SlideShare a Scribd company logo

Are You Prepared For a Data Breach

Download as PPTX, PDF
Brian Heidelberger
Brian Heidelberger
LawTechnology
1 of 15
Mini Law Lesson Are You Prepared for a Data Breach? Brian Heidelberger bheidelb@winston.com Twitter @briheidelberger Info @ www.winston.com/bheidelberger
IMPORTANT DISCLAIMER • I am not your attorney. • This is not legal advice. 2
Is The Data We Hold Sufficiently Secure?
• Who does this?  92% outsiders  19% state-affiliated • How do they do it?  52% hacking  76% stolen credentials  40% malware  29% leverage social attacks Who Stealing Data and How?
• Trojan – malicious code surreptitiously inserted into target computer to allow remote access/control by unauthorized person • Botnet – network of infected computers controlled remotely • Phishing – common infection technique involving email that lures user to take action that unwittingly downloads malicious code • Drive-by infection – infection of internet sites so that user clicking on button on web page unwittingly downloads malware • Backdoor – creation of means for unauthorized and undetected access • Keylogger – software tool that logs keystrokes Tools of the Trade
Who Handles Compliance? From The Winston & Strawn International Business Risk Survey 2013
Top Data Privacy Concerns Today
Primary Concern Driving Compliance
Companies Are Re-Thinking Their Data Security Programs • “Data” – financial account info, SSN, ID no.’s, credit card, DOB, health info, email addresses and passwords, etc. • “Cyberthreat will pose the greatest threat to our country”  FBI Director, Robert Mueller • Taking steps to mitigate potential exposure of possibly millions of dollars • Statistics show many breaches are avoidable 9
Assess Your Current Practices • Data Mapping  What information do you have and where is it? • Security Audit  How do you keep the information secure? • Legal Compliance Assessment  Are you compliant with state laws and industry standards  Do you have any holes in your security • Include Physical Files  Many breaches arise out of paper docs 10
Implement Changes • Fix any security lapses that you find  Collect only necessary info  Keep it as short as possible  Limit access and encrypt data  Create internal and vendor policies • Robust passwords • Laptops and mobile phones • Secure disposal policy  Conduct training  Conduct audits of company and vendors  Update policies  Enhance security technologies 11
Implement Changes • Modify existing practices to bring them in line with legal obligations.  Create/Update Data Security/Protection Program as Required by Law • Mass law requires companies to have a data • protection program in place to protect PII of its residents and be prepared to attest to its use in • the event of an investigation of a possible compromise • Fix security measures • Conduct employee training 12
Implement Changes • Create Data Breach Plan  Something will go wrong  Plan sets out how to respond when it does  Addresses both practical; • How to investigate, who’s on the team, who talks to the media, etc.  and legal requirements • When we have to, and how to, notify consumers/regulators, etc. 13
Follow me on Twitter @BriHeidelberger 14
More Mini Law Lessons youtube.com/AdAge.com & youtube.com/BrianHeidelberger 15

Recommended

How the FTC Wants You to Change Your Shopping App to be Legal
How the FTC Wants You to Change Your Shopping App to be LegalHow the FTC Wants You to Change Your Shopping App to be Legal
How the FTC Wants You to Change Your Shopping App to be Legal
Brian Heidelberger
 
Refresher on Use of Testimonials and Endorsements in Social media
Refresher on Use of Testimonials and Endorsements in Social mediaRefresher on Use of Testimonials and Endorsements in Social media
Refresher on Use of Testimonials and Endorsements in Social media
Brian Heidelberger
 
How to Avoid Patent Trolls - Mini Law Lesson
How to Avoid Patent Trolls - Mini Law LessonHow to Avoid Patent Trolls - Mini Law Lesson
How to Avoid Patent Trolls - Mini Law Lesson
Brian Heidelberger
 
Everything (Current) You Wanted To Know About Advertising, Promotions and Pri...
Everything (Current) You Wanted To Know About Advertising, Promotions and Pri...Everything (Current) You Wanted To Know About Advertising, Promotions and Pri...
Everything (Current) You Wanted To Know About Advertising, Promotions and Pri...
Brian Heidelberger
 
Top Questions Asked About the CCPA
Top Questions Asked About the CCPATop Questions Asked About the CCPA
Top Questions Asked About the CCPA
Ryan Foster
 
Biggest Myths in Digital Media - Mini Law Lesson
Biggest Myths in Digital Media - Mini Law LessonBiggest Myths in Digital Media - Mini Law Lesson
Biggest Myths in Digital Media - Mini Law Lesson
Brian Heidelberger
 
Data & Security for the Internet of Things
Data & Security for the Internet of ThingsData & Security for the Internet of Things
Data & Security for the Internet of Things
rosieburbidge
 
