Presentation is loading. Please wait.

Presentation is loading. Please wait.

HOW TO AVOID COMMON DATA BREACH PITFALLS IAPP Privacy Academy 2014.

Published byLuke Preston Modified over 8 years ago

Similar presentations

Presentation on theme: "HOW TO AVOID COMMON DATA BREACH PITFALLS IAPP Privacy Academy 2014."— Presentation transcript:

1 HOW TO AVOID COMMON DATA BREACH PITFALLS IAPP Privacy Academy 2014

2 © Goodwin Procter LLP 2 COSTS OF A DATA BREACH IN 2014 Source: 2014 Cost of Data Breach Study: Global Analysis, Sponsored by IBM, Conducted by Ponemon Institute LLC 15% Annual increase in the average cost of a data breach around the world U.S. average cost of a data breach $5.9 M Average cost paid for each exposed record $201

3 © Goodwin Procter LLP 3 $417,700 Average Detection & Escalation Costs $510,000 Average Notification Costs Average Cost of Lost Business $3.2 M Average Post Breach Costs $1.6 M COSTS OF A DATA BREACH Source: 2014 Cost of Data Breach Study: Global Analysis, Sponsored by IBM, Conducted by Ponemon Institute LLC

4 © Goodwin Procter LLP 4 42% 29% 30% ROOT CAUSES OF A DATA BREACH Source: 2014 Cost of Data Breach Study: Global Analysis, Sponsored by IBM, Conducted by Ponemon Institute LLC

5 © Goodwin Procter LLP 5 $246 $171 $160 PER CAPITA COST FOR EACH ROOT CAUSE Malicious or criminal attack System glitch Human error Source: 2014 Cost of Data Breach Study: Global Analysis, Sponsored by IBM, Conducted by Ponemon Institute LLC

6 © Goodwin Procter LLP 1.Inventory data – what, where, how is it used & shared, sensitivity 2.Analyze vendor agreements 3.Review privacy policies and disclosures for robustness, consistency with actual practices, and legality 6 BEFORE A BREACH

7 © Goodwin Procter LLP 4.Develop Incident Response Plan 5.Build an effective incident response team led by legal counsel 7 BEFORE A BREACH Incident Response Team Client & Media Relations In-House Counsel In-House IT Business Unit Human Resources Outside Forensics Experts CPO, CSO Compliance Outside Counsel

8 © Goodwin Procter LLP 8 6.Train employees on privacy and data security responsibilities and incident response 7.Set a tone from the top that privacy and data security are core company values 8.Conduct periodic privacy reviews and risk assessments BEFORE A BREACH

9 © Goodwin Procter LLP 9 Activate incident response plan WHEN THE BREACH HITS Contain the breach SECURITY THREAT

10 © Goodwin Procter LLP 10 1. Follow the legal team’s lead 2. Employ a third party forensic team to investigate 3. Protect the integrity of the data and systems 4. Document response and containment actions 5. Protect the privilege BREACH INVESTIGATION

11 © Goodwin Procter LLP 11 Develop an Effective Communications Plan BREACH RESPONSE Critical Audiences & Messaging Press & Media Impacted Parties Law Enforcement Internal Teams Key Partners & Customers Regulators Board of Directors Audit Committee

12 © Goodwin Procter LLP 12 Notification: To Whom? Analyze client and vendor agreements Analyze statutory notification obligations How Soon? The Timing Paradox More careful analysis takes time More careful analysis increases certainty More careful analysis reduces cost BREACH RESPONSE

13 © Goodwin Procter LLP 1.Conduct post-breach review 2.Implement lessons learned 13 AFTER THE BREACH Goodwin Procter LLP

14 © Goodwin Procter LLP Brenda R. Sharton Celeste A. Lipworth Partner Vice President, Global Compliance Officer Chair, Business Litigation Ryder System, Inc. Co-chair, Privacy & Data Security (305) 500-3988 Goodwin Procter LLPclipwort@ryder.com (617) 570-1214 bsharton@goodwinprocter.com 14 Questions?

Download ppt "HOW TO AVOID COMMON DATA BREACH PITFALLS IAPP Privacy Academy 2014."

Similar presentations

Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.

Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.
©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.

©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.
Freshfields Bruckhaus Deringer LLP Global investigations What to advise your board Marius Berenbrok Edward Braham Matthew Herman Melissa Thomas 29 February.

Freshfields Bruckhaus Deringer LLP Global investigations What to advise your board Marius Berenbrok Edward Braham Matthew Herman Melissa Thomas 29 February.
This refresher course will:

This refresher course will:
IAPP Global Privacy Summit, 3/8/12 1. Joanne McNabb, CIPP/US/G/IT Chief California Office of Privacy Protection Lisa Sotto Partner & Head, Privacy & Information.

IAPP Global Privacy Summit, 3/8/12 1. Joanne McNabb, CIPP/US/G/IT Chief California Office of Privacy Protection Lisa Sotto Partner & Head, Privacy & Information.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
Ethical Issues in Data Security Breach Cases www.ScottandScottllp.com Presented by Robert J. Scott Scott & Scott, LLP 800-596-6176.

Ethical Issues in Data Security Breach Cases Presented by Robert J. Scott Scott & Scott, LLP
August 9, 2005UCCSC Converting Policy to Reality Building Campus Security Programs Karl Heins -- Director of IT Audit Services Office of the University.

August 9, 2005UCCSC Converting Policy to Reality Building Campus Security Programs Karl Heins -- Director of IT Audit Services Office of the University.
© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.

© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.
Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.

Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.
COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.

COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.
In the Belly of the Breach: What Every In-House Counsel Needs to Know about Data Breach Response ACC International Legal Affairs Committee Legal Quick.

In the Belly of the Breach: What Every In-House Counsel Needs to Know about Data Breach Response ACC International Legal Affairs Committee Legal Quick.
1Copyright 2009. Jordan Lawrence. All rights reserved. Annual In-House Symposium Practical Steps to Minimize Privacy Risks: Understanding The Intersection.

1Copyright Jordan Lawrence. All rights reserved. Annual In-House Symposium Practical Steps to Minimize Privacy Risks: Understanding The Intersection.
Why are Small and Mid-Size Companies Easy Targets for Hackers, and What can You do to Protect Yourself? 2/11/2015 Asher Dahan.

Why are Small and Mid-Size Companies Easy Targets for Hackers, and What can You do to Protect Yourself? 2/11/2015 Asher Dahan.
Investigating & Preserving Evidence in Data Security Incidents www.ScottandScottllp.com Robert J. Scott Scott & Scott, LLP 214-999-2902.

Investigating & Preserving Evidence in Data Security Incidents Robert J. Scott Scott & Scott, LLP
Enterprise Computing Community June 13 - 15, 2010February 27, 2010 1 Information Security Industry View Linda Betz IBM Director IT Policy and Information.

Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.
WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, 2013 11:30 am – 12:30 pm.

WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.
Copyright © 2011 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.

Similar presentations

Ads by Google