Powered by SmartPros Powered by: SmartPros Title Slide ADP LUNCH & LEARN CPE PROGRAM Protecting Your Data Is More than a Good Idea - It's the Law Authored.

Slides:



Advertisements
Similar presentations
© 2008 Oracle Corporation – Proprietary and Confidential.
Advertisements

SPCC PLAN OVERVIEW - SLIDE 1 OF 45 © Copyright SafetyInstruction 2008 SAFETY TRAINING CORPORATE SAFETY TRAINING © Copyright SafeyInstruction 2008 EPA 40.
June 27, 2005 Preparing your Implementation Plan.
Advanced Piloting Cruise Plot.
Objectives Know why companies use distribution channels and understand the functions that these channels perform. Learn how channel members interact and.
Copyright © 2004 by Prentice-Hall. All rights reserved. PowerPoint Slides to Accompany BUSINESS LAW E-Commerce and Digital Law International Law and Ethics.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 19 Agency and Liability to Third Parties.
Chapter 2 - Working in Health Care McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved 2-1.
2/13/ Engineering & Technology Management Group Engineering Technology Management Tracking the Constant of Change Management History Society Legal.
Module N° 7 – Introduction to SMS
HIPAA AWARENESS TRAINING
606 CMR 14.00: Background Record Checks What you need to know!
Recognizing Opportunity
Computer Security CIS326 Dr Rachel Shipsey.
Modern Systems Analyst and as a Project Manager
Gaining Senior Leadership Support for Continuity of Operations
Site Safety Plans PFN ME 35B.
Privacy Impact Assessment Future Directions TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
OH 3-1 Finding and Recruiting New Employees Human Resources Management and Supervision 3 OH 3-1.
Eight Strategies to Reduce Your Risk in the Event of A Data Breach Sheryl Falk December 10, 2013.
IBM Corporate Environmental Affairs and Product Safety
EMS Checklist (ISO model)
The ABCs of Credit Credit Scores Establishing Credit Maintaining Good Credit Credit Cards Managing Credit Challenges.
ADP’s CPE Program ADP PROPRIETARY & CONFIDENTIAL - FOR INTERNAL USE ONLY.
Effectively applying ISO9001:2000 clauses 6 and 7.
Contract Fundamentals at Fresno State Doug Carey, Grants Administrator Office of Research and Sponsored Programs California State University, Fresno.
January 10, 2008www.infosecurity.ca.gov/1 Role, Responsibility and Authority of New Office Presented by Colleen Pedroza, State Chief Information Security.
Powered by: SmartPros ADP LUNCH & LEARN CPE PROGRAM “Implementing Client Retention & Partnering Strategies” Authored by David Gilman, President of Gilman.
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
HR Essentials: Employment Contracts Presented by Kristin Ramsey Associate Director.
1 K. C. Lo / L. M. Chow Power Systems Business Group CLP Power Knowledge Management in CLP Power Oct 2004.
1 The Data Protection Officer at work Experience, good practices and lessons learnt Pierre Vernhes – former DPO at the Council of the EU Workshop on Data.
International Opportunities
Marketing Strategy and the Marketing Plan
Building an EMS Database on a Company Intranet By: Nicholas Bollons Sally Goodman.
© 2007 BST. All rights reserved. Confidential Information. SLU – 1 PDS_139 (0503) L2 Applying Problem- Solving Tools.
BA 5201 Organization and Management Power and politics
Do not put content on the brand signature area For agent use only. Not for public distribution. ©2014 Voya Services Company. All rights reserved. CN
The Application of Sarbanes-Oxley to the Non-Profit Healthcare Sector Presented to: American Society of Law, Medicine & Ethics and Seton Hall University.
Chapter 14 Fraud Risk Assessment.
©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.
The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.
IS3350 Security Issues in Legal Context
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.
Powered by: SmartPros ADP LUNCH & LEARN CPE PROGRAM “How Do You Price Your Services?” Based on a program by: John Burnett, Prof. of Marketing, Univ. of.
Internal Auditing and Outsourcing
Legal Audits for E-Commerce Copyright (c) 2000 Montana Law Review Montana Law Review Winter, Mont. L. Rev. 77 by Richard C. Bulman, Jr., Esq. and.
Overview of Engagement – Under the terms of this engagement, the Advisor will provide advice in the areas checked below. Investment Management – Develop.
Business Law for the Entrepreneur and Manager
Eric J. Pritchard One Liberty Place, 46 th Floor 1650 Market Street Philadelphia, Pennsylvania (215)
Implementation Issues of Sarbanes-Oxley CASE Presentation September 23, 2004 By Denise Farnan.
Contact Center Security Strategies Karl Walder Director - Solutions Noble Systems.
For broker-dealer use only. Not for use with the public. PROCU 2012 ANNUAL MEETING REGULATORY UPDATE Michael D. Burns Chief Compliance Officer October.
TRADE SECRETS Presented By Joseph A. Calvaruso Orrick, Herrington & Sutcliffe LLP 1 © AIPLA 2012.
Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.
Is Your Background Check Process Compliant?. 2 © Copyright 2015 ADP, LLC. Proprietary and Confidential Information. Agenda Privileged & Confidential.
Yes. You’re in the right room.. Hi! I’m David (Hi David!)
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Intellectual Property. Confidential Information Duty not to disclose confidential information about a business that would cause harm to the business or.
HHS Security and Improvement Recommendations Insert Name CSIA 412 Final Project Final Project.
LAW 575 Entire Course (UOP) FOR MORE CLASSES VISIT LAW 575 Week 1 Discussion Questions LAW 575 Week 1 DQ 1 LAW 575 Week 1 DQ 2 LAW.
Risk Management Dr. Clive Vlieland-Boddy. Managements Responsibilities Strategy – Hopefully sustainable! Control – Hopefully maximising profits! Risk.
Protection of CONSUMER information
Privacy principles Individual written policies
Chapter 3: IRS and FTC Data Security Rules
Presentation transcript:

