![Page 1: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/1.jpg)
This Webcast Will Begin Shortly
If you have any technical problems with the Webcast or the streaming audio, please contact us via e-mail at:
Thank You!
![Page 2: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/2.jpg)
August 19th, 2009
Presented By: Meritas
ACC’s Small Law Department Committee
www.acc.com
Data & Information Security: Friend or Foe?
![Page 3: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/3.jpg)
Data Security (′dad·ә sә′kyu̇r·әd·ē) – Defined
The protection of data against the deliberate or accidental access of unauthorized persons. Also known as file security. (Source: Answers.com - www.answers.com)
The means of ensuring that data is kept safe from corruption and that access to it is suitably controlled. Thus data security helps to ensure privacy. It also helps in protecting personal data. (Source: Wikipedia - www.wikipedia.com)
[The] protection of data from unauthorized (accidental or intentional) modification, destruction, or disclosure. (Source: The Institute for Telecommunication Sciences (ITS) www.its.bldrdoc.gov)
The protection of data from accidental or intentional but unauthorized modification, destruction or disclosure through the use of physical security, administrative controls, logical controls, and other safeguards to limit accessibility. (Source: US Social Security Administration www.ssa.gov/ gix/definitions.html)
Generic term designating methods used to protect data from unauthorized access (e.g., encryption). (Source: US DOJ - Office of Justice Programs www.ojp.usdoj.gov/ nij/publications/ wireless/glossary.html)
The protection of data against unauthorized access. (Source: PC Magazine - www.pcmag.com)
![Page 4: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/4.jpg)
Business & Legal Reasons:
• SOX - Sarbanes Oxley Act • HIPAA – Health Insurance Portability & Accountability Act • FACTA - Fair and Accurate Credit Transaction Act of 2003 • GLB – Gramm-Leach-Bliley Act • FCRA – Fair Credit Reporting Act • RFR - “Red Flags Rule” • FRCP – Amended Federal Rules of Civil Procedure “eDiscovery” • …State Laws, Industry Regulations, etc…
![Page 5: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/5.jpg)
What Are the Most Common and Costly Risks Employers Face?
-Workplace Lawsuits -Sexual Harassment Claims -Trademark and Patent Infringement Suits -Sabotage and Internal Security Breaches -External Cracker and Hacker Attacks -Lost Productivity -Wasted Computer Resources -eViruses -Lengthy Business Interruption -Six-Figure Fines and Jail Time for Software Piracy -Million Dollar Legal Fees and Settlements -Media Scrutiny -Public Embarrassment
Source: The ePolicy Institute (www.epolicyinstitute.com)
What Are the Most Common and Costly Risks Employers Face?
![Page 6: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/6.jpg)
Other Risks Employers Face?
• Class-action law suits from employees, others • Business Impact/Reputation • Compliance/enforcement • e-Discovery • Employee morale • Customers, Competitors, Vendors, Current and
Former Employees, Visitors, Shareholders, Government…
• Intellectual Assets
![Page 7: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/7.jpg)
Types of Intellectual Assets
.
.
• Proprietary Technologies • Research & Development Data • Products & Services • Operations Methodologies • Business and Marketing Plans • Customer Lists and User Identity Information • Financial Data …Essentially, everything you need to compete in business on a daily basis.
![Page 8: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/8.jpg)
Why are Intellectual Assets Difficult to Secure?
• Because Sensitive Information can be anywhere… – Paper Files and Documents – Servers, Desktops, Laptops, PDAs – or somewhere in
transit – The heads of authorized users, primarily your
employees.
.
![Page 9: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/9.jpg)
Myths Regarding Intellectual Asset Theft
• “Nobody would take that…” • “…and if they did, so what?” • “Employees (insiders) don’t steal.” • “Competitors (outsiders) can’t steal – We have a
firewall!” • “Besides, only hackers and other hooligans would
try to break in.”
.
