SlideShare uma empresa Scribd logo

The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud Summit

Transferir como PPTX, PDF
Shawn Tuma
Shawn Tuma

Shawn Tuma's presentation with Christopher Mitchell (of Crowe Horwath) at The Institute of Internal Auditors 9th Annual Fraud Summit. The title of the presentation is The Legal Side of Data Breach and Third Party Risk. The main point of the presentation is that when a company is breached through the fault of one of its third-party business associates, or other third-parties, the company is still responsible for all of the repercussions arising out of the breach and, at best, will then have to go and pursue its rights against the third party. Thus, companies need to ensure that their business associates and other third parties adhere to proper data security practices and they should be audited to ensure compliance.

Direito
1 de 18
Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 1 The Legal Side of Data Breach and Third Party Risk Shawn Tuma, Partner BrittonTuma 469.635.1335 stuma@brittontuma.com @shawnetuma blog: shawnetuma.com web: brittontuma.com Shawn Tuma is a lawyer whose practice is focused on cutting-edge cyber and information law and includes issues like helping businesses defend their data and intellectual property against computer fraud, data breaches, hacking, corporate espionage, and insider theft. Shawn stays very active in the cyber and information law communities:  Chair, Collin County Bar Association Civil Litigation & Appellate Law Section  College of the State Bar of Texas  Privacy and Data Security Committee of the State Bar of Texas  Computer and Technology, Litigation, Intellectual Property Law, and Business Sections of the State Bar of Texas  Information Security Committee of the Section on Science & Technology Committee of the American Bar Association  Social Media Committee of the American Bar Association  North Texas Crime Commission, Cybercrime Committee  International Association of Privacy Professionals The information provided is for educational purposes only, does not constitute legal advice, and no attorney-client relationship is created by this presentation.
Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 2 “Authority” Governing Data Breach • Laws • Types • Common Law (courts) • Statutory Law (legislatures) • Sources • International • Federal • State • Local • Agency Rules & Regulations • Industry Standards
Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 3 What do these sources of “Authority” have in common? • Tell you what must be done following a breach. • Can you guess who “you” is? • “You” is the entity breached.
Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 4 What do you have to do following a data breach? • Execute Breach Response Plan • General Steps • contact attorney (privilege) • assemble your Response Team • contact forensics • contact notification vendor • investigate breach • remediate responsible vulnerabilities • reporting & notification
Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 5 What does “reporting & notification” mean? • Law Enforcement • State Attorneys General • Federal Agencies • FTC, SEC, HHS, etc. • Industry Groups • PCI, FINRA, FDIC • Credit Bureaus • Professional Vendors & Suppliers • Consumers
Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 6 Cost of a Data Breach! • In 2012 • $188.00 per lost record • $188.00 x “X” - $$$$$$$$
Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 7 Story Time • you were CEO of a world-wide company • breach impacting 110 million customers • $61 million in expenses alone • 10% discount to all shoppers • $5 million investment in cybersecurity coalition • offer “free” identity theft and credit monitoring to all affected customers • Net earnings down 34.28% • Earnings per share down 44.60% • Non-cash losses down 487.71% • US sales down 6.60% • Lawsuits, possible enforcement actions, who knows? • and then you learn …
Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 8 Have you ever heard of …
Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 9 Have you ever heard of …
Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 10 Important Questions • Whose 110,000,000+ customers were furious? • Who spent $61 million in expenses? • Who gave a 10% discount to all shoppers? • Who gave $5 million to a cybersecurity coalition? • Who offered “free” identity theft and credit monitoring to all affected customers? • Whose net earnings are down 34.28%? • Whose earnings per share are down 44.60%? • Whose non-cash losses down 487.71%? • Whose US sales are down 6.60%? • Who is defending lawsuits, enforcement actions? • One more question …
Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 11 Who can tell me the takeaway? hint: • it is related to the topic of this presentation • YOU ARE STILL LIABLE FOR BREACHES CAUSED BY 3RD PARTIES!!!
Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 12 Allocating risk and mitigating risk by contract • Allocating risk • designate duties & responsibilities A party bears the risk when the agreement allocates the risk to that party. TEX. JUR. 3d Contracts § 123 • indemnify “An undertaking against loss or damage amounts to a guaranty of reimbursement on a payment by the indemnitee. With respect to a promise to indemnify against damages, a right to bring suit does not accrue until the indemnitee has suffered damage or injury by being compelled to pay the judgment or debt.” 14 TEX. JUR. 3d Contribution § 24 • Mitigating risk • require mandatory policies, procedures, and security standards for third parties
Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 13 But all are just contractual obligations • Look to you for relief, you must then go enforce your contractual remedies • Breach of Contract • Inability to perform • Unwillingness to perform • Efficient breach theory • Insolvency / bankruptcy • Cost of litigation to enforce
Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 14 The contractual obligations are important and needed • Show diligence and taking data security more serious than most • FTC – looking at 3rd party contracts • SEC – looking at policies and 3rd party contracts • Post-breach = helpful for attorneys general • But more is required
Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 15 Recent agency advisory statements • January 2014: SEC indicates that the new standard of care for companies may require policies in place for: 1. Prevention, detection, and response to cyber attacks and data breaches, 2. IT training focused on security, and 3. Vendor access to company systems and vendor due diligence. • January 31, 2014: GMR Transcription Svcs – FTC case – is requiring businesses to follow 3 steps when contracting with 3rd party service providers: 1. Investigate by exercising due diligence before hiring data service providers. 2. Obligate their data service providers to adhere to the appropriate level of data security protections through contractual agreements with provider. 3. Verify that the data service providers are adequately protecting data as required by the contractual standards.
Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 16 Ronald Reagan, in dealing with Soviets, said… “Trust, but verify.” How do you verify? Audit!
Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 17 Key Takeaways • You are still liable for breaches caused by 3rd parties! • Contractual agreements are not a magic wand to make liability go away – you are still responsible but now have a remedy against the 3rd party • “Trust, but verify” = Audit! • Cyber Insurance
Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 18 Sun Tzu – The Art of War “In all fighting the direct method may be used for joining battle, but indirect methods will be needed to secure victory.” “You can be sure of succeeding in your attacks if you attack places which are not defended.” “The spot where we intend to fight must not be made known; for then the enemy will have to prepare against a possible attack at several different points; and his forces being thus distributed in many directions, the numbers we shall have to face at any given point will be proportionately few.”

