Presentation is loading. Please wait.

Presentation is loading. Please wait.

Powered by SmartPros Powered by: SmartPros Title Slide ADP LUNCH & LEARN CPE PROGRAM Protecting Your Data Is More than a Good Idea - It's the Law Authored.

Similar presentations


Presentation on theme: "Powered by SmartPros Powered by: SmartPros Title Slide ADP LUNCH & LEARN CPE PROGRAM Protecting Your Data Is More than a Good Idea - It's the Law Authored."— Presentation transcript:

1 Powered by SmartPros Powered by: SmartPros Title Slide ADP LUNCH & LEARN CPE PROGRAM Protecting Your Data Is More than a Good Idea - It's the Law Authored and adapted for CPE accreditation by SmartPros Ltd. (www.smartpros.com)www.smartpros.com Powered by: The ADP Logo is a registered trademark of ADP of North America, Inc. V.1109a

2 Powered by SmartPros Powered by: SmartPros Todays Agenda CPE Presentation Short Group Discussion Review of Program Reference Material Review Instructions to Complete Course on ADPs Accountant Web site 2

3 Powered by SmartPros Powered by: SmartPros Course Overview & Objectives Overview: CPAs collect and retain confidential data about their clients businesses. Today well discuss the serious nature of possessing such data and the legal requirements to protect it. This issue is also extremely important to your clients. As their most trusted business advisor, you are in a position to help your clients audit their businesses to insure both their well-being and their compliance. Objectives: Upon completing this segment, you will be able to: Explain why companies need to protect their confidential data Identify strategies for minimizing the loss of proprietary information Advise your clients on the importance and need to protect their data 3

4 Powered by SmartPros Powered by: SmartPros To Consider… Companies are reluctant to put these data protection issues on the front burner. They are reluctant because you are asking them to expose security flaws. I am telling clients: Look at ChoicePoint; look at MasterCard; look at the headlines on The New York Times. If you can picture yourself on the front page of The New York Times with a massive data security breach, and if you can picture how you will feel on that day, you will likely put that issue on the front burner for your company. William Heller Expert SmartPros Commentator William Heller is the chair of the intellectual property and information technology law group at the firm of McCarter and English, where he helps businesses protect their data and intangible property 4

5 Powered by SmartPros Powered by: SmartPros Discussion Questions: 1. Have you recently considered, or discussed with your clients, compliance issues involved with protecting confidential data? 2. If so, have you encountered the type of reluctance noted by the commentator, or are you or your clients putting this issue, as the commentator recommends, on the front burner? 5

6 Powered by SmartPros Powered by: SmartPros I. Corporate Security Background Modern technology provides obvious benefits to the way we conduct business today. For example: It leads to better, more cost-effective communication. It creates more efficiency in everyday business process. It can reduce the cost to produce products and services. It gives us new ways to distribute products and services. 6

7 Powered by SmartPros Powered by: SmartPros I. Corporate Security Background Modern technology creates new security issues, such as: Increased opportunity for white-collar and cyber crime. Cell phones provide undetected communications. Cheap micro-technology for spying and copying data. Increase of data stored on larger computer networks with more access points. The ability to take work home on a laptop. 7

8 Powered by SmartPros Powered by: SmartPros I. Corporate Security Background Organizations must be aware that: Home-based access to corporate data systems is a common weak point. Lack of formalized monitoring of network and data access is extremely dangerous. Expert advice and security measures are typically essential at some point, even in small businesses. KEY POINT: It is important to note that most computer fraud is NOT committed by outsider hackers. Most computer fraud is actually committed from within the organization. 8

9 Powered by SmartPros Powered by: SmartPros I. Corporate Security Background Corporate data responsibilities are dictated by: Internal control requirements of Sarbanes- Oxley. Federal law like the Computer Fraud and Abuse Act (CFAA). State statutes on privacy protection. Common law negligence doctrine. 9

10 Powered by SmartPros Powered by: SmartPros II. Data Theft and Security As noted, most data theft comes from inside an organization. Higher risk situations include: Disgruntled employees. Pending adverse employment actions. Employees terminating employment, but still have access to critical data. KEY POINT: IT, HR, Finance and Compliance/Legal departments in a company need to work together to implement very defined protocols in dealing with these higher-risk employment situations. 10

11 Powered by SmartPros Powered by: SmartPros II. Data Theft and Security There is also considerable risk in providing database access to: Suppliers Distributors Customers Dealers Salespeople Producers KEY POINT: It is essential that contracts with third-party providers are designed to hold them responsible for protecting the data and confidentiality of that data prior to accessing it. 11

12 Powered by SmartPros Powered by: SmartPros II. Data Theft and Security Temporary workers and contractors: Often have access to confidential data sources. Should sign non-disclosure and confidentiality agreements. Should be provided with a written definition of the type and scope of data they can access. KEY POINT: Temporary workers often leave with the experience you gave them -- and use that experience to get jobs with your competitors! 12

