SlideShare uma empresa Scribd logo

Cyber Liability Insurance Counseling and Breach Response

Shawn Tuma
Shawn Tuma

This presentation focused on how teaching attorneys how to counsel their clients on cyber insurance and guide them through the data breach incident response process. Cybersecurity and data privacy attorney Shawn Tuma presented this continuing legal education session on March 10, 2017. It was delivered live at the TexasBarCLE presents the 8th Annual Course Essentials of Business Law:Four Modules for a Robust Practice Cosponsored by the Business Law Section of the State Bar of Texas.

Direito
1 de 36
Baixar para ler offline
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Cyber Liability Insurance Counseling and Breach Response Elizabeth Rogers Greenberg Traurig, LLP rogersel@gtlaw.com @Lonestar_Lawyer Shawn Tuma Scheef & Stone, LLP Shawn.tuma@solidcounsel.com @shawnetuma
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Breach! Immediate Priorities • Leadership! • Assess the situation • Be a counselor • Instill confidence • Bring peace • Facilitate rational thought & rational behavior
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Data Breach Foundations Is the cyber event an incident or a breach? ▪ Event: any occurrence. ▪ Incident: an event that actually or potentially jeopardizes the confidentiality, integrity, or availability of the system, data, policies, or practices. ▪ Breach: actual loss of control, compromise, unauthorized disclosure, acquisition or access of data. ▪ Ransomware? Encryption safe harbor?
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Data Breach Foundations Is the cyber event caused by criminal or negligent actions? ▪ Hacker stealing IP from network. ▪ Employee misplaces unencrypted USB drive with PII. ▪ Focus on the action – why was it done? ▪ Report criminal events to law enforcement, not usually with negligent.
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Data Breach Foundations The difference between reporting, disclosing, notifying? ▪ Used interchangeably, not official – just used for clarity. ▪ Reporting: to report a crime to law enforcement. ▪ Disclosing: to disclose (notify) to a state or federal regulator of a data breach. ▪ Notification: to notify the data subjects of a data breach.
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Disclosure to Government Regulators ▪ Remember our fiction: reporting / notifying / disclosing ▪ What type of data was breached? (PII, PHI, Fin. Data, PCI) ▪ Which laws apply? ▪ Regulated industry? (HHS, SEC, FDIC, FINRA) ▪ i.e., Health → HHS, then ≥ 500 = 60 days to report < 500 = annual report ▪ State jurisdictions?
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Data Breach Response The difference between reporting, disclosing, notifying? ▪ Used interchangeably, not official – just used for clarity. ▪ Reporting: to report a crime to law enforcement. OPTIONAL, MAYBE. ▪ Disclosing: to disclose (notify) to a state or federal regulator of a data breach. NOT OPTIONAL. ▪ Notification: to notify the data subjects of a data breach. NOT OPTIONAL.
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Disclosure to Government Regulators Breach Notification Laws ▪ No national breach notification law ▪ 47 States w/ laws + DC, PR, VI (≠ AL, NM, SD) ▪ Data subjects’ residence determines + state doing bus. ▪ Some consistency but some not (e.g., MA & CA) ▪ Review each time – constantly changing.
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Disclosure to Government Regulators ▪ Is it a triggering “breach” under each relevant states’ laws? ▪ Which states’ laws require disclosure to their AG? ▪ Most, under certain circumstances (not TX). ▪ Which require pre-notice of a breach notification? ▪ CA, CT, NH, NJ, NY, NC, PR, WA ▪ When must disclosures be made? (w/ notif. 30/45/reas.) ▪ How must disclosure be made? (template / portal)
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Texas Breach Notification Law Notification Required Following Breach of Security of Computerized Data, Tex. Bus. Comm. Code § 521.053 ▪ “A person who conducts business in this state and owns or licenses computerized data that includes sensitive personal information shall disclose any breach of system security, after discovering or receiving notification of the breach, to any individual whose sensitive personal information was, or is reasonably believed to have been, acquired by an unauthorized person.” (See Appendix B)
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Texas Breach Notification Law ▪ Breach of System Security: “unauthorized acquisition ... compromises the security, confidentiality, or integrity of” SPI.  Employee leaving with customer data? ▪ Applies to anyone doing business in Texas. ▪ Notify any individual whose SPI “was, or is reasonably believed to have been, acquired by an unauthorized person.” ▪ When: “as quickly as possible” but allows for LE delay ▪ Penalty: $100 per individual per day for delayed time, not to exceed $250,000 for a single breach (AG / no civil remedy)
