Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2011 Foley Hoag LLP. All Rights Reserved. 1 What Law Applies In “the Cloud”? And how far into the Cloud does Massachusetts law extend? A CloudCamp Boston.

Published byHomer Floyd Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2011 Foley Hoag LLP. All Rights Reserved. 1 What Law Applies In “the Cloud”? And how far into the Cloud does Massachusetts law extend? A CloudCamp Boston."— Presentation transcript:

1 © 2011 Foley Hoag LLP. All Rights Reserved. 1 What Law Applies In “the Cloud”? And how far into the Cloud does Massachusetts law extend? A CloudCamp Boston Unconference Presentation June 29, 2011 Colin J. Zick Foley Hoag LLP (617) 832-1000 www.foleyhoag.com www.foleyhoag.com www.securityprivacyandthelaw.com

2 © 2008 Foley Hoag LLP. All Rights Reserved.Presentation Title | 2© 2011 Foley Hoag LLP. All Rights Reserved. 2 A Basic Template for Federal and State Data Security and Privacy Laws  Define the type of “non-public personal information” (“NPI”) that is being regulated  Provide that NPI must be protected from disclosure to unauthorized holders unless “anonymized” or “aggregated”  Requires the development, implementation, maintenance and monitoring of comprehensive, written information security programs: –Collect only needed information –Retain only as long as necessary –Provide access only to those with a legitimate business purpose –Implement specific administrative, physical and electronic security measures to ensure protection  Require prompt notice to individuals whose NPI is compromised  Provides for the imposition of penalties for breaches by NPI custodians  Requires the disposal of personal information in such a way that it cannot be read or reconstructed after disposal

3 © 2008 Foley Hoag LLP. All Rights Reserved.Presentation Title | 3© 2011 Foley Hoag LLP. All Rights Reserved. 3 For example, the Massachusetts Data Security Law  Most recent law in the area of data privacy and security – Mass. Gen. L. ch. 93H.  Enacted after the TJX data breach was made public.  Intended to protect Massachusetts residents from identity theft.  Applies to any business entity that owns, licenses, maintains or stores the “personal information” of a Massachusetts resident, wherever that data is.

4 © 2008 Foley Hoag LLP. All Rights Reserved.Presentation Title | 4© 2011 Foley Hoag LLP. All Rights Reserved. 4 What is “Personal Information” under the Massachusetts law? “Personal Information” is:  A person’s first name and last name (or first initial and last name) PLUS any one of the following: – Social Security number – Driver’s license number (or other state issued ID card number) – A financial account number, or credit or debit card number, with or without any required security code, access code or PIN that would allow account access

5 © 2008 Foley Hoag LLP. All Rights Reserved.Presentation Title | 5© 2011 Foley Hoag LLP. All Rights Reserved. 5 Preparing for and Responding to a Breach  Compliance / developing information security programs  Incident response and investigation  Breach notification and resolution  Litigation  Government Investigation

6 © 2008 Foley Hoag LLP. All Rights Reserved.Presentation Title | 6© 2011 Foley Hoag LLP. All Rights Reserved. 6 Things to look for in 2011:  Increased federal regulation in array of “hot” areas: –Cybersecurity Malicious code directed at military and manufacturing targets Cyber-criminal incursions focused on theft of intellectual property and other “industrial espionage” –Comprehensive breach notice –File-sharing risk control –Subjecting the SEC to Dodd-Frank Wall Street reform style FOIA obligations; amending SEC filings to require cyber-breach/cyber-risk disclosures  Battle within government to see who regulates the area  Increased government focus on national security aspects of security and privacy  Increased corporate focus on internal cyber security programs  More security breaches

7 © 2008 Foley Hoag LLP. All Rights Reserved.Presentation Title | 7© 2011 Foley Hoag LLP. All Rights Reserved. 7 RESOURSES  FTC: http://www.business.ftc.gov/privacyandsecurityhttp://www.business.ftc.gov/privacyandsecurity  Department of Commerce: http://www.commerce.gov/node/12471 http://www.commerce.gov/node/12471  Advanced Cyber Security Center: http://www.massinsight.com/initiatives/cyber_security_center/ http://www.massinsight.com/initiatives/cyber_security_center/  Our blog: http://www.securityprivacyandthelaw.comhttp://www.securityprivacyandthelaw.com

Download ppt "© 2011 Foley Hoag LLP. All Rights Reserved. 1 What Law Applies In “the Cloud”? And how far into the Cloud does Massachusetts law extend? A CloudCamp Boston."

