Presentation is loading. Please wait.

Presentation is loading. Please wait.

In the Belly of the Breach: What Every In-House Counsel Needs to Know about Data Breach Response ACC International Legal Affairs Committee Legal Quick.

Published byDarren Preston Modified over 9 years ago

Similar presentations

Presentation on theme: "In the Belly of the Breach: What Every In-House Counsel Needs to Know about Data Breach Response ACC International Legal Affairs Committee Legal Quick."— Presentation transcript:

1 In the Belly of the Breach: What Every In-House Counsel Needs to Know about Data Breach Response ACC International Legal Affairs Committee Legal Quick Hit: May 8, 2014 Presented by: Colin Zick Foley Hoag LLP Gant Redmon General Counsel Co3 Systems, Inc.

2 “In the Belly of the Breach” | 2© 2014 Foley Hoag LLP. All Rights Reserved. Common Breach Scenarios Anatomy of a Common Type of Data Breach Legal Frameworks for Breach Response Preparing for and Responding to the Breach Incident Response and Investigation Breach Notification and Resolution Preparing for Related Litigation and Government Investigations Breach Insurance Getting Ahead of the Game: Industry Collaboration Key Issues We Will Address 2

3 “In the Belly of the Breach” | 3© 2014 Foley Hoag LLP. All Rights Reserved. Accidental Breaches Faithless Employee/Ex-Employee Hackers & Thieves / Organized Crime Competitive Espionage  Common Data Breach Scenarios 3

4 “In the Belly of the Breach” | 4© 2014 Foley Hoag LLP. All Rights Reserved. Anatomy of a Common Type of Data Breach 4

5 “In the Belly of the Breach” | 5© 2014 Foley Hoag LLP. All Rights Reserved.  Customer Privacy Laws  Federal and state identity theft laws and regulations -Requiring customer notice -Requiring information security programs  HIPAA / Medical information regulation  Gramm Leach Bliley / Financial information regulation  Regulations for specific industries (e.g., FCC CPNI Regulations)  Laws governing specific information (e.g., Social Security number statutes)  Negligence / Consumer protection laws  Authorized Use Statutes  Computer Fraud & Abuse Act (CFAA)  Electronic Communications Privacy Act (ECPA)  Stored Communications Act (SCA)  Surveillance / Information Security Law  Federal & State Wiretapping Statutes  Invasion of Privacy  Property Law  Larceny / Conversion  Trade Secrets  Copyright / Digital Millennium Copyright Act (DMCA) Legal Framework for Breach Response 5

6 “In the Belly of the Breach” | 6© 2014 Foley Hoag LLP. All Rights Reserved. Compliance / developing information security programs Incident response and investigation Breach notification and resolution Anticipate government investigations and possible litigation, as well as consumer litigation Press/public relations strategy Preparing for and Responding to a Breach 6

7 “In the Belly of the Breach” | 7© 2014 Foley Hoag LLP. All Rights Reserved. What is in-house counsel’s role in responding to a breach? Notice: To federal/state agencies; To those impacted by the breach as both a matter of state law and risk management Mitigation The role of notice and credit monitoring In post-breach public statements, what key points should be included to minimize litigation risk? To what extent can a company be liable for lost data? How much can a typical breach cost a company both in time, brand equity and internal distraction? What kind of insurance, if any, can a company use to offset costs? Does it really help cover the costs? The role of outside counsel Incident Response and Investigation 7

8 “In the Belly of the Breach” | 8© 2014 Foley Hoag LLP. All Rights Reserved. Quantify the Risk (But I Really Don’t Want to Disclose) 8

9 “In the Belly of the Breach” | 9© 2014 Foley Hoag LLP. All Rights Reserved.  Headline  Text Develop an Incident Response Plan 9

10 “In the Belly of the Breach” | 10© 2014 Foley Hoag LLP. All Rights Reserved.  Headline  Text Track the Plan 10

11 “In the Belly of the Breach” | 11© 2014 Foley Hoag LLP. All Rights Reserved. Still a developing area Limited history of evaluating risk, so premiums can vary widely Scope of coverage can vary widely Limits vary and can range from $25,000 to $25 million depending on the nature of the policy and business. What can be covered? –Crisis management services –Notification of breached parties –Credit/public records/fraud monitoring –Fraud remediation services Breach Insurance 11

