Financial Times 2012-2015 Matheson is ranked in the FT’s top 10 European law firms 2015. Matheson has also been commended by the FT for corporate law,

Slides:

Advertisements

Similar presentations

Data Security Breach Code of Practice. Data Security Concerns Exponential growth in personal data holdings Increased outsourcing 3 rd countries cloud.

Advertisements

The Compliance & Risk Functions In Credit Unions What Supervisors need to know? Michael Mullen ILCU Learning Advisor.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

K eep I t C onfidential Prepared by: Security Architecture Collaboration Team.

20 th March 2013 – Association of Irish Risk Management Mitigating Risk through effective Grievance & Disciplinary Procedures Gillian Knight, FCIPD, MSc.

Corporate Governance Reform Professor Blanaid Clarke Trinity College Dublin Law Reform Commission Annual Conference 11th December 2012.

Data Protection Information Management / Jody McKenzie.

The Data Protection (Jersey) Law 2005.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Transparency in Public Administration – FOI and EIR

Chapter 2 Modern Private Security

Discussion Forum Bridge Consulting 9 November 2012.

Safe Working Practices - Contents

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

General Awareness Training

Data Protection in Financial Services Are you Seeing the Bigger Picture? 17 September 2008.

WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.

Finance and Governance Workshop Data Protection and Information Management 10 June 2014.

Presentation to Senior Management MiFID for Senior Managers Introduction These slides introduce the big changes for senior management from MiFID.

ENCRYPTION Team 2.0 Pamela Dornan, Thomas Malone, David Kotar, Nayan Thakker, and Eddie Gallon.

Information Management in FSS: A Legal Perspective Paul Hinton Ian Mason Barlow Lyde & Gilbert LLP 17 September 2009.

© MISHCON DE REYA MAY 2014 RECRUITMENT INTERNATIONAL FINANCIAL DIRECTORS’ FORUM Protecting your business from unlawful competition.

Information Commissioner’s Office Sheila Logan Operations and Policy Manager Information Commissioner’s Office Business Matters 20 May 2008.

℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.

FIRMA April 2010 DATA BREACHES & PRIVACY Christine M. Farquhar Managing Director, Compliance J.P. Morgan U.S. Private Banking.

Session 7 Compliance failure policy. 1 Contents Part 1: COLP and COFA duties Part 2: What do we have to comply with and why does it matter? Part 3: Compliance.

Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009.

Engineering and Management of Secure Computer Networks School of Engineering © Steve Woodhead 2009 Corporate Governance and Information Security (InfoSec)

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Chapter 8 Auditing in an E-commerce Environment

Session 13 Cyber-security and cybercrime. Contents  What’s the issue?  Why should we care?  What are the risks?  How do they do it?  How do we protect.

Legal framework Look at the legal compliance and framework a business is subject to.

Breakaway Session 2: Data Protection and The Role of the Data Protection Supervisor Michael Mingle Director, NTSS Solutions (UK) D ATA P ROTECTION C ONFERENCE.

Session 12 Information management and security. 1 Contents Part 1: Introduction Part 2: Legal and regulatory responsibilities Part 3: Our Procedures Part.

CMG Events 2016 Cybersecurity Briefing 24 February 2016 John Magee William Fry.

CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)

Friday 22nd April 2016 DS Chris Greatorex SEROCU

Information Sharing & Corporate Governance Dave Parsons, Information Governance Manager, City of Cardiff Council.

Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.

Data protection—training materials [Name and details of speaker]

External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.

HOW TO AVOID COMMON DATA BREACH PITFALLS IAPP Privacy Academy 2014.

1 Vereniging van Compliance Officers The Compliance Function in Banks Amsterdam, 10 June 2004 Marc Pickeur CBFA CBFA.

Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.

Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.

-1- WORKSHOP ON DATA PROTECTION AND DATA TRANSFERS TO THIRD COUNTRIES Technical and organizational security measures Skopje, 16 May - 17 May 2011 María.

Welcome to the ICT Department Unit 3_5 Security Policies.

Canada’s Breach Reporting Law What you need to know Timothy M. Banks, CIPP/C Dentons Canada LLP July 21, 2015.

Data Protection Officer’s Overview of the GDPR

Chapter 2 Modern Private Security

General Data Protection Regulations: what you really need to know

General Data Protection Regulation

The European Union General Data Protection Regulation (GDPR)

INTRODUCTION TO GDPR 19/09/2018.

Privacy Breach Response and Reporting

General Data Protection Regulation

Reporting personal data breaches to the ICO

DATA BREACHES & PRIVACY Christine M

IMPLICATIONS OF GDPR ROBERT BELL.

