Responding to a Data Breach 360° of IT Compliance

Slides:



Advertisements
Similar presentations
Public Records Office Indiana Access to Public Records Act and Responding to Subpoenas Employee Training.
Advertisements

Red Flag Rules: What they are? & What you need to do
HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Helping you protect your customers against fraud Division of Finance and Corporate Securities.
© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.
PRIVACY BREACHES A “breach of the security of the system”: –Is the “unauthorized acquisition of computerized data that compromises the security, confidentiality,
RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.
Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.
The Public Records Act: It Affects You More Than You Think Tina Dadio, University Public Records Officer/Paralegal David E. Broome, Jr., Vice Chancellor.
Data Classification & Privacy Inventory Workshop
HR AUDITS By Robin Bullock PHR Conducting a Successful Audit.
Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law.
LAW SEMINARS INTERNATIONAL CLOUD COMPUTING: LAW, RISKS AND OPPORTUNITIES Developing Effective Strategies for Compliance With the HITECH Act and HIPAA’s.
Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP
Arkansas State Law Which Governs Sensitive Information…… Part 3B
Florida Information Protection Act of 2014 (FIPA).
IDENTITY THEFT. RHONDA L. ANDERSON, RHIA, PRESIDENT ANDERSON HEALTH INFORMATION SYSTEMS, INC.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
FIRMA April 2010 DATA BREACHES & PRIVACY Christine M. Farquhar Managing Director, Compliance J.P. Morgan U.S. Private Banking.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Top 10 Series Changes to HIPAA Devon Bernard AOPA Reimbursement Services Coordinator.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.
Data Security in the Cloud and Data Breaches: Lawyer’s Perspective Dino Tsibouris Mehmet Munur
Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.
CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)
The Privacy Symposium: Transferring Risk of a Privacy Event Paul Paray & Scott Ernst August 20, 2008.
The Health Insurance Portability and Accountability Act (HIPAA) requires Plumas County to train all employees in covered departments about the County’s.
Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.
Canada’s Breach Reporting Law What you need to know Timothy M. Banks, CIPP/C Dentons Canada LLP July 21, 2015.
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
Nassau Association of School Technologists
DOL Employee Benefit Plan Audits & How to Prepare
Enforcement, Business Associates and Breach Notification. Oh my!
Leveraging the Data Map – A Case Study November 15, 2016
Data Minimization Framework
Protection of CONSUMER information
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
Florida Information Protection Act of 2014 (FIPA)
PENNSYLVANIA BAR ASSOCIATION PROFESSIONAL LIABILITY COMMITTEE
E&O Risk Management: Meeting the Challenge of Change
Florida Information Protection Act of 2014 (FIPA)
Notifiable data breaches Roundtable
Running an external review of a Queensland government RTI decision
Privacy & Access to Information
Cyber Issues Facing Medical Practice Managers
Red Flags Rule An Introduction County College of Morris
Alabama Data Breach Notification Act: What 911 Districts Need to Know
Disability Services Agencies Briefing On HIPAA
DATA BREACHES & PRIVACY Christine M
Current Privacy Issues That May Affect Your Credit Union
Identity Theft Prevention Program Training
IMPLICATIONS OF GDPR ROBERT BELL.
Risk Management: why and how to protect your health center
HIPAA Privacy and Security Summit 2018 HIPAA Privacy Rule: Compliance Plans, Training, Internal Audits and Patient Rights Widener University Delaware.
Clemson University Red Flags Rule Training
Mandatory Breach Reporting (isn’t *that* bad)
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
National HIPAA Audioconferences
Cyber Security: What the Head & Board Need to Know
Upcoming PIPEDA Changes
Colorado “Protections For Consumer Data Privacy” Law
PERSONALLY IDENTIFIABLE INFORMATION: AUDIT CONSIDERATIONS
Anatomy of a Common Cyber Attack
Presentation transcript:

Responding to a Data Breach 360° of IT Compliance Michael Bosse, Shareholder Litigation Practice Group Data Security & Privacy Team November 5, 2015

In the Event of a Data Breach Key actions in event of breach: Prompt action key – many statutes provide specific timing Appropriate team of responders Clear and concise action plan Assess data breach notification statutes (may need to comply with more than one state statute) Technical assessment – what really happened

Assemble Appropriate Team Contact departments/service providers relevant to breach mitigation Privacy Department/Privacy Officer Records Department Legal IT HR Public Relations/Marketing Outside Experts (e.g., outside PR, legal, security experts)

Post-Breach Investigation Paper or electronic records? What are the specifics of the “breach event” Type of information protected by breach statutes: Name plus SSN Drivers license number or state ID number Account number + security code, password Medical information Health insurance information or Any other information leading to potential personal or financial harm

Legal Review: Likelihood of Misuse and Required Notices Legal assessment – likelihood of misuse/harm Insurance review and Notice of Claim Notice to affected parties Method, timing, other Law Enforcement Requirements: Many states have number thresholds that trigger certain notice requirements Specific Content re: type of breach, etc. – statutes vary Notice to administrative or regulatory agencies

Notices & Other Response Actions Document all steps taken and maintain copies of reports, notices, etc. Notice to insurance carrier? Evaluate your security program, insurance, service provider contracts, training, technology, etc. and take reasonable steps to strengthen, improve and/or protect against further breaches PR and follow-up considerations, e.g. provide credit mentoring or other accommodations?

Communications to Affected Individuals Notification letters to include phone numbers for contacts Train employees on how to respond to inquiries Use of service providers (e.g., call center)? Information to be included in notices – each state differs slightly (e.g. some require description at breach event and others prohibit such descriptions)

Records Retention Thorough documentation of: Event Investigation Response Consider Retention Period for Documentation of Breach Statute of limitations? Regulatory? Review and refine data security plan, training and breach response action plan

Questions & Answers

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.