Powered by SmartPros Powered by: SmartPros Title Slide ADP LUNCH & LEARN CPE PROGRAM Protecting Your Data Is More than a Good Idea - It's the Law Authored and adapted for CPE accreditation by SmartPros Ltd. ( Powered by: The ADP Logo is a registered trademark of ADP of North America, Inc. V.1109a

Powered by SmartPros Powered by: SmartPros Todays Agenda CPE Presentation Short Group Discussion Review of Program Reference Material Review Instructions to Complete Course on ADPs Accountant Web site 2

Powered by SmartPros Powered by: SmartPros Course Overview & Objectives Overview: CPAs collect and retain confidential data about their clients businesses. Today well discuss the serious nature of possessing such data and the legal requirements to protect it. This issue is also extremely important to your clients. As their most trusted business advisor, you are in a position to help your clients audit their businesses to insure both their well-being and their compliance. Objectives: Upon completing this segment, you will be able to: Explain why companies need to protect their confidential data Identify strategies for minimizing the loss of proprietary information Advise your clients on the importance and need to protect their data 3

Powered by SmartPros Powered by: SmartPros To Consider… Companies are reluctant to put these data protection issues on the front burner. They are reluctant because you are asking them to expose security flaws. I am telling clients: Look at ChoicePoint; look at MasterCard; look at the headlines on The New York Times. If you can picture yourself on the front page of The New York Times with a massive data security breach, and if you can picture how you will feel on that day, you will likely put that issue on the front burner for your company. William Heller Expert SmartPros Commentator William Heller is the chair of the intellectual property and information technology law group at the firm of McCarter and English, where he helps businesses protect their data and intangible property 4

Powered by SmartPros Powered by: SmartPros Discussion Questions: 1. Have you recently considered, or discussed with your clients, compliance issues involved with protecting confidential data? 2. If so, have you encountered the type of reluctance noted by the commentator, or are you or your clients putting this issue, as the commentator recommends, on the front burner? 5

Powered by SmartPros Powered by: SmartPros I. Corporate Security Background Modern technology provides obvious benefits to the way we conduct business today. For example: It leads to better, more cost-effective communication. It creates more efficiency in everyday business process. It can reduce the cost to produce products and services. It gives us new ways to distribute products and services. 6

Powered by SmartPros Powered by: SmartPros I. Corporate Security Background Modern technology creates new security issues, such as: Increased opportunity for white-collar and cyber crime. Cell phones provide undetected communications. Cheap micro-technology for spying and copying data. Increase of data stored on larger computer networks with more access points. The ability to take work home on a laptop. 7

Powered by SmartPros Powered by: SmartPros I. Corporate Security Background Organizations must be aware that: Home-based access to corporate data systems is a common weak point. Lack of formalized monitoring of network and data access is extremely dangerous. Expert advice and security measures are typically essential at some point, even in small businesses. KEY POINT: It is important to note that most computer fraud is NOT committed by outsider hackers. Most computer fraud is actually committed from within the organization. 8

Powered by SmartPros Powered by: SmartPros I. Corporate Security Background Corporate data responsibilities are dictated by: Internal control requirements of Sarbanes- Oxley. Federal law like the Computer Fraud and Abuse Act (CFAA). State statutes on privacy protection. Common law negligence doctrine. 9

Powered by SmartPros Powered by: SmartPros II. Data Theft and Security As noted, most data theft comes from inside an organization. Higher risk situations include: Disgruntled employees. Pending adverse employment actions. Employees terminating employment, but still have access to critical data. KEY POINT: IT, HR, Finance and Compliance/Legal departments in a company need to work together to implement very defined protocols in dealing with these higher-risk employment situations. 10

Powered by SmartPros Powered by: SmartPros II. Data Theft and Security There is also considerable risk in providing database access to: Suppliers Distributors Customers Dealers Salespeople Producers KEY POINT: It is essential that contracts with third-party providers are designed to hold them responsible for protecting the data and confidentiality of that data prior to accessing it. 11

Powered by SmartPros Powered by: SmartPros II. Data Theft and Security Temporary workers and contractors: Often have access to confidential data sources. Should sign non-disclosure and confidentiality agreements. Should be provided with a written definition of the type and scope of data they can access. KEY POINT: Temporary workers often leave with the experience you gave them -- and use that experience to get jobs with your competitors! 12

