SlideShare una empresa de Scribd logo

Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and Management, SecureWorld – Dallas Expo (10/28/15)

Shawn Tuma
Shawn Tuma

Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and Management, SecureWorld – Dallas Expo (10/28/15)

Derecho
1 de 31
Descargar para leer sin conexión
Shawn E. Tuma Cybersecurity Legal Trends Partner, Scheef & Stone, L.L.P.
@shawnetuma #SWDAL15
“There are only two types of companies: those that have been hacked, and those that will be.” –Robert Mueller Odds: Security @100% / Hacker @ 1TargetHome DepotNeiman MarcusMichaelsSpecsTJ MaxeBaySally BeautyPF Chang’sUPSDairy QueenJimmy John’sJP Morgan ChaseKmartStaplesSonyAshley Madison
www.solidcounsel.com Cost of a Data Breach – US 2013 Cost  $188.00 per record  $5.4 million = total average cost paid by organizations 2014 Cost  $201 per record  $5.9 million = total average cost paid by organizations 2015 Cost  $217 per record  $6.5 million = total average cost paid by organizations (Ponemon Institute Cost of Data Breach Studies)
Legal Issues Responding Litigation Regulatory & Administrative Officer & Director Liability
www.solidcounsel.com Responding: Execute Response Plan  Contact attorney (privilege)  Assemble your Response Team  Review insurance & notify carrier  Notify Card Processor  Contact forensics  Contact notification vendor  Investigate breach  Remediate responsible vulnerabilities  Reporting & notification
www.solidcounsel.com Responding: Reporting & Notification  Law Enforcement  State Laws  47 states (Ala, NM, SD)  State Attorneys General  VT (pre-notice w/in 14 days)  MD (pre-notice)  NJ (pre-notice to state police)  Consumers  Fla (w/in 30 days)  OH & VT (45 days)  Federal Agencies  FTC, SEC, HHS, etc.  Industry Groups  PCI, FINRA, etc.  Credit Bureaus  Business Associates  Vendors & Suppliers
Litigation
www.solidcounsel.com Litigation: Business / Real Harm Standing has not been an issue in cases where the harm is readily ascertainable: “Target does not challenge Plaintiffs’ allegations with respect to the elements of causation and damages.” In re Target Corp. Customer Data Sec. Breach Litigation, 64 F.Supp.3d 1304, 1310 (D. Minn. 2014) (Financial Institutions Litigation).
www.solidcounsel.com Litigation: The Good Old Days Fear from the heightened risk of future identity theft or fraud from a data breach does not give legal standing to sue by a party whose data may have been compromised.  “Allegations of future harm can establish Article III standing if that harm is “certainly impending,” but “allegations of possible future injury are not sufficient.” Clapper v. Amnesty Int’l USA, 133 S.Ct. 1138, 1147 (2013).  “[A]llegation of future injury may suffice if the threatened injury is ‘certainly impending’ or there is a ‘substantial risk’ that the harm will occur.” Susan B. Anthony List v. Driehaus, 134 S.Ct. 2334, 2341 (2014).  “Peters has not made the requisite demonstration of injury, traceability and redressability for her alleged injuries.” Peters v. St. Joseph Services, 74 F.Supp.3d 847 (S.D. Tex. Feb. 11, 2015).
www.solidcounsel.com Litigation: Sensing Change? Target’s Proposed Consumer Litigation Settlement (March 19, 2015)  Target pay $10 million to interest-bearing escrow account.  Consumers eligible for up to $10,000, if  Show proof of losses from the data breach (prioritized).  Remaining funds will be disbursed later.
www.solidcounsel.com Litigation: The Tectonic Shift Remijas v. Neiman Marcus Group, LLC, 794 F.3d 688, 693 (7th Cir. 2015).  “The plaintiffs allege that the hackers deliberately targeted Neiman Marcus in order to obtain their credit-card information. . . . [t]here is ‘no need to speculate as to whether [the Neiman Marcus customers’] information has been stolen and what information was taken. . . . there is an ‘objectively reasonable likelihood’ that such an injury will occur.”  “At this stage in the litigation, it is plausible to infer that the plaintiffs have shown a substantial risk of harm from the Neiman Marcus data breach. Why else would hackers break into a store’s database and steal consumers private information? Presumably, the purpose of the hack is, sooner or later, to make fraudulent charges or assume those consumers’ identities.”
www.solidcounsel.com Litigation: The Trends?  Standing  Theft of data v. negligent loss of data?  Target Fin. / Sony / Ashley Madison – the harm?  Overall Litigation Trend  Incrementalism  Who’s gonna get it?  Who has best opportunity to control?
Regulatory & Administrative
www.solidcounsel.com Regulatory Response – SEC January 2014: SEC indicates companies need Policies & Procedures for: 1. Prevention, detection, and response to cyber attacks and data breaches, 2. IT training focused on security, and 3. Third party access to company systems and vendor third party due diligence.
www.solidcounsel.com Regulatory Response – SEC April 2014: Office of Compliance Inspections and Examinations (OCIE) Cybersecurity Initiative  Examine 50 registered broker-dealers and registered investment advisors.  7 page sample cybersecurity doc request.  Detailed cybersecurity questions.  Extensive 3rd party provider questions.
