
THE NUTS & BOLTS OF BANKRUPTCY LAW 2022: The Nuts & Bolts of a First Day Hearing
THE NUTS & BOLTS OF BANKRUPTCY LAW 2022: The Nuts & Bolts of a First Day HearingTHE NUTS & BOLTS OF BANKRUPTCY LAW 2022: The Nuts & Bolts of a First Day Hearing
THE NUTS & BOLTS OF BANKRUPTCY LAW 2022: The Nuts & Bolts of a First Day HearingFinancial Poise
 
RESTRUCTURING, INSOLVENCY & TROUBLED COMPANIES 2022: Bad Debtor Owes Me Money!
RESTRUCTURING, INSOLVENCY & TROUBLED COMPANIES 2022: Bad Debtor Owes Me Money!RESTRUCTURING, INSOLVENCY & TROUBLED COMPANIES 2022: Bad Debtor Owes Me Money!
RESTRUCTURING, INSOLVENCY & TROUBLED COMPANIES 2022: Bad Debtor Owes Me Money!Financial Poise
 
PERSUASIVE BRIEF WRITING 2022 - Style
PERSUASIVE BRIEF WRITING 2022 - Style PERSUASIVE BRIEF WRITING 2022 - Style
PERSUASIVE BRIEF WRITING 2022 - Style Financial Poise
 
CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After...
CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After...CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After...
CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After...Financial Poise
 
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...Financial Poise
 
NEWBIE LITIGATOR SCHOOL - 101 Part 3 2022 - Enforcement: Post-Judgment Procee...
NEWBIE LITIGATOR SCHOOL - 101 Part 3 2022 - Enforcement: Post-Judgment Procee...NEWBIE LITIGATOR SCHOOL - 101 Part 3 2022 - Enforcement: Post-Judgment Procee...
NEWBIE LITIGATOR SCHOOL - 101 Part 3 2022 - Enforcement: Post-Judgment Procee...Financial Poise
 
NEWBIE LITIGATOR SCHOOL - 101 Part 3 2022 -Appellate Practice- 101
NEWBIE LITIGATOR SCHOOL - 101 Part 3 2022 -Appellate Practice- 101 NEWBIE LITIGATOR SCHOOL - 101 Part 3 2022 -Appellate Practice- 101
NEWBIE LITIGATOR SCHOOL - 101 Part 3 2022 -Appellate Practice- 101 Financial Poise
 
MARKETING TIPS FOR THE NEW (OR OLD!) BUSINESS OWNER 2022: Learn How to Do Con...
MARKETING TIPS FOR THE NEW (OR OLD!) BUSINESS OWNER 2022: Learn How to Do Con...MARKETING TIPS FOR THE NEW (OR OLD!) BUSINESS OWNER 2022: Learn How to Do Con...
MARKETING TIPS FOR THE NEW (OR OLD!) BUSINESS OWNER 2022: Learn How to Do Con...Financial Poise
 
CHAPTER 11 - INDUSTRY FOCUS 2022 - Focus on Oil and Gas
CHAPTER 11 - INDUSTRY FOCUS 2022 - Focus on Oil and Gas CHAPTER 11 - INDUSTRY FOCUS 2022 - Focus on Oil and Gas
CHAPTER 11 - INDUSTRY FOCUS 2022 - Focus on Oil and Gas Financial Poise
 
NEWBIE LITIGATOR SCHOOL - Part I 2022: Working With Experts
NEWBIE LITIGATOR SCHOOL - Part I 2022: Working With Experts NEWBIE LITIGATOR SCHOOL - Part I 2022: Working With Experts
NEWBIE LITIGATOR SCHOOL - Part I 2022: Working With Experts Financial Poise
 
CORPORATE REGULATORY COMPLIANCE BOOT CAMP 2022 - PART 2: Executive Compensat...
CORPORATE  REGULATORY COMPLIANCE BOOT CAMP 2022 - PART 2: Executive Compensat...CORPORATE  REGULATORY COMPLIANCE BOOT CAMP 2022 - PART 2: Executive Compensat...
CORPORATE REGULATORY COMPLIANCE BOOT CAMP 2022 - PART 2: Executive Compensat...Financial Poise
 
CORPORATE REGULATORY COMPLIANCE BOOT CAMP 2022 - PART 2: Securities Law Comp...
CORPORATE  REGULATORY COMPLIANCE BOOT CAMP 2022 - PART 2: Securities Law Comp...CORPORATE  REGULATORY COMPLIANCE BOOT CAMP 2022 - PART 2: Securities Law Comp...
CORPORATE REGULATORY COMPLIANCE BOOT CAMP 2022 - PART 2: Securities Law Comp...Financial Poise
 
M&A BOOT CAMP - 2022: Post-Closing Issues -Integration & Potential Buyer Sell...
M&A BOOT CAMP - 2022: Post-Closing Issues -Integration & Potential Buyer Sell...M&A BOOT CAMP - 2022: Post-Closing Issues -Integration & Potential Buyer Sell...
M&A BOOT CAMP - 2022: Post-Closing Issues -Integration & Potential Buyer Sell...Financial Poise
 
M&A BOOT CAMP 2022 - Key Provisions in M&A Agreements
M&A BOOT CAMP 2022 - Key Provisions in M&A AgreementsM&A BOOT CAMP 2022 - Key Provisions in M&A Agreements
M&A BOOT CAMP 2022 - Key Provisions in M&A AgreementsFinancial Poise
 
M&A BOOT CAMP 2022 - The M&A Process
M&A BOOT CAMP 2022 - The M&A ProcessM&A BOOT CAMP 2022 - The M&A Process
M&A BOOT CAMP 2022 - The M&A ProcessFinancial Poise
 