Big data privacy security regulation
Big data privacy security regulation Big data privacy security regulation
Big data privacy security regulation
cjw119
 

Recommended

How the FTC Wants You to Change Your Shopping App to be Legal
How the FTC Wants You to Change Your Shopping App to be LegalHow the FTC Wants You to Change Your Shopping App to be Legal
How the FTC Wants You to Change Your Shopping App to be Legal
Brian Heidelberger
 
Refresher on Use of Testimonials and Endorsements in Social media
Refresher on Use of Testimonials and Endorsements in Social mediaRefresher on Use of Testimonials and Endorsements in Social media
Refresher on Use of Testimonials and Endorsements in Social media
Brian Heidelberger
 
How to Avoid Patent Trolls - Mini Law Lesson
How to Avoid Patent Trolls - Mini Law LessonHow to Avoid Patent Trolls - Mini Law Lesson
How to Avoid Patent Trolls - Mini Law Lesson
Brian Heidelberger
 
Everything (Current) You Wanted To Know About Advertising, Promotions and Pri...
Everything (Current) You Wanted To Know About Advertising, Promotions and Pri...Everything (Current) You Wanted To Know About Advertising, Promotions and Pri...
Everything (Current) You Wanted To Know About Advertising, Promotions and Pri...
Brian Heidelberger
 
Top Questions Asked About the CCPA
Top Questions Asked About the CCPATop Questions Asked About the CCPA
Top Questions Asked About the CCPA
Ryan Foster
 
Biggest Myths in Digital Media - Mini Law Lesson
Biggest Myths in Digital Media - Mini Law LessonBiggest Myths in Digital Media - Mini Law Lesson
Biggest Myths in Digital Media - Mini Law Lesson
Brian Heidelberger
 
Data & Security for the Internet of Things
Data & Security for the Internet of ThingsData & Security for the Internet of Things
Data & Security for the Internet of Things
rosieburbidge
 
Big data privacy security regulation
Big data privacy security regulation Big data privacy security regulation
Big data privacy security regulation
cjw119
 
GDPR Ready Presentation - Marc Michaels
GDPR Ready Presentation - Marc MichaelsGDPR Ready Presentation - Marc Michaels
GDPR Ready Presentation - Marc Michaels
Post Media
 
Digital marketing presentation - security risks for websites
Digital marketing presentation - security risks for websitesDigital marketing presentation - security risks for websites
Digital marketing presentation - security risks for websites
Alexandra MacLeod
 
3 Instances Where E-mail Mining For Fraud Detection Could've Prevented Financ...
3 Instances Where E-mail Mining For Fraud Detection Could've Prevented Financ...3 Instances Where E-mail Mining For Fraud Detection Could've Prevented Financ...
3 Instances Where E-mail Mining For Fraud Detection Could've Prevented Financ...
databahn
 
Presentation ce dem14 satyan ramlal
Presentation ce dem14 satyan ramlalPresentation ce dem14 satyan ramlal
Presentation ce dem14 satyan ramlal
Danube University Krems, Centre for E-Governance
 
Legal ethical issues E commerce
Legal ethical issues E commerceLegal ethical issues E commerce
Legal ethical issues E commerce
Wisnu Dewobroto
 
"Busting the myths around GDPR in marketing"
"Busting the myths around GDPR in marketing""Busting the myths around GDPR in marketing"
"Busting the myths around GDPR in marketing"
Martin Jack
 
Social Media Enforcement Presentation
Social Media Enforcement PresentationSocial Media Enforcement Presentation
Social Media Enforcement Presentation
Knobbe Martens - Intellectual Property Law
 
What is data protection and why it is important for business
What is data protection and why it is important for businessWhat is data protection and why it is important for business
What is data protection and why it is important for business
SameerShaik43
 
E Marketing Ethical and Legal Issues
E Marketing Ethical and Legal IssuesE Marketing Ethical and Legal Issues
E Marketing Ethical and Legal Issues
karthik indrajit
 
A Visual Guide to GDPR for Marketers
A Visual Guide to GDPR for MarketersA Visual Guide to GDPR for Marketers
A Visual Guide to GDPR for Marketers
Piyush Saggi
 
Privacy Needs to be Personal
Privacy Needs to be PersonalPrivacy Needs to be Personal
Privacy Needs to be Personal
National University
 
Ethical issues in Digital Identity
Ethical issues in Digital Identity Ethical issues in Digital Identity
Ethical issues in Digital Identity
Digital-identity
 
E commerce - Data Integrity and Security
E commerce - Data Integrity and SecurityE commerce - Data Integrity and Security
E commerce - Data Integrity and Security
Jamie Hutt
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
Human Capital Department
 