![Page 10: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/10.jpg)
2008 CSI Computer Crime and Security Survey Demographics:
Revenues Percentage Under $10M 24%
$10M-$99M 20%
$100M-$1B 22%
Over $1B 33%
# Employees Percentage 1-99 23%
100-499 15%
500-1,499 14%
1,500-9,999 21%
9,999-49,999 15%
50,000+ 12%
![Page 11: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/11.jpg)
Title Percentage Chief Executive Officer (CEO) 7% Chief Information Officer (CIO) 10% Chief Security Officer (CSO) 3%
Chief Information Security Officer (CISO) 12% Security Officer 25% System Administrator 8% Other 34%
2008 CSI Computer Crime and Security Survey By Title:
![Page 12: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/12.jpg)
2008 CSI Computer Crime and Security Survey : Summary of Key Findings
• Financial fraud cost organizations the most, with an average reported loss of close to $500,000. (Lead 2nd year in a row)
• The second most expensive was dealing with “bot” computers within the network, reported to cost organizations an average of nearly $350,000.
• Virus incidents occurred most frequently, respondents said, occurring at almost half (49 percent) of the respondents’ organizations.
• Insider abuse of networks was second-most frequently occurring (44 percent), followed by theft of laptops and other mobile devices (42 percent).
• The vast majority of respondents said their organizations either had (68 percent), or were developing (18 percent) a formal information security policy. Only 1 percent said they had no security policy.
• Loss of either proprietary information or loss of customer and employee confidential data averaged at approximately $241,000 and $268,000, respectively.
• Shift of “professionalization” of computer crime.
![Page 13: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/13.jpg)
% of Budget for IT Security
Color Key: 2008- Gold; 2007- Red; 2006-Blue
![Page 14: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/14.jpg)
Data Breach - Definition
Many states now have data breach notification laws modeled on or inspired by California's SB 1386. Typically, under 1386, an enterprise holding private information (name plus social security number, driver’s license number or financial account number + password) in electronic form about a California resident must promptly notify the resident if the enterprise suspects a breach in security.
In all these data notification laws, a key issue is the definition of what constitutes a breach of data security.
Thus a corporation holding data might detect that a hacker accessed card data, but still conclude (based on other controls in the industry) that none of the card data in question had in fact been "compromised".
![Page 15: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/15.jpg)
What Type of Data Presents Privacy and Security Issues?
! Confidential Information Confidential Information ! Intellectual Property Intellectual Property ! Personally Identifiable Information Personally Identifiable Information ! Health Health ! Financial Financial ! Other data that reveals sensitive Other data that reveals sensitive
information about individuals by itself or if combined with other information
![Page 16: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/16.jpg)
The cost of data breaches for companies continues to rise.
The average cost of the breach per customer record for 2008 is $202, an increase from $197 in 2007 and $184 in 2006.
According to the study, the main reason for the increase is a loss in business opportunities from the breaches and turnover of customers.
Source : The Ponemon Institute, PGP Corporation-U.S. Cost of a Data Breach Study.
![Page 17: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/17.jpg)
Case Examples
..
![Page 18: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/18.jpg)
The Corporate Enterprise Network
![Page 19: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/19.jpg)
Where do you find ESI- Electronically Stored Information?
• Laptops/Desktops • Servers • Phone Systems (VoIP) • PDAs (Smart Phones)/Cell phones • CDs/DVDs • USB Thumb Drive • Backup Tapes
. .
![Page 20: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/20.jpg)
Getting Started with the Basics
1. Identify ALL personal information (paper and electronic) on ALL IT systems.
2. Identify ALL contractors, vendors and other service providers who maintain personal information.
3. Evaluate ALL alternative work/business arrangements. 4. Review ALL current information system configuration
documentation. 5. Identify and/or develop a work flow to track how personal
information is received, created, accessed, used, modified, disclosed, stored, processed, or destroyed.
![Page 21: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/21.jpg)
Cost Effective Data Security Tips
• Develop a security plan: Short term, Long term, and most importantly Ongoing.