13 Powered by SmartPros Powered by: SmartPros II. Data Theft and Security Outsourcing dangers: Ask yourself these questions when weighing risk/reward: Are you allowing third-parties to host your proprietary data or intellectual property on their network? If so, how secure is it? Do THEY use temporary or outsourced labor? What employment/work-for-hire contracts are their labor force bound by? What laws (especially when outsourcing to foreign countries) and enforcement options are in place to protect you? 13

14 Powered by SmartPros Powered by: SmartPros II. Data Theft and Security To protect your data assets, you should: First, define your assets. Audit data flows and intellectual property assets. Ask who, what, where, when, and why with respect to access and control of all major data and IP assets. Establish protocols for data access. Second, review agreements with: Employees, contractor workers and outsourced vendors. KEY POINT: As noted, this process often involves coordination between IT, HR, Finance, and Compliance/Legal teams. 14

15 Powered by SmartPros Powered by: SmartPros II. Data Theft and Security Computer Fraud and Abuse Act (CFAA) Legislation was originally passed by Congress in Amended in 94, 95, and again in 2001 as part of the Patriot Act. In general, it prohibits accessing computer systems without authorization. It also says that it is against the law to exceed authorized access. KEY POINT: Just because an employee has physical access to the data, doesnt mean they have authorized access to it. 15

16 Powered by SmartPros Powered by: SmartPros II. Data Theft and Security Inform employees what their "authorized" access is. Define, in writing, both the nature and scope of authorized access. KEY POINT: Written agreements, specifically those that go beyond general confidentiality agreements, go a long way in empowering a company to pursue employees in cases of intellectual property or data theft. This in itself creates a proactive deterrent against unauthorized access. 16

17 Powered by SmartPros Powered by: SmartPros III. State Identity Theft Statutes California as an example: To protect consumers personal information, the California state legislature has already enacted more than a dozen laws regulating how businesses and other organizations that collect personal information on California residents must manage private data. There are nearly two dozen states with similar statutes. KEY POINT: Laws of other states potentially effect you if you have customers that live in that state and you store their personal data! 17

18 Powered by SmartPros Powered by: SmartPros III. State Identity Theft Statutes Corporate negligence & liability It is assumed that companies know about personal data security and therefore assume responsibility to protect it. You are negligent if you breach that duty. Companies who experience a breach often bare the burden of investigation as law enforcement doesnt have the resources. NOTE OF INTEREST: This is currently a hot topic for finance executives and risk managers. 18

19 Powered by SmartPros Powered by: SmartPros III. State Identity Theft Statutes Unauthorized access to personal information generally requires notification to: Law enforcement officials. Each state is different: Might be state police, the state attorney general, or some specialized office. Timing requirements also vary by state. Individuals whose personal information may have been accessed. KEY POINT: Depending on the number of individuals exposed, some statutes also require notification to credit reporting agencies. 19

20 Powered by SmartPros Powered by: SmartPros IV. Internal Controls Sarbanes-Oxley is relevant to data and intellectual property security. It fits with the general requirement to maintain adequate internal controls and to safeguard a company's confidential information. Some companies appoint oversight with the corporate compliance officer and in some cases appoint a data security officer. 20

21 Powered by SmartPros Powered by: SmartPros Summary of Todays Presentation Today we discussed: The impact of modern technology and the need to consider both its benefits and the inherent risks. The fact that most data and IP theft comes from within an organization, including its employees, contractors and vendors. IT, HR, Finance, and Compliance/Legal all have a duty to work together to create and enforce solid protocols. Outsourcing creates additional risk opportunity and it needs to be proactively managed. 21

22 Powered by SmartPros Powered by: SmartPros Summary of Todays Presentation Continued: There are both federal and state statutes that effect your responsibilities to protect personal data, and that even if your state does not have statutes, you may be bound if you have clients in states that do. You are also at risk by wide-reaching negligence liability laws. Internal controls and protocols to protect both data and intellectual property are a must. And, as your business clients most trusted advisor, there is an opportunity for you to make sure this topic stays on the front burner. 22

23 Powered by SmartPros Powered by: SmartPros Discussion Questions 1. To what extent does your organization currently protect its confidential information? Whose responsibility is it? 23

24 Powered by SmartPros Powered by: SmartPros Discussion Questions 2. Many companies are being urged to disclose more information to shareholders and other stakeholders. To what extent does the protection of business data run counter to the objective of transparency? 24

25 Powered by SmartPros Powered by: SmartPros Discussion Questions 3. What is the relationship between the corporate finance function and security? How does it work at your organization? What could improve the situation? 25

26 Powered by SmartPros Powered by: SmartPros Discussion Questions 4. What steps could be taken by your organization to minimize the possibility of computer fraud? 26

27 Powered by SmartPros Powered by: SmartPros Discussion Questions 5. What would you do if you suspected that computer fraud was occurring, or had occurred, at your organization? 27

28 Powered by SmartPros Powered by: SmartPros Next Steps Review Handout Material for Additional Content Information Review CPE Card Access CPE Certificate by Completing Online Components Through Thank you 28


Download ppt "Powered by SmartPros Powered by: SmartPros Title Slide ADP LUNCH & LEARN CPE PROGRAM Protecting Your Data Is More than a Good Idea - It's the Law Authored."

Similar presentations


Ads by Google