CROWDFUNDING 2022 - Crowdfunding from the Investor's Perspective
CROWDFUNDING 2022 - Crowdfunding from the Investor's PerspectiveCROWDFUNDING 2022 - Crowdfunding from the Investor's Perspective
CROWDFUNDING 2022 - Crowdfunding from the Investor's PerspectiveFinancial Poise
 
CROWDFUNDING 2022 - Securities Crowdfunding for Intermediaries
CROWDFUNDING 2022 - Securities Crowdfunding for IntermediariesCROWDFUNDING 2022 - Securities Crowdfunding for Intermediaries
CROWDFUNDING 2022 - Securities Crowdfunding for IntermediariesFinancial Poise
 
CROWDFUNDING 2022 - Crowdfunding from the Start-Up's Perspective
CROWDFUNDING 2022 - Crowdfunding from the Start-Up's Perspective CROWDFUNDING 2022 - Crowdfunding from the Start-Up's Perspective
CROWDFUNDING 2022 - Crowdfunding from the Start-Up's Perspective Financial Poise
 

Más de Financial Poise (20)

IP-301 POST-GRANT REVIEW TRIALS 2022 - Things to Consider Before You File
IP-301 POST-GRANT REVIEW TRIALS 2022 - Things to Consider Before You FileIP-301 POST-GRANT REVIEW TRIALS 2022 - Things to Consider Before You File
IP-301 POST-GRANT REVIEW TRIALS 2022 - Things to Consider Before You File
 
IP-301 POST-GRANT REVIEW TRIALS 2022 - PGRT Basics
IP-301 POST-GRANT REVIEW TRIALS 2022 - PGRT Basics  IP-301 POST-GRANT REVIEW TRIALS 2022 - PGRT Basics
IP-301 POST-GRANT REVIEW TRIALS 2022 - PGRT Basics
 
THE NUTS & BOLTS OF BANKRUPTCY LAW 2022: The Nuts & Bolts of a First Day Hearing
THE NUTS & BOLTS OF BANKRUPTCY LAW 2022: The Nuts & Bolts of a First Day HearingTHE NUTS & BOLTS OF BANKRUPTCY LAW 2022: The Nuts & Bolts of a First Day Hearing
THE NUTS & BOLTS OF BANKRUPTCY LAW 2022: The Nuts & Bolts of a First Day Hearing
 
RESTRUCTURING, INSOLVENCY & TROUBLED COMPANIES 2022: Bad Debtor Owes Me Money!
RESTRUCTURING, INSOLVENCY & TROUBLED COMPANIES 2022: Bad Debtor Owes Me Money!RESTRUCTURING, INSOLVENCY & TROUBLED COMPANIES 2022: Bad Debtor Owes Me Money!
RESTRUCTURING, INSOLVENCY & TROUBLED COMPANIES 2022: Bad Debtor Owes Me Money!
 
PERSUASIVE BRIEF WRITING 2022 - Style
PERSUASIVE BRIEF WRITING 2022 - Style PERSUASIVE BRIEF WRITING 2022 - Style
PERSUASIVE BRIEF WRITING 2022 - Style
 
CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After...
CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After...CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After...
CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After...
 
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
 
NEWBIE LITIGATOR SCHOOL - 101 Part 3 2022 - Enforcement: Post-Judgment Procee...
NEWBIE LITIGATOR SCHOOL - 101 Part 3 2022 - Enforcement: Post-Judgment Procee...NEWBIE LITIGATOR SCHOOL - 101 Part 3 2022 - Enforcement: Post-Judgment Procee...
NEWBIE LITIGATOR SCHOOL - 101 Part 3 2022 - Enforcement: Post-Judgment Procee...
 
NEWBIE LITIGATOR SCHOOL - 101 Part 3 2022 -Appellate Practice- 101
NEWBIE LITIGATOR SCHOOL - 101 Part 3 2022 -Appellate Practice- 101 NEWBIE LITIGATOR SCHOOL - 101 Part 3 2022 -Appellate Practice- 101
NEWBIE LITIGATOR SCHOOL - 101 Part 3 2022 -Appellate Practice- 101
 
MARKETING TIPS FOR THE NEW (OR OLD!) BUSINESS OWNER 2022: Learn How to Do Con...
MARKETING TIPS FOR THE NEW (OR OLD!) BUSINESS OWNER 2022: Learn How to Do Con...MARKETING TIPS FOR THE NEW (OR OLD!) BUSINESS OWNER 2022: Learn How to Do Con...
MARKETING TIPS FOR THE NEW (OR OLD!) BUSINESS OWNER 2022: Learn How to Do Con...
 
CHAPTER 11 - INDUSTRY FOCUS 2022 - Focus on Oil and Gas
CHAPTER 11 - INDUSTRY FOCUS 2022 - Focus on Oil and Gas CHAPTER 11 - INDUSTRY FOCUS 2022 - Focus on Oil and Gas
CHAPTER 11 - INDUSTRY FOCUS 2022 - Focus on Oil and Gas
 
NEWBIE LITIGATOR SCHOOL - Part I 2022: Working With Experts
NEWBIE LITIGATOR SCHOOL - Part I 2022: Working With Experts NEWBIE LITIGATOR SCHOOL - Part I 2022: Working With Experts
NEWBIE LITIGATOR SCHOOL - Part I 2022: Working With Experts
 
CORPORATE REGULATORY COMPLIANCE BOOT CAMP 2022 - PART 2: Executive Compensat...
CORPORATE  REGULATORY COMPLIANCE BOOT CAMP 2022 - PART 2: Executive Compensat...CORPORATE  REGULATORY COMPLIANCE BOOT CAMP 2022 - PART 2: Executive Compensat...
CORPORATE REGULATORY COMPLIANCE BOOT CAMP 2022 - PART 2: Executive Compensat...
 
