Presentation is loading. Please wait.

Presentation is loading. Please wait.

HOW TO AVOID COMMON DATA BREACH PITFALLS IAPP Privacy Academy 2014.

Similar presentations


Presentation on theme: "HOW TO AVOID COMMON DATA BREACH PITFALLS IAPP Privacy Academy 2014."— Presentation transcript:

1 HOW TO AVOID COMMON DATA BREACH PITFALLS IAPP Privacy Academy 2014

2 © Goodwin Procter LLP 2 COSTS OF A DATA BREACH IN 2014 Source: 2014 Cost of Data Breach Study: Global Analysis, Sponsored by IBM, Conducted by Ponemon Institute LLC 15% Annual increase in the average cost of a data breach around the world U.S. average cost of a data breach $5.9 M Average cost paid for each exposed record $201

3 © Goodwin Procter LLP 3 $417,700 Average Detection & Escalation Costs $510,000 Average Notification Costs Average Cost of Lost Business $3.2 M Average Post Breach Costs $1.6 M COSTS OF A DATA BREACH Source: 2014 Cost of Data Breach Study: Global Analysis, Sponsored by IBM, Conducted by Ponemon Institute LLC

4 © Goodwin Procter LLP 4 42% 29% 30% ROOT CAUSES OF A DATA BREACH Source: 2014 Cost of Data Breach Study: Global Analysis, Sponsored by IBM, Conducted by Ponemon Institute LLC

5 © Goodwin Procter LLP 5 $246 $171 $160 PER CAPITA COST FOR EACH ROOT CAUSE Malicious or criminal attack System glitch Human error Source: 2014 Cost of Data Breach Study: Global Analysis, Sponsored by IBM, Conducted by Ponemon Institute LLC

6 © Goodwin Procter LLP 1.Inventory data – what, where, how is it used & shared, sensitivity 2.Analyze vendor agreements 3.Review privacy policies and disclosures for robustness, consistency with actual practices, and legality 6 BEFORE A BREACH

7 © Goodwin Procter LLP 4.Develop Incident Response Plan 5.Build an effective incident response team led by legal counsel 7 BEFORE A BREACH Incident Response Team Client & Media Relations In-House Counsel In-House IT Business Unit Human Resources Outside Forensics Experts CPO, CSO Compliance Outside Counsel

8 © Goodwin Procter LLP 8 6.Train employees on privacy and data security responsibilities and incident response 7.Set a tone from the top that privacy and data security are core company values 8.Conduct periodic privacy reviews and risk assessments BEFORE A BREACH

9 © Goodwin Procter LLP 9 Activate incident response plan WHEN THE BREACH HITS Contain the breach SECURITY THREAT

10 © Goodwin Procter LLP 10 1. Follow the legal team’s lead 2. Employ a third party forensic team to investigate 3. Protect the integrity of the data and systems 4. Document response and containment actions 5. Protect the privilege BREACH INVESTIGATION

11 © Goodwin Procter LLP 11 Develop an Effective Communications Plan BREACH RESPONSE Critical Audiences & Messaging Press & Media Impacted Parties Law Enforcement Internal Teams Key Partners & Customers Regulators Board of Directors Audit Committee

12 © Goodwin Procter LLP 12 Notification: To Whom? Analyze client and vendor agreements Analyze statutory notification obligations How Soon? The Timing Paradox More careful analysis takes time More careful analysis increases certainty More careful analysis reduces cost BREACH RESPONSE

13 © Goodwin Procter LLP 1.Conduct post-breach review 2.Implement lessons learned 13 AFTER THE BREACH Goodwin Procter LLP

14 © Goodwin Procter LLP Brenda R. Sharton Celeste A. Lipworth Partner Vice President, Global Compliance Officer Chair, Business Litigation Ryder System, Inc. Co-chair, Privacy & Data Security (305) 500-3988 Goodwin Procter LLPclipwort@ryder.com (617) 570-1214 bsharton@goodwinprocter.com 14 Questions?


Download ppt "HOW TO AVOID COMMON DATA BREACH PITFALLS IAPP Privacy Academy 2014."

Similar presentations


Ads by Google