www.solidcounsel.com Regulatory Response – SEC S.E.C. v. R.T. Jones Capital Equities Management, Consent Order (Sept. 22, 2015).  “Firms must adopt written policies to protect their clients’ private information”  “they need to anticipate potential cybersecurity events and  have clear procedures in place rather than waiting to react once a breach occurs.”  violated this “safeguards rule  100,000 records (no reports of harm)  $75,000 penalty
www.solidcounsel.com Regulatory Response – FTC In re GMR Transcription Svcs, Inc., 2014 WL 4252393 (Aug. 14, 2014). FTC’s Order requires business to follow 3 steps when contracting with third party service providers: 1. Investigate before hiring data service providers. 2. Obligate their data service providers to adhere to the appropriate level of data security protections. 3. Verify that the data service providers are complying with obligations (contracts).
www.solidcounsel.com Regulatory & Administrative F.T.C. v. Wyndham Worldwide Corp., 799 F.3d 236 (3rd Cir. Aug. 24, 2015).  The FTC has authority to regulate cybersecurity under the unfairness prong of § 45(a) of the Federal Trade Commission Act.  Companies have fair notice that their specific cybersecurity practices could fall short of that provision.  3 breaches / 619,000 records / $10.6 million in fraud  Rudimentary practices v. 2007 guidebook  Website Privacy Policy misrepresentations
Officer & Director Liability
www.solidcounsel.com Officer & Director Liability “[B]oards that choose to ignore, or minimize, the importance of cybersecurity oversight responsibility, do so at their own peril.” SEC Commissioner Luis A. Aguilar, June 10, 2014.  Derivative Litigation  the wave of the future.  Trend of holding responsible those perceived to be in position of control vis- à-vis those perceived as being the victim.  Heartland Payment Systems, TJ Maxx, Target, Home Depot, Wyndham  Derivative claims are premised on the harm to the company that stem from the data breach, a much different standard than the harm / standing issues that plaintiffs face in consumer data breach litigation.  Derivative plaintiffs rely on Caremark claims that are premised on the officers and directors’ lack of oversight which is a breach of the duty of loyalty and good faith. Companies cannot insulate the officers and directors for a breach of this duty.  Caremark standard: (1) “utterly failed” to implement reporting system or controls; or (2) consciously failed to monitor or oversee system.
www.solidcounsel.com Officer & Director Liability Palkon v. Holmes, 2014 WL 5341880, *5-6 (D. NJ Oct. 20, 2014).  Palkon, a Wyndham shareholder, brought a derivative action against its officers and directors for failing to ensure that Wyndham implemented adequate security policies and procedures.  Included Caremark Claim: “Defendants failed to ensure that the Company and its subsidiaries implemented adequate information security policies and procedures . . . .” (Pl’s Complaint ¶ 4)  Court granted Motion to Dismiss, finding the board satisfied the business judgement rule by staying reasonably informed of the cybersecurity risks and exercising appropriate oversight in the face of the known risks.  The well-documented history of diligence and compliance showed the board had discussed cybersecurity risks, company security policies and proposed security enhancements in 14 quarterly meetings and had implemented some of those cybersecurity measures.
Standard of Care
You will be breached.Will you be liable? It’s not the breach; it’s your diligence that matters most. Companies have a duty to be reasonably informed of and take reasonable measures to protect against cybersecurity risks.
Cyber Risk Assessment Strategic Planning Deploy Defense Assets Develop, Implement &Train on P&P Tabletop Testing Reassess & Refine
Parting Thought
ShawnTuma Partner, Scheef & Stone, L.L.P. 214.472.2135 shawn.tuma@solidcounsel.com @shawnetuma blog: shawnetuma.com web: solidcounsel.com This information provided is for educational purposes only, does not constitute legal advice, and no attorney-client relationship is created by this presentation. ShawnTuma is a cyber lawyer business leaders trust to help solve problems with cutting-edge issues involving cybersecurity, data privacy, computer fraud, intellectual property, and social media law. He is a partner at Scheef & Stone, LLP, a full service commercial law firm inTexas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.  Texas SuperLawyers 2015  Best Lawyers in Dallas 2014 & 2015, D Magazine (Digital Information Law)  Council,Computer &Technology Section, State Bar ofTexas  Chair, Civil Litigation & Appellate Section,CollinCounty BarAssociation  College of the State Bar ofTexas  Privacy and Data Security Committee, Litigation, Intellectual Property Law, and BusinessSections of the State Bar ofTexas  Information SecurityCommittee of the Section on Science &Technology Committee of theAmerican BarAssociation  NorthTexasCrime Commission,Cybercrime Committee  Infragard (FBI)  InternationalAssociation of Privacy Professionals (IAPP)  Information Systems SecurityAssociation (ISSA)  Board of Advisors,Optiv Security  Contributor, Norse DarkMatters Security Blog  Editor, BusinessCyber Risk Law Blog