Recomendados

Digital Information Law & Your Business - The Alternative Board
Digital Information Law & Your Business - The Alternative BoardDigital Information Law & Your Business - The Alternative Board
Digital Information Law & Your Business - The Alternative BoardShawn Tuma
 
Combating Cyber Fraud, Data Breaches & Corporate Espionage
Combating Cyber Fraud, Data Breaches & Corporate EspionageCombating Cyber Fraud, Data Breaches & Corporate Espionage
Combating Cyber Fraud, Data Breaches & Corporate EspionageShawn Tuma
 
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...Shawn Tuma
 
Cyber for Beginners v2
Cyber for Beginners v2Cyber for Beginners v2
Cyber for Beginners v2Kenny Boddye
 
The Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityThe Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityRachel Hamilton
 
Overview and Update on the Computer Fraud and Abuse Act (CFAA) for the Data ...
Overview and Update on the Computer Fraud and Abuse Act (CFAA) for the Data ...Overview and Update on the Computer Fraud and Abuse Act (CFAA) for the Data ...
Overview and Update on the Computer Fraud and Abuse Act (CFAA) for the Data ...Shawn Tuma
 
Computer Fraud and Abuse Act CLE - Dallas Bar Ass'n (8.22.11)
Computer Fraud and Abuse Act CLE - Dallas Bar Ass'n (8.22.11)Computer Fraud and Abuse Act CLE - Dallas Bar Ass'n (8.22.11)
Computer Fraud and Abuse Act CLE - Dallas Bar Ass'n (8.22.11)Shawn Tuma
 
Freeze Your Credit File
Freeze Your Credit FileFreeze Your Credit File
Freeze Your Credit File- Mark - Fullbright
 

Recomendados

Digital Information Law & Your Business - The Alternative Board
Digital Information Law & Your Business - The Alternative BoardDigital Information Law & Your Business - The Alternative Board
Digital Information Law & Your Business - The Alternative BoardShawn Tuma
 
Combating Cyber Fraud, Data Breaches & Corporate Espionage
Combating Cyber Fraud, Data Breaches & Corporate EspionageCombating Cyber Fraud, Data Breaches & Corporate Espionage
Combating Cyber Fraud, Data Breaches & Corporate EspionageShawn Tuma
 