CORPORATE REGULATORY COMPLIANCE BOOT CAMP 2022 - PART 2: Securities Law Comp...
CORPORATE  REGULATORY COMPLIANCE BOOT CAMP 2022 - PART 2: Securities Law Comp...CORPORATE  REGULATORY COMPLIANCE BOOT CAMP 2022 - PART 2: Securities Law Comp...
CORPORATE REGULATORY COMPLIANCE BOOT CAMP 2022 - PART 2: Securities Law Comp...
 
M&A BOOT CAMP - 2022: Post-Closing Issues -Integration & Potential Buyer Sell...
M&A BOOT CAMP - 2022: Post-Closing Issues -Integration & Potential Buyer Sell...M&A BOOT CAMP - 2022: Post-Closing Issues -Integration & Potential Buyer Sell...
M&A BOOT CAMP - 2022: Post-Closing Issues -Integration & Potential Buyer Sell...
 
M&A BOOT CAMP 2022 - Key Provisions in M&A Agreements
M&A BOOT CAMP 2022 - Key Provisions in M&A AgreementsM&A BOOT CAMP 2022 - Key Provisions in M&A Agreements
M&A BOOT CAMP 2022 - Key Provisions in M&A Agreements
 
M&A BOOT CAMP 2022 - The M&A Process
M&A BOOT CAMP 2022 - The M&A ProcessM&A BOOT CAMP 2022 - The M&A Process
M&A BOOT CAMP 2022 - The M&A Process
 
CROWDFUNDING 2022 - Crowdfunding from the Investor's Perspective
CROWDFUNDING 2022 - Crowdfunding from the Investor's PerspectiveCROWDFUNDING 2022 - Crowdfunding from the Investor's Perspective
CROWDFUNDING 2022 - Crowdfunding from the Investor's Perspective
 
CROWDFUNDING 2022 - Securities Crowdfunding for Intermediaries
CROWDFUNDING 2022 - Securities Crowdfunding for IntermediariesCROWDFUNDING 2022 - Securities Crowdfunding for Intermediaries
CROWDFUNDING 2022 - Securities Crowdfunding for Intermediaries
 
CROWDFUNDING 2022 - Crowdfunding from the Start-Up's Perspective
CROWDFUNDING 2022 - Crowdfunding from the Start-Up's Perspective CROWDFUNDING 2022 - Crowdfunding from the Start-Up's Perspective
CROWDFUNDING 2022 - Crowdfunding from the Start-Up's Perspective
 

Último

30-de-thi-vao-lop-10-mon-tieng-anh-co-dap-an.doc
30-de-thi-vao-lop-10-mon-tieng-anh-co-dap-an.doc30-de-thi-vao-lop-10-mon-tieng-anh-co-dap-an.doc
30-de-thi-vao-lop-10-mon-tieng-anh-co-dap-an.docdieu18
 
EDD8524 The Future of Educational Leader
EDD8524 The Future of Educational LeaderEDD8524 The Future of Educational Leader
EDD8524 The Future of Educational LeaderDr. Bruce A. Johnson
 
AI Uses and Misuses: Academic and Workplace Applications
AI Uses and Misuses: Academic and Workplace ApplicationsAI Uses and Misuses: Academic and Workplace Applications
AI Uses and Misuses: Academic and Workplace ApplicationsStella Lee
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...Nguyen Thanh Tu Collection
 
Plant Tissue culture., Plasticity, Totipotency, pptx
Plant Tissue culture., Plasticity, Totipotency, pptxPlant Tissue culture., Plasticity, Totipotency, pptx
Plant Tissue culture., Plasticity, Totipotency, pptxHimansu10
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE...BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE...Nguyen Thanh Tu Collection
 
2024 March 11, Telehealth Billing- Current Telehealth CPT Codes & Telehealth ...
2024 March 11, Telehealth Billing- Current Telehealth CPT Codes & Telehealth ...2024 March 11, Telehealth Billing- Current Telehealth CPT Codes & Telehealth ...
2024 March 11, Telehealth Billing- Current Telehealth CPT Codes & Telehealth ...Marlene Maheu
 
LEAD5623 The Economics of Community Coll
LEAD5623 The Economics of Community CollLEAD5623 The Economics of Community Coll
LEAD5623 The Economics of Community CollDr. Bruce A. Johnson
 
Pharmacology chapter No 7 full notes.pdf
Pharmacology chapter No 7 full notes.pdfPharmacology chapter No 7 full notes.pdf
Pharmacology chapter No 7 full notes.pdfSumit Tiwari
 
Certification Study Group - Professional ML Engineer Session 3 (Machine Learn...
Certification Study Group - Professional ML Engineer Session 3 (Machine Learn...Certification Study Group - Professional ML Engineer Session 3 (Machine Learn...
Certification Study Group - Professional ML Engineer Session 3 (Machine Learn...gdgsurrey
 
3.12.24 The Social Construction of Gender.pptx
3.12.24 The Social Construction of Gender.pptx3.12.24 The Social Construction of Gender.pptx
3.12.24 The Social Construction of Gender.pptxmary850239
 
DNA and RNA , Structure, Functions, Types, difference, Similarities, Protein ...
DNA and RNA , Structure, Functions, Types, difference, Similarities, Protein ...DNA and RNA , Structure, Functions, Types, difference, Similarities, Protein ...
DNA and RNA , Structure, Functions, Types, difference, Similarities, Protein ...AKSHAYMAGAR17
 
