Presentation is loading. Please wait.

Presentation is loading. Please wait.

THE CLOUD Risks and Benefits from the Business, Legal and Technology Perspective September 11, 2013 KEVIN M. LEVY, ESQ. GUNSTER YOAKLEY.

Published byCynthia MargaretMargaret Bridges Modified over 8 years ago

Similar presentations

Presentation on theme: "THE CLOUD Risks and Benefits from the Business, Legal and Technology Perspective September 11, 2013 KEVIN M. LEVY, ESQ. GUNSTER YOAKLEY."— Presentation transcript:

1 THE CLOUD Risks and Benefits from the Business, Legal and Technology Perspective September 11, 2013 KEVIN M. LEVY, ESQ. (klevy@gunster.com) GUNSTER YOAKLEY & STEWART, P.A. (klevy@gunster.com)

2  Benefits  Identify and Evaluate Risk  Mitigate Risk: ▪ Policies and Procedures ▪ Due Diligence ▪ Contracting: ▪ Negotiation ▪ Monitoring ▪ Breach Preparation and Response ROAD MAP

3  DATA  Control: ▪ Where is the data? ▪ What jurisdictional law(s) control(s)?  Privacy, Security and Segregation  Integrity  Ownership  Breach  Destruction  Back-up / Recovery: ▪ Whose responsibility?  NETWORK  Access: ▪ Internet down or facility offline ▪ Law enforcement investigation (i.e., Megaupload)  Continuity  Redundancy and Back-up  Security

4  REGULATORY COMPLIANCE  Financial Institutions: ▪ Gramm-Leach-Bliley Act (GLBA) ▪ Privacy Act and Regulation P ▪ Fair Credit Reporting Act (FCRA) ▪ Fair and Accurate Credit Transactions Act (FACTA) ▪ Bank Secrecy Act ▪ State Laws-FL St. Section 655.059  Healthcare (applies to Business Associates): ▪ HIPAA ▪ HiTECH Act  State Laws: ▪ Massachusetts – MA 201 CMR 17.00 ▪ California – various

5  OTHER RISKS:  Audits  Bankruptcy  Litigation: ▪ e-discovery  Loss of leverage  Non-Negotiable Contracts  Tax Implications

6  Policies and Procedures: ▪ Clear and Up-To-Date ▪ Contingency Plan(s)  Thorough Due Diligence  Detailed Contract ▪ Address “hidden” issues  Insurance: ▪ Request specific plan for storage and transmission of electronic data and information security (“Cyber Policy”)  Breach Preparation and Response

7  Research, adopt (adapt) and develop applicable policies and procedures  Appoint team and train:  IT, accounting, business, legal and PR  PRACTICE, PRACTICE, PRACTICE  Review and Update:  Learn from circumstances  Periodic audits  Contingency Plans:  Business Continuity Plan (BCP)  Disaster Recovery  “Exit Strategy”

8  KYV / KYP - Research and get to know your vendors (service providers)  Require applicable SSAE 16 SOC report  Gather internal/external team of knowledgeable professionals to conduct internal discussions to assess vulnerabilities, risks and needs (IT, accounting, business and legal)  Confirm qualifications  Ask questions of vendor until clearly understand  Run performance and security tests  Evaluate privacy and confidentiality concerns

9  Negotiate and Document “clear”:  Terms and Conditions  Notice and transition periods  Scope of services  Service levels (SLAs)  Flexibility to add services and service levels  Requirement of service provider to provide annual audit  Requirement of service provider to provide additional / updated audit if services added to engagement  Confidentiality  Privacy and Security  Encryption  Data breach notification protocol  Limitation on use of subcontractors  Clear and complete force majeure clauses  Representations and Warranties  Indemnification  Insurance requirements  Termination provisions  Remedy for breach

10  Monitor:  Relationship with service providers  Audits  Services provided  Service levels  Amendments:  When applicable, timely add clear description of additional services and service levels

11  Security Breach Notification protocols: ▪ 46 of 50 states ▪ Fl. St. Section 817.5681  Breach notification process: ▪ Gather Team ▪ Investigate ▪ Evaluate ▪ Decide ▪ Proceed ▪ Provide notice and/or document files ▪ Report to regulators as applicable

12  Failure to comply can lead to:  Marketing issues and loss or market share  Regulatory issues: ▪ Warning notices and sanctions ▪ SEC data breach disclosure requirements  Professional liability claims  Added compliance costs  Reduced shareholder value “DO NOT BE PENNY-WISE AND POUND FOOLISH.”

13  How to avoid a breach or failure to comply?  Implement, enhance and maintain a meaningful Vendor Management Program  Get knowledgeable counsel involved early

14 Kevin M. Levy, Esq. klevy@gunster.com GUNSTER – FLORIDA’S LAW FIRM FOR BUSINESS Banking & Financial Services Business Litigation Corporate Environmental & Land Use Immigration International Labor & Employment Leisure & Resorts Real Estate Private Wealth Services Probate, Trust & Guardianship Litigation Securities Tax Technology & Entrepreneurial Companies GUNSTER.COM | (305) 376-6094 FORT LAUDERDALE | JACKSONVILLE | MIAMI | OCEAN REEF | PALM BEACH | STUART | TALLAHASSEE | TAMPA | VERO BEACH | WEST PALM BEACH 4109726.1

Download ppt "THE CLOUD Risks and Benefits from the Business, Legal and Technology Perspective September 11, 2013 KEVIN M. LEVY, ESQ. GUNSTER YOAKLEY."

Similar presentations

Data Privacy and Security in the Cloud Presented by Robert J. Scott Managing Partner Scott & Scott, LLP www.ScottandScottllp.com.

Data Privacy and Security in the Cloud Presented by Robert J. Scott Managing Partner Scott & Scott, LLP
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.

Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.

Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.
Massachusetts privacy law and your business  Jonathan Gossels, President, SystemExperts Corporation  Moderator: Illena Armstrong  Actual Topic: Intersecting.

Massachusetts privacy law and your business  Jonathan Gossels, President, SystemExperts Corporation  Moderator: Illena Armstrong  Actual Topic: Intersecting.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
1 HIT Standards Committee Privacy and Security Workgroup: Recommendations Dixie Baker, SAIC Steven Findlay, Consumers Union August 20, 2009.

1 HIT Standards Committee Privacy and Security Workgroup: Recommendations Dixie Baker, SAIC Steven Findlay, Consumers Union August 20, 2009.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,

© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
EDiscovery and Records Management. Records Management- Historical Perspective- Paper Historically- Paper was the “Corporate Memory” – a physical entity.

EDiscovery and Records Management. Records Management- Historical Perspective- Paper Historically- Paper was the “Corporate Memory” – a physical entity.
1 © Copyright 2008 EMC Corporation. All rights reserved. Litigation Response Planning: eDiscovery Best Practices Stephen O’Leary Sr. eDiscovery and Compliance.

1 © Copyright 2008 EMC Corporation. All rights reserved. Litigation Response Planning: eDiscovery Best Practices Stephen O’Leary Sr. eDiscovery and Compliance.
Vendor Management Frequent regulatory findings:

Vendor Management Frequent regulatory findings:
© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.

© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.
Guidance for Managing Third-Party Risk Chicago Region Regulatory Conference Call December 8, 2010.

Guidance for Managing Third-Party Risk Chicago Region Regulatory Conference Call December 8, 2010.
Vendor Risk: Effective Management is Essential

Vendor Risk: Effective Management is Essential

Similar presentations

Ads by Google