12 “In the Belly of the Breach” | 12© 2014 Foley Hoag LLP. All Rights Reserved.  Questions 12

13 “In the Belly of the Breach” | 13© 2014 Foley Hoag LLP. All Rights Reserved.  Colin J. Zick, Esq. Foley Hoag LLP czick@foleyhoag.com (617) 832-1275 czick@foleyhoag.com  Gant Redmon, Esq. Vice President, Business Development, and General Counsel  Co3 Systems, Inc. gredmon@co3sys.com (617) 300-8136 gredmon@co3sys.com Contact Information 13

Download ppt "In the Belly of the Breach: What Every In-House Counsel Needs to Know about Data Breach Response ACC International Legal Affairs Committee Legal Quick."

Similar presentations

31511230/0403 © 2004 Business & Legal Reports, Inc. BLRs Training Presentations Privacy Issues in the Workplace.

/0403 © 2004 Business & Legal Reports, Inc. BLRs Training Presentations Privacy Issues in the Workplace.
Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.

© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.
© 2015 Sherman & Howard L.L.C. TO B OR NOT TO B YOD Emily Keimig, Esq. 303-299-8240

© 2015 Sherman & Howard L.L.C. TO B OR NOT TO B YOD Emily Keimig, Esq
This Webcast Will Begin Shortly If you have any technical problems with the Webcast or the streaming audio, please contact us via at:

This Webcast Will Begin Shortly If you have any technical problems with the Webcast or the streaming audio, please contact us via at:
January 21, 2015 P ROFESSIONAL L IABILITY A TTORNEY N ETWORK Cyber Security Threats, Trips, & Traps: Managing Risk and Protecting Data in the Cyber Age.

January 21, 2015 P ROFESSIONAL L IABILITY A TTORNEY N ETWORK Cyber Security Threats, Trips, & Traps: Managing Risk and Protecting Data in the Cyber Age.
Legal Compliance and Web 2.0 Applications Presented by: Jeffrey C. Neu, Esq.

Legal Compliance and Web 2.0 Applications Presented by: Jeffrey C. Neu, Esq.
Ethical Issues in Data Security Breach Cases www.ScottandScottllp.com Presented by Robert J. Scott Scott & Scott, LLP 800-596-6176.

Ethical Issues in Data Security Breach Cases Presented by Robert J. Scott Scott & Scott, LLP
Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202) 353-7848.

Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202)
1 © 2008 Venable LLP Top 5 Technology Legal Traps for Associations Venable LLP August 24, 2010 10:45 AM – 12:00 PM ASAE Annual Meeting Los Angeles, CA.

1 © 2008 Venable LLP Top 5 Technology Legal Traps for Associations Venable LLP August 24, :45 AM – 12:00 PM ASAE Annual Meeting Los Angeles, CA.
E-Commerce: Legal and Practical Issues Legal Issues: Security – December 2, 2005 Stephen M. Foxman Philadelphia.

E-Commerce: Legal and Practical Issues Legal Issues: Security – December 2, 2005 Stephen M. Foxman Philadelphia.
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.

Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.
BROTHERS, HAWN & COUGHLIN, LLP 4-STEP PROGRAM TO HIPAA COMPLIANCE.

BROTHERS, HAWN & COUGHLIN, LLP 4-STEP PROGRAM TO HIPAA COMPLIANCE.
October 2013. The Insider Financial Crime and Identity Theft Hacktivists Piracy Cyber Espionage and Sabotage.

October The Insider Financial Crime and Identity Theft Hacktivists Piracy Cyber Espionage and Sabotage.
Investigating & Preserving Evidence in Data Security Incidents www.ScottandScottllp.com Robert J. Scott Scott & Scott, LLP 214-999-2902.

Investigating & Preserving Evidence in Data Security Incidents Robert J. Scott Scott & Scott, LLP
Overview of Cybercrime

Overview of Cybercrime
Electronic Records Management: What Management Needs to Know May 2009.

Electronic Records Management: What Management Needs to Know May 2009.
Track II: Introduction and Overview of Financial Services and Information Technology Privacy Policy: Synthesizing Financial Services Industry Privacy David.

Track II: Introduction and Overview of Financial Services and Information Technology Privacy Policy: Synthesizing Financial Services Industry Privacy David.
WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, 2013 11:30 am – 12:30 pm.

WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.

Similar presentations

Ads by Google