Auchitya Theory by Kshemendra Indian Poetics
Auchitya Theory by Kshemendra Indian PoeticsAuchitya Theory by Kshemendra Indian Poetics
Auchitya Theory by Kshemendra Indian PoeticsDhatriParmar
 
AUDIENCE THEORY - PARTICIPATORY - JENKINS.pptx
AUDIENCE THEORY - PARTICIPATORY - JENKINS.pptxAUDIENCE THEORY - PARTICIPATORY - JENKINS.pptx
AUDIENCE THEORY - PARTICIPATORY - JENKINS.pptxiammrhaywood
 
Metabolism of lipoproteins & its disorders(Chylomicron & VLDL & LDL).pptx
Metabolism of  lipoproteins & its disorders(Chylomicron & VLDL & LDL).pptxMetabolism of  lipoproteins & its disorders(Chylomicron & VLDL & LDL).pptx
Metabolism of lipoproteins & its disorders(Chylomicron & VLDL & LDL).pptxDr. Santhosh Kumar. N
 
Material Remains as Source of Ancient Indian History & Culture.ppt
Material Remains as Source of Ancient Indian History & Culture.pptMaterial Remains as Source of Ancient Indian History & Culture.ppt
Material Remains as Source of Ancient Indian History & Culture.pptBanaras Hindu University
 
THYROID HORMONE.pptx by Subham Panja,Asst. Professor, Department of B.Sc MLT,...
THYROID HORMONE.pptx by Subham Panja,Asst. Professor, Department of B.Sc MLT,...THYROID HORMONE.pptx by Subham Panja,Asst. Professor, Department of B.Sc MLT,...
THYROID HORMONE.pptx by Subham Panja,Asst. Professor, Department of B.Sc MLT,...Subham Panja
 
The First National K12 TUG March 6 2024.pdf
The First National K12 TUG March 6 2024.pdfThe First National K12 TUG March 6 2024.pdf
The First National K12 TUG March 6 2024.pdfdogden2
 
ASTRINGENTS.pdf Pharmacognosy chapter 5 diploma in Pharmacy
ASTRINGENTS.pdf Pharmacognosy chapter 5 diploma in PharmacyASTRINGENTS.pdf Pharmacognosy chapter 5 diploma in Pharmacy
ASTRINGENTS.pdf Pharmacognosy chapter 5 diploma in PharmacySumit Tiwari
 

Último (20)

30-de-thi-vao-lop-10-mon-tieng-anh-co-dap-an.doc
30-de-thi-vao-lop-10-mon-tieng-anh-co-dap-an.doc30-de-thi-vao-lop-10-mon-tieng-anh-co-dap-an.doc
30-de-thi-vao-lop-10-mon-tieng-anh-co-dap-an.doc
 
EDD8524 The Future of Educational Leader
EDD8524 The Future of Educational LeaderEDD8524 The Future of Educational Leader
EDD8524 The Future of Educational Leader
 
AI Uses and Misuses: Academic and Workplace Applications
AI Uses and Misuses: Academic and Workplace ApplicationsAI Uses and Misuses: Academic and Workplace Applications
AI Uses and Misuses: Academic and Workplace Applications
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
 
Plant Tissue culture., Plasticity, Totipotency, pptx
Plant Tissue culture., Plasticity, Totipotency, pptxPlant Tissue culture., Plasticity, Totipotency, pptx
Plant Tissue culture., Plasticity, Totipotency, pptx
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE...BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE...
 
Problems on Mean,Mode,Median Standard Deviation
Problems on Mean,Mode,Median Standard DeviationProblems on Mean,Mode,Median Standard Deviation
Problems on Mean,Mode,Median Standard Deviation
 
2024 March 11, Telehealth Billing- Current Telehealth CPT Codes & Telehealth ...
2024 March 11, Telehealth Billing- Current Telehealth CPT Codes & Telehealth ...2024 March 11, Telehealth Billing- Current Telehealth CPT Codes & Telehealth ...
2024 March 11, Telehealth Billing- Current Telehealth CPT Codes & Telehealth ...
 
LEAD5623 The Economics of Community Coll
LEAD5623 The Economics of Community CollLEAD5623 The Economics of Community Coll
LEAD5623 The Economics of Community Coll
 
Pharmacology chapter No 7 full notes.pdf
Pharmacology chapter No 7 full notes.pdfPharmacology chapter No 7 full notes.pdf
Pharmacology chapter No 7 full notes.pdf
 
Certification Study Group - Professional ML Engineer Session 3 (Machine Learn...
Certification Study Group - Professional ML Engineer Session 3 (Machine Learn...Certification Study Group - Professional ML Engineer Session 3 (Machine Learn...
Certification Study Group - Professional ML Engineer Session 3 (Machine Learn...
 
3.12.24 The Social Construction of Gender.pptx
3.12.24 The Social Construction of Gender.pptx3.12.24 The Social Construction of Gender.pptx
3.12.24 The Social Construction of Gender.pptx
 
DNA and RNA , Structure, Functions, Types, difference, Similarities, Protein ...
DNA and RNA , Structure, Functions, Types, difference, Similarities, Protein ...DNA and RNA , Structure, Functions, Types, difference, Similarities, Protein ...
DNA and RNA , Structure, Functions, Types, difference, Similarities, Protein ...
 