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...Shawn Tuma
 
Cyber for Beginners v2
Cyber for Beginners v2Cyber for Beginners v2
Cyber for Beginners v2Kenny Boddye
 
The Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityThe Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityRachel Hamilton
 
Overview and Update on the Computer Fraud and Abuse Act (CFAA) for the Data ...
Overview and Update on the Computer Fraud and Abuse Act (CFAA) for the Data ...Overview and Update on the Computer Fraud and Abuse Act (CFAA) for the Data ...
Overview and Update on the Computer Fraud and Abuse Act (CFAA) for the Data ...Shawn Tuma
 
Computer Fraud and Abuse Act CLE - Dallas Bar Ass'n (8.22.11)
Computer Fraud and Abuse Act CLE - Dallas Bar Ass'n (8.22.11)Computer Fraud and Abuse Act CLE - Dallas Bar Ass'n (8.22.11)
Computer Fraud and Abuse Act CLE - Dallas Bar Ass'n (8.22.11)Shawn Tuma
 
Freeze Your Credit File
Freeze Your Credit FileFreeze Your Credit File
Freeze Your Credit File- Mark - Fullbright
 
The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers BDO_Consulting
 
The Evolving Computer Fraud and Abuse Act
The Evolving Computer Fraud and Abuse ActThe Evolving Computer Fraud and Abuse Act
The Evolving Computer Fraud and Abuse ActShawn Tuma
 
Cyber Threats and Insurance
Cyber Threats and InsuranceCyber Threats and Insurance
Cyber Threats and InsuranceEric Dean
 
Ten Laws Internet Businesses Should Consider Part I
Ten Laws Internet Businesses Should Consider Part ITen Laws Internet Businesses Should Consider Part I
Ten Laws Internet Businesses Should Consider Part IRyan K. Hew
 
Cybersecurity and Data Privacy
Cybersecurity and Data PrivacyCybersecurity and Data Privacy
Cybersecurity and Data PrivacyIFLP
 
Legal issues of domain names & trademarks
Legal issues of domain names & trademarksLegal issues of domain names & trademarks
Legal issues of domain names & trademarksMatt Siltala
 
Demystifying Artificial Intelligence
Demystifying Artificial IntelligenceDemystifying Artificial Intelligence
Demystifying Artificial IntelligenceIFLP
 
What to do after a data breach
What to do after a data breachWhat to do after a data breach
What to do after a data breachOregon Law Practice Management
 
Protecting Your Law Office Against Data Breaches and Other Cyber Threats
Protecting Your Law Office Against Data Breaches and Other Cyber ThreatsProtecting Your Law Office Against Data Breaches and Other Cyber Threats
Protecting Your Law Office Against Data Breaches and Other Cyber ThreatsBlake A. Klinkner
 
TMI CYBER INSURANCE BROCHURE
TMI CYBER INSURANCE BROCHURETMI CYBER INSURANCE BROCHURE
TMI CYBER INSURANCE BROCHUREShan Budesha
 
Cyber risk
Cyber riskCyber risk
Cyber riskTarek Younan
 
Cyngus vlct leave behind v3
Cyngus vlct leave behind v3Cyngus vlct leave behind v3
Cyngus vlct leave behind v3www.SMARTvt.org
 
Identity theft
Identity theftIdentity theft
Identity theftSARASWATHI S
 
Cyber Insurance Policy - Understanding the Premiums & Coverages
Cyber Insurance Policy - Understanding the Premiums & CoveragesCyber Insurance Policy - Understanding the Premiums & Coverages
Cyber Insurance Policy - Understanding the Premiums & CoveragesBajaj Allianz General Insurance Company Limited
 
Rimon - CLE on Cloud Lawyering for PAABA
Rimon - CLE on Cloud Lawyering for PAABARimon - CLE on Cloud Lawyering for PAABA
Rimon - CLE on Cloud Lawyering for PAABAYaacov Silberman
 
Unearthing and Dissecting Internet Fraud
Unearthing and Dissecting Internet FraudUnearthing and Dissecting Internet Fraud
Unearthing and Dissecting Internet FraudInternet Law Center
 
Identity theft power_point
Identity theft power_pointIdentity theft power_point
Identity theft power_pointefandeye
 