Similar presentations

Data Protection Law In India iPleaders and Intelligent Legal Risk management LLP.

Data Protection Law In India iPleaders and Intelligent Legal Risk management LLP.
MN PRIMA: 2014 Data Practices Presentation Stacie Christensen, Director Information Policy Analysis Division, Admin.

MN PRIMA: 2014 Data Practices Presentation Stacie Christensen, Director Information Policy Analysis Division, Admin.
Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.

I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.
1 SAFEGUARDING REGULATIONS AND HOW THEY EFFECT US MICHIGAN ASSOCIATION FOR STUDENT FINANACIAL SERVICE ADMINISTRATORS BY: KAREN REDDICK NATIONAL CREDIT.

1 SAFEGUARDING REGULATIONS AND HOW THEY EFFECT US MICHIGAN ASSOCIATION FOR STUDENT FINANACIAL SERVICE ADMINISTRATORS BY: KAREN REDDICK NATIONAL CREDIT.
© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.

© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.
The New Rules of F&I with Peter Jones The New Rules of F&I What are the Rules? Red Flag Rule Graham / Leach / Bliley Act Privacy Notice Safeguard Rule.

The New Rules of F&I with Peter Jones The New Rules of F&I What are the Rules? Red Flag Rule Graham / Leach / Bliley Act Privacy Notice Safeguard Rule.
PRIVACY BREACHES A “breach of the security of the system”: –Is the “unauthorized acquisition of computerized data that compromises the security, confidentiality,

PRIVACY BREACHES A “breach of the security of the system”: –Is the “unauthorized acquisition of computerized data that compromises the security, confidentiality,
Computers, Freedom and Privacy April 23, 2004 Identity Theft: Addressing the Problem in California Joanne McNabb, Chief CA Office of Privacy Protection.

Computers, Freedom and Privacy April 23, 2004 Identity Theft: Addressing the Problem in California Joanne McNabb, Chief CA Office of Privacy Protection.
Identity Theft & Data Security Concerns Are You Meeting Your Obligations to Protect Customer Information? Finance & Administration Roundtable February.

Identity Theft & Data Security Concerns Are You Meeting Your Obligations to Protect Customer Information? Finance & Administration Roundtable February.
This Webcast Will Begin Shortly If you have any technical problems with the Webcast or the streaming audio, please contact us via at:

This Webcast Will Begin Shortly If you have any technical problems with the Webcast or the streaming audio, please contact us via at:
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.

Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.
Cyber Crime Game Players By Marharyta Abreu & Iwona Sornat.

Cyber Crime Game Players By Marharyta Abreu & Iwona Sornat.
REGULATIONS Dr. Andy Wu BCIS 4630 Fundamentals of IT Security.

REGULATIONS Dr. Andy Wu BCIS 4630 Fundamentals of IT Security.
An Act Relative to Security Freezes and Notification of Data Breaches Chapter 82 of the Acts of 2007 Massachusetts Digital Government Summit Securing Private.

An Act Relative to Security Freezes and Notification of Data Breaches Chapter 82 of the Acts of 2007 Massachusetts Digital Government Summit Securing Private.
Data Classification & Privacy Inventory Workshop

Data Classification & Privacy Inventory Workshop
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
Data Security At Cornell Steve Schuster. Questions I’d like to Answer ► Why do we care about data security? ► What are our biggest challenges at Cornell?

Data Security At Cornell Steve Schuster. Questions I’d like to Answer ► Why do we care about data security? ► What are our biggest challenges at Cornell?

Similar presentations

Ads by Google