• Define – How Much?, How Good?, and/or When is “Good Enough”?
• Accept the general rule of thumb:
– Good Security = Compliance
– Compliance ≠ Good Security
![Page 22: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/22.jpg)
Securing data on endpoints • Laptops, phones, e-mail servers, PDAs, DVDs, CDs, and thumb
drives may contain inadequately protected data • Many people use these devices for highly sensitive information • IT departments should ensure the ability to secure information on
the network as well as the opportunity to manage data which enter and leave the company via these mobile devices
• Creates unintended access points
TOP Data Security Issues Facing Businesses Today
![Page 23: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/23.jpg)
Data Security Risk = Data Value x Exposure
Type of Data Value Exposure Risk Level Credit Card # 5 5 25 Social Security # 5 4 20
CVV 5 4 20
“Secret Sauce” 5 5 25 Personal Information 3 3 9
D.O.B. 2 2 4
Drivers License 2 2 4
Customer Info. 3 4 12
Assign numeric value : High: 5 ; Low: 1
![Page 24: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/24.jpg)
Destroy Secure
Ignore Monitor
High
High Low Low
Identification and Providing Value
![Page 25: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/25.jpg)
1. Take stock: Know what personal information you have in your files and on your computer. Understand how personal information moves into, through, and out of your business and who has access -- or could have access to it.
2. Scale down: Keep only what you need for your business. These days, if you don't have a legitimate business reason to keep sensitive information in your files or on your computer, don't.
3. Lock it: Protect the information you keep. Be cognizant of physical security, electronic security, employee training, and the practices of your contractors and affiliates.
4. Pitch it: Properly dispose of what you no longer need. Make sure papers containing personal information are shredded, burned, or pulverized so they can't be reconstructed by an identity thief.
5. Plan ahead: Draft a plan to respond to security incidents. Designate a senior member of your team to create an action plan before a breach happens.
Five key practices to having a sound data & information security plan:
![Page 26: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/26.jpg)
Modern Life Communications
![Page 27: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/27.jpg)
TOP Data Security Issues Facing Businesses Today
Social Networking Sites and Blogs:
• Posting of sensitive data • Increased number of possible viral connections to work computers • Users should take steps to ensure protection of personal data, considering the consequences and the privacy settings available on social networks. • Companies should develop a usage policy for staff that takes into account the possible uses of SNS data for social engineering attacks. • “Spear-phishing” attacks, which are targeted e-mail attacks that a scammer sends only to people within a small group, such as those within a company, for the purpose of stealing identifying information.
![Page 28: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/28.jpg)
Preserving Electronic Data • For internal auditing purposes and in anticipation of litigation • Under the law, you have a duty to preserve electronic data as
soon as you should reasonably be aware that a claim may be or has been filed against you
• Court-ordered sanctions are becoming more common for companies that fail to comply with this requirement in discovery proceedings
TOP Data Security Issues Facing Businesses Today
![Page 29: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/29.jpg)
Metadata issues
• Metadata is “data about other data,” and is attached to files such as emails, documents, and spreadsheets that are sent electronically.
• Metadata contains basic information such as the author, size, and format of a document, but may contain more sensitive information such as track changes or hidden attributes that the document creator may want to keep private.
• In litigation, state courts are divided about the extent to which unintentionally sent metadata may be used in discovery and litigation.
• Companies should be cautioned to be aware of the metadata attached to documents provided to consumers, clients, or in preparation for litigation.
TOP Data Security Issues Facing Businesses Today
![Page 30: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/30.jpg)
Types of ESI that contain metadata
E-mails Spreadsheets
Graphics - Pictures
Word Docs
Almost all of the information that you typically want in discovery can be retrieved COST EFFECTIVELY (if done properly) by getting the documents electronically.
.