Kurnava_Law+Ethics+and+Cybersecurity_Research+Paper
Kurnava_Law+Ethics+and+Cybersecurity_Research+PaperKurnava_Law+Ethics+and+Cybersecurity_Research+Paper
Kurnava_Law+Ethics+and+Cybersecurity_Research+PaperMatthew Kurnava
 
online shopping
online shoppingonline shopping
online shoppingObger Mercier , MBA
 
Identity theft
Identity theftIdentity theft
Identity theftNick Chandi
 
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...Shawn Tuma
 
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...Shawn Tuma
 

Mais conteúdo relacionado

Mais procurados

The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers BDO_Consulting
 
The Evolving Computer Fraud and Abuse Act
The Evolving Computer Fraud and Abuse ActThe Evolving Computer Fraud and Abuse Act
The Evolving Computer Fraud and Abuse ActShawn Tuma
 
Cyber Threats and Insurance
Cyber Threats and InsuranceCyber Threats and Insurance
Cyber Threats and InsuranceEric Dean
 
Ten Laws Internet Businesses Should Consider Part I
Ten Laws Internet Businesses Should Consider Part ITen Laws Internet Businesses Should Consider Part I
Ten Laws Internet Businesses Should Consider Part IRyan K. Hew
 
Cybersecurity and Data Privacy
Cybersecurity and Data PrivacyCybersecurity and Data Privacy
Cybersecurity and Data PrivacyIFLP
 
Legal issues of domain names & trademarks
Legal issues of domain names & trademarksLegal issues of domain names & trademarks
Legal issues of domain names & trademarksMatt Siltala
 
Demystifying Artificial Intelligence
Demystifying Artificial IntelligenceDemystifying Artificial Intelligence
Demystifying Artificial IntelligenceIFLP
 
Protecting Your Law Office Against Data Breaches and Other Cyber Threats
Protecting Your Law Office Against Data Breaches and Other Cyber ThreatsProtecting Your Law Office Against Data Breaches and Other Cyber Threats
Protecting Your Law Office Against Data Breaches and Other Cyber ThreatsBlake A. Klinkner
 
TMI CYBER INSURANCE BROCHURE
TMI CYBER INSURANCE BROCHURETMI CYBER INSURANCE BROCHURE
TMI CYBER INSURANCE BROCHUREShan Budesha
 
Cyngus vlct leave behind v3
Cyngus vlct leave behind v3Cyngus vlct leave behind v3
Cyngus vlct leave behind v3www.SMARTvt.org
 
Rimon - CLE on Cloud Lawyering for PAABA
Rimon - CLE on Cloud Lawyering for PAABARimon - CLE on Cloud Lawyering for PAABA
Rimon - CLE on Cloud Lawyering for PAABAYaacov Silberman
 
Unearthing and Dissecting Internet Fraud
Unearthing and Dissecting Internet FraudUnearthing and Dissecting Internet Fraud
Unearthing and Dissecting Internet FraudInternet Law Center
 
Identity theft power_point
Identity theft power_pointIdentity theft power_point
Identity theft power_pointefandeye
 
Kurnava_Law+Ethics+and+Cybersecurity_Research+Paper
Kurnava_Law+Ethics+and+Cybersecurity_Research+PaperKurnava_Law+Ethics+and+Cybersecurity_Research+Paper
Kurnava_Law+Ethics+and+Cybersecurity_Research+PaperMatthew Kurnava
 

Mais procurados (20)

The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers
 
The Evolving Computer Fraud and Abuse Act
The Evolving Computer Fraud and Abuse ActThe Evolving Computer Fraud and Abuse Act
The Evolving Computer Fraud and Abuse Act
 
Cyber Threats and Insurance
Cyber Threats and InsuranceCyber Threats and Insurance
Cyber Threats and Insurance
 
Ten Laws Internet Businesses Should Consider Part I
Ten Laws Internet Businesses Should Consider Part ITen Laws Internet Businesses Should Consider Part I
Ten Laws Internet Businesses Should Consider Part I
 
Cybersecurity and Data Privacy
Cybersecurity and Data PrivacyCybersecurity and Data Privacy
Cybersecurity and Data Privacy
 
Legal issues of domain names & trademarks
Legal issues of domain names & trademarksLegal issues of domain names & trademarks
Legal issues of domain names & trademarks
 
Demystifying Artificial Intelligence
Demystifying Artificial IntelligenceDemystifying Artificial Intelligence
Demystifying Artificial Intelligence
 
What to do after a data breach
What to do after a data breachWhat to do after a data breach
What to do after a data breach
 
