© 2011 Foley Hoag LLP. All Rights Reserved. 1 What Law Applies In “the Cloud”? And how far into the Cloud does Massachusetts law extend? A CloudCamp Boston.

Slides:

Advertisements

Similar presentations

Data Protection Law In India iPleaders and Intelligent Legal Risk management LLP.

Advertisements

MN PRIMA: 2014 Data Practices Presentation Stacie Christensen, Director Information Policy Analysis Division, Admin.

Springfield Technical Community College Security Awareness Training.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.

1 SAFEGUARDING REGULATIONS AND HOW THEY EFFECT US MICHIGAN ASSOCIATION FOR STUDENT FINANACIAL SERVICE ADMINISTRATORS BY: KAREN REDDICK NATIONAL CREDIT.

© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.

The New Rules of F&I with Peter Jones The New Rules of F&I What are the Rules? Red Flag Rule Graham / Leach / Bliley Act Privacy Notice Safeguard Rule.

PRIVACY BREACHES A “breach of the security of the system”: –Is the “unauthorized acquisition of computerized data that compromises the security, confidentiality,

Computers, Freedom and Privacy April 23, 2004 Identity Theft: Addressing the Problem in California Joanne McNabb, Chief CA Office of Privacy Protection.

Identity Theft & Data Security Concerns Are You Meeting Your Obligations to Protect Customer Information? Finance & Administration Roundtable February.

This Webcast Will Begin Shortly If you have any technical problems with the Webcast or the streaming audio, please contact us via at:

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.

Cyber Crime Game Players By Marharyta Abreu & Iwona Sornat.

REGULATIONS Dr. Andy Wu BCIS 4630 Fundamentals of IT Security.

An Act Relative to Security Freezes and Notification of Data Breaches Chapter 82 of the Acts of 2007 Massachusetts Digital Government Summit Securing Private.

Data Classification & Privacy Inventory Workshop

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Data Security At Cornell Steve Schuster. Questions I’d like to Answer ► Why do we care about data security? ► What are our biggest challenges at Cornell?

Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.

In the Belly of the Breach: What Every In-House Counsel Needs to Know about Data Breach Response ACC International Legal Affairs Committee Legal Quick.

April 23, Massachusetts’ New Data Security Regulations: Ten Steps To Compliance Amy Crafts

Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.

Milada R. Goturi Tonya M. Oliver Thompson Coburn LLP 1.

Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.

Electronic Records Management: What Management Needs to Know May 2009.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

© 2008 Foley Hoag LLP. All Rights Reserved. 1 The New Massachusetts Pharmaceutical & Medical Device Marketing Regulations How to Address and Overcome Likely.

Enterprise data (decentralized control, data security and privacy) Incident Response: State and Federal Law Rodney Petersen Security Task Force Coordinator.

Dealing with Business Associates Business Associates Business Associates are persons or organizations that on behalf of a covered entity: –Perform any.

Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP

© 2009 Foley Hoag LLP. All Rights Reserved.Presentation Title Final Massachusetts Pharmaceutical and Medical Device Regulations Penalties and Enforcement.

Florida Information Protection Act of 2014 (FIPA).

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

New Identity Theft Rules Rodney J. Petersen, J.D. Government Relations Officer Security Task Force Coordinator EDUCAUSE.

SPH Information Security Update September 10, 2010.

The right item, right place, right time. DLA Privacy Act Code of Fair Information Principles.

Addressing Unauthorized Release of Personal Information at UC Davis August 12, 2003.

© Copyright 2010 Hemenway & Barnes LLP H&B

© 2015 Foley Hoag LLP. All Rights Reserved. Navigating Cyber Security Incident Response: The Legal and Regulatory Landscape November 13, 2015 Colin J.

HOW TO RESPOND TO A DATA BREACH: IT’S NOT JUST ABOUT HIPAA ANYMORE The Thirteenth National HIPAA Summit  September 26, 2006 Renee H. Martin, JD, RN, MSN.

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Data Security and Privacy Overview and Update Peter Moldave October 28, 2015.

Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.

Chapter 4: Laws, Regulations, and Compliance

Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.

Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.

CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)

DON Code of Privacy Act Fair Information Principles DON has devised a list of principles to be applied when handling Protected Personal Information (PPI).

Data Security Survival Skills for 21 st Century Evaluators Teresa Doksum & Sean Owen October 17, 2013.

Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.

JOHN M. HUFF NAIC PRESIDENT DIRECTOR, MISSOURI DEPARTMENT OF INSURANCE JUNE 16, 2016 NAIC CYBERSECURITY INITIATIVES.