Recomendados

Cybersecurity & Data Protection: What the GC & CEO Need to Know
Cybersecurity & Data Protection: What the GC & CEO Need to KnowCybersecurity & Data Protection: What the GC & CEO Need to Know
Cybersecurity & Data Protection: What the GC & CEO Need to Know
Shawn Tuma
 
Cybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The ConvergenceCybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The Convergence
Shawn Tuma
 
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Shawn Tuma
 
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Shawn Tuma
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Shawn Tuma
 
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsCybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
Shawn Tuma
 
Government Notification of Data Breach
Government Notification of Data BreachGovernment Notification of Data Breach
Government Notification of Data Breach
Shawn Tuma
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Shawn Tuma
 

Recomendados

Cybersecurity & Data Protection: What the GC & CEO Need to Know
Cybersecurity & Data Protection: What the GC & CEO Need to KnowCybersecurity & Data Protection: What the GC & CEO Need to Know
Cybersecurity & Data Protection: What the GC & CEO Need to Know
Shawn Tuma
 
Cybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The ConvergenceCybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The Convergence
Shawn Tuma
 
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Shawn Tuma
 
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Shawn Tuma
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Shawn Tuma
 
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsCybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
Shawn Tuma
 
Government Notification of Data Breach
Government Notification of Data BreachGovernment Notification of Data Breach
Government Notification of Data Breach
Shawn Tuma
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Shawn Tuma
 
The Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityThe Changing Landscape of Cyber Liability
The Changing Landscape of Cyber Liability
Rachel Hamilton
 
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
Shawn Tuma
 
Hot Topics in Data Breach Litigation
Hot Topics in Data Breach LitigationHot Topics in Data Breach Litigation
Hot Topics in Data Breach Litigation
Bradley Arant Boult Cummings LLP
 
Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to Know
Shawn Tuma
 
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
Robert Craig
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity Essay
Michael Solomon
 
Data Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident SimulationData Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident Simulation
Bradley Arant Boult Cummings LLP
 
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Wendy Knox Everette
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
spencerharry
 
BEA Presentation
BEA PresentationBEA Presentation
BEA Presentation
Glenn E. Davis
 
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Shawn Tuma
 
Cloud Security Law Issues--an Overview
Cloud Security Law Issues--an OverviewCloud Security Law Issues--an Overview
Cloud Security Law Issues--an Overview
Michael C. Keeling, Esq.
 