Protecting Your Law Office Against Data Breaches and Other Cyber Threats
Protecting Your Law Office Against Data Breaches and Other Cyber ThreatsProtecting Your Law Office Against Data Breaches and Other Cyber Threats
Protecting Your Law Office Against Data Breaches and Other Cyber Threats
 
TMI CYBER INSURANCE BROCHURE
TMI CYBER INSURANCE BROCHURETMI CYBER INSURANCE BROCHURE
TMI CYBER INSURANCE BROCHURE
 
Cyber risk
Cyber riskCyber risk
Cyber risk
 
Cyngus vlct leave behind v3
Cyngus vlct leave behind v3Cyngus vlct leave behind v3
Cyngus vlct leave behind v3
 
Identity theft
Identity theftIdentity theft
Identity theft
 
Cyber Insurance Policy - Understanding the Premiums & Coverages
Cyber Insurance Policy - Understanding the Premiums & CoveragesCyber Insurance Policy - Understanding the Premiums & Coverages
Cyber Insurance Policy - Understanding the Premiums & Coverages
 
Rimon - CLE on Cloud Lawyering for PAABA
Rimon - CLE on Cloud Lawyering for PAABARimon - CLE on Cloud Lawyering for PAABA
Rimon - CLE on Cloud Lawyering for PAABA
 
Unearthing and Dissecting Internet Fraud
Unearthing and Dissecting Internet FraudUnearthing and Dissecting Internet Fraud
Unearthing and Dissecting Internet Fraud
 
Identity theft power_point
Identity theft power_pointIdentity theft power_point
Identity theft power_point
 
Kurnava_Law+Ethics+and+Cybersecurity_Research+Paper
Kurnava_Law+Ethics+and+Cybersecurity_Research+PaperKurnava_Law+Ethics+and+Cybersecurity_Research+Paper
Kurnava_Law+Ethics+and+Cybersecurity_Research+Paper
 
online shopping
online shoppingonline shopping
online shopping
 
Identity theft
Identity theftIdentity theft
Identity theft
 

Destaque

Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...Shawn Tuma
 
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...Shawn Tuma
 
Cybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowCybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowShawn Tuma
 
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las VegasGet the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las VegasShawn Tuma
 
Government Notification of Data Breach
Government Notification of Data BreachGovernment Notification of Data Breach
Government Notification of Data BreachShawn Tuma
 
Cybersecurity & Data Protection: Thinking About Risk & Compliance
Cybersecurity & Data Protection: Thinking About Risk & ComplianceCybersecurity & Data Protection: Thinking About Risk & Compliance
Cybersecurity & Data Protection: Thinking About Risk & ComplianceShawn Tuma
 
Provisions in Cyber Insurance Policies - State Bar of Texas Annual Meeting 20...
Provisions in Cyber Insurance Policies - State Bar of Texas Annual Meeting 20...Provisions in Cyber Insurance Policies - State Bar of Texas Annual Meeting 20...
Provisions in Cyber Insurance Policies - State Bar of Texas Annual Meeting 20...Shawn Tuma
 

Destaque (7)

Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
 
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
 
Cybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowCybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to Know
 
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las VegasGet the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
 
Government Notification of Data Breach
Government Notification of Data BreachGovernment Notification of Data Breach
Government Notification of Data Breach
 
Cybersecurity & Data Protection: Thinking About Risk & Compliance
Cybersecurity & Data Protection: Thinking About Risk & ComplianceCybersecurity & Data Protection: Thinking About Risk & Compliance
Cybersecurity & Data Protection: Thinking About Risk & Compliance
 
Provisions in Cyber Insurance Policies - State Bar of Texas Annual Meeting 20...
Provisions in Cyber Insurance Policies - State Bar of Texas Annual Meeting 20...Provisions in Cyber Insurance Policies - State Bar of Texas Annual Meeting 20...
Provisions in Cyber Insurance Policies - State Bar of Texas Annual Meeting 20...
 

Semelhante a The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud Summit

Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006JNicholson
 
Cyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation IndustryCyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation IndustryHNI Risk Services
 
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...Shawn Tuma
 
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Shawn Tuma
 
Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Next Dimension Inc.
 
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceCorporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceFinancial Poise
 
Recovering from a Cyber Attack
Recovering from a Cyber AttackRecovering from a Cyber Attack
Recovering from a Cyber AttackShawn Tuma
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossShawn Tuma
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Financial Poise
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Michael C. Keeling, Esq.
 
