Data Security in the Cloud and Data Breaches: Lawyer’s Perspective Dino Tsibouris Mehmet Munur

Slides:

Advertisements

Similar presentations

Consumer Protection Laws Dino Tsibouris (614)

Advertisements

Data Privacy and Security in the Cloud Presented by Robert J. Scott Managing Partner Scott & Scott, LLP

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.

Health information security & compliance

Helping you protect your customers against fraud Division of Finance and Corporate Securities.

© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.

PRIVACY BREACHES A “breach of the security of the system”: –Is the “unauthorized acquisition of computerized data that compromises the security, confidentiality,

Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.

Computers, Freedom and Privacy April 23, 2004 Identity Theft: Addressing the Problem in California Joanne McNabb, Chief CA Office of Privacy Protection.

Responding to a Data Security Breach

Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.

Data Classification & Privacy Inventory Workshop

Information Security Policies Larry Conrad September 29, 2009.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Dino Tsibouris (614) Information Security – What’s New In the Law?

Dino Tsibouris (614) Technology Contracting 101 What to watch out for in your contracts.

What is personally identifiable information (PII)? KDE Employee Training Data Security Video Series 1 of 3 October 2014.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

1Copyright Jordan Lawrence. All rights reserved. Annual In-House Symposium Practical Steps to Minimize Privacy Risks: Understanding The Intersection.

Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law.

Enterprise data (decentralized control, data security and privacy) Incident Response: State and Federal Law Rodney Petersen Security Task Force Coordinator.

Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP

1 Healthcare Privacy and Security: Concepts and Challenges Dixie B. Baker, Ph.D. Chair, HIMSS Privacy and Security Advocacy Task Force.

Arkansas State Law Which Governs Sensitive Information…… Part 3B

Florida Information Protection Act of 2014 (FIPA).

ENCRYPTION Team 2.0 Pamela Dornan, Thomas Malone, David Kotar, Nayan Thakker, and Eddie Gallon.

FERPA: What you Need to Know The Family Educational Rights and Privacy Act & SEI.

Dino Tsibouris (614) Vendor Contracts: What You Need and What You May Be Missing.

FIRMA April 2010 DATA BREACHES & PRIVACY Christine M. Farquhar Managing Director, Compliance J.P. Morgan U.S. Private Banking.

HOW TO RESPOND TO A DATA BREACH: IT’S NOT JUST ABOUT HIPAA ANYMORE The Thirteenth National HIPAA Summit  September 26, 2006 Renee H. Martin, JD, RN, MSN.

Western Asset Protection

Top 10 Series Changes to HIPAA Devon Bernard AOPA Reimbursement Services Coordinator.

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Configuring Electronic Health Records Privacy and Security in the US Lecture b This material (Comp11_Unit7b) was developed by Oregon Health & Science University.

Data Security for Lawyers: What You Need to Know

Privacy and Data Breach Issues Kirk Herath, VP, Chief Privacy Officer, Nationwide & Dino Tsibouris, Founding Principal, Tsibouris & Associates.

Dino Tsibouris (614) Updates on Cloud, Contracting, Privacy, Security, and International Privacy Issues Mehmet Munur (614)

Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.

Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.

Final HIPAA-HITECH Rules, Cybersecurity, and Privacy Dino TsibourisMehmet Munur (614) (614)

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)

AND CE-Prof, Inc. January 28, 2011 The Greater Chicago Dental Academy 1 Copyright CE-Prof, Inc

HHS Security and Improvement Recommendations Insert Name CSIA 412 Final Project Final Project.

Privacy: HIPAA Emerson Murphy-Hill. Rosie Callender, RHIA, web.msm.edu/hipaa/An%20Introduction%20to%20HIPAA.ppt What is HIPAA? A Federal Law Created in.

Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.

POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION NOVEMBER 5 TH 2015.