MA Privacy Law
MA Privacy LawMA Privacy Law
MA Privacy Law
travismd
 
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Ethan S. Burger
 
Digital Information Law & Your Business - The Alternative Board
Digital Information Law & Your Business - The Alternative BoardDigital Information Law & Your Business - The Alternative Board
Digital Information Law & Your Business - The Alternative Board
Shawn Tuma
 
Cyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach ResponseCyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach Response
Shawn Tuma
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber Insurance
HB Litigation Conferences
 
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Shawn Tuma
 
employee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityemployee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurity
Paul Ferrillo
 
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Shawn Tuma
 
Cybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowCybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to Know
Shawn Tuma
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
Todd Ruback
 

Más contenido relacionado

La actualidad más candente

SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
Shawn Tuma
 
Hot Topics in Data Breach Litigation
Hot Topics in Data Breach LitigationHot Topics in Data Breach Litigation
Hot Topics in Data Breach Litigation
Bradley Arant Boult Cummings LLP
 
Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to Know
Shawn Tuma
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity Essay
Michael Solomon
 
Data Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident SimulationData Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident Simulation
Bradley Arant Boult Cummings LLP
 
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Wendy Knox Everette
 
MA Privacy Law
MA Privacy LawMA Privacy Law
MA Privacy Law
travismd
 
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Ethan S. Burger
 
employee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityemployee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurity
Paul Ferrillo
 

La actualidad más candente (20)

The Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityThe Changing Landscape of Cyber Liability
The Changing Landscape of Cyber Liability
 
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
 
Hot Topics in Data Breach Litigation
Hot Topics in Data Breach LitigationHot Topics in Data Breach Litigation
Hot Topics in Data Breach Litigation
 
Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to Know
 
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity Essay
 
Data Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident SimulationData Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident Simulation
 
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
 
BEA Presentation
BEA PresentationBEA Presentation
BEA Presentation
 
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
 
Cloud Security Law Issues--an Overview
Cloud Security Law Issues--an OverviewCloud Security Law Issues--an Overview
Cloud Security Law Issues--an Overview
 
MA Privacy Law
MA Privacy LawMA Privacy Law
MA Privacy Law
 
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
 
Digital Information Law & Your Business - The Alternative Board
Digital Information Law & Your Business - The Alternative BoardDigital Information Law & Your Business - The Alternative Board
Digital Information Law & Your Business - The Alternative Board
 
Cyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach ResponseCyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach Response
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber Insurance
 
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
 
employee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityemployee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurity
 
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
 

Similar a Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and Management, SecureWorld – Dallas Expo (10/28/15)

Legal Issues Impacting Data Center Owners, Operators and Users
Legal Issues Impacting Data Center Owners, Operators and UsersLegal Issues Impacting Data Center Owners, Operators and Users
Legal Issues Impacting Data Center Owners, Operators and Users
MMMTechLaw
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1
Michael C. Keeling, Esq.
 
George Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarGeorge Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler Seminar
Don Grauel
 
Cyber Claims Brief Summer 2016
Cyber Claims Brief Summer 2016Cyber Claims Brief Summer 2016
Cyber Claims Brief Summer 2016
Anthony Rapa
 
Cyber security legal and regulatory environment - Executive Discussion
Cyber security legal and regulatory environment - Executive DiscussionCyber security legal and regulatory environment - Executive Discussion
Cyber security legal and regulatory environment - Executive Discussion
Joe Nathans
 

Similar a Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and Management, SecureWorld – Dallas Expo (10/28/15) (20)

Cybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowCybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to Know
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
 
Data Security and Privacy by Contract: Hacking Us All Into Business Associate...
Data Security and Privacy by Contract: Hacking Us All Into Business Associate...Data Security and Privacy by Contract: Hacking Us All Into Business Associate...
Data Security and Privacy by Contract: Hacking Us All Into Business Associate...
 
