Presentation is loading. Please wait.

Presentation is loading. Please wait.

Legal Counsel to the Financial Services Industry PRIVACY AND DATA SECURITY: UNDERSTANDING THE LEGAL FRAMEWORK November 19, 2010 Presented by: Donna L.

Published byNoah Elliott Modified over 8 years ago

Similar presentations

Presentation on theme: "Legal Counsel to the Financial Services Industry PRIVACY AND DATA SECURITY: UNDERSTANDING THE LEGAL FRAMEWORK November 19, 2010 Presented by: Donna L."— Presentation transcript:

1 Legal Counsel to the Financial Services Industry PRIVACY AND DATA SECURITY: UNDERSTANDING THE LEGAL FRAMEWORK November 19, 2010 Presented by: Donna L. Wilson Partner BuckleySandler LLP Los Angeles, CA (424) 203-1010 Dwilson@BuckleySandler.com Dwilson@BuckleySandler.com

2 22  Evolution from crisis management approach to risk management approach  Risks are constantly changing  Were primarily third-party breach and technology issues  Now "voluntary breach" and marketing/business issues  Some risks were largely never realized (huge class action recoveries) while others were largely unforeseen (e.g., cloud computing) WHERE WE WERE, WHERE WE ARE, AND WHERE ARE WE GOING?

3 33 LITIGATION TRENDS, DEVELOPMENTS AND RISKS Good News / Bad News  Good News: -The good news: financial institutions are using physical security safeguards, and technologies to identify or prevent unauthorized transfer of information, and have taken steps to secure Social Security numbers. (Privacy & Data Protection Practices: A Benchmark Study of the Financial Services Industry (Mar. 2010)).

4 44 LITIGATION TRENDS, DEVELOPMENTS AND RISKS (CONT.) Good News / Bad News  Bad News: - Less than half of the institutions surveyed (i) review new software applications and databases for legal compliance and privacy considerations before implementing; or (ii) use intrusion detection systems and data loss prevention technology. - More than 83% use real customer or employee information in development and testing, and 88% continue to use Social Security numbers as primary identifiers. - Most significantly, half believe that they have insufficient resources to manage privacy/data security risks. (Id.)

5 55 AN INTRODUCTION TO KEY STATUTES  Federal (e.g., FCRA/FACTA, GLB, Dodd-Frank, FTC Act)  State (e.g., Song-Beverly Act, data breach notification statutes, PCI standard setting)

6 66 THE PLAINTIFF'S BAR AND CLASS ACTIONS  Bars to common law recoveries  But is the tide changing? (Gap v. Ruiz, Hannaford Brothers)

7 77 - Given the limited availability of common law damages (and thus relative disinterest of the plaintiff’s bar), regulators have, and will continue to take a lead role - Privacy issues fall within the scope of numerous regulators (e.g., FTC, SEC, CFPB) - Interaction of those regulators on and across both state and federal levels THE ROLE OF FEDERAL AND STATE REGULATORS

8 88  A plaintiff lawyer’s dream come true? -- All eyes on Hannford Bros. Co. Customer Data Security Breach Litigation, (MDL-1954 D. Maine): – Do time and effort alone, spent in a reasonable effort to avert reasonably foreseeable harm, constitute a cognizable injury under Maine common law? – If so, plaintiffs may have both a negligence and implied contract claim. 2010: A REFLECTION OF THINGS TO COME

9 99  Facebook, Google, And Netflix Cases: – Much-publicized collisions between creative marketing and product/service development and privacy/data security considerations. – Focus of attention by the media, class action lawyers, industry, privacy watchdogs, and regulators.  Cloud Computing: A Game Changer? – Benefits versus risks – cost savings and efficiencies on the one hand, but loss of direct control of information. – Already appearing as an issue/factor in privacy-related litigation. 2010: A REFLECTION OF THINGS TO COME (CONT.)

10 10  More traps for the unwary: state privacy and data breach legislation and regulation in 2010: – Data breach notification – PCI standards – Third-party service provider issues  Dodd-Frank taking it to the next level 2010: A REFLECTION OF THINGS TO COME (CONT.)

11 11  Always remember: Privacy risk = data collection, data use, and data security.  Change your focus and risk management to address the evolving nature of privacy/data security risks: Don’t simply plan for fighting the last battle: – Consumer liability/defense costs versus brand/reputation damage versus data breach notification costs versus third-party business-to-business litigation  Don’t overlook contractual protections potentially available to mitigate these risks: – Indemnification – Insurance NOW WHAT?

Download ppt "Legal Counsel to the Financial Services Industry PRIVACY AND DATA SECURITY: UNDERSTANDING THE LEGAL FRAMEWORK November 19, 2010 Presented by: Donna L."

Similar presentations

Data Privacy and Security in the Cloud Presented by Robert J. Scott Managing Partner Scott & Scott, LLP www.ScottandScottllp.com.

Data Privacy and Security in the Cloud Presented by Robert J. Scott Managing Partner Scott & Scott, LLP
UNDERSTANDING RED FLAG REGULATIONS AND ENSURING COMPLIANCE University of Washington Red Flag Rules Protecting Against Identity Fraud.

UNDERSTANDING RED FLAG REGULATIONS AND ENSURING COMPLIANCE University of Washington Red Flag Rules Protecting Against Identity Fraud.
©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.

©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.
Regulatory Issues in Campus Computing Privacy and Security in a Digital World Presented by David Gleason, Esq. University Counsel University of Maryland,

Regulatory Issues in Campus Computing Privacy and Security in a Digital World Presented by David Gleason, Esq. University Counsel University of Maryland,
The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.

The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.
© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.

© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.
© 2015 Sherman & Howard L.L.C. TO B OR NOT TO B YOD Emily Keimig, Esq. 303-299-8240

© 2015 Sherman & Howard L.L.C. TO B OR NOT TO B YOD Emily Keimig, Esq
Data Breach Risks Overview Heather Pixton www2.idexpertscorp.com

Data Breach Risks Overview Heather Pixton www2.idexpertscorp.com
Security Professionals Workshop: Legal Issues in Computer and Network Security Peter C. Cassat.

Security Professionals Workshop: Legal Issues in Computer and Network Security Peter C. Cassat.
Legal Issues: Legal & Regulatory Environment of Business Class 29 Thursday 12/6/11.

Legal Issues: Legal & Regulatory Environment of Business Class 29 Thursday 12/6/11.
“This workforce solution was funded by a grant awarded under Workforce Innovation in Regional Economic Development (WIRED) as implemented by the U.S. Department.

“This workforce solution was funded by a grant awarded under Workforce Innovation in Regional Economic Development (WIRED) as implemented by the U.S. Department.
Recent Trends and Insurance Considerations March 2015

Recent Trends and Insurance Considerations March 2015
Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.

Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.
Security Controls – What Works

Security Controls – What Works
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
Privacy Chris Kelly iLaw July 5, 2002.

Privacy Chris Kelly iLaw July 5, 2002.
1 Introduction to Software Engineering Lecture 39 – Software Development.

1 Introduction to Software Engineering Lecture 39 – Software Development.
SOX & ISO 27001 Protect your data and be ready to be audited!!!

SOX & ISO Protect your data and be ready to be audited!!!
Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.

Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

Similar presentations

Ads by Google