Powered by SmartPros Powered by: SmartPros II. Data Theft and Security Outsourcing dangers: Ask yourself these questions when weighing risk/reward: Are you allowing third-parties to host your proprietary data or intellectual property on their network? If so, how secure is it? Do THEY use temporary or outsourced labor? What employment/work-for-hire contracts are their labor force bound by? What laws (especially when outsourcing to foreign countries) and enforcement options are in place to protect you? 13

Powered by SmartPros Powered by: SmartPros II. Data Theft and Security To protect your data assets, you should: First, define your assets. Audit data flows and intellectual property assets. Ask who, what, where, when, and why with respect to access and control of all major data and IP assets. Establish protocols for data access. Second, review agreements with: Employees, contractor workers and outsourced vendors. KEY POINT: As noted, this process often involves coordination between IT, HR, Finance, and Compliance/Legal teams. 14

Powered by SmartPros Powered by: SmartPros II. Data Theft and Security Computer Fraud and Abuse Act (CFAA) Legislation was originally passed by Congress in Amended in 94, 95, and again in 2001 as part of the Patriot Act. In general, it prohibits accessing computer systems without authorization. It also says that it is against the law to exceed authorized access. KEY POINT: Just because an employee has physical access to the data, doesnt mean they have authorized access to it. 15

Powered by SmartPros Powered by: SmartPros II. Data Theft and Security Inform employees what their "authorized" access is. Define, in writing, both the nature and scope of authorized access. KEY POINT: Written agreements, specifically those that go beyond general confidentiality agreements, go a long way in empowering a company to pursue employees in cases of intellectual property or data theft. This in itself creates a proactive deterrent against unauthorized access. 16

Powered by SmartPros Powered by: SmartPros III. State Identity Theft Statutes California as an example: To protect consumers personal information, the California state legislature has already enacted more than a dozen laws regulating how businesses and other organizations that collect personal information on California residents must manage private data. There are nearly two dozen states with similar statutes. KEY POINT: Laws of other states potentially effect you if you have customers that live in that state and you store their personal data! 17

Powered by SmartPros Powered by: SmartPros III. State Identity Theft Statutes Corporate negligence & liability It is assumed that companies know about personal data security and therefore assume responsibility to protect it. You are negligent if you breach that duty. Companies who experience a breach often bare the burden of investigation as law enforcement doesnt have the resources. NOTE OF INTEREST: This is currently a hot topic for finance executives and risk managers. 18

Powered by SmartPros Powered by: SmartPros III. State Identity Theft Statutes Unauthorized access to personal information generally requires notification to: Law enforcement officials. Each state is different: Might be state police, the state attorney general, or some specialized office. Timing requirements also vary by state. Individuals whose personal information may have been accessed. KEY POINT: Depending on the number of individuals exposed, some statutes also require notification to credit reporting agencies. 19

Powered by SmartPros Powered by: SmartPros IV. Internal Controls Sarbanes-Oxley is relevant to data and intellectual property security. It fits with the general requirement to maintain adequate internal controls and to safeguard a company's confidential information. Some companies appoint oversight with the corporate compliance officer and in some cases appoint a data security officer. 20

Powered by SmartPros Powered by: SmartPros Summary of Todays Presentation Today we discussed: The impact of modern technology and the need to consider both its benefits and the inherent risks. The fact that most data and IP theft comes from within an organization, including its employees, contractors and vendors. IT, HR, Finance, and Compliance/Legal all have a duty to work together to create and enforce solid protocols. Outsourcing creates additional risk opportunity and it needs to be proactively managed. 21

Powered by SmartPros Powered by: SmartPros Summary of Todays Presentation Continued: There are both federal and state statutes that effect your responsibilities to protect personal data, and that even if your state does not have statutes, you may be bound if you have clients in states that do. You are also at risk by wide-reaching negligence liability laws. Internal controls and protocols to protect both data and intellectual property are a must. And, as your business clients most trusted advisor, there is an opportunity for you to make sure this topic stays on the front burner. 22

Powered by SmartPros Powered by: SmartPros Discussion Questions 1. To what extent does your organization currently protect its confidential information? Whose responsibility is it? 23

Powered by SmartPros Powered by: SmartPros Discussion Questions 2. Many companies are being urged to disclose more information to shareholders and other stakeholders. To what extent does the protection of business data run counter to the objective of transparency? 24

Powered by SmartPros Powered by: SmartPros Discussion Questions 3. What is the relationship between the corporate finance function and security? How does it work at your organization? What could improve the situation? 25

Powered by SmartPros Powered by: SmartPros Discussion Questions 4. What steps could be taken by your organization to minimize the possibility of computer fraud? 26

Powered by SmartPros Powered by: SmartPros Discussion Questions 5. What would you do if you suspected that computer fraud was occurring, or had occurred, at your organization? 27

Powered by SmartPros Powered by: SmartPros Next Steps Review Handout Material for Additional Content Information Review CPE Card Access CPE Certificate by Completing Online Components Through Thank you 28

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.