Legal Issues Impacting Data Center Owners, Operators & Users
Legal Issues Impacting Data Center Owners, Operators & UsersLegal Issues Impacting Data Center Owners, Operators & Users
Legal Issues Impacting Data Center Owners, Operators & Usersjyates
 
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Shawn Tuma
 
Cyber security legal and regulatory environment - Executive Discussion
Cyber security legal and regulatory environment - Executive DiscussionCyber security legal and regulatory environment - Executive Discussion
Cyber security legal and regulatory environment - Executive DiscussionJoe Nathans
 
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)Shawn Tuma
 
Powerpoint mack jackson
Powerpoint mack jacksonPowerpoint mack jackson
Powerpoint mack jacksonaiimnevada
 
Legal Issues Impacting Data Center Owners, Operators and Users
Legal Issues Impacting Data Center Owners, Operators and UsersLegal Issues Impacting Data Center Owners, Operators and Users
Legal Issues Impacting Data Center Owners, Operators and UsersMMMTechLaw
 
Cybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law FirmCybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law FirmNext Dimension Inc.
 
2015 LOMA Conference - Third party risk management - Session 20
2015 LOMA Conference - Third party risk management - Session 202015 LOMA Conference - Third party risk management - Session 20
2015 LOMA Conference - Third party risk management - Session 20Marc S. Sokol
 

Semelhante a The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud Summit (20)

Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006
 
Cyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation IndustryCyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation Industry
 
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
 
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
 
Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?
 
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceCorporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
 
Recovering from a Cyber Attack
Recovering from a Cyber AttackRecovering from a Cyber Attack
Recovering from a Cyber Attack
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
 
Data Privacy Compliance
Data Privacy ComplianceData Privacy Compliance
Data Privacy Compliance
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1
 
Cyber Liability Risk
Cyber Liability RiskCyber Liability Risk
Cyber Liability Risk
 
Legal Issues Impacting Data Center Owners, Operators & Users
Legal Issues Impacting Data Center Owners, Operators & UsersLegal Issues Impacting Data Center Owners, Operators & Users
Legal Issues Impacting Data Center Owners, Operators & Users
 
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
 
Cyber security legal and regulatory environment - Executive Discussion
Cyber security legal and regulatory environment - Executive DiscussionCyber security legal and regulatory environment - Executive Discussion
Cyber security legal and regulatory environment - Executive Discussion
 
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
 
Powerpoint mack jackson
Powerpoint mack jacksonPowerpoint mack jackson
Powerpoint mack jackson
 
Legal Issues Impacting Data Center Owners, Operators and Users
Legal Issues Impacting Data Center Owners, Operators and UsersLegal Issues Impacting Data Center Owners, Operators and Users
Legal Issues Impacting Data Center Owners, Operators and Users
 
Cybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law FirmCybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law Firm
 
2015 LOMA Conference - Third party risk management - Session 20
2015 LOMA Conference - Third party risk management - Session 202015 LOMA Conference - Third party risk management - Session 20
2015 LOMA Conference - Third party risk management - Session 20
 

Mais de Shawn Tuma

Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Shawn Tuma
 
The Dark Side of Digital Engagement
The Dark Side of Digital EngagementThe Dark Side of Digital Engagement
The Dark Side of Digital EngagementShawn Tuma
 
Incident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware AttackIncident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware AttackShawn Tuma
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
 
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...Shawn Tuma
 
The Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data BreachThe Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data BreachShawn Tuma
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
 
Lawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for CybersecurityLawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for CybersecurityShawn Tuma
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
 
Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.Shawn Tuma
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeShawn Tuma
 
Cyber Hygiene Checklist
Cyber Hygiene ChecklistCyber Hygiene Checklist
Cyber Hygiene ChecklistShawn Tuma
 
Cyber Incident Response Checklist
Cyber Incident Response ChecklistCyber Incident Response Checklist
Cyber Incident Response ChecklistShawn Tuma
 
Cybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and ClientsCybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and ClientsShawn Tuma
 
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Shawn Tuma
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
 
Something is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid ThemSomething is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid ThemShawn Tuma
 
Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)Shawn Tuma
 
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500Shawn Tuma
 
Cybersecurity Update
Cybersecurity UpdateCybersecurity Update
Cybersecurity UpdateShawn Tuma
 

