Presentation to the Collin County Bench Bar Foundation's 2015 Bench Bar Conference. Focused on the latest cybersecurity trends and strategies for mitigation of cyber risk and compliance.
2. ShawnTuma
Partner, Scheef & Stone, L.L.P.
214.472.2135
shawn.tuma@solidcounsel.com
@shawnetuma
blog: shawnetuma.com
web: solidcounsel.com
This information provided is for educational purposes only, does not constitute legal advice,
and no attorney-client relationship is created by this presentation.
Shawn Tuma is a cyber lawyer business leaders trust to help solve problems with cutting-
edge issues involving cybersecurity, data privacy, computer fraud, intellectual property, and
social media law. He is a partner at Scheef & Stone, LLP, a full service commercial law firm
inTexas that represents businesses of all sizes throughout the United States and, through
its Mackrell International network, throughout the world.
Texas SuperLawyers 2015
Best Lawyers in Dallas 2014 & 2015, D Magazine (Digital Information Law)
Chair, Collin County Bar Association Civil Litigation & Appellate Section
College of the State Bar ofTexas
Privacy and Data Security Committee, Litigation, Intellectual Property Law, and
Business Sections of the State Bar ofTexas
Information Security Committee of the Section on Science &Technology Committee of
the American Bar Association
Social Media Committee of the American Bar Association
NorthTexas Crime Commission, Cybercrime Committee
Infragard (FBI)
International Association of Privacy Professionals
Information Systems Security Association
Contributor, Norse DarkMatters Security Blog
Editor, Business Cyber Risk Law Blog
20. What does “reporting & notification” mean?
• Law Enforcement
• StateAttorneys General
• pre-notice =VT (14 days), MD,
NJ St. Police
• FederalAgencies
• FTC, SEC, HHS, etc.
• Consumers
• Fla, Ohio,Vermont = 45 days
• Industry Groups
• PCI, FINRA, FFIEC
• Credit Bureaus
• ProfessionalVendors &
Suppliers
21. www.solidcounsel.com
first
name or
first initial
last name
SSN
DLN or
GovtID
data
breach
first
name or
first initial
last
name
Acct or
Card #
Access
or
Security
Code
data
breach
Info that IDs
Individual
Health-care,
provided, or
pay
data breach
Duty to notify when “unauthorized acquisition of computerized data that compromises the security,
confidentiality, or integrity of sensitive personal information …” Tx. Bus. Comm. Code § 521.053
CIVIL PENALTY $100.00 per individual per
day for notification delay, not to exceed
$250,000 for single breach § 521.151
22. 2013 Cost (pre-Target)
$188.00 per record
$5.4 million = total average cost paid by organizations
2014 Cost
$201 per record
$5.9 million = total average cost paid by organizations
“The primary reason for the increase is the loss of customers following the data
breach due to the additional expenses required to preserve the organization’s
brand and reputation.” –Ponemon Institute 2014 Cost of Data Breach Study
Cost of a Data Breach
23.
24.
25. Blocking &Tackling –
Most Common Breaches
Theft
Lost
Passwords
Phishing
Websites
Basic IT
Case Stories
26. Blocking &Tackling – Must Haves
Approved & Documented
Basic IT Security
Basic Physical Security
Policies & Procedures Focused on Data Security
Company
Workforce (Rajaee v. DesignTech Homes, Ltd.)
Network
Business Associates (Travelers Casualty v. Ignition Studio, Inc.)
Implementation & Training
Regular Reassessment & Update