SlideShare una empresa de Scribd logo

Digital Information Law & Your Business - The Alternative Board

Descargar como PPTX, PDF
Shawn Tuma
Shawn Tuma

A discussion for business owners of digital information law issues of social media law, data security and data breach law, and trade secrets and corporate espionage issues.

DerechoTecnología
1 de 18
Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 1 Digital Information Law & Your Business Shawn Tuma, Partner BrittonTuma 469.635.1335 stuma@brittontuma.com @shawnetuma blog: shawnetuma.com web: brittontuma.com Shawn Tuma is a lawyer whose practice is focused on cutting-edge cyber and information law and includes issues like helping businesses defend their data and intellectual property against computer fraud, data breaches, hacking, corporate espionage, and insider theft. Shawn stays very active in the cyber and information law communities:  Chair, Collin County Bar Association Civil Litigation & Appellate Law Section  Best Lawyers in Dallas, D Magazine  College of the State Bar of Texas  Privacy and Data Security Committee of the State Bar of Texas  Computer and Technology, Litigation, Intellectual Property Law, and Business Sections of the State Bar of Texas  Information Security Committee of the Section on Science & Technology Committee of the American Bar Association  Social Media Committee of the American Bar Association  North Texas Crime Commission, Cybercrime Committee  International Association of Privacy Professionals The information provided is for educational purposes only, does not constitute legal advice, and no attorney-client relationship is created by this presentation.
Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 2 Social Media Using It To Grow Your Business
Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 3 Data Security & Data Breaches Your Company’s Biggest Threat
Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 4 “Authority” Governing Data Breach • Laws • Types • Common Law (courts) • Statutory Law (legislatures) • Sources • International • Federal • State • Local • Agency Rules & Regulations • Industry Standards
Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 5 What do these sources of “Authority” have in common? • Tell you what must be done following a breach. • Can you guess who “you” is? • “You” is the entity breached.
Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 6 What do you have to do following a data breach? • Execute Breach Response Plan • General Steps • contact attorney (privilege) • assemble your Response Team • contact forensics • contact notification vendor • investigate breach • remediate responsible vulnerabilities • reporting & notification
Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 7 What does “reporting & notification” mean? • Law Enforcement • State Attorneys General • Federal Agencies • FTC, SEC, HHS, etc. • Industry Groups • PCI, FINRA, FDIC • Credit Bureaus • Professional Vendors & Suppliers • Consumers
Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 8 Cost of a Data Breach! • In 2012 • $188.00 per lost record • $188.00 x “X” - $$$$$$$$
Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 9 Story Time • you were CEO of a world-wide company • breach impacting 110 million customers • $61 million in expenses alone • 10% discount to all shoppers • $5 million investment in cybersecurity coalition • offer “free” identity theft and credit monitoring to all affected customers • Net earnings down 34.28% • Earnings per share down 44.60% • Non-cash losses down 487.71% • US sales down 6.60% • Lawsuits, possible enforcement actions, who knows? • and then you learn …
Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 10 Have you ever heard of …
Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 11 Important Questions • Whose 110,000,000+ customers were furious? • Who spent $61 million in expenses? • Who gave a 10% discount to all shoppers? • Who gave $5 million to a cybersecurity coalition? • Who offered “free” identity theft and credit monitoring to all affected customers? • Whose net earnings are down 34.28%? • Whose earnings per share are down 44.60%? • Whose non-cash losses down 487.71%? • Whose US sales are down 6.60%? • Who is defending lawsuits, enforcement actions? • One more question …
Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 12 Allocating risk and mitigating risk by contract • Allocating risk • designate duties & responsibilities A party bears the risk when the agreement allocates the risk to that party. TEX. JUR. 3d Contracts § 123 • indemnify “An undertaking against loss or damage amounts to a guaranty of reimbursement on a payment by the indemnitee. With respect to a promise to indemnify against damages, a right to bring suit does not accrue until the indemnitee has suffered damage or injury by being compelled to pay the judgment or debt.” 14 TEX. JUR. 3d Contribution § 24 • Mitigating risk • require mandatory policies, procedures, and security standards for third parties
Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 13 But all are just contractual obligations • Look to you for relief, you must then go enforce your contractual remedies • Breach of Contract • Inability to perform • Unwillingness to perform • Efficient breach theory • Insolvency / bankruptcy • Cost of litigation to enforce
Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 14 The contractual obligations are important and needed • Show diligence and taking data security more serious than most • FTC – looking at 3rd party contracts • SEC – looking at policies and 3rd party contracts • Post-breach = helpful for attorneys general • But more is required
Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 15 Recent agency advisory statements • January 2014: SEC indicates that the new standard of care for companies may require policies in place for: 1. Prevention, detection, and response to cyber attacks and data breaches, 2. IT training focused on security, and 3. Vendor access to company systems and vendor due diligence. • January 31, 2014: GMR Transcription Svcs – FTC case – is requiring businesses to follow 3 steps when contracting with 3rd party service providers: 1. Investigate by exercising due diligence before hiring data service providers. 2. Obligate their data service providers to adhere to the appropriate level of data security protections through contractual agreements with provider. 3. Verify that the data service providers are adequately protecting data as required by the contractual standards.
Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 16 Key Takeaways • You are still liable for breaches caused by 3rd parties! • Contractual agreements are not a magic wand to make liability go away – you are still responsible but now have a remedy against the 3rd party • “Trust, but verify” = Audit! • Cyber Insurance
Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 17 Sun Tzu – The Art of War “In all fighting the direct method may be used for joining battle, but indirect methods will be needed to secure victory.” “You can be sure of succeeding in your attacks if you attack places which are not defended.” “The spot where we intend to fight must not be made known; for then the enemy will have to prepare against a possible attack at several different points; and his forces being thus distributed in many directions, the numbers we shall have to face at any given point will be proportionately few.”
Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 18 Trade Secrets Yes, Your Company Has Them and Needs to Protect Them!