Protecting PHI & PII 12/30/2017 6:45 AM

Florida Information Protection Act of 2014 (FIPA)

2016 Cybersecurity Law If any one of these describes your company

Responding to a Data Breach 360° of IT Compliance

PENNSYLVANIA BAR ASSOCIATION PROFESSIONAL LIABILITY COMMITTEE

Florida Information Protection Act of 2014 (FIPA)

Preparing for a Security Incident Response: Are You Compromise Ready?

Red Flags Rule An Introduction County College of Morris

Alabama Data Breach Notification Act: What 911 Districts Need to Know

Employee Privacy and Privacy of Employee Information

Identity Theft Prevention Program Training

NCHER 2018 Fall Legal Meeting October 5, 2018

National HIPAA Audioconferences

Cyber Security: What the Head & Board Need to Know

Texas Assisted Living Association 2019 Conference

Colorado “Protections For Consumer Data Privacy” Law

PERSONALLY IDENTIFIABLE INFORMATION: AUDIT CONSIDERATIONS

Presentation transcript:

© 2011 Foley Hoag LLP. All Rights Reserved. 1 What Law Applies In “the Cloud”? And how far into the Cloud does Massachusetts law extend? A CloudCamp Boston Unconference Presentation June 29, 2011 Colin J. Zick Foley Hoag LLP (617)

© 2008 Foley Hoag LLP. All Rights Reserved.Presentation Title | 2© 2011 Foley Hoag LLP. All Rights Reserved. 2 A Basic Template for Federal and State Data Security and Privacy Laws  Define the type of “non-public personal information” (“NPI”) that is being regulated  Provide that NPI must be protected from disclosure to unauthorized holders unless “anonymized” or “aggregated”  Requires the development, implementation, maintenance and monitoring of comprehensive, written information security programs: –Collect only needed information –Retain only as long as necessary –Provide access only to those with a legitimate business purpose –Implement specific administrative, physical and electronic security measures to ensure protection  Require prompt notice to individuals whose NPI is compromised  Provides for the imposition of penalties for breaches by NPI custodians  Requires the disposal of personal information in such a way that it cannot be read or reconstructed after disposal

© 2008 Foley Hoag LLP. All Rights Reserved.Presentation Title | 3© 2011 Foley Hoag LLP. All Rights Reserved. 3 For example, the Massachusetts Data Security Law  Most recent law in the area of data privacy and security – Mass. Gen. L. ch. 93H.  Enacted after the TJX data breach was made public.  Intended to protect Massachusetts residents from identity theft.  Applies to any business entity that owns, licenses, maintains or stores the “personal information” of a Massachusetts resident, wherever that data is.

© 2008 Foley Hoag LLP. All Rights Reserved.Presentation Title | 4© 2011 Foley Hoag LLP. All Rights Reserved. 4 What is “Personal Information” under the Massachusetts law? “Personal Information” is:  A person’s first name and last name (or first initial and last name) PLUS any one of the following: – Social Security number – Driver’s license number (or other state issued ID card number) – A financial account number, or credit or debit card number, with or without any required security code, access code or PIN that would allow account access

© 2008 Foley Hoag LLP. All Rights Reserved.Presentation Title | 5© 2011 Foley Hoag LLP. All Rights Reserved. 5 Preparing for and Responding to a Breach  Compliance / developing information security programs  Incident response and investigation  Breach notification and resolution  Litigation  Government Investigation

© 2008 Foley Hoag LLP. All Rights Reserved.Presentation Title | 6© 2011 Foley Hoag LLP. All Rights Reserved. 6 Things to look for in 2011:  Increased federal regulation in array of “hot” areas: –Cybersecurity Malicious code directed at military and manufacturing targets Cyber-criminal incursions focused on theft of intellectual property and other “industrial espionage” –Comprehensive breach notice –File-sharing risk control –Subjecting the SEC to Dodd-Frank Wall Street reform style FOIA obligations; amending SEC filings to require cyber-breach/cyber-risk disclosures  Battle within government to see who regulates the area  Increased government focus on national security aspects of security and privacy  Increased corporate focus on internal cyber security programs  More security breaches

© 2008 Foley Hoag LLP. All Rights Reserved.Presentation Title | 7© 2011 Foley Hoag LLP. All Rights Reserved. 7 RESOURSES  FTC:  Department of Commerce:  Advanced Cyber Security Center:  Our blog: