IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

Slides:

Advertisements

Similar presentations

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.

Advertisements

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.

©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.

Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.

The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.

Identity Theft & Data Security Concerns Are You Meeting Your Obligations to Protect Customer Information? Finance & Administration Roundtable February.

1 Credit card operation and the recent CardSystems incident HONG KONG MONETARY AUTHORITY 4 July 2005.

Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.

PRIVACY RISK MANAGEMENT AND INSURANCE Or September 2012.

Presented by: Jamie Orye, JD, RPLU Beazley Group Pennsylvania Association of Mutual Insurance Companies Annual Spring Conference March 12, 2015.

Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.

Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.

Electronic Records Management: What Management Needs to Know May 2009.

WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.

THE CLOUD Risks and Benefits from the Business, Legal and Technology Perspective September 11, 2013 KEVIN M. LEVY, ESQ. GUNSTER YOAKLEY.

Data Security: Steps to Improved Information Security September 22, 2015 Presented by: Alex Henderson General Counsel and Chief Administrative Officer.

© Copyright 2011, Vorys, Sater, Seymour and Pease LLP. All Rights Reserved. Higher standards make better lawyers. ® CISO Executive Network Executive Breakfast.

Dino Tsibouris (614) Vendor Contracts: What You Need and What You May Be Missing.

Information Commissioner’s Office Sheila Logan Operations and Policy Manager Information Commissioner’s Office Business Matters 20 May 2008.

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

Cloud Computing Security Keep Your Head and Other Data Secure in the Cloud Lynne Pizzini, CISSP, CISM, CIPP Information Systems Security Officer Information.

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

Carlsmith Ball LLP Cyber Issues For Lawyers Deborah Bjes October 22 nd, 2015.

Managing Your Cyber/E&O Risk with Willis FINEX Robert Barberi, Vice President, Willis Cyber Practice.

1 Role of the Data Protection Officer Donald Henderson Information Compliance Manager 30 September 2010.

1Copyright Jordan Lawrence. All rights reserved. U. S. Privacy and Security Laws DELVACCA INAUGURAL INHOUSE COUNSEL CONFERENCE April 1, 2009 Marty.

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Dino Tsibouris (614) Updates on Cloud, Contracting, Privacy, Security, and International Privacy Issues Mehmet Munur (614)

Data Security and Privacy Overview and Update Peter Moldave October 28, 2015.

Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.

NCBFAA Annual Conference 2015 Orlando Converging Logistics: Realities vs. Possibilities Cyber Insurance Bernie Cissek, Chairman.

CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)

Data protection—training materials [Name and details of speaker]

AND CE-Prof, Inc. January 28, 2011 The Greater Chicago Dental Academy 1 Copyright CE-Prof, Inc

HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.

HOW TO AVOID COMMON DATA BREACH PITFALLS IAPP Privacy Academy 2014.

COMMUNITY-WIDE HEALTH INFORMATION EXCHANGE: HIPAA PRIVACY AND SECURITY ISSUES Ninth National HIPAA Summit September 14, 2004 Prepared by: Robert Belfort,

Cyber Security and how to safeguard data in the ‘Cloud’ Claire Jacques 21 April 2016.

The Privacy Symposium: Transferring Risk of a Privacy Event Paul Paray & Scott Ernst August 20, 2008.

Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.

-1- WORKSHOP ON DATA PROTECTION AND DATA TRANSFERS TO THIRD COUNTRIES Technical and organizational security measures Skopje, 16 May - 17 May 2011 María.

Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.

Cyber Insurance - Risk Exposures and Strategic Solutions

Cyber Liability Insurance for an unsecure world

Cyber Insurance Risk Transfer Alternatives

2013 LBA Bank Counsel Conference

Law Firm Data Security: What In-house Counsel Need to Know

Surveillance around the world

Hot Topics in the Financial Industry: Cybersecurity

Managing a Cyber Event Steven P. Gibson President

Privacy principles Individual written policies

Responding to Intrusions

General Data Protection Regulation

Cyber Risk Management Through Vendor Contracts

Chapter 3: IRS and FTC Data Security Rules

Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,

Bob Siegel President Privacy Ref, Inc.