Recomendados

The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud Summit
The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud SummitThe Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud Summit
The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud Summit
Shawn Tuma
 
Combating Cyber Fraud, Data Breaches & Corporate Espionage
Combating Cyber Fraud, Data Breaches & Corporate EspionageCombating Cyber Fraud, Data Breaches & Corporate Espionage
Combating Cyber Fraud, Data Breaches & Corporate Espionage
Shawn Tuma
 
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Shawn Tuma
 
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsCybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
Shawn Tuma
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Shawn Tuma
 
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
Shawn Tuma
 
Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to Know
Shawn Tuma
 
CS3: Cybersecurity Extortion & Fraud
CS3: Cybersecurity Extortion & FraudCS3: Cybersecurity Extortion & Fraud
CS3: Cybersecurity Extortion & Fraud
Paige Rasid
 

Recomendados

The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud Summit
The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud SummitThe Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud Summit
The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud Summit
Shawn Tuma
 
Combating Cyber Fraud, Data Breaches & Corporate Espionage
Combating Cyber Fraud, Data Breaches & Corporate EspionageCombating Cyber Fraud, Data Breaches & Corporate Espionage
Combating Cyber Fraud, Data Breaches & Corporate Espionage
Shawn Tuma
 
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Shawn Tuma
 
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsCybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
Shawn Tuma
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Shawn Tuma
 
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
Shawn Tuma
 
Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to Know
Shawn Tuma
 
CS3: Cybersecurity Extortion & Fraud
CS3: Cybersecurity Extortion & FraudCS3: Cybersecurity Extortion & Fraud
CS3: Cybersecurity Extortion & Fraud
Paige Rasid
 
Cybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The ConvergenceCybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The Convergence
Shawn Tuma
 
Legal Issues Impacting Data Center Owners, Operators & Users
Legal Issues Impacting Data Center Owners, Operators & UsersLegal Issues Impacting Data Center Owners, Operators & Users
Legal Issues Impacting Data Center Owners, Operators & Users
jyates
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Shawn Tuma
 
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Shawn Tuma
 
Cyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach ResponseCyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach Response
Shawn Tuma
 
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceCyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Statewide Insurance Brokers
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Paige Rasid
 
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsCyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Shawn Tuma
 