StartPad Countdown 6 - ACLU 2.0: Demand Your dotRights
StartPad Countdown 6 - ACLU 2.0: Demand Your dotRightsStartPad Countdown 6 - ACLU 2.0: Demand Your dotRights
StartPad Countdown 6 - ACLU 2.0: Demand Your dotRights
Start Pad
 
Balancing Privacy and Digitization
Balancing Privacy and DigitizationBalancing Privacy and Digitization
Balancing Privacy and Digitization
Symptai Consulting Limited
 
IT Business Law Assignment Help
IT Business Law Assignment HelpIT Business Law Assignment Help
IT Business Law Assignment Help
Mark Jack
 
Week5 paper-susbauer
Week5 paper-susbauerWeek5 paper-susbauer
Week5 paper-susbauer
Kathryn Susbauer
 
Not "If" but "When"
Not "If" but "When"Not "If" but "When"
Not "If" but "When"
JoAnna Cheshire
 
EU GDPR Changes: What do you need to know? - CommuniGator Seminar
EU GDPR Changes: What do you need to know? - CommuniGator SeminarEU GDPR Changes: What do you need to know? - CommuniGator Seminar
EU GDPR Changes: What do you need to know? - CommuniGator Seminar
Spotler
 
Going to Contract: How to Avoid Legal Pitfalls When Working With Brands & Blo...
Going to Contract: How to Avoid Legal Pitfalls When Working With Brands & Blo...Going to Contract: How to Avoid Legal Pitfalls When Working With Brands & Blo...
Going to Contract: How to Avoid Legal Pitfalls When Working With Brands & Blo...
BarkWorld Expo
 
Copyright For Podcasting
Copyright For PodcastingCopyright For Podcasting
Copyright For Podcasting
Alisa Cooper
 

More Related Content

What's hot

E Marketing Ethical and Legal Issues
E Marketing Ethical and Legal IssuesE Marketing Ethical and Legal Issues
E Marketing Ethical and Legal Issues
karthik indrajit
 
Ethical issues in Digital Identity
Ethical issues in Digital Identity Ethical issues in Digital Identity
Ethical issues in Digital Identity
Digital-identity
 

What's hot (20)

GDPR Ready Presentation - Marc Michaels
GDPR Ready Presentation - Marc MichaelsGDPR Ready Presentation - Marc Michaels
GDPR Ready Presentation - Marc Michaels
 
Digital marketing presentation - security risks for websites
Digital marketing presentation - security risks for websitesDigital marketing presentation - security risks for websites
Digital marketing presentation - security risks for websites
 
3 Instances Where E-mail Mining For Fraud Detection Could've Prevented Financ...
3 Instances Where E-mail Mining For Fraud Detection Could've Prevented Financ...3 Instances Where E-mail Mining For Fraud Detection Could've Prevented Financ...
3 Instances Where E-mail Mining For Fraud Detection Could've Prevented Financ...
 
Presentation ce dem14 satyan ramlal
Presentation ce dem14 satyan ramlalPresentation ce dem14 satyan ramlal
Presentation ce dem14 satyan ramlal
 
Legal ethical issues E commerce
Legal ethical issues E commerceLegal ethical issues E commerce
Legal ethical issues E commerce
 
"Busting the myths around GDPR in marketing"
"Busting the myths around GDPR in marketing""Busting the myths around GDPR in marketing"
"Busting the myths around GDPR in marketing"
 
Social Media Enforcement Presentation
Social Media Enforcement PresentationSocial Media Enforcement Presentation
Social Media Enforcement Presentation
 
What is data protection and why it is important for business
What is data protection and why it is important for businessWhat is data protection and why it is important for business
What is data protection and why it is important for business
 
E Marketing Ethical and Legal Issues
E Marketing Ethical and Legal IssuesE Marketing Ethical and Legal Issues
E Marketing Ethical and Legal Issues
 
A Visual Guide to GDPR for Marketers
A Visual Guide to GDPR for MarketersA Visual Guide to GDPR for Marketers
A Visual Guide to GDPR for Marketers
 
Privacy Needs to be Personal
Privacy Needs to be PersonalPrivacy Needs to be Personal
Privacy Needs to be Personal
 
Ethical issues in Digital Identity
Ethical issues in Digital Identity Ethical issues in Digital Identity
Ethical issues in Digital Identity
 
E commerce - Data Integrity and Security
E commerce - Data Integrity and SecurityE commerce - Data Integrity and Security
E commerce - Data Integrity and Security
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
 
StartPad Countdown 6 - ACLU 2.0: Demand Your dotRights
StartPad Countdown 6 - ACLU 2.0: Demand Your dotRightsStartPad Countdown 6 - ACLU 2.0: Demand Your dotRights
StartPad Countdown 6 - ACLU 2.0: Demand Your dotRights
 
