Legal Counsel to the Financial Services Industry PRIVACY AND DATA SECURITY: UNDERSTANDING THE LEGAL FRAMEWORK November 19, 2010 Presented by: Donna L.

Slides:

Advertisements

Similar presentations

Data Privacy and Security in the Cloud Presented by Robert J. Scott Managing Partner Scott & Scott, LLP

Advertisements

UNDERSTANDING RED FLAG REGULATIONS AND ENSURING COMPLIANCE University of Washington Red Flag Rules Protecting Against Identity Fraud.

©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.

Regulatory Issues in Campus Computing Privacy and Security in a Digital World Presented by David Gleason, Esq. University Counsel University of Maryland,

The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.

© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.

© 2015 Sherman & Howard L.L.C. TO B OR NOT TO B YOD Emily Keimig, Esq

Data Breach Risks Overview Heather Pixton www2.idexpertscorp.com

Security Professionals Workshop: Legal Issues in Computer and Network Security Peter C. Cassat.

Legal Issues: Legal & Regulatory Environment of Business Class 29 Thursday 12/6/11.

“This workforce solution was funded by a grant awarded under Workforce Innovation in Regional Economic Development (WIRED) as implemented by the U.S. Department.

Recent Trends and Insurance Considerations March 2015

Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.

Security Controls – What Works

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Privacy Chris Kelly iLaw July 5, 2002.

1 Introduction to Software Engineering Lecture 39 – Software Development.

SOX & ISO Protect your data and be ready to be audited!!!

Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

In the Belly of the Breach: What Every In-House Counsel Needs to Know about Data Breach Response ACC International Legal Affairs Committee Legal Quick.

Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.

Finance and Governance Workshop Data Protection and Information Management 10 June 2014.

ICPHSO: U.S. and Canadian Product Liability and Safety Regulatory Risks Kenneth Ross Bowman and Brooke LLP October 27, 2009.

FTC RED FLAG RULE As many as nine million Americans have their identities stolen each year. Identity thieves may drain their accounts, damage their credit,

AUGUST 25, 2015 Cyber Insurance:

Conducting Cross-Border International Internal Investigations Association of Corporate Counsel International Legal Affairs Committee Jeffrey D. Clark Willkie.

Exploring Business © 2009 FlatWorld Knowledge 16-1 The Legal and Regulatory Environment of Business.

The Unauthorized Practice of Law Balancing Need to Protect the Public and the Need for Low Income Legal Services.

Dino Tsibouris (614) Vendor Contracts: What You Need and What You May Be Missing.

Pipeline Safety New Orleans Nov. 18, 2011 Getting to Zero.

New Identity Theft Rules Rodney J. Petersen, J.D. Government Relations Officer Security Task Force Coordinator EDUCAUSE.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Federal Trade Commission U.S. Rules on Privacy and Data Security Organization for International Investment General Counsel Conference October 16, 2009.

FIRMA April 2010 DATA BREACHES & PRIVACY Christine M. Farquhar Managing Director, Compliance J.P. Morgan U.S. Private Banking.

Recent Privacy Developments ISACA January 12, 2012 Keith A. Cheresko and Robert L. Rothman Principals, Privacy Associates International LLC.

Roundtable: Best Practice for Cloud Sourcing Daniel Shap, Managing Counsel CIBC Dr Sam De Silva, Partner, Penningtons Manches LLP.

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

Winning Contract Disputes Mark P. Henriques Vivian Coates November 12, 2015.

Implications of Privacy Risks in IT and Operations Virginie Hupé Strategist, Trustworthy Computing Microsoft Corporation.

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Legal Jeopardy: Whose Risk Is It?. SPEAKERS Jason Straight Chief Privacy Officer and Senior Vice President Cyber Risk Solutions at UnitedLex Patrick Manzo.

Title of Presentation Technology and the Attorney-Client Relationship: Risks and Opportunities Jay Glunt, Ogletree DeakinsJohn Unice, Covestro LLC Jennifer.

Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.

Protecting your Managed Services Practice: Are you at Risk?

APEC Engineers Workshop Legal Considerations - Central Register Sept 2015 Angela Frawley, General Counsel.

Data Security in the Cloud and Data Breaches: Lawyer’s Perspective Dino Tsibouris Mehmet Munur

Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.

Published by Flat World Knowledge, Inc. © 2014 by Flat World Knowledge, Inc. All rights reserved. Your use of this work is subject to the License Agreement.

CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)

Trinity Industries, Inc. FEI Presentation May 31, 2012.

