13. www.solidcounsel.com
first
name or
first initial
last name
SSN
DLN or
GovtID
data
breach
first
name or
first initial
last
name
Acct or
Card #
Access
or
Security
Code
data
breach
Info that IDs
Individual
Health-care,
provided, or
pay
data breach
Duty to notify when “unauthorized acquisition of computerized data that compromises the security,
confidentiality, or integrity of sensitive personal information …” Tx. Bus. Comm. Code § 521.053
CIVIL PENALTY $100.00 per individual per
day for notification delay, not to exceed
$250,000 for single breach § 521.151
15. www.solidcounsel.com
What does “reporting & notification” mean?
Law Enforcement
State Attorneys General
pre-notice = VT (14 days), MD,
NJ St. Police
Federal Agencies
FTC, SEC, HHS, etc.
Consumers
Fla, Ohio, Vermont = 45 days
Professional Vendors &
Suppliers
16. www.solidcounsel.com
Cost of a Data Breach
2013 Cost (pre-Target)
$188.00 per record
$5.4 million = total average cost paid by organizations
2014 Cost
$201 per record
$5.9 million = total average cost paid by organizations
“The primary reason for the increase is the loss of customers following the data
breach due to the additional expenses required to preserve the organization’s
brand and reputation.” –Ponemon Institute 2014 Cost of Data Breach Study
35. ShawnTuma
Partner, Scheef & Stone, L.L.P.
214.472.2135
shawn.tuma@solidcounsel.com
@shawnetuma
blog: shawnetuma.com
web: solidcounsel.com
This information provided is for educational purposes only, does not constitute legal advice,
and no attorney-client relationship is created by this presentation.
Shawn Tuma is a cyber lawyer business leaders trust to help solve problems with cutting-
edge issues involving cybersecurity, data privacy, computer fraud, intellectual property, and
social media law. He is a partner at Scheef & Stone, LLP, a full service commercial law firm
inTexas that represents businesses of all sizes throughout the United States and, through
its Mackrell International network, throughout the world.
Texas SuperLawyers 2015
Best Lawyers in Dallas 2014 & 2015, D Magazine (Digital Information Law)
Chair, Collin County Bar Association Civil Litigation & Appellate Section
College of the State Bar ofTexas
Privacy and Data Security Committee, Litigation, Intellectual Property Law, and
Business Sections of the State Bar ofTexas
Information Security Committee of the Section on Science &Technology Committee of
the American Bar Association
Social Media Committee of the American Bar Association
NorthTexas Crime Commission, Cybercrime Committee
Infragard (FBI)
International Association of Privacy Professionals
Information Systems Security Association
Contributor, Norse DarkMatters Security Blog
Editor, Business Cyber Risk Law Blog