Overview and Update on the Computer Fraud and Abuse Act (CFAA) for the Data ...
Overview and Update on the Computer Fraud and Abuse Act (CFAA) for the Data ...Overview and Update on the Computer Fraud and Abuse Act (CFAA) for the Data ...
Overview and Update on the Computer Fraud and Abuse Act (CFAA) for the Data ...
Shawn Tuma
 
Computer Fraud and Abuse Act CLE - Dallas Bar Ass'n (8.22.11)
Computer Fraud and Abuse Act CLE - Dallas Bar Ass'n (8.22.11)Computer Fraud and Abuse Act CLE - Dallas Bar Ass'n (8.22.11)
Computer Fraud and Abuse Act CLE - Dallas Bar Ass'n (8.22.11)
Shawn Tuma
 
Government Notification of Data Breach
Government Notification of Data BreachGovernment Notification of Data Breach
Government Notification of Data Breach
Shawn Tuma
 
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Shawn Tuma
 
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionCybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Shawn Tuma
 
Hot Topics in Data Breach Litigation
Hot Topics in Data Breach LitigationHot Topics in Data Breach Litigation
Hot Topics in Data Breach Litigation
Bradley Arant Boult Cummings LLP
 
MA Privacy Law
MA Privacy LawMA Privacy Law
MA Privacy Law
travismd
 
Data Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident SimulationData Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident Simulation
Bradley Arant Boult Cummings LLP
 
The Evolving Computer Fraud and Abuse Act
The Evolving Computer Fraud and Abuse ActThe Evolving Computer Fraud and Abuse Act
The Evolving Computer Fraud and Abuse Act
Shawn Tuma
 
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the RiskPrivacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
duffeeandeitzen
 
Cloud Security Law Issues--an Overview
Cloud Security Law Issues--an OverviewCloud Security Law Issues--an Overview
Cloud Security Law Issues--an Overview
Michael C. Keeling, Esq.
 
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Shawn Tuma
 
Child labour
Child labourChild labour
Child labour
Pato_Ch
 
5 Weird Work Habits of Sucessful Writers
5 Weird Work Habits of Sucessful Writers5 Weird Work Habits of Sucessful Writers
5 Weird Work Habits of Sucessful Writers
wjbriggs
 

Más contenido relacionado

La actualidad más candente

Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Shawn Tuma
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Paige Rasid
 
Hot Topics in Data Breach Litigation
Hot Topics in Data Breach LitigationHot Topics in Data Breach Litigation
Hot Topics in Data Breach Litigation
Bradley Arant Boult Cummings LLP
 
MA Privacy Law
MA Privacy LawMA Privacy Law
MA Privacy Law
travismd
 
Data Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident SimulationData Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident Simulation
Bradley Arant Boult Cummings LLP
 

La actualidad más candente (20)

Cybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The ConvergenceCybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The Convergence
 
Legal Issues Impacting Data Center Owners, Operators & Users
Legal Issues Impacting Data Center Owners, Operators & UsersLegal Issues Impacting Data Center Owners, Operators & Users
Legal Issues Impacting Data Center Owners, Operators & Users
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
 
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
 
Cyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach ResponseCyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach Response
 
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceCyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
 
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsCyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
 
Overview and Update on the Computer Fraud and Abuse Act (CFAA) for the Data ...
Overview and Update on the Computer Fraud and Abuse Act (CFAA) for the Data ...Overview and Update on the Computer Fraud and Abuse Act (CFAA) for the Data ...
Overview and Update on the Computer Fraud and Abuse Act (CFAA) for the Data ...
 
Computer Fraud and Abuse Act CLE - Dallas Bar Ass'n (8.22.11)
Computer Fraud and Abuse Act CLE - Dallas Bar Ass'n (8.22.11)Computer Fraud and Abuse Act CLE - Dallas Bar Ass'n (8.22.11)
Computer Fraud and Abuse Act CLE - Dallas Bar Ass'n (8.22.11)
 
Government Notification of Data Breach
Government Notification of Data BreachGovernment Notification of Data Breach
Government Notification of Data Breach
 
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
 
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionCybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data Encryption
 
Hot Topics in Data Breach Litigation
Hot Topics in Data Breach LitigationHot Topics in Data Breach Litigation
Hot Topics in Data Breach Litigation
 