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE first name or first initial last name SSN DLN or GovtID data breach first name or first initial last name Acct or Card # Access or Security Code data breach Info that IDs Individ. Health- care, provided, or pay data breach Duty to notify when “unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of sensitive personal information …” Tx. Bus. Comm. Code § 521.053 CIVIL PENALTY $100.00 per individual per day for notification delay, not to exceed $250,000 for single breach § 521.151
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Reporting to Law Enforcement ▪ Role of law enforcement. ▪ When to report to law enforcement? ▪ Federal, state, or local law enforcement? ▪ When will law enforcement not get involved (usually)?
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Reporting to Law Enforcement ▪ Is it mandatory to report to law enforcement? ▪ State breach notification presume reporting. ▪ DOJ, NIST, FTC (“we’d view that company more favorably than a company that hasn’t”) ▪ US Senate (Yahoo) – when did you report to law enforcement or other government authorities? ▪ Credibility – the “state sponsored” “unprecedented” game.
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Reporting to Law Enforcement Benefits of reporting to law enforcement. ▪ Agencies can compel info from 3rd parties. ▪ Can work with foreign counterparts. ▪ Viewed favorably by regulators, shareholders, public. ▪ Can request delay of reporting. ▪ Result in successful prosecution. ▪ Resources, expertise, institutional knowledge, your $$$
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Reporting to Law Enforcement Dispelling myths of reporting to law enforcement. ▪ Reporting to law enforcement is not same as disclosing to regulators. ▪ Doesn’t “take over” your operations, not like regulatory enforcement action. ▪ Law enforcement uses discretion, doesn’t tattle on you. ▪ Company is still viewed as the victim. ▪ Use hypotheticals, if needed.
Cyber Insurance
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Cyber Insurance – Key Questions • Even know if you have it? • What period does the policy cover? • Are Officers & Directors Covered? • Cover 3rd Party Caused Events? • Social Engineering coverage? • Cover insiders intentional acts (vs. negligent) • Contractual liability? • What is the triggering event? • What types of data are covered? • What kind of incidents are covered? • Acts of war? • Required carrier list for attorneys & experts? • Other similar risks?
10 Key Issues in Cybersecurity Insurance Policies
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE 1.What period does the policy cover?
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE 2.Will Officers & Directors fall into the gap?
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE 3. Does policy exclude liability for injuries arising from breach of contract?
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE 4. Does policy cover actions caused by your vendors and contractors?
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE 5. Does policy provide excess coverage with a drop-down provision?
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE 6. Does policy provide coverage for insiders’ intentional acts – as opposed to negligent acts?
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE 7.What is the triggering event for coverage?
Data Sources Company Data Workforce Data Customer / Client Data Other Parties’ Data 3rd Party Business Associates’ Data Outsiders’ Data 8.What types of data are covered?
Threat Vectors Network Website Email BYOD USBGSM Internet Surfing Business Associates People 9.What kinds of breach events are covered?
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE 10. How are exclusions for “cyber acts of war” and “cyber terrorism” treated?
Additional Cybersecurity Insurance Considerations
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Contracts • 3rd party liability • Healthcare (BA) • Software license audit • Permissible access & use in policies, BYOD • EULA / TOS Marketing • FTC Act § 5 • SPAM laws • NLRB rules • CDA § 230 • Website audits • IP issues • Acct ownership Privacy • Privacy policies • Privacy & data practices • Destruction policies • Monitoring workforce • Business intelligence Industry Regulation • PCI (Payment Card Industry) • FFIEC (Federal Financial Institution Examination Council) • FINRA (Financial Industry Regulatory Authority) • SIFMA (Securities Industry and Financial Markets Association) What other cyber risks events are covered?
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE What coverage do you need, and how much?
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Should you agree to using the carrier’s list of attorneys and experts?
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE QUESTIONS?
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Shawn Tuma Scheef & Stone, LLP Frisco, Texas 214.472.2135 shawn.tuma@solidcounsel.com www.solidcounsel.com www.shawnetuma.com (blog) @shawnetuma Elizabeth Rogers Greenberg Traurig, LLP Austin, Texas 512.320.7256 rogersel@gtlaw.com www.gtlaw.com @Lonestar_Lawyer

