Presentation is loading. Please wait.

Presentation is loading. Please wait.

PENNSYLVANIA BAR ASSOCIATION PROFESSIONAL LIABILITY COMMITTEE

Published byEaster Pope Modified over 6 years ago

Similar presentations

Presentation on theme: "PENNSYLVANIA BAR ASSOCIATION PROFESSIONAL LIABILITY COMMITTEE"— Presentation transcript:

1 PENNSYLVANIA BAR ASSOCIATION PROFESSIONAL LIABILITY COMMITTEE
DELAWARE COUNTY BENCH BAR 2017

2 “Planning for Disaster”
Featuring: Cyber Event Preparedness and Incident Response Planning

3 Viruses (Ransomeware $$$)
Identity theft (The black market for personal information $$$) Back door to corporate clients (Insider trading / trade secrets / other confidential information) Consider the Panama papers!

4 Why Prepare? ? ?

5 Claims Can Happen! ? ?

6 Preparing is Key ? ?

7 OVERVIEW ? ? What is the purpose of an IRP?
2. What are the key components? ? Do law firms need one?

8 Purpose of an IRP An IRP is like an evacuation plan for a cyber security incident. It outlines step-by-step your response to a data security incident. Rather than try to respond to a data breach, document your response efforts, determine what laws apply, and ensure compliance during the stress of a breach, an IRP is developed pre-breach, and streamlines your response.

9 Purpose of an IRP STRESS
Provides step-by-step guidance for responding to a breach and complying with potentially applicable laws and regulations. Streamlines and organizes your response to save time, money, stress, and downtime STRESS Creates documentation of your response efforts

10 Key Components of an IRP
Team Members Method of Reporting and Timing Step by Step Incident Response Process Notification Requirements Insurance Carrier Information and Reporting Timeframe Post-Incident Investigation / Lessons Learned Testing of IRP Process Training of Employees

11 Key Components of an IRP
Consider your IRP Team Members A lawyer? Office Administrator? IT? (Consider forensic experience) Outside counsel? (Consider privilege issues) Genesco v. Visa (2014) In re Target (2015))

12 Key Components of an IRP
Step by Step Incident Reponse (Basic Overview): Discovering and reporting to the IRP team Ascertaining nature of Incident / systems compromised / length of time Ascertain if a data breach occurred (i.e. whether records were accessed, personal or confidential information therein, and affected clients/employees) Analyze how the breach occurred for future prevention

13 Key Components of an IRP
Notification Requirements: Pennsylvania’s Breach of Personal Information Notification Act 73 Pa.C.S et seq. An entity that maintains, stores or manages computerized data that includes personal information shall provide notice of any breach of the security of the system following discovery of the breach of the security of the system to any resident of this Commonwealth whose unencrypted and unredacted personal information was or is reasonably believed to have been accessed and acquired by an unauthorized person. (73 Pa.C.S. 2303)

14 Key Components of an IRP
Notification Requirements: How is a breach defined in Pennsylvania? “The unauthorized access and acquisition of computerized data that materially compromises the security or confidentiality of personal information maintained by the entity as part of a database of personal information regarding multiple individuals and that causes or the entity reasonably believes has caused or will cause loss or injury to any resident of this Commonwealth ” 73 Pa. Stat. Ann. § 2302

15 Key Components of an IRP
What is personal information? NAME linked with: SSN Drivers license number, OR Credit/Debit card + access code

16 Key Components of an IRP
INSURANCE CARRIER INFORMATION & REPORTING TIMEFRAME

17 Key Components of an IRP
LESSONS LEARNED TRAINING TESTING Implementing new training?

18 Do all law firms need an IRP?
Consistent with our ethical duties in respect to competence, confidentilaity and safeguarding property Often a requirement for purchasing cyber insurance Certain laws require them HIPAA/HITECH GLBA YES! Often one of the first questions asked by investigating government agency Reduces time, expense, and stress of responding to a breach Presumption of compliance with notification laws of certain states PA, WV, NJ, DE It’s just good 21st century business

Download ppt "PENNSYLVANIA BAR ASSOCIATION PROFESSIONAL LIABILITY COMMITTEE"

Similar presentations

Secure IT 2005 Panel Discussion Felecia Vlahos, SDSU Sally Brainerd, UCSD Brooke Banks, CSU Chico.

Secure IT 2005 Panel Discussion Felecia Vlahos, SDSU Sally Brainerd, UCSD Brooke Banks, CSU Chico.
Code of Ethics for Professional Accountants

Code of Ethics for Professional Accountants
HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.

HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.
©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.

©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.
Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.

Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
1 1 Risk Management: How to Comply with Everything July 11, 2013.

1 1 Risk Management: How to Comply with Everything July 11, 2013.
PRIVACY BREACHES A “breach of the security of the system”: –Is the “unauthorized acquisition of computerized data that compromises the security, confidentiality,

PRIVACY BREACHES A “breach of the security of the system”: –Is the “unauthorized acquisition of computerized data that compromises the security, confidentiality,
Computers, Freedom and Privacy April 23, 2004 Identity Theft: Addressing the Problem in California Joanne McNabb, Chief CA Office of Privacy Protection.

Computers, Freedom and Privacy April 23, 2004 Identity Theft: Addressing the Problem in California Joanne McNabb, Chief CA Office of Privacy Protection.
RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.

RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.
© Copyright 2003 Latham & Watkins. All Rights Reserved. USC Institute for Corporate Counsel The SEC’s New Part 205 Regulations Brian G. Cartwright March.

© Copyright 2003 Latham & Watkins. All Rights Reserved. USC Institute for Corporate Counsel The SEC’s New Part 205 Regulations Brian G. Cartwright March.
Ethical Issues in Data Security Breach Cases www.ScottandScottllp.com Presented by Robert J. Scott Scott & Scott, LLP 800-596-6176.

Ethical Issues in Data Security Breach Cases Presented by Robert J. Scott Scott & Scott, LLP
Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.

Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.
Recent Trends and Insurance Considerations March 2015

Recent Trends and Insurance Considerations March 2015
FERPA 2008 New regulations enact updates from over a decade of interpretations.

FERPA 2008 New regulations enact updates from over a decade of interpretations.
IT Security Challenges In Higher Education Steve Schuster Cornell University.

IT Security Challenges In Higher Education Steve Schuster Cornell University.
TELLEFSEN AND COMPANY, L.L.C. SEC Regulation SCI and Automation Review Policy Compliance March 2013 Proprietary and Confidential.

TELLEFSEN AND COMPANY, L.L.C. SEC Regulation SCI and Automation Review Policy Compliance March 2013 Proprietary and Confidential.
Safety and Loss Control

Safety and Loss Control
Investigating & Preserving Evidence in Data Security Incidents www.ScottandScottllp.com Robert J. Scott Scott & Scott, LLP 214-999-2902.

Investigating & Preserving Evidence in Data Security Incidents Robert J. Scott Scott & Scott, LLP
Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.

Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.

Similar presentations

Ads by Google