looking forward - regulators and data incidents
DESCRIPTION
The trends continue to point upward for data incidents and 2013 is becoming a pace setter. The shifting regulatory landscape promises to add further complications for companies struggling to prepare for and respond to data privacy incidents. This webinar will feature two leading data breach experts who have performed a two year trend analysis across hundreds of cases to offer a powerful and up-to-date perspective on what has happened and their predictions for the future. It will also cover how these factors are shaping regulations which are in turn influencing decision-making in the C-Suite. Our featured speakers for this timely webinar will be: -Bill Hardin, Director of Data Privacy Response & Investigations, Navigant -Jennifer Coughlin, Privacy and Data Security Attorney, Nelson, Levine -Gant Redmon, Esq. General Counsel and VP of Business Development, Co3 SystemsTRANSCRIPT
Looking Forward:
Regulators and
Data Incidents
Page 2
Agenda
• Introductions
• Breach Impact On The C-Suite
• How Breaches Occur
• Data Breach Study Results
• Breach Legal Considerations
• Q&A
Page 3
Introductions: Today’s Speakers
• Gant Redmon - General Counsel and VP
Business Development, Co3 Systems
• Bill Hardin - Director, Disputes and Investigations,
Navigant
• Jennifer Coughlin - Privacy and Data Security,
Nelson Levine DeLuca Hamilton
Page 4
Co3 Automates Breach Management
PREPARE
Improve Organizational
Readiness
• Assign response team
• Describe environment
• Simulate events and incidents
• Focus on organizational gaps
REPORT
Document Results and
Track Performance
• Document incident results
• Track historical performance
• Demonstrate organizational
preparedness
• Generate audit/compliance reports
ASSESS
Quantify Potential Impact,
Support Privacy Impact
Assessments
• Track events
• Scope regulatory requirements
• See $ exposure
• Send notice to team
• Generate Impact Assessments
MANAGE
Easily Generate Detailed
Incident Response Plans
• Escalate to complete IR plan
• Oversee the complete plan
• Assign tasks: who/what/when
• Notify regulators and clients
• Monitor progress to completion
Page 5
• Premium brand and reputation with critical mass
• Deep relationships with premier law firms and Fortune 500
• Disputes and Investigation Services:
• Government, regulatory and investigative actions
• Data Breach and Theft of Trade Secrets Investigations
• Global investigations and compliance issues
• Forensic Accounting
Introduction to Navigant
Page 6
Intro To Navigant - Our Teams are Deployed
REACTIVE PROACTIVE
WHERE DOES CYBER
SECURITY RANK ON YOUR
RISK PROFILE FOR
2013/2014?
Page 8
Balancing the Needs (CEO and Board)
CFO & COO CIO & CTO
Legal & Regulatory
Business & Financial Technology
The C-Suite
CLO & CRO
Page 9
When an Event Triggers Something Else..
9
$22.15
$10.75
$-
$5.00
$10.00
$15.00
$20.00
$25.00
$30.00
$35.00
Jun-27-2011 Sep-27-2011 Dec-27-2011 Mar-27-2012 Jun-27-2012 Sep-27-2012 Dec-27-2012 Mar-27-2013
Stock Price around Large Health Care Data Breach Disclosure
Page 10
Ranking in 2008 Ranking in 2012 International operations Information security Project management International operations
Extended enterprise Excess cash
Data privacy Corporate culture
Fraud Compliance
IT Third-party relationships Business continuity management Cost reduction pressures
Shared services Human resources
Tax management
Social media
*CFO.com December 2011
How does a CFO rank risk?
ARE YOUR EMPLOYEES WELL
TRAINED AND UNDERSTAND THE
RISK WITH SENSITIVE
INFORMATION?
Page 12
Increased Asset Value
=
Increased Liabilities
Page 13
Where is the Payroll File?
ADP
Page 14
Human Element
The faces of the company
Page 15
Snowmageddon – USA Today Coverage
As Snowden told The Guardian in a videotaped interview: "When you're
in positions of privileged access, like a systems administrator, for these
sort of intelligence community agencies, you're exposed to a lot more
information on a broader scale than the average employee ... Anybody
in the positions of access with the technical capabilities that I had
could, you know, suck out secrets."
He also claimed to possess the "full rosters of everyone working at the
NSA, the entire intelligence community and undercover assets all
around the world, the locations of every station we have, what their
missions are and so forth."
Page 16
How Do Data Breaches Occur?
Lost Devices & Inadvertent
Publication of Data
Disgruntled Employees
Vendors & Subcontractors
Hackers & Unsecured Websites
Accidental Intentional
Inte
rnal
E
xter
nal
Page 17
Navigant’s Data Breach Study (Jan. 2011 to Dec. 2012)
0
1,000,000
2,000,000
3,000,000
4,000,000
5,000,000
6,000,000
7,000,000
8,000,000
9,000,000
2012
2011
YOY Growth – 57%
YOY Growth – 145%
Page 18
Navigant’s Data Breach Study (Jan. 2011 to Dec 2012)
Change from 2011?
No Significant
Changes Noted
HOW MANY LAWS AND
REGULATIONS DO YOU THINK
COVER CYBER SECURITY?
Page 20
Legal & Regulatory Risks
Legal Risk
Contracts
Federal, State and Foreign
Laws
Industry Specific
Regulations
Common Law
Page 21
Is there a lawyer in the room?
• 46 states with privacy breach notification laws
• HIPAA/HITECH regulations
• Gramm – Leach – Bliley
• FTC
• State Consumer Protection Laws
• Foreign laws and regulations
• Other federal laws • SEC Guidance on Regulation S-K Item 503(c), CAN-SPAM, Children’s Online
Privacy Protection Act (COPPA), Fair Credit Reporting Act (FCRA), Fair and Accurate Credit Transactions Act (FACTA), Computer Fraud and Abuse Act, Federal Privacy Act
MY COMPANY HAS REVIEWED IT’S
INSURANCE COVERAGE WITH
RESPECT TO PRIVACY AND CYBER
SECURITY
Page 23
Data Security and Privacy Liability Exposure
Liability
Suits from your
customers
Consumer Class
Action Suits
Regulatory
Settlements with the FTC,
State AGs, HHS, FINRA,
SEC, etc.
Privacy Regulatory Proceeding inc. Fines
and Consumer Redress Funds
Defense costs
Privacy Event Expenses
Notification Costs
Forensics Legal
and PR
Credit Monitoring
Page 24
Who do you
TRUST
QUESTIONS
One Alewife Center, Suite 450
Cambridge, MA 02140
PHONE 617.206.3900
WWW.CO3SYS.COM
“Co3 Systems makes the process of
planning for a nightmare scenario as
painless as possible, making it an Editors’
Choice.”
PC MAGAZINE, EDITOR’S CHOICE
“Co3…defines what software packages
for privacy look like.”
GARTNER
“Platform is comprehensive, user
friendly, and very well designed.”
PONEMON INSTITUTE
Bill Hardin
30 S. Wacker Drive Suite 3100, Chicago, IL 60606
312.583.4119 Office | 773.415.3076 Mobile |
WWW.NAVIGANT.COM
Jennifer Coughlin
Nelson Levine de Luca & Hamilton, LLC
215-358-5134
[email protected] WWW.NLDHLAW.COM