Balancing Privacy and Digitization
Balancing Privacy and DigitizationBalancing Privacy and Digitization
Balancing Privacy and Digitization
 
IT Business Law Assignment Help
IT Business Law Assignment HelpIT Business Law Assignment Help
IT Business Law Assignment Help
 
Week5 paper-susbauer
Week5 paper-susbauerWeek5 paper-susbauer
Week5 paper-susbauer
 
Not "If" but "When"
Not "If" but "When"Not "If" but "When"
Not "If" but "When"
 
EU GDPR Changes: What do you need to know? - CommuniGator Seminar
EU GDPR Changes: What do you need to know? - CommuniGator SeminarEU GDPR Changes: What do you need to know? - CommuniGator Seminar
EU GDPR Changes: What do you need to know? - CommuniGator Seminar
 

Viewers also liked

Facebookazul
FacebookazulFacebookazul
Facebookazul
pdxx
 
Basics of Screen Actors Guild Commercials Contract and How it Applies to New ...
Basics of Screen Actors Guild Commercials Contract and How it Applies to New ...Basics of Screen Actors Guild Commercials Contract and How it Applies to New ...
Basics of Screen Actors Guild Commercials Contract and How it Applies to New ...
Brian Heidelberger
 
Brands Using Apps - What You Legally Need to Know - Ad Age Mini Law Lesson
Brands Using Apps - What You Legally Need to Know - Ad Age Mini Law LessonBrands Using Apps - What You Legally Need to Know - Ad Age Mini Law Lesson
Brands Using Apps - What You Legally Need to Know - Ad Age Mini Law Lesson
Brian Heidelberger
 
How to Create Binding Terms/Rules
How to Create Binding Terms/RulesHow to Create Binding Terms/Rules
How to Create Binding Terms/Rules
Brian Heidelberger
 
FTC Sends Warning Letters to Major Advertisers Re Disclosure
FTC Sends Warning Letters to Major Advertisers Re DisclosureFTC Sends Warning Letters to Major Advertisers Re Disclosure
FTC Sends Warning Letters to Major Advertisers Re Disclosure
Brian Heidelberger
 
What golideblox v. beastie boys taught us about copyright parody and advertising
What golideblox v. beastie boys taught us about copyright parody and advertisingWhat golideblox v. beastie boys taught us about copyright parody and advertising
What golideblox v. beastie boys taught us about copyright parody and advertising
Brian Heidelberger
 

Viewers also liked (20)

Going to Contract: How to Avoid Legal Pitfalls When Working With Brands & Blo...
Going to Contract: How to Avoid Legal Pitfalls When Working With Brands & Blo...Going to Contract: How to Avoid Legal Pitfalls When Working With Brands & Blo...
Going to Contract: How to Avoid Legal Pitfalls When Working With Brands & Blo...
 
Copyright For Podcasting
Copyright For PodcastingCopyright For Podcasting
Copyright For Podcasting
 
Facebookazul
FacebookazulFacebookazul
Facebookazul
 
Basics of Screen Actors Guild Commercials Contract and How it Applies to New ...
Basics of Screen Actors Guild Commercials Contract and How it Applies to New ...Basics of Screen Actors Guild Commercials Contract and How it Applies to New ...
Basics of Screen Actors Guild Commercials Contract and How it Applies to New ...
 
thinkLA AdU Grad: Legal 2015 Presentation Slides (2)
thinkLA AdU Grad: Legal 2015 Presentation Slides (2)thinkLA AdU Grad: Legal 2015 Presentation Slides (2)
thinkLA AdU Grad: Legal 2015 Presentation Slides (2)
 
Brands Using Apps - What You Legally Need to Know - Ad Age Mini Law Lesson
Brands Using Apps - What You Legally Need to Know - Ad Age Mini Law LessonBrands Using Apps - What You Legally Need to Know - Ad Age Mini Law Lesson
Brands Using Apps - What You Legally Need to Know - Ad Age Mini Law Lesson
 
How Brand Marketers Can (& Can't) Stay Legal Using Twitter's Live Streaming A...
How Brand Marketers Can (& Can't) Stay Legal Using Twitter's Live Streaming A...How Brand Marketers Can (& Can't) Stay Legal Using Twitter's Live Streaming A...
How Brand Marketers Can (& Can't) Stay Legal Using Twitter's Live Streaming A...
 
Agreeing to convene: Recognizing and Avoiding Common Pitfalls in Hotel Contra...
Agreeing to convene: Recognizing and Avoiding Common Pitfalls in Hotel Contra...Agreeing to convene: Recognizing and Avoiding Common Pitfalls in Hotel Contra...
Agreeing to convene: Recognizing and Avoiding Common Pitfalls in Hotel Contra...
 