Florida Information Protection Act of 2014 (FIPA)

Responding to a Data Breach 360° of IT Compliance

Microsoft 365 Get help with regulatory compliance

E&O Risk Management: Meeting the Challenge of Change

What Business Owners Need to Know About Data Privacy

Florida Information Protection Act of 2014 (FIPA)

Chapter 3: IRS and FTC Data Security Rules

Protecting Personal Information Guidance for Business.

The State of Cybersecurity and

DATA BREACHES & PRIVACY Christine M

Identity Theft Prevention Program Training

Individual Rights and Federal Preemption of State Privacy Laws

HIPAA Security Standards Final Rule

THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,

HIPAA & PHI TRAINING & AWARENESS

National HIPAA Audioconferences

Colorado “Protections For Consumer Data Privacy” Law

Anatomy of a Common Cyber Attack

Presentation transcript:

Data Security in the Cloud and Data Breaches: Lawyer’s Perspective Dino Tsibouris Mehmet Munur

Outline 1.Data Breaches in 2014 and Themes and trends 3.Possible Federal breach notification law 4.Expanding State breach notification laws 5.Contracting for security in the cloud 6.Addressing security breaches in the cloud

Themes and Trends

The Legal Response Proposed federal legislation Expanding state legislation Civil liability

A Push for Federal Data Breach Legislation Personal Data Notification & Protection Act Proposed by President Obama at the State of the Union Address on January 20, 2015 Pre-empts state laws Must notify in 30 days No private right of action FTC enforcement

Personal Data Notification & Protection Act Triggers First and last name/or first initial and last name along with any two: – Home address or phone number – Mother’s maiden name – Full birth date SSN, DL, passport, alien registration number Biometric data Unique account ID (user name, routing code)

Personal Data Notification & Protection Act Triggers Any combination of the following three elements: – First and last name/first initial and last name – Unique account ID – Any security code/source code that could generate a security code or password

Personal Data Notification & Protection Act Risk of harm analysis Must send notice 30 days after discovery Individual notice ( acceptable with consent) Notice to media Notice to Federal law enforcement Notice to credit reporting agencies

A Push for State Law and Regulation Timing and content of breach notice Definition of personal data – /password information – Non HIPAA health data Requirements to inform media/regulators

The Challenges of Cloud Information Governance: A Global Data Security Study, October 2014 Security in the Cloud

The Challenges of Cloud Information Governance: A Global Data Security Study, October 2014 Security in the Cloud

The Challenges of Cloud Information Governance: A Global Data Security Study, October 2014 Security in the Cloud

The Challenges of Cloud Information Governance: A Global Data Security Study, October 2014

Contracting

Security and Privacy – Incident or Breach Notification Obligations and Costs – Industry Certifications and Vulnerability Scans – Audits by Customer or Regulator – International Data Flows

Contracting 1.2 Your Account. … we and our affiliates are not responsible for unauthorized access to your account.

Contracting 3.2. Protection of Your Data. We will maintain administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Your Data, as described in the Documentation.

Security Breaches

Plan ahead Identify response team Identify vendors and contacts PR Aspects Test

Security Breaches Federal and state laws govern unauthorized access to personal information – Gramm Leach Bliley (CFPB, SEC, NCUA, OCC, FDIC, FTC) – HIPAA/HITECH Breach Notification Rule (HHS) – Health Breach Notification Rule (FTC) – State laws vary, apply to companies outside the state, require vendor to notify data owner, private right of action to consumers to sue

Security Breaches Must get access to cloud provider information Access to vendor staff Must understand vendor data structure and security Identify data involved Identify degree of protection Identify if there was an reportable incident

Security Breaches Remediation Notification – Individuals, Regulators, Media Litigation

Outline 1.Data Breaches in 2014 and Themes and trends 3.Possible Federal breach notification law 4.Expanding State breach notification laws 5.Contracting for security in the cloud 6.Addressing security breaches in the cloud

Dino Tsibouris Mehmet Munur