Auchitya Theory by Kshemendra Indian Poetics
Auchitya Theory by Kshemendra Indian PoeticsAuchitya Theory by Kshemendra Indian Poetics
Auchitya Theory by Kshemendra Indian Poetics
 
AUDIENCE THEORY - PARTICIPATORY - JENKINS.pptx
AUDIENCE THEORY - PARTICIPATORY - JENKINS.pptxAUDIENCE THEORY - PARTICIPATORY - JENKINS.pptx
AUDIENCE THEORY - PARTICIPATORY - JENKINS.pptx
 
Metabolism of lipoproteins & its disorders(Chylomicron & VLDL & LDL).pptx
Metabolism of  lipoproteins & its disorders(Chylomicron & VLDL & LDL).pptxMetabolism of  lipoproteins & its disorders(Chylomicron & VLDL & LDL).pptx
Metabolism of lipoproteins & its disorders(Chylomicron & VLDL & LDL).pptx
 
Material Remains as Source of Ancient Indian History & Culture.ppt
Material Remains as Source of Ancient Indian History & Culture.pptMaterial Remains as Source of Ancient Indian History & Culture.ppt
Material Remains as Source of Ancient Indian History & Culture.ppt
 
THYROID HORMONE.pptx by Subham Panja,Asst. Professor, Department of B.Sc MLT,...
THYROID HORMONE.pptx by Subham Panja,Asst. Professor, Department of B.Sc MLT,...THYROID HORMONE.pptx by Subham Panja,Asst. Professor, Department of B.Sc MLT,...
THYROID HORMONE.pptx by Subham Panja,Asst. Professor, Department of B.Sc MLT,...
 
The First National K12 TUG March 6 2024.pdf
The First National K12 TUG March 6 2024.pdfThe First National K12 TUG March 6 2024.pdf
The First National K12 TUG March 6 2024.pdf
 
ASTRINGENTS.pdf Pharmacognosy chapter 5 diploma in Pharmacy
ASTRINGENTS.pdf Pharmacognosy chapter 5 diploma in PharmacyASTRINGENTS.pdf Pharmacognosy chapter 5 diploma in Pharmacy
ASTRINGENTS.pdf Pharmacognosy chapter 5 diploma in Pharmacy
 

Data Privacy & Security 101 (Series: One Hour Law School)