Legal Issues Impacting Data Center Owners, Operators & Users
Legal Issues Impacting Data Center Owners, Operators & UsersLegal Issues Impacting Data Center Owners, Operators & Users
Legal Issues Impacting Data Center Owners, Operators & Users
 
Legal Issues Impacting Data Center Owners, Operators and Users
Legal Issues Impacting Data Center Owners, Operators and UsersLegal Issues Impacting Data Center Owners, Operators and Users
Legal Issues Impacting Data Center Owners, Operators and Users
 
Cybersecurity: What Defense Lawyers Need to Know about Cyberliability, Cyberc...
Cybersecurity: What Defense Lawyers Need to Know about Cyberliability, Cyberc...Cybersecurity: What Defense Lawyers Need to Know about Cyberliability, Cyberc...
Cybersecurity: What Defense Lawyers Need to Know about Cyberliability, Cyberc...
 
Legal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the BreachLegal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the Breach
 
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsCyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
 
Protecting Consumer Information: Can a Breach be Prevented?
Protecting Consumer Information: Can a Breach be Prevented?Protecting Consumer Information: Can a Breach be Prevented?
Protecting Consumer Information: Can a Breach be Prevented?
 
Cyber Claims Insight
Cyber Claims InsightCyber Claims Insight
Cyber Claims Insight
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1
 
2015 LOMA Conference - Third party risk management - Session 20
2015 LOMA Conference - Third party risk management - Session 202015 LOMA Conference - Third party risk management - Session 20
2015 LOMA Conference - Third party risk management - Session 20
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006
 
Data breaches at home and abroad
Data breaches at home and abroad Data breaches at home and abroad
Data breaches at home and abroad
 
George Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarGeorge Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler Seminar
 
Legal issues of domain names & trademarks
Legal issues of domain names & trademarksLegal issues of domain names & trademarks
Legal issues of domain names & trademarks
 
Cyber Claims Brief Summer 2016
Cyber Claims Brief Summer 2016Cyber Claims Brief Summer 2016
Cyber Claims Brief Summer 2016
 
Responding to a Company-Wide PII Data Breach
Responding to a Company-Wide PII Data BreachResponding to a Company-Wide PII Data Breach
Responding to a Company-Wide PII Data Breach
 
Cyber security legal and regulatory environment - Executive Discussion
Cyber security legal and regulatory environment - Executive DiscussionCyber security legal and regulatory environment - Executive Discussion
Cyber security legal and regulatory environment - Executive Discussion
 
Insurance Fraud Whitepaper
Insurance Fraud WhitepaperInsurance Fraud Whitepaper
Insurance Fraud Whitepaper
 

Más de Shawn Tuma

Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Shawn Tuma
 
Cyber Incident Response Checklist
Cyber Incident Response ChecklistCyber Incident Response Checklist
Cyber Incident Response Checklist
Shawn Tuma
 
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Shawn Tuma
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Shawn Tuma
 

Más de Shawn Tuma (20)

Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
 
The Dark Side of Digital Engagement
The Dark Side of Digital EngagementThe Dark Side of Digital Engagement
The Dark Side of Digital Engagement
 
Incident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware AttackIncident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware Attack
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
 
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
 
The Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data BreachThe Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data Breach
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
 
Lawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for CybersecurityLawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for Cybersecurity
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
 
Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should Include
 
Cyber Hygiene Checklist
Cyber Hygiene ChecklistCyber Hygiene Checklist
Cyber Hygiene Checklist
 
Cyber Incident Response Checklist
Cyber Incident Response ChecklistCyber Incident Response Checklist
Cyber Incident Response Checklist
 
Cybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and ClientsCybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and Clients
 
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
 
Something is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid ThemSomething is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid Them
 
Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)
 
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
 
Cybersecurity Update
Cybersecurity UpdateCybersecurity Update
Cybersecurity Update
 

Último

一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
Airst S
 
Corporate Governance (Indian Scenario, Legal frame work in India ) - PPT.ppt
Corporate Governance (Indian Scenario, Legal frame work in India ) - PPT.pptCorporate Governance (Indian Scenario, Legal frame work in India ) - PPT.ppt
Corporate Governance (Indian Scenario, Legal frame work in India ) - PPT.ppt
RRR Chambers
 