MA Privacy Law
MA Privacy LawMA Privacy Law
MA Privacy Law
 
Data Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident SimulationData Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident Simulation
 
The Evolving Computer Fraud and Abuse Act
The Evolving Computer Fraud and Abuse ActThe Evolving Computer Fraud and Abuse Act
The Evolving Computer Fraud and Abuse Act
 
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the RiskPrivacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
 
Cloud Security Law Issues--an Overview
Cloud Security Law Issues--an OverviewCloud Security Law Issues--an Overview
Cloud Security Law Issues--an Overview
 
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
 

Destacado

Hunting snake
Hunting snakeHunting snake
Hunting snake
Pato_Ch
 
Businesses favoured by the nazi regime
Businesses favoured by the nazi regimeBusinesses favoured by the nazi regime
Businesses favoured by the nazi regime
Pato_Ch
 
OSCON 2013 - Planning an OpenStack Cloud - Tom Fifield
OSCON 2013 - Planning an OpenStack Cloud - Tom FifieldOSCON 2013 - Planning an OpenStack Cloud - Tom Fifield
OSCON 2013 - Planning an OpenStack Cloud - Tom Fifield
OSCON Byrum
 

Destacado (7)

Child labour
Child labourChild labour
Child labour
 
5 Weird Work Habits of Sucessful Writers
5 Weird Work Habits of Sucessful Writers5 Weird Work Habits of Sucessful Writers
5 Weird Work Habits of Sucessful Writers
 
Hunting snake
Hunting snakeHunting snake
Hunting snake
 
Berlin wall
Berlin wallBerlin wall
Berlin wall
 
Businesses favoured by the nazi regime
Businesses favoured by the nazi regimeBusinesses favoured by the nazi regime
Businesses favoured by the nazi regime
 
US Patriot Act OSCON2012 David Mertz
US Patriot Act OSCON2012 David MertzUS Patriot Act OSCON2012 David Mertz
US Patriot Act OSCON2012 David Mertz
 
OSCON 2013 - Planning an OpenStack Cloud - Tom Fifield
OSCON 2013 - Planning an OpenStack Cloud - Tom FifieldOSCON 2013 - Planning an OpenStack Cloud - Tom Fifield
OSCON 2013 - Planning an OpenStack Cloud - Tom Fifield
 

Similar a Digital Information Law & Your Business - The Alternative Board

Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Shawn Tuma
 
Cyber security legal and regulatory environment - Executive Discussion
Cyber security legal and regulatory environment - Executive DiscussionCyber security legal and regulatory environment - Executive Discussion
Cyber security legal and regulatory environment - Executive Discussion
Joe Nathans
 
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceCorporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Financial Poise
 
Data Privacy Compliance
Data Privacy ComplianceData Privacy Compliance
Data Privacy Compliance
Financial Poise
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Financial Poise
 
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
Shawn Tuma
 
Legal Issues Impacting Data Center Owners, Operators and Users
Legal Issues Impacting Data Center Owners, Operators and UsersLegal Issues Impacting Data Center Owners, Operators and Users
Legal Issues Impacting Data Center Owners, Operators and Users
MMMTechLaw
 

Similar a Digital Information Law & Your Business - The Alternative Board (20)

Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
 
Cybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowCybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to Know
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006
 
Cyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation IndustryCyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation Industry
 
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
 
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
 
Recovering from a Cyber Attack
Recovering from a Cyber AttackRecovering from a Cyber Attack
Recovering from a Cyber Attack
 
2015 LOMA Conference - Third party risk management - Session 20
2015 LOMA Conference - Third party risk management - Session 202015 LOMA Conference - Third party risk management - Session 20
2015 LOMA Conference - Third party risk management - Session 20
 
The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers
 
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
 
The Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityThe Changing Landscape of Cyber Liability
The Changing Landscape of Cyber Liability
 
Cybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law FirmCybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law Firm
 
Cyber security legal and regulatory environment - Executive Discussion
Cyber security legal and regulatory environment - Executive DiscussionCyber security legal and regulatory environment - Executive Discussion
Cyber security legal and regulatory environment - Executive Discussion
 