  • 1. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe Insert the cover image for this webinar on this slide entirely 1
  • 2. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe Practical and entertaining education for attorneys, accountants, business owners and executives, and investors. 2
  • 3. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe DISCLAIMER The material in this webinar is for informational purposes only. It should not be considered legal, financial or other professional advice. You should consult with an attorney or other appropriate professional to determine what may be best for your individual needs. While Financial Poise™ takes reasonable steps to ensure the information it publishes is accurate, Financial Poise™ makes no guaranty in this regard. About this PowerPoint: if you are looking at this PowerPoint without the benefit of listening to the conversation that surrounded it then you are doing yourself a disservice. This PowerPoint was prepared in contemplation of being viewed in conjunction with listening to a one hour webinar on the topic 3
  • 4. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe MEET THE FACULTY Moderator: Max Stein – Boodell & Domanskis LLC Panelists: Cassandra Porter – Cognizant David Ross – Baker Tilly Virchow Krause, LLP Elizabeth Vandesteeg – Sugar Felsenthal Grais & Helsinger, LLP 4
  • 5. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe ABOUT THIS WEBINAR: Data Privacy & Security – 101 Information technology systems are at the core of the way we live, work, and play; they impact virtually every aspect of our lives today, and businesses of all kinds are increasingly data driven. But businesses must understand and protect against the legal, business and reputational risks from actual or perceived misuse of such data. And they must navigate these waters in a world where data knows no boundaries, and in which governments and others apply differing standards and have carry differing expectations. Experts further warn (and sometimes daily news seems to suggest) that data breaches are inevitable, and businesses must plan for the operational, legal and reputational fallout of such events. Get up to speed with us on a topic that will continue to grow in importance in today’s data-driven marketplace. 5
  • 6. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe ABOUT THIS SERIES: One Hour Law School 2.0 – Tell Me What I Need to Know Looking for a practical introduction to some of the issues facing business people and businesses of all sizes? In this program, you’ll learn (1) the obligations and key considerations with regard to data privacy and security, both as a consumer and a vendor; (2) considerations for safe use of copyrighted material in advertising, earned media, and professional communications; (3) establishing and maintaining non-profit organizations; and (4) RICO related issues that may impact business practices, and (5) best practices and business considerations with regards to Fair Debt Credit Reporting Act. 6
  • 7. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe EPISODES IN THIS SERIES 6/18/19 Episode #1: Data Privacy & Security -101 7/16/19 Episode #2: Using Copyrighted Material Without Violating Copyright Law: The Fair Use Doctrine 8/13/19 Episode #3: Representing a Not-For-Profit 9/17/19 Episode #4: RICO 10/15/19 Episode #5: Fair Debt Credit Reporting Act 7 Dates shown are premiere dates. All webinars will be available On Demand approximately 4 weeks after they premiere.
  • 8. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe Episode #1: Data Privacy & Security – 101 8
  • 9. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe JARGON • Information Governance • Information Security/Cyber Security • Data Privacy 9
  • 10. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe DATA GOVERNANCE • The ✓ Structures, ✓ Policies, ✓ Procedures, ✓ Processes and ✓ Controls • that are implemented to manage information at an enterprise level, supporting an organization's immediate and future regulatory, legal, risk, environmental and operational requirements. 1 0
  • 11. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe INFORMATION SECURITY The prevention of unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information 1 1
  • 12. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe DATA PRIVACY Standards and expectations (both personal and societal) governing the collection and dissemination of data 1 2
  • 13. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe SENSITIVE DATA • What types of information and data do all companies need to protect? ✓ Personally identifiable information (PII): information that can be linked to a specific individual o Includes name, birthdate, social security number, driver’s license number, account numbers ✓ Non-personally identifiable information: cannot by itself be used to identify a specific individual o Aggregate data, zip code, area code, city, state, gender, age ✓ Gray area – “anomyzed data” o Non-PII that, when linked with other data, can effectively identify a person o Includes geolocation data, site history, and viewing patterns from IP addresses 1 3
  • 14. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe PERSONALLY IDENTIFIABLE INFORMATION (PII) • Social Security number • Drivers license number • Credit/debit card numbers • Passport number • Bank Account Information • Date of Birth • Medical Information 1 4 • Mother’s maiden name • Biometric data (i.e., fingerprint) • E-mail/username in combination with password/security question & answer
  • 15. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe BUSINESS INFORMATION • Payment Card Information (PCI) ✓ Primary Account Number (PAN) ✓ Cardholder Name ✓ Expiration Date ✓ Service Code (3 or 4 digit code) ✓ PIN 1 5
  • 16. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe BUSINESS INFORMATION (cont’d) • Business Information • Customer lists • Prospect lists • Trade secrets • Pricing information • Business plans and strategies • Employee lists 1 6
  • 17. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe PRIMARY TYPES OF SECURITY INCIDENTS • Physical loss: Stolen or lost laptop, PDA, thumb drive, or other portable media containing PII or other sensitive data ✓ Mitigation o Encrypt o Prohibit/minimize/block saving PII on portable media o Records management • Hard copies: mis-mail, misplaced, stolen, or “disposal fail” ✓ Mitigation o Handling policy and training o Disposal policy and training o Diligence/contracts with records management/disposal vendors 1 7
  • 18. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe PRIMARY TYPES OF SECURITY INCIDENTS (cont’d) • Unintended Disclosures ✓ “computer glitch” ✓ Incorrect permission settings ✓ Misdirected email/fax o Mitigation ▪ Regular systems and/or vulnerability testing ▪ Encrypt or password-protect files ▪ Outlook delay 1 8
  • 19. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe PRIMARY TYPES OF SECURITY INCIDENTS (cont’d) • Vendors: negligence, physical loss, database/server breach or stolen data at a vendor’s location or server ✓ Increases response costs about 20% o Mitigation ▪ Vendor contract provisions ▪ Appropriate review of vendors to confirm safeguards are in place 1 9
  • 20. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe PRIMARY TYPES OF SECURITY INCIDENTS (cont’d) • Stolen Data by Otherwise Authorized Users: rogue employee or other malicious insider with access downloads or sends personal or sensitive data to another unauthorized location for an improper purpose ✓ Mitigation o Systems activity review – logging and periodic monitoring o Access reviews 2 0
  • 21. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe PRIMARY TYPES OF SECURITY INCIDENTS (cont’d) • Database/server breach: Unauthorized person accesses or hacks into a data server that stores personal or other sensitive data ✓ Malware, hackers, phishing, ransomware o Mitigation ▪ Penetration testing, firewalls, intrusion detection, etc. ▪ Systems activity review – logging and periodic monitoring ▪ Training of employees 2 1
  • 22. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe INCIDENCE OF BREACH 2 2
  • 23. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe WHAT IS A DATA BREACH? • Definition varies from state to state, but typically includes: ✓ Unauthorized acquisition/access/use ✓ Of Personally Identifiable Information (PII) ✓ Unencrypted ✓ Compromising the security, confidentiality or integrity of PII ✓ Does not include good faith acquisition of PII 2 3