General Data Protection Regulations 2018

Mandatory Breach Reporting (isn’t *that* bad)

Business Compromise and Cyber Threat

Fines, Sanctions and Compensation The teeth in the GDPR & Data Protection Act 2018 by Simon McGarr, CIPP/E Data Compliance Europe.

Neopay Practical Guides #2 PSD2 (Should I be worried?)

Upcoming PIPEDA Changes

General Data Protection Regulation “11 months in”

Anatomy of a Common Cyber Attack

Presentation transcript:

Financial Times Matheson is ranked in the FT’s top 10 European law firms Matheson has also been commended by the FT for corporate law, finance law, dispute resolution and corporate strategy. Irish Transfer Pricing Firm of the Year 2015 International Tax Review European Law Firm of the Year 2015 Hedge Fund Journal Law Firm of the Year 2014 Irish Pensions Awards Cybercrime and Cyber Risks: Regulatory and Legislative Requirements for Credit Unions Anne-Marie Bohan, Partner 26 January 2016

Cybersecurity Threats  Criminal activity:  “traditional” crime eg, theft, fraud  electronic crime eg, phishing, malware  foreign government activity / espionage  Internal risks:  deliberate acts  inadvertent breaches 2

Cybersecurity Incidents  National Lottery DDOS – 20 January 2016  Loyaltybuild – SuperValue and Axa  Ashley Madison  Sony 3

Cybersecurity Incidents  Car / bag theft  Unsecured servers  Employees leaving  Personal  Misdirected correspondence 4

Cybersecurity – Some Statistics  Irish Computer Society National Survey  55% suffered 1 or more breaches in last 12 months  82% caused by staff mistake or negligence  45% biggest fear is staff negligence  16% biggest fear is malicious staff  34% have fully implemented policies  37% not confident staff know procedures  58% unaware of sanctions or think there are none 5

Cybersecurity – Direct Damage  Damage to property / earnings  Damage to reputation / trust  Damage to customers 6

Cybersecurity – Consequential Claims  Contractual breach  Common law and equity  Legislative breach  Regulatory breach  Damages / administrative sanctions 7

Data Protection Acts 1988 and 2003  Appropriate security measures  No mandated standard  May consider state and costs of technological developments  Must ensure level appropriate of nature of data and harm that might result  “Sensitive” data 8

Data Protection Acts 1988 and 2003  Breaches  Limited number of offences  Breach of DPC notice is an offence  €3,000 (summary)  €100,000 (on indictment)  Director and officer liability  Duty of care owed to data subjects  Adverse publicity

Data Protection Acts 1988 and 2003  Statutory duty of care  Claims for damages  UK - Google -v- Vidal-Hall  Ireland - Collins -v- FBD  Implications of General Data Protection Regulation 10

Data Protection Acts 1988 and 2003 – DPC Guidance  Data put at risk  Inform data subjects  Consider whether to inform Gardaí and / or Central Bank  Processor must inform controller  Report to DPC within 2 days unless  data subjects informed and  less than 100 affected and  no sensitive data or financial data  Record keeping requirements  Risk analysis 11

Cybersecurity – Financial Services  Increasing regulatory focus globally  Central Bank of Ireland  Recommendations / guidance  Self- assessment questionnaire  Outsourcing  Transfers outside EEA 12

Cybersecurity – Internal Measures  Policies and procedures:  Internal and external threats  Minimisation / mitigation  Usage policies  Security policies eg, remote access  Confidentiality policies 13

Cybersecurity – Internal Measures  Incident response plan  Internal escalation procedures  Reporting obligations:  Central Bank of Ireland  Breach code of conduct  Data Protection Commissioner  Data subjects 14

Cybersecurity – Internal Measures  Personal awareness and training  Terms of employment  Disciplinary actions 15

General Data Protection Regulation  Directly effective  Expected effective date - early 2018  Data protection “by design and by default”  Security principle restated  Demonstrable  Risk based  Processing Provisions 16

General Data Protection Regulation  Mandatory notification of breaches  24 / 72 hours  Justification if not met  Processor obligations  Notification to DPC to include description of  breach  data affected  consequences  measures  mitigation 17

General Data Protection Regulation  Breach notifications to data subjects  Where likely to adversely affect / high risk  Without undue delay  Nature of breach  Equivalent information to that given to DPC  Encryption – abrogates obligation 18

General Data Protection Regulations  Administrative sanctions  Effective, proportionate and dissuasive  Factors to be considered  Up to 4% global turnover 19

Cybersecurity – Protective Measures  Technological measures and solutions  Managerial / operational procedures  Legal considerations  Board level issue 20

Contact Anne-Marie Bohan Matheson 70 Sir John Rogerson's Quay Dublin 2 T: F: E: W: v1