Cybersecurity & Data Protection: Thinking About Risk & Compliance
Cybersecurity & Data Protection: Thinking About Risk & ComplianceCybersecurity & Data Protection: Thinking About Risk & Compliance
Cybersecurity & Data Protection: Thinking About Risk & Compliance
 
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceCorporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
 
Data Privacy Compliance
Data Privacy ComplianceData Privacy Compliance
Data Privacy Compliance
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
 
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
 
Legal Issues Impacting Data Center Owners, Operators and Users
Legal Issues Impacting Data Center Owners, Operators and UsersLegal Issues Impacting Data Center Owners, Operators and Users
Legal Issues Impacting Data Center Owners, Operators and Users
 
Cyber Insurance CLE
Cyber Insurance CLE Cyber Insurance CLE
Cyber Insurance CLE
 

Más de Shawn Tuma

Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Shawn Tuma
 
Cyber Incident Response Checklist
Cyber Incident Response ChecklistCyber Incident Response Checklist
Cyber Incident Response Checklist
Shawn Tuma
 
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Shawn Tuma
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Shawn Tuma
 

Más de Shawn Tuma (20)

Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
 
The Dark Side of Digital Engagement
The Dark Side of Digital EngagementThe Dark Side of Digital Engagement
The Dark Side of Digital Engagement
 
Incident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware AttackIncident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware Attack
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
 
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
 
The Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data BreachThe Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data Breach
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
 
Lawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for CybersecurityLawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for Cybersecurity
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
 
Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should Include
 
Cyber Hygiene Checklist
Cyber Hygiene ChecklistCyber Hygiene Checklist
Cyber Hygiene Checklist
 
Cyber Incident Response Checklist
Cyber Incident Response ChecklistCyber Incident Response Checklist
Cyber Incident Response Checklist
 
Cybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and ClientsCybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and Clients
 
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
 
Something is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid ThemSomething is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid Them
 
Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)
 
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
 
Cybersecurity Update
Cybersecurity UpdateCybersecurity Update
Cybersecurity Update
 

Último

Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxxAudience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
MollyBrown86
 
Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...
Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...
Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
Appeal and Revision in Income Tax Act.pdf
Appeal and Revision in Income Tax Act.pdfAppeal and Revision in Income Tax Act.pdf
Appeal and Revision in Income Tax Act.pdf
PoojaGadiya1
 
PowerPoint - Legal Citation Form 1 - Case Law.pptx
PowerPoint - Legal Citation Form 1 - Case Law.pptxPowerPoint - Legal Citation Form 1 - Case Law.pptx
PowerPoint - Legal Citation Form 1 - Case Law.pptx
ca2or2tx
 
CAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsCAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction Fails
Aurora Consulting
 
The Active Management Value Ratio: The New Science of Benchmarking Investment...
The Active Management Value Ratio: The New Science of Benchmarking Investment...The Active Management Value Ratio: The New Science of Benchmarking Investment...
The Active Management Value Ratio: The New Science of Benchmarking Investment...
James Watkins, III JD CFP®
 

Último (20)

Presentation on Corporate SOCIAL RESPONSIBILITY- PPT.pptx
Presentation on Corporate SOCIAL RESPONSIBILITY- PPT.pptxPresentation on Corporate SOCIAL RESPONSIBILITY- PPT.pptx
Presentation on Corporate SOCIAL RESPONSIBILITY- PPT.pptx
 
Human Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptxHuman Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptx
 
THE FACTORIES ACT,1948 (2).pptx labour
THE FACTORIES ACT,1948 (2).pptx labourTHE FACTORIES ACT,1948 (2).pptx labour
THE FACTORIES ACT,1948 (2).pptx labour
 
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation StrategySmarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
 
KEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptx
KEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptxKEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptx
KEY NOTE- IBC(INSOLVENCY & BANKRUPTCY CODE) DESIGN- PPT.pptx
 
IBC (Insolvency and Bankruptcy Code 2016)-IOD - PPT.pptx
IBC (Insolvency and Bankruptcy Code 2016)-IOD - PPT.pptxIBC (Insolvency and Bankruptcy Code 2016)-IOD - PPT.pptx
IBC (Insolvency and Bankruptcy Code 2016)-IOD - PPT.pptx
 
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxxAudience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
pnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptx
pnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptxpnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptx
pnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptx
 
Chp 1- Contract and its kinds-business law .ppt
Chp 1- Contract and its kinds-business law .pptChp 1- Contract and its kinds-business law .ppt
Chp 1- Contract and its kinds-business law .ppt
 
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
 
Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...
Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...
Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...
 