Recomendados

Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsCyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsShawn Tuma
 
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionCybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionShawn Tuma
 
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsCybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsShawn Tuma
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossShawn Tuma
 
Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowShawn Tuma
 
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...Shawn Tuma
 
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...Shawn Tuma
 
Government Notification of Data Breach
Government Notification of Data BreachGovernment Notification of Data Breach
Government Notification of Data BreachShawn Tuma
 

Recomendados

Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsCyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsShawn Tuma
 
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionCybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionShawn Tuma
 
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsCybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsShawn Tuma
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossShawn Tuma
 
Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowShawn Tuma
 
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...Shawn Tuma
 
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...Shawn Tuma
 
Government Notification of Data Breach
Government Notification of Data BreachGovernment Notification of Data Breach
Government Notification of Data BreachShawn Tuma
 
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Shawn Tuma
 
Cybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The ConvergenceCybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The ConvergenceShawn Tuma
 
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the RiskPrivacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the Riskduffeeandeitzen
 
Working with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security StrategiesWorking with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security StrategiesMeg Weber
 
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...Shawn Tuma
 
Working with law enforcement
Working with law enforcementWorking with law enforcement
Working with law enforcementMeg Weber
 
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...Shawn Tuma
 
Cybersecurity & Data Protection: What the GC & CEO Need to Know
Cybersecurity & Data Protection: What the GC & CEO Need to KnowCybersecurity & Data Protection: What the GC & CEO Need to Know
Cybersecurity & Data Protection: What the GC & CEO Need to KnowShawn Tuma
 
Cybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowCybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowShawn Tuma
 
Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016Dan Michaluk
 
What to do after a data breach
What to do after a data breachWhat to do after a data breach
What to do after a data breachOregon Law Practice Management
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
 
Cas cyber prez
Cas cyber prezCas cyber prez
Cas cyber prezDan Michaluk
 
Data Privacy Micc Presentation
Data Privacy Micc PresentationData Privacy Micc Presentation
Data Privacy Micc Presentationashishjoshi
 
Cybersecurity White Paper 05_2016
Cybersecurity White Paper 05_2016Cybersecurity White Paper 05_2016
Cybersecurity White Paper 05_2016Jennifer Sharf Adler
 
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...Shawn Tuma
 
Cyber legal update oct 7 2015
Cyber legal update oct 7 2015Cyber legal update oct 7 2015
Cyber legal update oct 7 2015Dan Michaluk
 
Data & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyData & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyThoughtworks
 
Cybersecurity and Data Privacy Whistleblower Protections
Cybersecurity and Data Privacy Whistleblower ProtectionsCybersecurity and Data Privacy Whistleblower Protections
Cybersecurity and Data Privacy Whistleblower ProtectionsZuckerman Law Whistleblower Protection Law Firm
 
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)Shawn Tuma
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Shawn Tuma
 
Specific role of excipients in tablet production
Specific role of excipients in tablet productionSpecific role of excipients in tablet production
Specific role of excipients in tablet productionANURAG GROUP OF INSTITUTIONS
 

Mais conteúdo relacionado

Mais procurados

Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Shawn Tuma
 
Cybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The ConvergenceCybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The ConvergenceShawn Tuma
 
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the RiskPrivacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the Riskduffeeandeitzen
 
Working with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security StrategiesWorking with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security StrategiesMeg Weber
 
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...Shawn Tuma
 
Working with law enforcement
Working with law enforcementWorking with law enforcement
Working with law enforcementMeg Weber
 
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...Shawn Tuma
 
Cybersecurity & Data Protection: What the GC & CEO Need to Know
Cybersecurity & Data Protection: What the GC & CEO Need to KnowCybersecurity & Data Protection: What the GC & CEO Need to Know
Cybersecurity & Data Protection: What the GC & CEO Need to KnowShawn Tuma
 
Cybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowCybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowShawn Tuma
 
Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016Dan Michaluk
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
 
Data Privacy Micc Presentation
Data Privacy Micc PresentationData Privacy Micc Presentation
Data Privacy Micc Presentationashishjoshi
 
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...Shawn Tuma
 
Cyber legal update oct 7 2015
Cyber legal update oct 7 2015Cyber legal update oct 7 2015
Cyber legal update oct 7 2015Dan Michaluk
 
Data & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyData & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyThoughtworks
 
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)Shawn Tuma
 

Mais procurados (20)

Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
 
Cybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The ConvergenceCybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The Convergence
 
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the RiskPrivacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
 
Working with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security StrategiesWorking with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security Strategies
 
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
 
Working with law enforcement
Working with law enforcementWorking with law enforcement
Working with law enforcement
 
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
 
Cybersecurity & Data Protection: What the GC & CEO Need to Know
Cybersecurity & Data Protection: What the GC & CEO Need to KnowCybersecurity & Data Protection: What the GC & CEO Need to Know
Cybersecurity & Data Protection: What the GC & CEO Need to Know
 
Cybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowCybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to Know
 
Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016
 
What to do after a data breach
What to do after a data breachWhat to do after a data breach
What to do after a data breach
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
 
Cas cyber prez
Cas cyber prezCas cyber prez
Cas cyber prez
 
Data Privacy Micc Presentation
Data Privacy Micc PresentationData Privacy Micc Presentation
Data Privacy Micc Presentation
 
Cybersecurity White Paper 05_2016
Cybersecurity White Paper 05_2016Cybersecurity White Paper 05_2016
Cybersecurity White Paper 05_2016
 