Interpretation of statute topics for project
Interpretation of statute topics for projectInterpretation of statute topics for project
Interpretation of statute topics for project
VarshRR
 
一比一原版曼彻斯特城市大学毕业证如何办理
一比一原版曼彻斯特城市大学毕业证如何办理一比一原版曼彻斯特城市大学毕业证如何办理
一比一原版曼彻斯特城市大学毕业证如何办理
Airst S
 
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
A AA
 
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
Airst S
 
Code_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.pptCode_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.ppt
JosephCanama
 
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
ss
 
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
bd2c5966a56d
 
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
e9733fc35af6
 
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
e9733fc35af6
 
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
SUHANI PANDEY
 

Último (20)

一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
 
The doctrine of harmonious construction under Interpretation of statute
The doctrine of harmonious construction under Interpretation of statuteThe doctrine of harmonious construction under Interpretation of statute
The doctrine of harmonious construction under Interpretation of statute
 
Corporate Governance (Indian Scenario, Legal frame work in India ) - PPT.ppt
Corporate Governance (Indian Scenario, Legal frame work in India ) - PPT.pptCorporate Governance (Indian Scenario, Legal frame work in India ) - PPT.ppt
Corporate Governance (Indian Scenario, Legal frame work in India ) - PPT.ppt
 
Interpretation of statute topics for project
Interpretation of statute topics for projectInterpretation of statute topics for project
Interpretation of statute topics for project
 
一比一原版曼彻斯特城市大学毕业证如何办理
一比一原版曼彻斯特城市大学毕业证如何办理一比一原版曼彻斯特城市大学毕业证如何办理
一比一原版曼彻斯特城市大学毕业证如何办理
 
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
 
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURYA SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
 
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
 
Code_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.pptCode_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.ppt
 
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
 
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptxAnalysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
 
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
 
Understanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective BargainingUnderstanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective Bargaining
 
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
 
Performance of contract-1 law presentation
Performance of contract-1 law presentationPerformance of contract-1 law presentation
Performance of contract-1 law presentation
 
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...
 
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
 
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
 
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
 
Hely-Hutchinson v. Brayhead Ltd .pdf
Hely-Hutchinson v. Brayhead Ltd .pdfHely-Hutchinson v. Brayhead Ltd .pdf
Hely-Hutchinson v. Brayhead Ltd .pdf
 

Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and Management, SecureWorld – Dallas Expo (10/28/15)