Appeal and Revision in Income Tax Act.pdf
Appeal and Revision in Income Tax Act.pdfAppeal and Revision in Income Tax Act.pdf
Appeal and Revision in Income Tax Act.pdf
 
Performance of contract-1 law presentation
Performance of contract-1 law presentationPerformance of contract-1 law presentation
Performance of contract-1 law presentation
 
PowerPoint - Legal Citation Form 1 - Case Law.pptx
PowerPoint - Legal Citation Form 1 - Case Law.pptxPowerPoint - Legal Citation Form 1 - Case Law.pptx
PowerPoint - Legal Citation Form 1 - Case Law.pptx
 
The doctrine of harmonious construction under Interpretation of statute
The doctrine of harmonious construction under Interpretation of statuteThe doctrine of harmonious construction under Interpretation of statute
The doctrine of harmonious construction under Interpretation of statute
 
CAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsCAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction Fails
 
MOCK GENERAL MEETINGS (SS-2)- PPT- Part 2.pptx
MOCK GENERAL MEETINGS (SS-2)- PPT- Part 2.pptxMOCK GENERAL MEETINGS (SS-2)- PPT- Part 2.pptx
MOCK GENERAL MEETINGS (SS-2)- PPT- Part 2.pptx
 
The Active Management Value Ratio: The New Science of Benchmarking Investment...
The Active Management Value Ratio: The New Science of Benchmarking Investment...The Active Management Value Ratio: The New Science of Benchmarking Investment...
The Active Management Value Ratio: The New Science of Benchmarking Investment...
 
PPT- Voluntary Liquidation (Under section 59).pptx
PPT- Voluntary Liquidation (Under section 59).pptxPPT- Voluntary Liquidation (Under section 59).pptx
PPT- Voluntary Liquidation (Under section 59).pptx
 
Clarifying Land Donation Issues Memo for
Clarifying Land Donation Issues Memo forClarifying Land Donation Issues Memo for
Clarifying Land Donation Issues Memo for
 

