Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.

Slides:

Advertisements

Similar presentations

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

Advertisements

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.

Springfield Technical Community College Security Awareness Training.

Helping you protect your customers against fraud Division of Finance and Corporate Securities.

RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.

Responding to a Data Security Breach

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.

Developing a Records & Information Retention & Disposition Program:

IT Security Challenges In Higher Education Steve Schuster Cornell University.

What is personally identifiable information (PII)? KDE Employee Training Data Security Video Series 1 of 3 October 2014.

Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.

Protecting Sensitive Information PA Turnpike Commission.

Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.

General Awareness Training

2015 ANNUAL TRAINING By: Denise Goff

BUSINESS B1 Information Security.

Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP

Arkansas State Law Which Governs Sensitive Information…… Part 3B

Florida Information Protection Act of 2014 (FIPA).

PKI Development Forum Jim Lowe, Campus Information Security Officer Brian Rust, Communications April 17, 2008.

Cyber Security Awareness Month Using Your Laptop Safely On the Road Off-Campus Safe Computing Part 2.

Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.

Addressing Unauthorized Release of Personal Information at UC Davis August 12, 2003.

© Copyright 2010 Hemenway & Barnes LLP H&B

FIRMA April 2010 DATA BREACHES & PRIVACY Christine M. Farquhar Managing Director, Compliance J.P. Morgan U.S. Private Banking.

Data Breach: How to Get Your Campus on the Front Page of the Chronicle?

McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved INFORMATION SECURITY SECTION 4.2.

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

Incident Response November 2015 Navigating a Cybersecurity Incident.

IT Security Challenges In Higher Education Steve Schuster Cornell University Copyright Steve Schuster This work is the intellectual property of.

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.

CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)

Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.

Cyber Insurance Risk Transfer Alternatives

HIPAA PRIVACY & SECURITY TRAINING

Teresa Brown Open Records Supervisor Plano Police Department

Incident Response, Being Prepared

Protection of CONSUMER information

Managing a Cyber Event Steven P. Gibson President

Florida Information Protection Act of 2014 (FIPA)

Responding to a Data Breach 360° of IT Compliance

Responding to Intrusions

Data Compromises: A Tax Practitioners “Nightmare”

Chapter 17 Risks, Security and Disaster Recovery

INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.

What Business Owners Need to Know About Data Privacy

Florida Information Protection Act of 2014 (FIPA)

Chapter 3: IRS and FTC Data Security Rules

Out of the Breach and Into the Fire

Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,

Cyber Issues Facing Medical Practice Managers

Red Flags Rule An Introduction County College of Morris

Alabama Data Breach Notification Act: What 911 Districts Need to Know

DATA BREACHES & PRIVACY Christine M

Data Breaches in Employee Benefits

By Joseph Carnevale, CIP Partner & Director of Sales

County HIPAA Review All Rights Reserved 2002.

Identity Theft Prevention Program Training

Understanding Back-End Systems

Alabama Data Breach Notification Act: What County Governments Need to Know Morgan Arrington, General Counsel Association of County Commissions of Alabama.

Cyber Security: What the Head & Board Need to Know

Colorado “Protections For Consumer Data Privacy” Law

PERSONALLY IDENTIFIABLE INFORMATION: AUDIT CONSIDERATIONS

Protecting Student Data

Anatomy of a Common Cyber Attack

Presentation transcript:

Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1

"Breach" is the unauthorized acquisition of unencrypted computerized data that compromises the security, confidentiality, or integrity of personal information. "Personal information" means a Nebraska resident's first name or first initial and last name in combination with any one or more of the following data elements that relate to the resident if either the name or the data elements are not encrypted, redacted, or otherwise altered by any method or technology in such a manner that the name or data elements are unreadable: (a) Social security number; (b) Motor vehicle operator's license number or state identification card number; (c) Account number or credit or debit card number, in combination with any required security code, access code, or password that would permit access to a resident's financial account; (d) Unique electronic identification number or routing code, in combination with any required security code, access code, or password; or (e) Unique biometric data, such as a fingerprint, voice print, or retina or iris image, or other unique physical representation. notification favored more than in many jurisdictions, if you normally communicate by with the breach victim. 2 Data Breach - What is it? Nebraska's Breach Notification Law, Chapter through 807

The District’s Breach Risk Mitigation Plan Identify Stakeholders Privacy Officer / Legal / Compliance (SRO/Principal/Superintendent) Information Technology (David Davis and team) Public Relations (Melissa Price) Establish Analysis and Communication Protocols Internal Procedures Remediation and Recovery Considerations Insurance Policies (ALICAP) Ensure the Stakeholders have authority to act instantaneously Included in Internal Procedures Communication stream to include Principal and Superintendent Information Security Multiple levels of electronic data security including the use of software and hardware filtering and firewall protection Use of encrypted file transfer technology for sensitive personnel data to state and federal government agencies and to financial institutions External access to District resources using secured web sites Policies and Procedures Board policies and internal procedures in place Not sharing passwords Password change policies FERPA 3

District Security Breach Incident Analysis Communication - Ensure that decision makers receive real time information, confidentiality is maintained when necessary and outreach is effective when appropriate Breach Containment – Can breach be contained and stopped without destroying critical evidence? Should an internal or external firm be used? Harm Determination – Technical forensics may be valuable in connection with ALICAP insurance coverage. Choose third party vendors carefully to minimize expense and avoid PCI issues. Consider specialized ID Theft Forensics as part of the strategy. District IT department participates in online courses including topics such as computer forensics and ethical hacking Legal - Involve legal counsel immediately to avoid legal and regulatory pitfalls. ALICAP has engaged Jon Neiditz as outside counsel specializing in data breach management. 4 The Basic Response Steps

Communication & Remediation – ALICAP ALICAP Insurance Coverage Crisis Management Response Expenses - $50,000 limit to c over the following expenses following a breach and reported within 60 days of the date it is first discovered. Legal Expenses - Cost to investigate and establish the breadth of the loss Forensic Information Technology Services – sublimit of $10,000 to review the nature and extent of the personal data compromise with a $1,000 deductible. Information Materials – Loss prevention and customer support information. Help Line – A toll free telephone line for “affected individuals” Notification Costs – Cost to notify each party impacted by a security breach Credit Monitoring – Cost to provide the parties impacted by a security breach with credit monitoring Identity Restoration Case Management – Services provided for affected individuals through the process of correcting credit and other records to restore control of his/her personal identity. 5