  • 1. Shawn E. Tuma Cybersecurity Legal Trends Partner, Scheef & Stone, L.L.P.
  • 3. “There are only two types of companies: those that have been hacked, and those that will be.” –Robert Mueller Odds: Security @100% / Hacker @ 1TargetHome DepotNeiman MarcusMichaelsSpecsTJ MaxeBaySally BeautyPF Chang’sUPSDairy QueenJimmy John’sJP Morgan ChaseKmartStaplesSonyAshley Madison
  • 4.
  • 5.
  • 6. www.solidcounsel.com Cost of a Data Breach – US 2013 Cost  $188.00 per record  $5.4 million = total average cost paid by organizations 2014 Cost  $201 per record  $5.9 million = total average cost paid by organizations 2015 Cost  $217 per record  $6.5 million = total average cost paid by organizations (Ponemon Institute Cost of Data Breach Studies)
  • 8. www.solidcounsel.com Responding: Execute Response Plan  Contact attorney (privilege)  Assemble your Response Team  Review insurance & notify carrier  Notify Card Processor  Contact forensics  Contact notification vendor  Investigate breach  Remediate responsible vulnerabilities  Reporting & notification
  • 9. www.solidcounsel.com Responding: Reporting & Notification  Law Enforcement  State Laws  47 states (Ala, NM, SD)  State Attorneys General  VT (pre-notice w/in 14 days)  MD (pre-notice)  NJ (pre-notice to state police)  Consumers  Fla (w/in 30 days)  OH & VT (45 days)  Federal Agencies  FTC, SEC, HHS, etc.  Industry Groups  PCI, FINRA, etc.  Credit Bureaus  Business Associates  Vendors & Suppliers
  • 11. www.solidcounsel.com Litigation: Business / Real Harm Standing has not been an issue in cases where the harm is readily ascertainable: “Target does not challenge Plaintiffs’ allegations with respect to the elements of causation and damages.” In re Target Corp. Customer Data Sec. Breach Litigation, 64 F.Supp.3d 1304, 1310 (D. Minn. 2014) (Financial Institutions Litigation).
  • 12. www.solidcounsel.com Litigation: The Good Old Days Fear from the heightened risk of future identity theft or fraud from a data breach does not give legal standing to sue by a party whose data may have been compromised.  “Allegations of future harm can establish Article III standing if that harm is “certainly impending,” but “allegations of possible future injury are not sufficient.” Clapper v. Amnesty Int’l USA, 133 S.Ct. 1138, 1147 (2013).  “[A]llegation of future injury may suffice if the threatened injury is ‘certainly impending’ or there is a ‘substantial risk’ that the harm will occur.” Susan B. Anthony List v. Driehaus, 134 S.Ct. 2334, 2341 (2014).  “Peters has not made the requisite demonstration of injury, traceability and redressability for her alleged injuries.” Peters v. St. Joseph Services, 74 F.Supp.3d 847 (S.D. Tex. Feb. 11, 2015).
  • 13. www.solidcounsel.com Litigation: Sensing Change? Target’s Proposed Consumer Litigation Settlement (March 19, 2015)  Target pay $10 million to interest-bearing escrow account.  Consumers eligible for up to $10,000, if  Show proof of losses from the data breach (prioritized).  Remaining funds will be disbursed later.
  • 14. www.solidcounsel.com Litigation: The Tectonic Shift Remijas v. Neiman Marcus Group, LLC, 794 F.3d 688, 693 (7th Cir. 2015).  “The plaintiffs allege that the hackers deliberately targeted Neiman Marcus in order to obtain their credit-card information. . . . [t]here is ‘no need to speculate as to whether [the Neiman Marcus customers’] information has been stolen and what information was taken. . . . there is an ‘objectively reasonable likelihood’ that such an injury will occur.”  “At this stage in the litigation, it is plausible to infer that the plaintiffs have shown a substantial risk of harm from the Neiman Marcus data breach. Why else would hackers break into a store’s database and steal consumers private information? Presumably, the purpose of the hack is, sooner or later, to make fraudulent charges or assume those consumers’ identities.”
  • 15. www.solidcounsel.com Litigation: The Trends?  Standing  Theft of data v. negligent loss of data?  Target Fin. / Sony / Ashley Madison – the harm?  Overall Litigation Trend  Incrementalism  Who’s gonna get it?  Who has best opportunity to control?
  • 17.
  • 18. www.solidcounsel.com Regulatory Response – SEC January 2014: SEC indicates companies need Policies & Procedures for: 1. Prevention, detection, and response to cyber attacks and data breaches, 2. IT training focused on security, and 3. Third party access to company systems and vendor third party due diligence.
  • 19. www.solidcounsel.com Regulatory Response – SEC April 2014: Office of Compliance Inspections and Examinations (OCIE) Cybersecurity Initiative  Examine 50 registered broker-dealers and registered investment advisors.  7 page sample cybersecurity doc request.  Detailed cybersecurity questions.  Extensive 3rd party provider questions.