Digital Information Law & Your Business - The Alternative Board

  • 1. Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 1 Digital Information Law & Your Business Shawn Tuma, Partner BrittonTuma 469.635.1335 stuma@brittontuma.com @shawnetuma blog: shawnetuma.com web: brittontuma.com Shawn Tuma is a lawyer whose practice is focused on cutting-edge cyber and information law and includes issues like helping businesses defend their data and intellectual property against computer fraud, data breaches, hacking, corporate espionage, and insider theft. Shawn stays very active in the cyber and information law communities:  Chair, Collin County Bar Association Civil Litigation & Appellate Law Section  Best Lawyers in Dallas, D Magazine  College of the State Bar of Texas  Privacy and Data Security Committee of the State Bar of Texas  Computer and Technology, Litigation, Intellectual Property Law, and Business Sections of the State Bar of Texas  Information Security Committee of the Section on Science & Technology Committee of the American Bar Association  Social Media Committee of the American Bar Association  North Texas Crime Commission, Cybercrime Committee  International Association of Privacy Professionals The information provided is for educational purposes only, does not constitute legal advice, and no attorney-client relationship is created by this presentation.
  • 2. Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 2 Social Media Using It To Grow Your Business
  • 3. Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 3 Data Security & Data Breaches Your Company’s Biggest Threat
  • 4. Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 4 “Authority” Governing Data Breach • Laws • Types • Common Law (courts) • Statutory Law (legislatures) • Sources • International • Federal • State • Local • Agency Rules & Regulations • Industry Standards
  • 5. Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 5 What do these sources of “Authority” have in common? • Tell you what must be done following a breach. • Can you guess who “you” is? • “You” is the entity breached.
  • 6. Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 6 What do you have to do following a data breach? • Execute Breach Response Plan • General Steps • contact attorney (privilege) • assemble your Response Team • contact forensics • contact notification vendor • investigate breach • remediate responsible vulnerabilities • reporting & notification
  • 7. Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 7 What does “reporting & notification” mean? • Law Enforcement • State Attorneys General • Federal Agencies • FTC, SEC, HHS, etc. • Industry Groups • PCI, FINRA, FDIC • Credit Bureaus • Professional Vendors & Suppliers • Consumers
  • 8. Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 8 Cost of a Data Breach! • In 2012 • $188.00 per lost record • $188.00 x “X” - $$$$$$$$
  • 9. Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 9 Story Time • you were CEO of a world-wide company • breach impacting 110 million customers • $61 million in expenses alone • 10% discount to all shoppers • $5 million investment in cybersecurity coalition • offer “free” identity theft and credit monitoring to all affected customers • Net earnings down 34.28% • Earnings per share down 44.60% • Non-cash losses down 487.71% • US sales down 6.60% • Lawsuits, possible enforcement actions, who knows? • and then you learn …
  • 10. Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 10 Have you ever heard of …
  • 11. Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 11 Important Questions • Whose 110,000,000+ customers were furious? • Who spent $61 million in expenses? • Who gave a 10% discount to all shoppers? • Who gave $5 million to a cybersecurity coalition? • Who offered “free” identity theft and credit monitoring to all affected customers? • Whose net earnings are down 34.28%? • Whose earnings per share are down 44.60%? • Whose non-cash losses down 487.71%? • Whose US sales are down 6.60%? • Who is defending lawsuits, enforcement actions? • One more question …
  • 12. Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 12 Allocating risk and mitigating risk by contract • Allocating risk • designate duties & responsibilities A party bears the risk when the agreement allocates the risk to that party. TEX. JUR. 3d Contracts § 123 • indemnify “An undertaking against loss or damage amounts to a guaranty of reimbursement on a payment by the indemnitee. With respect to a promise to indemnify against damages, a right to bring suit does not accrue until the indemnitee has suffered damage or injury by being compelled to pay the judgment or debt.” 14 TEX. JUR. 3d Contribution § 24 • Mitigating risk • require mandatory policies, procedures, and security standards for third parties
  • 13. Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 13 But all are just contractual obligations • Look to you for relief, you must then go enforce your contractual remedies • Breach of Contract • Inability to perform • Unwillingness to perform • Efficient breach theory • Insolvency / bankruptcy • Cost of litigation to enforce
  • 14. Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 14 The contractual obligations are important and needed • Show diligence and taking data security more serious than most • FTC – looking at 3rd party contracts • SEC – looking at policies and 3rd party contracts • Post-breach = helpful for attorneys general • But more is required
  • 15. Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 15 Recent agency advisory statements • January 2014: SEC indicates that the new standard of care for companies may require policies in place for: 1. Prevention, detection, and response to cyber attacks and data breaches, 2. IT training focused on security, and 3. Vendor access to company systems and vendor due diligence. • January 31, 2014: GMR Transcription Svcs – FTC case – is requiring businesses to follow 3 steps when contracting with 3rd party service providers: 1. Investigate by exercising due diligence before hiring data service providers. 2. Obligate their data service providers to adhere to the appropriate level of data security protections through contractual agreements with provider. 3. Verify that the data service providers are adequately protecting data as required by the contractual standards.
  • 16. Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 16 Key Takeaways • You are still liable for breaches caused by 3rd parties! • Contractual agreements are not a magic wand to make liability go away – you are still responsible but now have a remedy against the 3rd party • “Trust, but verify” = Audit! • Cyber Insurance
  • 17. Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 17 Sun Tzu – The Art of War “In all fighting the direct method may be used for joining battle, but indirect methods will be needed to secure victory.” “You can be sure of succeeding in your attacks if you attack places which are not defended.” “The spot where we intend to fight must not be made known; for then the enemy will have to prepare against a possible attack at several different points; and his forces being thus distributed in many directions, the numbers we shall have to face at any given point will be proportionately few.”
  • 18. Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 18 Trade Secrets Yes, Your Company Has Them and Needs to Protect Them!