Presentation is loading. Please wait.

Presentation is loading. Please wait.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

Published byBlaine Eves Modified over 9 years ago

Similar presentations

Presentation on theme: "IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall."— Presentation transcript:

1 IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall 2014 CLE

2 Big Data: Risk Reduction 1. Contract & Transactional 2. Data Liability Issues 3. International Issues 4. Can Insurance Help? 5. Best Practices

3 Review ALL Contracts that underlie a data transaction Identify issues regarding disclosure of data and regulatory compliance Information about warranties Accuracy & Completeness of data Compliance with Privacy policies & expectations Indemnification Protection against breaches and contract terms IP Infringement Customer issues & Confidentiality Cross-indemnification only when makes sense Breach, downtime, loss, recovery Contract & Transactional-1

4 Service Levels Scalability Pricing & Licensing Renewal Who is responsible for breaches? Request Tech E&O, plus Privacy/Network Coverage Breach could occur without “wrongful act” being committed Other Vendors that transport, touch, interact with your systems or sensitive information Contract & Transactional-2

5 Provider’s right to subcontract? If so, Flow Down & regs. Risks and costs fairly allocated Termination How does contract end? What happens to the data? Disengagement assistance Can the data be combined or transferred to another platform? Who is responsible for security of data after termination? Contract & Transactional-3

6 Engage in careful contracting: preserve control, reduce risk of disclosure assign security obligations and enforcement costs – Affirmatively deny consent to interception or disclosure of data conveyed by/through Cloud provider to governments or litigants – Require notification of breach/disclosures/requests for data – Deny access unless specifically authorized in advance or compelled by law (in which case notification is requested) – Require maximum possible resistance to disclosure – Determine access controls and encryption protocols Contract & Transactional-4

7 Where will the data be stored and backed up? Who can access it? Adequate security controls and audits in place? Absolute right to get the data back without conditions? Can provider use or access the company’s data? Do third parties have access to the data? Control of Data: Does control change as data moves? Disclosure and/or consent? Privacy policies in place, agreed to and meet regulations? Data Liability Issues

8 Whose insurance covers damages & stat. requirements? Cyber Policy coverage examples Privacy Expenses Network Security and Internet Media Liability Network Business Interruption and Restoration Costs Cyber Extortion Liability Coverage: Privacy, Network Security, Media, IP & Content Liability, Technology Services Data Breach Expense: PR, investigation, notification, credit monitoring costs, fines, penalties Direct Coverage: Revenue Loss, Reconstruction, Extortion Costs Can Insurance Help-Yes

9 DATA MAY NOT BE ALLOWED TO CROSS BORDERS! Not for storage, Not for analysis Not for sharing with the Main Office or Subsidiaries EU Requirements-Directives 95/46/EC and Directive 2002/58/EC Must maintain accuracy of the data Destroy the data when specific purpose is over Give subjects access to the data Disclose with whom the data is shared Keep data secure from unlawful processing New regulations being considered International Issues

10 Maintain a Risk Transfer Instrument Have a Background Screening Program for new hires & vendors Pre-Arrange a Breach Service Provider, Outside Counsel and PR Advisor with all specializing in Breach Crisis Management Encrypt everything Develop an Incident Response Plan with Internal Staff, Outside Counsel, PR Advisor, Breach Service Provider Conduct annual Risk Assessments and Tabletop Exercises. Hold an internal “Privacy Summit” to identify vulnerabilities Compliance and Privacy, HR, Legal, IT, C-level representation (CFO), Physical Security / Facilities – “Technology, Processes and People.” Stay current with state disclosure laws, federal regulations, foreign requirements and updates Best Practices

11 Know what personal information company has Know where the personal information is Understand how the data is managed Determine retention requirements Develop policies Involve key players Get rid of unused or unnecessary personal information Train employees regarding privacy policy and personal info Audit Policy compliance Conduct a risk assessment 10 Steps to Protect Company

12 Summary: Risk Reduction 1. Contract & Transactional 3. Data Liability Issues 4. International Issues 5. Can Insurance Help? 6. Best Practices

13 QUESTIONS Now or Later Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall 2014 CLE

14

Download ppt "IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall."

Similar presentations

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.
©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.

©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.
Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.

Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.
The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.

The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.
Identity Theft & Data Security Concerns Are You Meeting Your Obligations to Protect Customer Information? Finance & Administration Roundtable February.

Identity Theft & Data Security Concerns Are You Meeting Your Obligations to Protect Customer Information? Finance & Administration Roundtable February.
1 Credit card operation and the recent CardSystems incident HONG KONG MONETARY AUTHORITY 4 July 2005.

1 Credit card operation and the recent CardSystems incident HONG KONG MONETARY AUTHORITY 4 July 2005.
Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.

Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.
PRIVACY RISK MANAGEMENT AND INSURANCE Or September 2012.

PRIVACY RISK MANAGEMENT AND INSURANCE Or September 2012.
Presented by: Jamie Orye, JD, RPLU Beazley Group Pennsylvania Association of Mutual Insurance Companies Annual Spring Conference March 12, 2015.

Presented by: Jamie Orye, JD, RPLU Beazley Group Pennsylvania Association of Mutual Insurance Companies Annual Spring Conference March 12, 2015.
Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.

Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.
Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.

Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.

Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.
Electronic Records Management: What Management Needs to Know May 2009.

Electronic Records Management: What Management Needs to Know May 2009.
WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, 2013 11:30 am – 12:30 pm.

WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.
THE CLOUD Risks and Benefits from the Business, Legal and Technology Perspective September 11, 2013 KEVIN M. LEVY, ESQ. GUNSTER YOAKLEY.

THE CLOUD Risks and Benefits from the Business, Legal and Technology Perspective September 11, 2013 KEVIN M. LEVY, ESQ. GUNSTER YOAKLEY.
Data Security: Steps to Improved Information Security September 22, 2015 Presented by: Alex Henderson General Counsel and Chief Administrative Officer.

Data Security: Steps to Improved Information Security September 22, 2015 Presented by: Alex Henderson General Counsel and Chief Administrative Officer.
© Copyright 2011, Vorys, Sater, Seymour and Pease LLP. All Rights Reserved. Higher standards make better lawyers. ® CISO Executive Network Executive Breakfast.

© Copyright 2011, Vorys, Sater, Seymour and Pease LLP. All Rights Reserved. Higher standards make better lawyers. ® CISO Executive Network Executive Breakfast.

Similar presentations

Ads by Google