Google Analytics Master Class Adrian Tan Click True
Google Analytics Master Class Adrian Tan Click TrueGoogle Analytics Master Class Adrian Tan Click True
Google Analytics Master Class Adrian Tan Click True
 
New FTC Action re Testimonials and Endorsements
New FTC Action re Testimonials and EndorsementsNew FTC Action re Testimonials and Endorsements
New FTC Action re Testimonials and Endorsements
 
In 5 steps to successful trademark watching
In 5 steps to successful trademark watchingIn 5 steps to successful trademark watching
In 5 steps to successful trademark watching
 
How to Create Binding Terms/Rules
How to Create Binding Terms/RulesHow to Create Binding Terms/Rules
How to Create Binding Terms/Rules
 
Meerkat and Periscope: Is Live-Streaming Video Legal? by Kerry O’Shea Gorgone
Meerkat and Periscope: Is Live-Streaming Video Legal? by Kerry O’Shea GorgoneMeerkat and Periscope: Is Live-Streaming Video Legal? by Kerry O’Shea Gorgone
Meerkat and Periscope: Is Live-Streaming Video Legal? by Kerry O’Shea Gorgone
 
FTC Sends Warning Letters to Major Advertisers Re Disclosure
FTC Sends Warning Letters to Major Advertisers Re DisclosureFTC Sends Warning Letters to Major Advertisers Re Disclosure
FTC Sends Warning Letters to Major Advertisers Re Disclosure
 
FTC Answers Your Questions on Endorsements and Testimonials
FTC Answers Your Questions on Endorsements and TestimonialsFTC Answers Your Questions on Endorsements and Testimonials
FTC Answers Your Questions on Endorsements and Testimonials
 
Christopher Sabec: Entertainment Lawyer in the Music Industry
Christopher Sabec: Entertainment Lawyer in the Music IndustryChristopher Sabec: Entertainment Lawyer in the Music Industry
Christopher Sabec: Entertainment Lawyer in the Music Industry
 
YOUR 360 DEAL
YOUR 360 DEALYOUR 360 DEAL
YOUR 360 DEAL
 
What golideblox v. beastie boys taught us about copyright parody and advertising
What golideblox v. beastie boys taught us about copyright parody and advertisingWhat golideblox v. beastie boys taught us about copyright parody and advertising
What golideblox v. beastie boys taught us about copyright parody and advertising
 
SXSW.3
SXSW.3SXSW.3
SXSW.3
 
FTC's New .com Disclosure Guidance - Ad Age Mini Law Lesson
FTC's New .com Disclosure Guidance - Ad Age Mini Law LessonFTC's New .com Disclosure Guidance - Ad Age Mini Law Lesson
FTC's New .com Disclosure Guidance - Ad Age Mini Law Lesson
 

Similar to Are You Prepared For a Data Breach

2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
Meg Weber
 
Don't panic - cyber security for the faint hearted
Don't panic - cyber security for the faint heartedDon't panic - cyber security for the faint hearted
Don't panic - cyber security for the faint hearted
IRIS
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The Ugly
Resilient Systems
 
Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?
PECB
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
TechSoup Canada
 
GDPR: The Application Security Twist
GDPR: The Application Security TwistGDPR: The Application Security Twist
GDPR: The Application Security Twist
Security Innovation
 

Similar to Are You Prepared For a Data Breach (20)

2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
 
nerfslides.pptx
nerfslides.pptxnerfslides.pptx
nerfslides.pptx
 
Don't panic - cyber security for the faint hearted
Don't panic - cyber security for the faint heartedDon't panic - cyber security for the faint hearted
Don't panic - cyber security for the faint hearted
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The Ugly
 
Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?
 
Data protection within development
Data protection within developmentData protection within development
Data protection within development
 
Data Breach Response is a Team Sport
Data Breach Response is a Team SportData Breach Response is a Team Sport
Data Breach Response is a Team Sport
 
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataLaw Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
 
Data Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model RulesData Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model Rules
 
A Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOsA Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOs
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11
 
Erik Nachbahr "Dealership Technology"
Erik Nachbahr "Dealership Technology"Erik Nachbahr "Dealership Technology"
Erik Nachbahr "Dealership Technology"
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
 
Using international standards to improve US cybersecurity
Using international standards to improve US cybersecurityUsing international standards to improve US cybersecurity
Using international standards to improve US cybersecurity
 
GDPR: The Application Security Twist
GDPR: The Application Security TwistGDPR: The Application Security Twist
GDPR: The Application Security Twist
 
Network Security - What Every Business Needs to Know
Network Security - What Every Business Needs to KnowNetwork Security - What Every Business Needs to Know
Network Security - What Every Business Needs to Know
 
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONS
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONSIMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONS
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONS
 

