1. Page 1 Keep Your Company Out of the Media Workshop Rachel Verdugo March 23, 2011 Reno, Nevada Protect and Control Your Data

2. Page 2 10 Infamous Companies’ Businessmen of the Decade Businessmen Who Splattered Their Company in the News and Responsible for Over $300 Billion Dollar Loss to the Companies/Taxpayers

3. Page 3 10 Infamous Companies’ Businessmen of the Decade Businessmen Who Splattered Their Company in the News and Responsible for Over $300 Billion Dollar Loss to the Companies/Taxpayers

4. Page 4 Overview  Scenarios – Workshop  “The Good”– Policies and procedures are in place  “The Bad” – Not following policies or procedures  “The Ugly” – Caught not following policies or procedures  Scenario Objectives  Examples on “The Ugly” with real companies that were in the media The Good, The Bad, and The Ugly

5. Page 5 Scenarios - Workshop  Scenarios are real examples that have occurred from various companies  Three Scenarios: 1.Scenario I: Personnel Identification Information 2.Scenario II: Location of Important Data 3.Scenario III: Data comprise  Scenarios provide a problem solving opportunity to identifying best practices around effective records management and facilitate compliance:  Retention  Policies and Procedures  Index  Access control and Security  Disposal  Audit and Accountability  Training  Each group will be able to develop a solution from their own work experience and group collaboration Real situations that can get you in the MEDIA

6. Page 6 Work Shop – Scenario Objectives We will break-out into groups:  Each group is given a scenario and will have 55 minutes to work on the questions and to create a go forward plan  Each group will have 25 minutes to share results of each scenario  Summarize results from the scenarios I, II, and III from each group  Workshop is to share and collaborate on lessons learned Leverage ideas and share experiences

7. Page 7 Scenario I – Personnel Identification Information  Hawaii U Posted Private Info of 40,000 Students Online – October 2010  Security breach occurred when a faculty member was working on a unsecure server  PII was available for nearly a year before it was discovered  University notified students of the breach and warned them on identify fraud  IBM Loses Tapes with Employee Data – May 2007  Tapes with employees PII fell out of vehicle when being transferred to another location  IBM notified employees of the loss of data and warned them on identify fraud  IBM offered affected employees a year of credit-monitoring services  Facebook Privacy Breach – October 2010  Transmitting members information PII to advertising companies and internet tracking companies  Affected over 10 million members  Company will introduce new technology to contain the problem

8. Page 8 Scenario II – Location of Important Data  Massive TSA Security Breach As Agency Gives Away Its Secrets – December 2009  TSA inadvertently posted online airport screening procedures manual  Included closely guarded secrets regarding special rules for diplomats, CIA, and law enforcement officers  TSA spokesperson says the document was outdated and improperly posted to the Federal Business Opportunities website; redacted material not properly protected  Sharron Watkins eMail to Enron Chairman Kenneth Lay – June 2002  Five page detailed e-mail on the issues/wrong-doings at Enron  E-mail released to the public  Litigation Preparedness: Can You Reach Your Data?  Defendant argued e-mails archived on the company’s cumbersome old system were not reasonably accessible under the Federal Rules  Court disagreed, holding the plaintiff should not be disadvantaged since the defendant, a sophisticated company, chose not to migrate the e-mails to the now- functional archival system  Starbucks Corp V. ADT Security Services – April 2009

9. Page 9 Scenario III – Data Compromise  Former employee of United Way in Miami was sentenced to 18 months in jail and fined $50,000 for (December 2009):  Accessing his former employer’s network  Deleting files from the servers  The statistics from Ponemon Institute – December 2009  Four in 10 employees admit to having taken sensitive data  One third said they would share sensitive data with friends or family in order to help them get a new job  Nearly half said they would steal data if they were dismissed tomorrow from their job  Aerospace giant fired its CFO, Mike Sears, for reportedly improper chats with a top Air Force Missile buyer - December 2003  Sears talked with a former Air Force official about future employment before the official had disqualified herself from working on matters involving the aerospace giant

10. Page 10 Questions?