![Page 31: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/31.jpg)
Printed E-mail Backdated MS Office Word Document
Case Example
![Page 32: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/32.jpg)
The Old Fashioned Way (Paper) vs. (Digital)
ESI contains information that a hard copy does not:
• Creation Dates/Times • Access Dates/Times • Versions • Comments • Author • Login Information • E-Mail Access Lists, Audit Trails and Computer Logs • Gateways/Web Browsing History • Much, much more...
![Page 33: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/33.jpg)
• E-mail metadata can provide additional information, including the sender's domain, the route a message has traveled over the Internet, and where delays may have occurred between sending and receipt.
Simple Ways To Find Metadata
![Page 34: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/34.jpg)
TOP Data Security Issues Facing Businesses Today
• Companies have a duty to protect their data from internal (internal e-mail, intranet, databases) and external attacks (internet, e-mail, social networking sites, ftp) • Preserve the confidentiality of sensitive information by controlling the access, use, and dissemination of information to the extent required by law, contract, or business need • Data and systems should be secured such that those who need access to the data may get it, while those activities that can reduce the efficiency or availability of critical business systems are avoided • Keeping current with data mining, which allows information to be extracted from hidden patterns of data; data mining is commonly used in a wide range of profiling practices, such as marketing, surveillance, fraud detection and scientific discovery
Data Protection and Privacy
![Page 35: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/35.jpg)
TOP Data Security Issues Facing Businesses Today
Employee privacy rights
• Companies may look at their employees activities throughout the day, but may want to be transparent with the types of surveillance that are conducted. • This includes monitoring computer keystrokes and files; internet, Web and e-mail usage; locations, movements and activities through “smart card” technologies; phone conversations and numbers dialed; and other means. • Security legally trumps employee privacy rights in the workplace.
![Page 36: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/36.jpg)
Effective Policies
Potentially Relevant Policies ! Privacy policies Privacy policies ! Employee policies Employee policies ! Business partner policies (e.g., Business partner policies (e.g.,
contract policies) ! Document retention policies (e.g., Document retention policies (e.g.,
destruction of records containing sensitive personal information) ! Incident response policies Incident response policies
![Page 37: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/37.jpg)
Cyber Insurance Protection • CIP is an insurance product used to protect businesses from
internet-based risks; and more generally from risks related to information technology infrastructure and activities.
• Internet and network exposures are increasingly subject to exclusion from "traditional" insurance policies because CGL and property policies were originally designed to respond to liabilities and natural perils that damage physical assets.
• With Internet-based technologies, "i-exposures" are largely intangible, the result of human error, or deliberate malicious attacks and crimes.
![Page 38: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/38.jpg)
Cyber Insurance Protection Cyber insurance offers protection for internet and network
exposures, including: – Liability: privacy and confidentiality – Copyright, trademark, defamation – Malicious code and viruses – Business interruption: network outages, computer failures – Attacks, unauthorized access, theft, Web site defacement and
cyber extortion – Technology errors & omissions – Intellectual property infringement
Marsh: http://global.marsh.com/risk/ecommerce/ Chubb: http://www.chubb.com/businesses/csi/chubb822.html
![Page 39: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/39.jpg)
Practice Tips for Breach Issues
! Adopt plan Adopt plan ! Pay attention to suspicious activity or complaints Pay attention to suspicious activity or complaints ! Address these issues with your business partners Address these issues with your business partners ! Realize that multiple parties may have duty to Realize that multiple parties may have duty to
disclose same incident ! Implement escalation procedures Implement escalation procedures ! Comply with highest legal standard Comply with highest legal standard
![Page 40: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/40.jpg)
Compliance Resources • Sarbanes-Oxley
– Corporate responsibility, Board oversight – http://www.soxlaw.com
• Health Insurance Portability and Accountability Act (HIPAA) – Privacy rules for health care records – http://www.hhs.gov/ocr/privacy/hipaa/understanding/index.html
• Gramm-Leach-Bliley Act – Protection of consumer financial information held by financial institutions – http://www.ftc.gov/privacy/privacyinitiatives/glbact.html
• Fair Credit Reporting Act – Monitoring consumer reporting agencies – http://www.ftc.gov/os/statutes/fcrajump.shtm
• Payment Card Industry – Rules and security standards for credit card transaction security – https://www.pcisecuritystandards.org/
• EU Data Privacy Directive – Rights regarding personal data collection – http://www.privacilla.org/business/eudirective.html
• Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) – Collection, use, and disclosure of personal information in the course of business – http://www.priv.gc.ca/legislation/02_06_01_e.cfm
• European Network and Information Security Agency – Agency that provides advice, recommendations, data analysis, and expertise to stimulate cooperation between
the public and private sectors. – Follows and studies the development of standards, risk assessment activities, and risk management issues. – http://www.enisa.europa.eu/
• The Federal Trade Commission (FTC) “The Red Flags Rule” (www.ftc.gov/redflagsrule)
![Page 41: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/41.jpg)
Sources: • The Open Security Foundation's DataLossDB, a research project that documents known and reported
data loss incidents worldwide: (http://datalossdb.org).