Cyber Issues Facing Medical Practice Managers

General Counsel and Chief Privacy Officer

Cyber Trends and Market Update

General Data Protection Regulation

Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .

 How does GDPR impact your business? Pro Tip: Pro Tip: Pro Tip:

Neil Kirton and Zoë Newman

Cyber Security: What the Head & Board Need to Know

Anatomy of a Common Cyber Attack

Presentation transcript:

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall 2014 CLE

Big Data: Risk Reduction 1. Contract & Transactional 2. Data Liability Issues 3. International Issues 4. Can Insurance Help? 5. Best Practices

Review ALL Contracts that underlie a data transaction Identify issues regarding disclosure of data and regulatory compliance Information about warranties Accuracy & Completeness of data Compliance with Privacy policies & expectations Indemnification Protection against breaches and contract terms IP Infringement Customer issues & Confidentiality Cross-indemnification only when makes sense Breach, downtime, loss, recovery Contract & Transactional-1

Service Levels Scalability Pricing & Licensing Renewal Who is responsible for breaches? Request Tech E&O, plus Privacy/Network Coverage Breach could occur without “wrongful act” being committed Other Vendors that transport, touch, interact with your systems or sensitive information Contract & Transactional-2

Provider’s right to subcontract? If so, Flow Down & regs. Risks and costs fairly allocated Termination How does contract end? What happens to the data? Disengagement assistance Can the data be combined or transferred to another platform? Who is responsible for security of data after termination? Contract & Transactional-3

Engage in careful contracting: preserve control, reduce risk of disclosure assign security obligations and enforcement costs – Affirmatively deny consent to interception or disclosure of data conveyed by/through Cloud provider to governments or litigants – Require notification of breach/disclosures/requests for data – Deny access unless specifically authorized in advance or compelled by law (in which case notification is requested) – Require maximum possible resistance to disclosure – Determine access controls and encryption protocols Contract & Transactional-4

Where will the data be stored and backed up? Who can access it? Adequate security controls and audits in place? Absolute right to get the data back without conditions? Can provider use or access the company’s data? Do third parties have access to the data? Control of Data: Does control change as data moves? Disclosure and/or consent? Privacy policies in place, agreed to and meet regulations? Data Liability Issues

Whose insurance covers damages & stat. requirements? Cyber Policy coverage examples Privacy Expenses Network Security and Internet Media Liability Network Business Interruption and Restoration Costs Cyber Extortion Liability Coverage: Privacy, Network Security, Media, IP & Content Liability, Technology Services Data Breach Expense: PR, investigation, notification, credit monitoring costs, fines, penalties Direct Coverage: Revenue Loss, Reconstruction, Extortion Costs Can Insurance Help-Yes

DATA MAY NOT BE ALLOWED TO CROSS BORDERS! Not for storage, Not for analysis Not for sharing with the Main Office or Subsidiaries EU Requirements-Directives 95/46/EC and Directive 2002/58/EC Must maintain accuracy of the data Destroy the data when specific purpose is over Give subjects access to the data Disclose with whom the data is shared Keep data secure from unlawful processing New regulations being considered International Issues

Maintain a Risk Transfer Instrument Have a Background Screening Program for new hires & vendors Pre-Arrange a Breach Service Provider, Outside Counsel and PR Advisor with all specializing in Breach Crisis Management Encrypt everything Develop an Incident Response Plan with Internal Staff, Outside Counsel, PR Advisor, Breach Service Provider Conduct annual Risk Assessments and Tabletop Exercises. Hold an internal “Privacy Summit” to identify vulnerabilities Compliance and Privacy, HR, Legal, IT, C-level representation (CFO), Physical Security / Facilities – “Technology, Processes and People.” Stay current with state disclosure laws, federal regulations, foreign requirements and updates Best Practices

Know what personal information company has Know where the personal information is Understand how the data is managed Determine retention requirements Develop policies Involve key players Get rid of unused or unnecessary personal information Train employees regarding privacy policy and personal info Audit Policy compliance Conduct a risk assessment 10 Steps to Protect Company

Summary: Risk Reduction 1. Contract & Transactional 3. Data Liability Issues 4. International Issues 5. Can Insurance Help? 6. Best Practices

QUESTIONS Now or Later Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall 2014 CLE