  • 24. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe WHAT IS A DATA BREACH (cont’d) • … that may trigger state notification laws… • Unauthorized acquisition of PII that compromises the security, confidentiality or integrity of PII… ✓ That results or could result in identity theft or fraud (OH) ✓ Unless PII is not used or subject to further unauthorized disclosure (NE) ✓ Unless no misuse of PII has occurred or is not reasonably likely to occur (NJ) ✓ Unless no reasonable likelihood of harm to consumer whose PII was acquired has resulted or will result (CT) 2 4
  • 25. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe WHAT IS A DATA BREACH (cont’d) ✓ That has caused or is likely to cause loss or injury to resident (MI) ✓ That causes or is reasonably likely to cause substantial economic loss to the individual (AZ) ✓ Unless no reasonable likelihood of financial harm to consumer whose PII was acquired has resulted or will result (IA) 2 5
  • 26. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe CAUSING AN INCIDENT: A “BREACH” HAS CONSEQUENCES • Why we should be careful with the word “breach” ✓ Using “breach” to describe a data-privacy related incident assumes the incident meets the definition of a security breach which triggers various notification requirements ✓ An “incident” does not always rise to the level of “breach” (i.e., encryption safe harbor) ✓ “Incident” is better received by the public than “breach” 2 6
  • 27. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe CAUSING AN INCIDENT: A “BREACH” HAS CONSEQUENCES (cont’d) • Breach Notification Laws: ✓ State laws differ with respect to: o Deadline for notifying (14, 30, 45 days; reasonable time) o Notification to Attorney General o Notification to other State agencies o Including Attorney General contact information o Substitute notice (email, website, media) o Specific facts of incident and type of PII compromised o Maintaining records of incident (for 3-5 years) ✓ Countries also differ with notice requirements 2 7
  • 28. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY (NIST) FRAMEWORK • Identify: develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities • Protect: develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services • Detect: develop and implement the appropriate activities to identify the occurrence of a cybersecurity event • Transfer: develop and implement appropriate insurance program that deals with cyber and privacy events • Respond: develop and implement the appropriate activities to take action regarding a detected cybersecurity event • Recover: develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event 2 8
  • 29. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe NIST FRAMEWORK IMPLEMENTATION TIERS 2 9 Tier 1 Tier 2 Tier 3 Tier 4 Risk Management Process Risk management practices are not formalized. Risk is managed in an ad hoc and sometimes reactive manner. Prioritization of cybersecurity activities may not be directly informed by organizational risk objectives, the threat environment, or business/mission requirements. Risk management practices are approved by management but may not be established as organizational-wide policy. Prioritization of cybersecurity activities is directly informed by organizational risk objectives, the threat environment, or business/mission requirements. The organization’s risk management practices are formally approved and expressed as policy. Organizational cybersecurity practices are regularly updated based on the application of risk management processes to changes in business/mission requirements and a changing threat and technology landscape. The organization adapts its cybersecurity practices based on lessons learned and predictive indicators derived from previous and current cybersecurity activities. Through a process of continuous improvement incorporating advanced cybersecurity technologies and practices, the organization actively adapts to a changing cybersecurity landscape and responds to evolving and sophisticated threats in a timely manner. Integrated Risk Management Program Limited organizational awareness of cybersecurity risk; organization-wide approach to managing cybersecurity risk has not been established. Cybersecurity risk management implemented on an irregular, case-by-case basis due to varied experience or information gained from outside sources. May not have processes that enable cybersecurity information to be shared within the organization. Organizational awareness of cybersecurity risk, but organization-wide approach to managing cybersecurity risk has not been established. Risk-informed, management-approved processes and procedures are defined and implemented, and staff has adequate resources to perform their cybersecurity duties. Cybersecurity information is shared within the organization on an informal basis. Organization-wide approach to manage cybersecurity risk. Risk-informed policies, processes, and procedures are defined, implemented as intended, and reviewed. Consistent methods are in place to respond effectively to changes in risk. Personnel possess the knowledge and skills to perform their appointed roles and responsibilities. Organization-wide approach to managing cybersecurity risk that uses risk-informed policies, processes, and procedures to address potential cybersecurity events. Cybersecurity risk management is part of the organizational culture and evolves from an awareness of previous activities, information shared by other sources, and continuous awareness of activities on their systems and networks. External Participation May not have the processes in place to participate in coordination or collaboration with other entities. Organizational understanding of its role in the larger ecosystem, but has not formalized its capabilities to interact and share information externally Organizational understanding of its dependencies and partners and receives information from these partners that enables collaboration and risk- based management decisions within the organization in response to events. Manages risk and actively shares information with partners to ensure that accurate, current information is being distributed and consumed to improve cybersecurity before a cybersecurity event occurs.
  • 30. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe PROACTIVE MEASURES • A Written Information Security Program (WISP): required by Massachusetts law, GLBA, and FTC Red Flags Rule • Incident Response Plan: required by PCI DSS, GLBA, and HIPAA • Carefully drafted Confidentiality Agreements for employees, vendors, and visitors • Proper and ongoing training for employees on company’s data security programs & cyber awareness • Perform a data privacy review & risk assessment, including penetration testing • Review your employee exit process 3 0
  • 31. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe DATA BREACH RESPONSE METHADOLOGY 3 1 Phase 4 Defense Phase 3 Response Phase 2 Investigation Phase 1 Discovery Theft, loss, or Unauthorized Disclosure of Personally Identifiable Non-Public Information or Third Party Corporate Information that is in the care, custody or control of the Insured Organization, or a third party for whom the Insured Organization is legally liable Forensic Investigation and Legal Review Notification and Credit Monitoring Class-Action Lawsuits Regulatory Fines, Penalties, and Consumer Redress Public Relations Reputational Damage Income Loss
  • 32. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe INCIDENT RESPONSE TEAM • Because the issue impacts almost every component of the organization, and failure to properly manage can result in both long and short term consequences, the team should include “C” level decision makers in the following areas: ✓ Legal ✓ IT ✓ Risk management/insurance ✓ HR ✓ Marketing ✓ Public relations 3 2
  • 33. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe INCIDENT RESPONSE TEAM (cont’d) ✓ Compliance & internal audit ✓ Physical security ✓ Other executive, as appropriate ✓ Third party response services (e.g., forensics, privacy counsel, notification 3 3
  • 34. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe VENDOR AGREEMENTS • Compliance with data privacy standards for the protection of PII, PHI, and/or PCI • Return or destruction of PII, PHI, and/or PCI • Use of subcontractors with access to PII, PHI, and/or PCI • Notice of security and/or privacy incident within ____ hours • Indemnification • Cyber liability insurance 3 4