Mais de Shawn Tuma (20)

Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
 
The Dark Side of Digital Engagement
The Dark Side of Digital EngagementThe Dark Side of Digital Engagement
The Dark Side of Digital Engagement
 
Incident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware AttackIncident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware Attack
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
 
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
 
The Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data BreachThe Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data Breach
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
 
Lawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for CybersecurityLawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for Cybersecurity
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
 
Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should Include
 
Cyber Hygiene Checklist
Cyber Hygiene ChecklistCyber Hygiene Checklist
Cyber Hygiene Checklist
 
Cyber Incident Response Checklist
Cyber Incident Response ChecklistCyber Incident Response Checklist
Cyber Incident Response Checklist
 
Cybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and ClientsCybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and Clients
 
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
 
Something is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid ThemSomething is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid Them
 
Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)
 
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
 
Cybersecurity Update
Cybersecurity UpdateCybersecurity Update
Cybersecurity Update
 

Último

Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksUnderstanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksFinlaw Associates
 
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdfWurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdfssuser3e15612
 
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis LeeAlexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis LeeBlayneRush1
 
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791BlayneRush1
 
Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.2020000445musaib
 
PPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training CenterPPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training Centerejlfernandez22
 
Alexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogiAlexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogiBlayneRush1
 
Grey Area of the Information Technology Act, 2000.pptx
Grey Area of the Information Technology Act, 2000.pptxGrey Area of the Information Technology Act, 2000.pptx
Grey Area of the Information Technology Act, 2000.pptxBharatMunjal4
 
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsVanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsAbdul-Hakim Shabazz
 
Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791BlayneRush1
 
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书SD DS
 
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxSarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxAnto Jebin
 
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书SD DS
 
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书SD DS
 
Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...shubhuc963
 
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书1k98h0e1
 
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceLaw360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceMichael Cicero
 
citizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicablecitizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicableSaraSantiago44
 
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书SD DS
 
Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementSpecial Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementShubhiSharma858417
 

Último (20)

Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksUnderstanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
 
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdfWurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
 
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis LeeAlexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
 
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
 
Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.
 
PPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training CenterPPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training Center
 
Alexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogiAlexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogi
 
Grey Area of the Information Technology Act, 2000.pptx
Grey Area of the Information Technology Act, 2000.pptxGrey Area of the Information Technology Act, 2000.pptx
Grey Area of the Information Technology Act, 2000.pptx
 
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsVanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
 
Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791
 
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
 
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxSarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
 
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
 
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
 
Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...
 
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
 
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceLaw360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
 
citizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicablecitizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicable
 
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
 
Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementSpecial Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreement
 