• Privacy Rights Clearinghouse, a nonprofit consumer organization with a two-part mission -- consumer information and consumer advocacy: (http://www.privacyrights.org/index.htm).
• Ponemon Institute conducts independent research on privacy, data protection and information security policy: (http://www.ponemon.org)
• Computer Security Institute (CSI) conducts “The CSI Computer Crime & Security Survey” yearly and is the world's most widely quoted research on computer crime. (www.gocsi.com)
• NOTE: A copy of the 2008 Survey Can Be Downloaded at : (http://i.cmpnet.com/ v2.gocsi.com/pdf/CSIsurvey2008.pdf
• The SANS (SysAdmin, Audit, Network, Security) Institute was established in 1989 as a cooperative research and education organization: (http://www.sans.org)
• Javelin Strategy & Research conduct nation’s longest-running study of identity fraud (www.javelinstrategy.com)
![Page 42: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/42.jpg)
Thank You for your attention!
Any Question
s?
![Page 43: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/43.jpg)
Questions?
“Where law, technology, and human error collide . . .” • An eDiscovery best practices blog that identifies the pitfalls of eData and offers solutions on how to avoid them. • Visit: www.eLLblog.com and sign up for our newsletter alerts.
Educational eData Blog
![Page 44: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/44.jpg)
Educational Monthly Newsletter
![Page 45: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/45.jpg)
1545 US Route 206 Bedminster, NJ 07921 908-396-1467 (Ofc) 973-699-0167 (Cell) www.intell-group.com Rob Kleeger Managing Director [email protected]
721 Route 202-206 Bridgewater, NJ 08807-5933 908-252-4128 (ofc)
www.nmmlaw.com Fernando M. Pinguelo Partner [email protected]
Contact Information
![Page 46: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/46.jpg)
Disclaimer:
These slides are made available for educational purposes only as well as to give you general information and a general understanding of the law, not to provide specific legal advice. By using this information, you understand that there is no attorney client relationship between you and the publisher. This information should not be used as a substitute for competent legal advice from a licensed professional attorney in your state.
![Page 47: This Webcast Will Begin Shortly - Association of …author.acc.com/education/webcasts/upload/8-19-09-Webcast...2009/08/19 · This Webcast Will Begin Shortly If you have any technical](https://reader036.vdocuments.us/reader036/viewer/2022080718/5f78714beac1e070980a8fe4/html5/thumbnails/47.jpg)
Thank you for attending another presentation from ACC’s Desktop Learning Webcasts
Please be sure to complete the evaluation form for this program as your comments and ideas are helpful in planning future programs.
If you have questions about this or future webcasts, please contact ACC at [email protected]
This and other ACC webcasts have been recorded and are available, for one year after the presentation date, as archived webcasts at
http://webcasts.acc.com You can also find transcripts of these programs in ACC’s Virtual Library at
http://www.acc.com/search/cfm