More from Brian Heidelberger

The Monkey Selfie and Basics of Copyright Ownership
The Monkey Selfie and Basics of Copyright OwnershipThe Monkey Selfie and Basics of Copyright Ownership
The Monkey Selfie and Basics of Copyright Ownership
Brian Heidelberger
 
How brands can use hashtags without getting sued
How brands can use hashtags without getting suedHow brands can use hashtags without getting sued
How brands can use hashtags without getting sued
Brian Heidelberger
 
New Pinterest Contest Guidelines Make it Into Terms of Service
New Pinterest Contest Guidelines Make it Into Terms of ServiceNew Pinterest Contest Guidelines Make it Into Terms of Service
New Pinterest Contest Guidelines Make it Into Terms of Service
Brian Heidelberger
 
New Text Message Rules - Get Your Text Message House in Order
New Text Message Rules - Get Your Text Message House in OrderNew Text Message Rules - Get Your Text Message House in Order
New Text Message Rules - Get Your Text Message House in Order
Brian Heidelberger
 
Facebook Changes Its Promotion Guidelines - MIni Law Lesson
Facebook Changes Its Promotion Guidelines - MIni Law LessonFacebook Changes Its Promotion Guidelines - MIni Law Lesson
Facebook Changes Its Promotion Guidelines - MIni Law Lesson
Brian Heidelberger
 
Can a Brand Ambush March Madness - Ad Age Mini Law Lesson
Can a Brand Ambush March Madness - Ad Age Mini Law LessonCan a Brand Ambush March Madness - Ad Age Mini Law Lesson
Can a Brand Ambush March Madness - Ad Age Mini Law Lesson
Brian Heidelberger
 
Brands on Pinterest - What You Legally Need to Know - Ad Age Mini Law Lesson
Brands on Pinterest - What You Legally Need to Know - Ad Age Mini Law LessonBrands on Pinterest - What You Legally Need to Know - Ad Age Mini Law Lesson
Brands on Pinterest - What You Legally Need to Know - Ad Age Mini Law Lesson
Brian Heidelberger
 
Brands on Facebook What You Legally Need to Know - Ad Age Mini Law Lesson
Brands on Facebook What You Legally Need to Know - Ad Age Mini Law LessonBrands on Facebook What You Legally Need to Know - Ad Age Mini Law Lesson
Brands on Facebook What You Legally Need to Know - Ad Age Mini Law Lesson
Brian Heidelberger
 
Brands on Twitter's Vine - What You Legally Need to Know - Ad Age Mini Law Le...
Brands on Twitter's Vine - What You Legally Need to Know - Ad Age Mini Law Le...Brands on Twitter's Vine - What You Legally Need to Know - Ad Age Mini Law Le...
Brands on Twitter's Vine - What You Legally Need to Know - Ad Age Mini Law Le...
Brian Heidelberger
 
How to Handle a Cease and Desist - Ad Age Mini Law Lesson
How to Handle a Cease and Desist - Ad Age Mini Law LessonHow to Handle a Cease and Desist - Ad Age Mini Law Lesson
How to Handle a Cease and Desist - Ad Age Mini Law Lesson
Brian Heidelberger
 

More from Brian Heidelberger (14)

Recent Court Decision re TCPA
Recent Court Decision re TCPARecent Court Decision re TCPA
Recent Court Decision re TCPA
 
The Monkey Selfie and Basics of Copyright Ownership
The Monkey Selfie and Basics of Copyright OwnershipThe Monkey Selfie and Basics of Copyright Ownership
The Monkey Selfie and Basics of Copyright Ownership
 
How brands can use hashtags without getting sued
How brands can use hashtags without getting suedHow brands can use hashtags without getting sued
How brands can use hashtags without getting sued
 
California's New Privacy Policy Guidelines
California's New Privacy Policy GuidelinesCalifornia's New Privacy Policy Guidelines
California's New Privacy Policy Guidelines
 
New Pinterest Contest Guidelines Make it Into Terms of Service
New Pinterest Contest Guidelines Make it Into Terms of ServiceNew Pinterest Contest Guidelines Make it Into Terms of Service
New Pinterest Contest Guidelines Make it Into Terms of Service
 
New Text Message Rules - Get Your Text Message House in Order
New Text Message Rules - Get Your Text Message House in OrderNew Text Message Rules - Get Your Text Message House in Order
New Text Message Rules - Get Your Text Message House in Order
 
Facebook Changes Its Promotion Guidelines - MIni Law Lesson
Facebook Changes Its Promotion Guidelines - MIni Law LessonFacebook Changes Its Promotion Guidelines - MIni Law Lesson
Facebook Changes Its Promotion Guidelines - MIni Law Lesson
 