The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud Summit

  • 1. Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 1 The Legal Side of Data Breach and Third Party Risk Shawn Tuma, Partner BrittonTuma 469.635.1335 stuma@brittontuma.com @shawnetuma blog: shawnetuma.com web: brittontuma.com Shawn Tuma is a lawyer whose practice is focused on cutting-edge cyber and information law and includes issues like helping businesses defend their data and intellectual property against computer fraud, data breaches, hacking, corporate espionage, and insider theft. Shawn stays very active in the cyber and information law communities:  Chair, Collin County Bar Association Civil Litigation & Appellate Law Section  College of the State Bar of Texas  Privacy and Data Security Committee of the State Bar of Texas  Computer and Technology, Litigation, Intellectual Property Law, and Business Sections of the State Bar of Texas  Information Security Committee of the Section on Science & Technology Committee of the American Bar Association  Social Media Committee of the American Bar Association  North Texas Crime Commission, Cybercrime Committee  International Association of Privacy Professionals The information provided is for educational purposes only, does not constitute legal advice, and no attorney-client relationship is created by this presentation.
  • 2. Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 2 “Authority” Governing Data Breach • Laws • Types • Common Law (courts) • Statutory Law (legislatures) • Sources • International • Federal • State • Local • Agency Rules & Regulations • Industry Standards
  • 3. Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 3 What do these sources of “Authority” have in common? • Tell you what must be done following a breach. • Can you guess who “you” is? • “You” is the entity breached.
  • 4. Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 4 What do you have to do following a data breach? • Execute Breach Response Plan • General Steps • contact attorney (privilege) • assemble your Response Team • contact forensics • contact notification vendor • investigate breach • remediate responsible vulnerabilities • reporting & notification
  • 5. Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 5 What does “reporting & notification” mean? • Law Enforcement • State Attorneys General • Federal Agencies • FTC, SEC, HHS, etc. • Industry Groups • PCI, FINRA, FDIC • Credit Bureaus • Professional Vendors & Suppliers • Consumers
  • 6. Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 6 Cost of a Data Breach! • In 2012 • $188.00 per lost record • $188.00 x “X” - $$$$$$$$
  • 7. Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 7 Story Time • you were CEO of a world-wide company • breach impacting 110 million customers • $61 million in expenses alone • 10% discount to all shoppers • $5 million investment in cybersecurity coalition • offer “free” identity theft and credit monitoring to all affected customers • Net earnings down 34.28% • Earnings per share down 44.60% • Non-cash losses down 487.71% • US sales down 6.60% • Lawsuits, possible enforcement actions, who knows? • and then you learn …
  • 8. Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 8 Have you ever heard of …
  • 9. Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 9 Have you ever heard of …
  • 10. Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 10 Important Questions • Whose 110,000,000+ customers were furious? • Who spent $61 million in expenses? • Who gave a 10% discount to all shoppers? • Who gave $5 million to a cybersecurity coalition? • Who offered “free” identity theft and credit monitoring to all affected customers? • Whose net earnings are down 34.28%? • Whose earnings per share are down 44.60%? • Whose non-cash losses down 487.71%? • Whose US sales are down 6.60%? • Who is defending lawsuits, enforcement actions? • One more question …
  • 11. Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 11 Who can tell me the takeaway? hint: • it is related to the topic of this presentation • YOU ARE STILL LIABLE FOR BREACHES CAUSED BY 3RD PARTIES!!!
  • 12. Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 12 Allocating risk and mitigating risk by contract • Allocating risk • designate duties & responsibilities A party bears the risk when the agreement allocates the risk to that party. TEX. JUR. 3d Contracts § 123 • indemnify “An undertaking against loss or damage amounts to a guaranty of reimbursement on a payment by the indemnitee. With respect to a promise to indemnify against damages, a right to bring suit does not accrue until the indemnitee has suffered damage or injury by being compelled to pay the judgment or debt.” 14 TEX. JUR. 3d Contribution § 24 • Mitigating risk • require mandatory policies, procedures, and security standards for third parties
  • 13. Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 13 But all are just contractual obligations • Look to you for relief, you must then go enforce your contractual remedies • Breach of Contract • Inability to perform • Unwillingness to perform • Efficient breach theory • Insolvency / bankruptcy • Cost of litigation to enforce
  • 14. Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 14 The contractual obligations are important and needed • Show diligence and taking data security more serious than most • FTC – looking at 3rd party contracts • SEC – looking at policies and 3rd party contracts • Post-breach = helpful for attorneys general • But more is required
  • 15. Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 15 Recent agency advisory statements • January 2014: SEC indicates that the new standard of care for companies may require policies in place for: 1. Prevention, detection, and response to cyber attacks and data breaches, 2. IT training focused on security, and 3. Vendor access to company systems and vendor due diligence. • January 31, 2014: GMR Transcription Svcs – FTC case – is requiring businesses to follow 3 steps when contracting with 3rd party service providers: 1. Investigate by exercising due diligence before hiring data service providers. 2. Obligate their data service providers to adhere to the appropriate level of data security protections through contractual agreements with provider. 3. Verify that the data service providers are adequately protecting data as required by the contractual standards.
  • 16. Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 16 Ronald Reagan, in dealing with Soviets, said… “Trust, but verify.” How do you verify? Audit!
  • 17. Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 17 Key Takeaways • You are still liable for breaches caused by 3rd parties! • Contractual agreements are not a magic wand to make liability go away – you are still responsible but now have a remedy against the 3rd party • “Trust, but verify” = Audit! • Cyber Insurance
  • 18. Digital Business Risk www.brittontuma.com © 2014 Shawn E. Tuma 18 Sun Tzu – The Art of War “In all fighting the direct method may be used for joining battle, but indirect methods will be needed to secure victory.” “You can be sure of succeeding in your attacks if you attack places which are not defended.” “The spot where we intend to fight must not be made known; for then the enemy will have to prepare against a possible attack at several different points; and his forces being thus distributed in many directions, the numbers we shall have to face at any given point will be proportionately few.”