  • 20. www.solidcounsel.com Regulatory Response – SEC S.E.C. v. R.T. Jones Capital Equities Management, Consent Order (Sept. 22, 2015).  “Firms must adopt written policies to protect their clients’ private information”  “they need to anticipate potential cybersecurity events and  have clear procedures in place rather than waiting to react once a breach occurs.”  violated this “safeguards rule  100,000 records (no reports of harm)  $75,000 penalty
  • 21.
  • 22. www.solidcounsel.com Regulatory Response – FTC In re GMR Transcription Svcs, Inc., 2014 WL 4252393 (Aug. 14, 2014). FTC’s Order requires business to follow 3 steps when contracting with third party service providers: 1. Investigate before hiring data service providers. 2. Obligate their data service providers to adhere to the appropriate level of data security protections. 3. Verify that the data service providers are complying with obligations (contracts).
  • 23. www.solidcounsel.com Regulatory & Administrative F.T.C. v. Wyndham Worldwide Corp., 799 F.3d 236 (3rd Cir. Aug. 24, 2015).  The FTC has authority to regulate cybersecurity under the unfairness prong of § 45(a) of the Federal Trade Commission Act.  Companies have fair notice that their specific cybersecurity practices could fall short of that provision.  3 breaches / 619,000 records / $10.6 million in fraud  Rudimentary practices v. 2007 guidebook  Website Privacy Policy misrepresentations
  • 24. Officer & Director Liability
  • 25. www.solidcounsel.com Officer & Director Liability “[B]oards that choose to ignore, or minimize, the importance of cybersecurity oversight responsibility, do so at their own peril.” SEC Commissioner Luis A. Aguilar, June 10, 2014.  Derivative Litigation  the wave of the future.  Trend of holding responsible those perceived to be in position of control vis- à-vis those perceived as being the victim.  Heartland Payment Systems, TJ Maxx, Target, Home Depot, Wyndham  Derivative claims are premised on the harm to the company that stem from the data breach, a much different standard than the harm / standing issues that plaintiffs face in consumer data breach litigation.  Derivative plaintiffs rely on Caremark claims that are premised on the officers and directors’ lack of oversight which is a breach of the duty of loyalty and good faith. Companies cannot insulate the officers and directors for a breach of this duty.  Caremark standard: (1) “utterly failed” to implement reporting system or controls; or (2) consciously failed to monitor or oversee system.
  • 26. www.solidcounsel.com Officer & Director Liability Palkon v. Holmes, 2014 WL 5341880, *5-6 (D. NJ Oct. 20, 2014).  Palkon, a Wyndham shareholder, brought a derivative action against its officers and directors for failing to ensure that Wyndham implemented adequate security policies and procedures.  Included Caremark Claim: “Defendants failed to ensure that the Company and its subsidiaries implemented adequate information security policies and procedures . . . .” (Pl’s Complaint ¶ 4)  Court granted Motion to Dismiss, finding the board satisfied the business judgement rule by staying reasonably informed of the cybersecurity risks and exercising appropriate oversight in the face of the known risks.  The well-documented history of diligence and compliance showed the board had discussed cybersecurity risks, company security policies and proposed security enhancements in 14 quarterly meetings and had implemented some of those cybersecurity measures.
  • 28. You will be breached.Will you be liable? It’s not the breach; it’s your diligence that matters most. Companies have a duty to be reasonably informed of and take reasonable measures to protect against cybersecurity risks.
  • 31. ShawnTuma Partner, Scheef & Stone, L.L.P. 214.472.2135 shawn.tuma@solidcounsel.com @shawnetuma blog: shawnetuma.com web: solidcounsel.com This information provided is for educational purposes only, does not constitute legal advice, and no attorney-client relationship is created by this presentation. ShawnTuma is a cyber lawyer business leaders trust to help solve problems with cutting-edge issues involving cybersecurity, data privacy, computer fraud, intellectual property, and social media law. He is a partner at Scheef & Stone, LLP, a full service commercial law firm inTexas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.  Texas SuperLawyers 2015  Best Lawyers in Dallas 2014 & 2015, D Magazine (Digital Information Law)  Council,Computer &Technology Section, State Bar ofTexas  Chair, Civil Litigation & Appellate Section,CollinCounty BarAssociation  College of the State Bar ofTexas  Privacy and Data Security Committee, Litigation, Intellectual Property Law, and BusinessSections of the State Bar ofTexas  Information SecurityCommittee of the Section on Science &Technology Committee of theAmerican BarAssociation  NorthTexasCrime Commission,Cybercrime Committee  Infragard (FBI)  InternationalAssociation of Privacy Professionals (IAPP)  Information Systems SecurityAssociation (ISSA)  Board of Advisors,Optiv Security  Contributor, Norse DarkMatters Security Blog  Editor, BusinessCyber Risk Law Blog