Can a Brand Ambush March Madness - Ad Age Mini Law Lesson
Can a Brand Ambush March Madness - Ad Age Mini Law LessonCan a Brand Ambush March Madness - Ad Age Mini Law Lesson
Can a Brand Ambush March Madness - Ad Age Mini Law Lesson
 
Brands on Pinterest - What You Legally Need to Know - Ad Age Mini Law Lesson
Brands on Pinterest - What You Legally Need to Know - Ad Age Mini Law LessonBrands on Pinterest - What You Legally Need to Know - Ad Age Mini Law Lesson
Brands on Pinterest - What You Legally Need to Know - Ad Age Mini Law Lesson
 
Brands on Facebook What You Legally Need to Know - Ad Age Mini Law Lesson
Brands on Facebook What You Legally Need to Know - Ad Age Mini Law LessonBrands on Facebook What You Legally Need to Know - Ad Age Mini Law Lesson
Brands on Facebook What You Legally Need to Know - Ad Age Mini Law Lesson
 
Brands on Twitter's Vine - What You Legally Need to Know - Ad Age Mini Law Le...
Brands on Twitter's Vine - What You Legally Need to Know - Ad Age Mini Law Le...Brands on Twitter's Vine - What You Legally Need to Know - Ad Age Mini Law Le...
Brands on Twitter's Vine - What You Legally Need to Know - Ad Age Mini Law Le...
 
How to Handle a Cease and Desist - Ad Age Mini Law Lesson
How to Handle a Cease and Desist - Ad Age Mini Law LessonHow to Handle a Cease and Desist - Ad Age Mini Law Lesson
How to Handle a Cease and Desist - Ad Age Mini Law Lesson
 
Can Brands Use a Celebrities in Social Media Without Permission - Ad Age Mini...
Can Brands Use a Celebrities in Social Media Without Permission - Ad Age Mini...Can Brands Use a Celebrities in Social Media Without Permission - Ad Age Mini...
Can Brands Use a Celebrities in Social Media Without Permission - Ad Age Mini...
 
Can a Brand Create a Harlem Shake Video Without Permission - Ad Age Mini Law ...
Can a Brand Create a Harlem Shake Video Without Permission - Ad Age Mini Law ...Can a Brand Create a Harlem Shake Video Without Permission - Ad Age Mini Law ...
Can a Brand Create a Harlem Shake Video Without Permission - Ad Age Mini Law ...
 

Recently uploaded

一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
Airst S
 
一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理
Airst S
 
3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt
seri bangash
 
一比一原版(UWA毕业证书)西澳大学毕业证如何办理
一比一原版(UWA毕业证书)西澳大学毕业证如何办理一比一原版(UWA毕业证书)西澳大学毕业证如何办理
一比一原版(UWA毕业证书)西澳大学毕业证如何办理
bd2c5966a56d
 
一比一原版悉尼科技大学毕业证如何办理
一比一原版悉尼科技大学毕业证如何办理一比一原版悉尼科技大学毕业证如何办理
一比一原版悉尼科技大学毕业证如何办理
e9733fc35af6
 
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
bd2c5966a56d
 
买(rice毕业证书)莱斯大学毕业证本科文凭证书原版质量
买(rice毕业证书)莱斯大学毕业证本科文凭证书原版质量买(rice毕业证书)莱斯大学毕业证本科文凭证书原版质量
买(rice毕业证书)莱斯大学毕业证本科文凭证书原版质量
acyefsa
 
Interpretation of statute topics for project
Interpretation of statute topics for projectInterpretation of statute topics for project
Interpretation of statute topics for project
VarshRR
 
一比一原版(Warwick毕业证书)华威大学毕业证如何办理
一比一原版(Warwick毕业证书)华威大学毕业证如何办理一比一原版(Warwick毕业证书)华威大学毕业证如何办理
一比一原版(Warwick毕业证书)华威大学毕业证如何办理
Fir La
 
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
bd2c5966a56d
 

Recently uploaded (20)

Navigating Employment Law - Term Project.pptx
Navigating Employment Law - Term Project.pptxNavigating Employment Law - Term Project.pptx
Navigating Employment Law - Term Project.pptx
 
Shubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptxShubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptx
 
5-6-24 David Kennedy Article Law 360.pdf
5-6-24 David Kennedy Article Law 360.pdf5-6-24 David Kennedy Article Law 360.pdf
5-6-24 David Kennedy Article Law 360.pdf
 
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
 
一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理
 
3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt
 
Performance of contract-1 law presentation
Performance of contract-1 law presentationPerformance of contract-1 law presentation
Performance of contract-1 law presentation
 
一比一原版(UWA毕业证书)西澳大学毕业证如何办理
一比一原版(UWA毕业证书)西澳大学毕业证如何办理一比一原版(UWA毕业证书)西澳大学毕业证如何办理
一比一原版(UWA毕业证书)西澳大学毕业证如何办理
 
