Presentation is loading. Please wait.

Presentation is loading. Please wait.

Financial Times 2012-2015 Matheson is ranked in the FT’s top 10 European law firms 2015. Matheson has also been commended by the FT for corporate law,

Published byBarrie Daniel Modified over 8 years ago

Similar presentations

Presentation on theme: "Financial Times 2012-2015 Matheson is ranked in the FT’s top 10 European law firms 2015. Matheson has also been commended by the FT for corporate law,"— Presentation transcript:

1 Financial Times 2012-2015 Matheson is ranked in the FT’s top 10 European law firms 2015. Matheson has also been commended by the FT for corporate law, finance law, dispute resolution and corporate strategy. Irish Transfer Pricing Firm of the Year 2015 International Tax Review European Law Firm of the Year 2015 Hedge Fund Journal Law Firm of the Year 2014 Irish Pensions Awards Cybercrime and Cyber Risks: Regulatory and Legislative Requirements for Credit Unions Anne-Marie Bohan, Partner 26 January 2016

2 Cybersecurity Threats  Criminal activity:  “traditional” crime eg, theft, fraud  electronic crime eg, phishing, malware  foreign government activity / espionage  Internal risks:  deliberate acts  inadvertent breaches 2

3 Cybersecurity Incidents  National Lottery DDOS – 20 January 2016  Loyaltybuild – SuperValue and Axa  Ashley Madison  Sony 3

4 Cybersecurity Incidents  Car / bag theft  Unsecured servers  Employees leaving  Personal email  Misdirected correspondence 4

5 Cybersecurity – Some Statistics  Irish Computer Society National Survey  55% suffered 1 or more breaches in last 12 months  82% caused by staff mistake or negligence  45% biggest fear is staff negligence  16% biggest fear is malicious staff  34% have fully implemented policies  37% not confident staff know procedures  58% unaware of sanctions or think there are none 5

6 Cybersecurity – Direct Damage  Damage to property / earnings  Damage to reputation / trust  Damage to customers 6

7 Cybersecurity – Consequential Claims  Contractual breach  Common law and equity  Legislative breach  Regulatory breach  Damages / administrative sanctions 7

8 Data Protection Acts 1988 and 2003  Appropriate security measures  No mandated standard  May consider state and costs of technological developments  Must ensure level appropriate of nature of data and harm that might result  “Sensitive” data 8

9 Data Protection Acts 1988 and 2003  Breaches  Limited number of offences  Breach of DPC notice is an offence  €3,000 (summary)  €100,000 (on indictment)  Director and officer liability  Duty of care owed to data subjects  Adverse publicity

10 Data Protection Acts 1988 and 2003  Statutory duty of care  Claims for damages  UK - Google -v- Vidal-Hall  Ireland - Collins -v- FBD  Implications of General Data Protection Regulation 10

11 Data Protection Acts 1988 and 2003 – DPC Guidance  Data put at risk  Inform data subjects  Consider whether to inform Gardaí and / or Central Bank  Processor must inform controller  Report to DPC within 2 days unless  data subjects informed and  less than 100 affected and  no sensitive data or financial data  Record keeping requirements  Risk analysis 11

12 Cybersecurity – Financial Services  Increasing regulatory focus globally  Central Bank of Ireland  Recommendations / guidance  Self- assessment questionnaire  Outsourcing  Transfers outside EEA 12

13 Cybersecurity – Internal Measures  Policies and procedures:  Internal and external threats  Minimisation / mitigation  Usage policies  Security policies eg, remote access  Confidentiality policies 13

14 Cybersecurity – Internal Measures  Incident response plan  Internal escalation procedures  Reporting obligations:  Central Bank of Ireland  Breach code of conduct  Data Protection Commissioner  Data subjects 14

15 Cybersecurity – Internal Measures  Personal awareness and training  Terms of employment  Disciplinary actions 15

16 General Data Protection Regulation  Directly effective  Expected effective date - early 2018  Data protection “by design and by default”  Security principle restated  Demonstrable  Risk based  Processing Provisions 16

17 General Data Protection Regulation  Mandatory notification of breaches  24 / 72 hours  Justification if not met  Processor obligations  Notification to DPC to include description of  breach  data affected  consequences  measures  mitigation 17

18 General Data Protection Regulation  Breach notifications to data subjects  Where likely to adversely affect / high risk  Without undue delay  Nature of breach  Equivalent information to that given to DPC  Encryption – abrogates obligation 18

19 General Data Protection Regulations  Administrative sanctions  Effective, proportionate and dissuasive  Factors to be considered  Up to 4% global turnover 19

20 Cybersecurity – Protective Measures  Technological measures and solutions  Managerial / operational procedures  Legal considerations  Board level issue 20

21 Contact Anne-Marie Bohan Matheson 70 Sir John Rogerson's Quay Dublin 2 T: +353 1 232 2212 F: +353 1 232 3333 E: anne-marie.bohan@matheson.com W: www.matheson.com 333698663v1

Download ppt "Financial Times 2012-2015 Matheson is ranked in the FT’s top 10 European law firms 2015. Matheson has also been commended by the FT for corporate law,"

Similar presentations

Data Security Breach Code of Practice. Data Security Concerns Exponential growth in personal data holdings Increased outsourcing 3 rd countries cloud.

Data Security Breach Code of Practice. Data Security Concerns Exponential growth in personal data holdings Increased outsourcing 3 rd countries cloud.
The Compliance & Risk Functions In Credit Unions What Supervisors need to know? Michael Mullen ILCU Learning Advisor.

The Compliance & Risk Functions In Credit Unions What Supervisors need to know? Michael Mullen ILCU Learning Advisor.
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
K eep I t C onfidential Prepared by: Security Architecture Collaboration Team.

K eep I t C onfidential Prepared by: Security Architecture Collaboration Team.
20 th March 2013 – Association of Irish Risk Management Mitigating Risk through effective Grievance & Disciplinary Procedures Gillian Knight, FCIPD, MSc.

20 th March 2013 – Association of Irish Risk Management Mitigating Risk through effective Grievance & Disciplinary Procedures Gillian Knight, FCIPD, MSc.
Corporate Governance Reform Professor Blanaid Clarke Trinity College Dublin Law Reform Commission Annual Conference 11th December 2012.

Corporate Governance Reform Professor Blanaid Clarke Trinity College Dublin Law Reform Commission Annual Conference 11th December 2012.
Data Protection Information Management / Jody McKenzie.

Data Protection Information Management / Jody McKenzie.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
Transparency in Public Administration – FOI and EIR

Transparency in Public Administration – FOI and EIR
Chapter 2 Modern Private Security

Chapter 2 Modern Private Security
Discussion Forum Bridge Consulting 9 November 2012.

Discussion Forum Bridge Consulting 9 November 2012.
Safe Working Practices - Contents

Safe Working Practices - Contents
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
General Awareness Training

General Awareness Training
Data Protection in Financial Services Are you Seeing the Bigger Picture? 17 September 2008.

Data Protection in Financial Services Are you Seeing the Bigger Picture? 17 September 2008.
WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, 2013 11:30 am – 12:30 pm.

WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.
Finance and Governance Workshop Data Protection and Information Management 10 June 2014.

Finance and Governance Workshop Data Protection and Information Management 10 June 2014.
Presentation to Senior Management 2007. MiFID for Senior Managers Introduction These slides introduce the big changes for senior management from MiFID.

Presentation to Senior Management MiFID for Senior Managers Introduction These slides introduce the big changes for senior management from MiFID.

Similar presentations

Ads by Google