Hot Topics in Technology Transactions Presented by: Robert J. Scott

Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.

How can your Captive help you manage Cyber risks?.

Cyber Liability Insurance for an unsecure world

Responding to a Data Breach 360° of IT Compliance

LEGAL & ETHICAL ISSUES InsurTech & Health Insurance Providers

Chapter 3: IRS and FTC Data Security Rules

Compliance 2017 Fall general meeting, 2016

Red Flags Rule An Introduction County College of Morris

Consumer Privacy An Introduction

Cyber Trends and Market Update

The State of Cybersecurity and

Cybersecurity compliance for attorneys

WARNING: Privacy and Data Breach

Information Security Law Update

Getting the Green Light on the Red Flags Rule

Presentation transcript:

Legal Counsel to the Financial Services Industry PRIVACY AND DATA SECURITY: UNDERSTANDING THE LEGAL FRAMEWORK November 19, 2010 Presented by: Donna L. Wilson Partner BuckleySandler LLP Los Angeles, CA (424)

22  Evolution from crisis management approach to risk management approach  Risks are constantly changing  Were primarily third-party breach and technology issues  Now "voluntary breach" and marketing/business issues  Some risks were largely never realized (huge class action recoveries) while others were largely unforeseen (e.g., cloud computing) WHERE WE WERE, WHERE WE ARE, AND WHERE ARE WE GOING?

33 LITIGATION TRENDS, DEVELOPMENTS AND RISKS Good News / Bad News  Good News: -The good news: financial institutions are using physical security safeguards, and technologies to identify or prevent unauthorized transfer of information, and have taken steps to secure Social Security numbers. (Privacy & Data Protection Practices: A Benchmark Study of the Financial Services Industry (Mar. 2010)).

44 LITIGATION TRENDS, DEVELOPMENTS AND RISKS (CONT.) Good News / Bad News  Bad News: - Less than half of the institutions surveyed (i) review new software applications and databases for legal compliance and privacy considerations before implementing; or (ii) use intrusion detection systems and data loss prevention technology. - More than 83% use real customer or employee information in development and testing, and 88% continue to use Social Security numbers as primary identifiers. - Most significantly, half believe that they have insufficient resources to manage privacy/data security risks. (Id.)

55 AN INTRODUCTION TO KEY STATUTES  Federal (e.g., FCRA/FACTA, GLB, Dodd-Frank, FTC Act)  State (e.g., Song-Beverly Act, data breach notification statutes, PCI standard setting)

66 THE PLAINTIFF'S BAR AND CLASS ACTIONS  Bars to common law recoveries  But is the tide changing? (Gap v. Ruiz, Hannaford Brothers)

77 - Given the limited availability of common law damages (and thus relative disinterest of the plaintiff’s bar), regulators have, and will continue to take a lead role - Privacy issues fall within the scope of numerous regulators (e.g., FTC, SEC, CFPB) - Interaction of those regulators on and across both state and federal levels THE ROLE OF FEDERAL AND STATE REGULATORS

88  A plaintiff lawyer’s dream come true? -- All eyes on Hannford Bros. Co. Customer Data Security Breach Litigation, (MDL-1954 D. Maine): – Do time and effort alone, spent in a reasonable effort to avert reasonably foreseeable harm, constitute a cognizable injury under Maine common law? – If so, plaintiffs may have both a negligence and implied contract claim. 2010: A REFLECTION OF THINGS TO COME

99  Facebook, Google, And Netflix Cases: – Much-publicized collisions between creative marketing and product/service development and privacy/data security considerations. – Focus of attention by the media, class action lawyers, industry, privacy watchdogs, and regulators.  Cloud Computing: A Game Changer? – Benefits versus risks – cost savings and efficiencies on the one hand, but loss of direct control of information. – Already appearing as an issue/factor in privacy-related litigation. 2010: A REFLECTION OF THINGS TO COME (CONT.)

10  More traps for the unwary: state privacy and data breach legislation and regulation in 2010: – Data breach notification – PCI standards – Third-party service provider issues  Dodd-Frank taking it to the next level 2010: A REFLECTION OF THINGS TO COME (CONT.)

11  Always remember: Privacy risk = data collection, data use, and data security.  Change your focus and risk management to address the evolving nature of privacy/data security risks: Don’t simply plan for fighting the last battle: – Consumer liability/defense costs versus brand/reputation damage versus data breach notification costs versus third-party business-to-business litigation  Don’t overlook contractual protections potentially available to mitigate these risks: – Indemnification – Insurance NOW WHAT?