  • 35. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe PRIVACY AND DATA PROTECTION LAWS • EU Data Protection Directive, • HIPAA or the Health Insurance Portability and Accountability Act, • The Sarbanes Oxley Act, • Federal Information Security Management Act of 2002 (FISMA), • Family Educational Rights and Privacy Act (FERPA), • Gramm Leach Bliley Act (GLBA), • Payment Card Industry Data Security Standard (PCI-DSS), • Proposed State Laws (NY). 3 5
  • 36. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe EU GENERAL DATA PROTECTION REGULATION • Effective, May 25, 2018, law extends the scope of the EU data protection law to all foreign companies processing data of EU residents • Applies to organizations based outside the EU if they collect or process personal data of EU residents • Regulations apply the following EU data protection principles to all custodians of EU personal data: ✓ Notice - Individuals must be informed that their data is being collected and how it will be used. The organization must provide information about how individuals can contact the organization with any inquiries or complaints. ✓ Choice - Individuals must have the option to opt out of the collection and forward transfer of the data to third parties. 3 6
  • 37. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe EU GENERAL DATA PROTECTION REGULATION (cont’d) ✓ Onward Transfer - Transfers of data to third parties may only occur to other organizations that follow adequate data protection principles. ✓ Security - Reasonable efforts must be made to prevent loss of collected information. ✓ Data Integrity - Data must be relevant and reliable for the purpose it was collected. ✓ Access - Individuals must be able to access information held about them, and correct or delete it, if it is inaccurate. ✓ Enforcement - There must be effective means of enforcing these rules • US Companies previously relied on the International Safe Harbor Principles, which the ECJ invalidated, for cross-Atlantic data transfer. ✓ Safe Harbor replaced by EU-U.S. Privacy Shield 3 7
  • 38. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe ABOUT THE FACULTY 3 8
  • 39. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe Max Stein – MStein@boodlaw.com Max Stein, a member of Boodell & Domanskis, LLC, is a business litigator focused on meeting clients’ business objectives, helping them resolve disputes at the most opportune times. Max represents clients as both plaintiffs and defendants in a wide variety of forums. Additionally, Max notes that one advantage of practicing at a smaller firm, is that he is able to offer his clients high-quality, nimble representation at reasonable rates. To aid his clients in achieving their business objectives, Max approaches cases as though they will go to trial, utilizing his extensive trial experience. Max also counsels his clients, helping to identify and navigate legal risks to achieve their business goals and protect their competitive interests while managing and, where possible, avoiding the expense and uncertainty of litigation. 3 9
  • 40. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe Cassandra Porter – Cassandra.Porter@cognizant.com Cassandra M. Porter is the Americas/APAC data privacy lead attorney for a Fortune 100 Tech company working to transform clients’ businesses, operations and technology models for the digital era. She counsels internal clients on privacy-related matters such as data collection practices, online advertising, mobile commerce, along with the development and acquisition of new technology, data incidents and management. Cassandra is a member of the inaugural class of Privacy Law Specialists, a new specialty recognized by the American Bar Association, and a Fellow of Information Privacy by the International Association of Privacy Professionals (IAPP). Her IAPP credentials as a Certified Information Privacy Professional and Certified Information Privacy Manager designate her as thought leader in the field. She is a former co-chair of the IAPP’s New Jersey Chapter and member of the Bankruptcy Lawyers Advisory Committee for the District of New Jersey. As a member of the United States Trustee’s Consumer Privacy Ombudsman (CPO) panel, she served as the CPO in the Golfsmith International chapter 11 cases. Previously she was counsel at Lowenstein Sandler LLP where, in addition to assisting clients with data privacy-related issues, she also regularly represented debtors in possession and creditors in chapter 11 matters along with indigents in chapter 7 proceedings in association with the Volunteer Lawyers for Justice. To read more, go to https://www.financialpoise.com/financialpoisewebinars/faculty/cassandra-m-porter/ 4 0
  • 41. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe David Ross – David.Ross@bakertilly.com David Ross, principal and cybersecurity and privacy practices leader, has been with Baker Tilly Virchow Krause, LLP since 2017. David joins us from Deloitte’s cyber risk practice, where he provided strategic insight, service design, business development and engagement leadership. Previously, David was general manager of General Dynamics Commercial Cyber Services, where he was not only responsible for the design of the business, but also the launch and management of the new commercial organization. As a recognized thought leader and published author, David frequently speaks on cybersecurity strategy, innovation, business strategy, building high performing sales strategies, social media and critical problem solving for corporations. 4 1
  • 42. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe Elizabeth Vandesteeg – evandesteeg@sfgh.com Elizabeth (“Lisa”) B. Vandesteeg, partner at Sugar Felsenthal Grais & Helsinger, is a legal team leader and tactical advisor for businesses. Coming from a commercial litigation background, her practice is focused on risk identification and mitigation for her clients, primarily in the areas of business continuity and business tort, data security and privacy, and bankruptcy and restructuring. Lisa counsels businesses in a wide variety of industries on issues that arise on a day-to-day basis, such as contracting with third parties or partnership/ownership disputes. She often adds value by acting in an external general counsel role. And as a business litigator, she represents clients on both offense and defense, in state, federal, and bankruptcy courts, in municipal and administrative proceedings, and using alternative dispute resolution processes. She also has experience in nearly every facet of commercial bankruptcy and restructuring, having represented debtors, secured creditors, unsecured creditors, and unsecured creditors’ committees. Within the bankruptcy arena, she has prosecuted complex adversary and contested litigation matters including, among others, actions to pierce the corporate veil, to undo fraudulent transfers, and to avoid liens. To read more, go to https://www.financialpoise.com/financialpoisewebinars/faculty/elizabeth-b-vandesteeg/ 4 2
  • 43. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe QUESTIONS OR COMMENTS? If you have any questions about this webinar that you did not get to ask during the live premiere, or if you are watching this webinar On Demand, please do not hesitate to email us at info@financialpoise.com with any questions or comments you may have. Please include the name of the webinar in your email and we will do our best to provide a timely response. IMPORTANT NOTE: The material in this presentation is for general educational purposes only. It has been prepared primarily for attorneys and accountants for use in the pursuit of their continuing legal education and continuing professional education. 4 3
  • 44. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe ABOUT FINANCIAL POISE DailyDAC LLC, d/b/a Financial Poise™ provides continuing education to attorneys, accountants, business owners and executives, and investors. Its websites, webinars, and books provide Plain English, entertaining, explanations about legal, financial, and other subjects of interest to these audiences. Visit us at www.financialpoise.com. 4 4 Our free weekly newsletter, Financial Poise Weekly, educates readers about business, business law, finance, and investing. To receive it simply add yourself by going to: https://www.financialpoise.com/newsletter/ Email addresses are never sold to or shared with third parties.