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURYA SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
 
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation StrategySmarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
 
一比一原版悉尼科技大学毕业证如何办理
一比一原版悉尼科技大学毕业证如何办理一比一原版悉尼科技大学毕业证如何办理
一比一原版悉尼科技大学毕业证如何办理
 
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam TakersPhilippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
 
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
 
买(rice毕业证书)莱斯大学毕业证本科文凭证书原版质量
买(rice毕业证书)莱斯大学毕业证本科文凭证书原版质量买(rice毕业证书)莱斯大学毕业证本科文凭证书原版质量
买(rice毕业证书)莱斯大学毕业证本科文凭证书原版质量
 
Interpretation of statute topics for project
Interpretation of statute topics for projectInterpretation of statute topics for project
Interpretation of statute topics for project
 
一比一原版(Warwick毕业证书)华威大学毕业证如何办理
一比一原版(Warwick毕业证书)华威大学毕业证如何办理一比一原版(Warwick毕业证书)华威大学毕业证如何办理
一比一原版(Warwick毕业证书)华威大学毕业证如何办理
 
Understanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective BargainingUnderstanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective Bargaining
 
Who is Spencer McDaniel? And Does He Actually Exist?
Who is Spencer McDaniel? And Does He Actually Exist?Who is Spencer McDaniel? And Does He Actually Exist?
Who is Spencer McDaniel? And Does He Actually Exist?
 
Reason Behind the Success of Law Firms in India
Reason Behind the Success of Law Firms in IndiaReason Behind the Success of Law Firms in India
Reason Behind the Success of Law Firms in India
 
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
 

Are You Prepared For a Data Breach

  • 1. Mini Law Lesson Are You Prepared for a Data Breach? Brian Heidelberger bheidelb@winston.com Twitter @briheidelberger Info @ www.winston.com/bheidelberger
  • 2. IMPORTANT DISCLAIMER • I am not your attorney. • This is not legal advice. 2
  • 3. Is The Data We Hold Sufficiently Secure?
  • 4. • Who does this?  92% outsiders  19% state-affiliated • How do they do it?  52% hacking  76% stolen credentials  40% malware  29% leverage social attacks Who Stealing Data and How?
  • 5. • Trojan – malicious code surreptitiously inserted into target computer to allow remote access/control by unauthorized person • Botnet – network of infected computers controlled remotely • Phishing – common infection technique involving email that lures user to take action that unwittingly downloads malicious code • Drive-by infection – infection of internet sites so that user clicking on button on web page unwittingly downloads malware • Backdoor – creation of means for unauthorized and undetected access • Keylogger – software tool that logs keystrokes Tools of the Trade
  • 6. Who Handles Compliance? From The Winston & Strawn International Business Risk Survey 2013
  • 7. Top Data Privacy Concerns Today
  • 9. Companies Are Re-Thinking Their Data Security Programs • “Data” – financial account info, SSN, ID no.’s, credit card, DOB, health info, email addresses and passwords, etc. • “Cyberthreat will pose the greatest threat to our country”  FBI Director, Robert Mueller • Taking steps to mitigate potential exposure of possibly millions of dollars • Statistics show many breaches are avoidable 9
  • 10. Assess Your Current Practices • Data Mapping  What information do you have and where is it? • Security Audit  How do you keep the information secure? • Legal Compliance Assessment  Are you compliant with state laws and industry standards  Do you have any holes in your security • Include Physical Files  Many breaches arise out of paper docs 10
  • 11. Implement Changes • Fix any security lapses that you find  Collect only necessary info  Keep it as short as possible  Limit access and encrypt data  Create internal and vendor policies • Robust passwords • Laptops and mobile phones • Secure disposal policy  Conduct training  Conduct audits of company and vendors  Update policies  Enhance security technologies 11
  • 12. Implement Changes • Modify existing practices to bring them in line with legal obligations.  Create/Update Data Security/Protection Program as Required by Law • Mass law requires companies to have a data • protection program in place to protect PII of its residents and be prepared to attest to its use in • the event of an investigation of a possible compromise • Fix security measures • Conduct employee training 12
  • 13. Implement Changes • Create Data Breach Plan  Something will go wrong  Plan sets out how to respond when it does  Addresses both practical; • How to investigate, who’s on the team, who talks to the media, etc.  and legal requirements • When we have to, and how to, notify consumers/regulators, etc. 13
  • 14. Follow me on Twitter @BriHeidelberger 14
  • 15. More Mini Law Lessons youtube.com/AdAge.com & youtube.com/BrianHeidelberger 15

Editor's Notes

  1. B
  2. B/G WSJ article this weekend, discussing malware attacking advertisements -- Google took down over 400,000 malicious ads last year -- secretly inserted into ads