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
 
Cyber legal update oct 7 2015
Cyber legal update oct 7 2015Cyber legal update oct 7 2015
Cyber legal update oct 7 2015
 
Data & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyData & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny Leroy
 
Cybersecurity and Data Privacy Whistleblower Protections
Cybersecurity and Data Privacy Whistleblower ProtectionsCybersecurity and Data Privacy Whistleblower Protections
Cybersecurity and Data Privacy Whistleblower Protections
 
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
 

Destaque

Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Shawn Tuma
 
Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitKevin Duffey
 
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...Shawn Tuma
 
CEOs leading Recovery from Cyber Attack
CEOs leading Recovery from Cyber AttackCEOs leading Recovery from Cyber Attack
CEOs leading Recovery from Cyber AttackKevin Duffey
 
Data Security Breach – knowing the risks and protecting your business
Data Security Breach – knowing the risks and protecting your businessData Security Breach – knowing the risks and protecting your business
Data Security Breach – knowing the risks and protecting your businessEversheds Sutherland
 
Cyber Security Expect the Unexpected
Cyber Security Expect the UnexpectedCyber Security Expect the Unexpected
Cyber Security Expect the Unexpectedisc2-hellenic
 
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ..."Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...Health IT Conference – iHT2
 
Is Cyber Security the Elephant in the Boardroom?
Is Cyber Security the Elephant in the Boardroom? Is Cyber Security the Elephant in the Boardroom?
Is Cyber Security the Elephant in the Boardroom? Rahul Neel Mani
 
The evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISOThe evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISOisc2-hellenic
 
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...Amazon Web Services
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringCyber Agency
 
The Business Case for Corporate Performance Management
The Business Case for Corporate Performance ManagementThe Business Case for Corporate Performance Management
The Business Case for Corporate Performance ManagementCharles Bedard
 

Destaque (17)

Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
 
Specific role of excipients in tablet production
Specific role of excipients in tablet productionSpecific role of excipients in tablet production
Specific role of excipients in tablet production
 
Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal Toolkit
 
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
 
CEOs leading Recovery from Cyber Attack
CEOs leading Recovery from Cyber AttackCEOs leading Recovery from Cyber Attack
CEOs leading Recovery from Cyber Attack
 
Data Security Breach – knowing the risks and protecting your business
Data Security Breach – knowing the risks and protecting your businessData Security Breach – knowing the risks and protecting your business
Data Security Breach – knowing the risks and protecting your business
 
Cyber Security Expect the Unexpected
Cyber Security Expect the UnexpectedCyber Security Expect the Unexpected
Cyber Security Expect the Unexpected
 
Get the Basics Right
Get the Basics RightGet the Basics Right
Get the Basics Right
 
Automation lec3
Automation lec3Automation lec3
Automation lec3
 
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ..."Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
 
Sumit dhar
Sumit dharSumit dhar
Sumit dhar
 
Is Cyber Security the Elephant in the Boardroom?
Is Cyber Security the Elephant in the Boardroom? Is Cyber Security the Elephant in the Boardroom?
Is Cyber Security the Elephant in the Boardroom?
 
The evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISOThe evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISO
 
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
The Business Case for Corporate Performance Management
The Business Case for Corporate Performance ManagementThe Business Case for Corporate Performance Management
The Business Case for Corporate Performance Management
 
2011-2012 Slumber Parties Catalog
2011-2012 Slumber Parties Catalog2011-2012 Slumber Parties Catalog
2011-2012 Slumber Parties Catalog
 

Semelhante a Cyber Liability Insurance Counseling and Breach Response

Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11pdewitte
 
Affirmative Defense Reponse System
Affirmative Defense Reponse SystemAffirmative Defense Reponse System
Affirmative Defense Reponse Systemoldshaman
 
CCPA: What You Need to Know
CCPA: What You Need to KnowCCPA: What You Need to Know
CCPA: What You Need to KnowIronCore Labs
 
Gagnier's Portion of TechWeek Chicago Presentation
Gagnier's Portion of TechWeek Chicago PresentationGagnier's Portion of TechWeek Chicago Presentation
Gagnier's Portion of TechWeek Chicago PresentationChristina Gagnier
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Shawn Tuma
 
Data Breach Response: A Guide for Business
Data Breach Response: A Guide for BusinessData Breach Response: A Guide for Business
Data Breach Response: A Guide for Business- Mark - Fullbright
 
Texas Privacy Laws - Tough New Changes
Texas Privacy Laws - Tough New ChangesTexas Privacy Laws - Tough New Changes
Texas Privacy Laws - Tough New ChangesJim Brashear
 
Fulcrum Rotary Club- Identity Theft
Fulcrum Rotary Club- Identity TheftFulcrum Rotary Club- Identity Theft
Fulcrum Rotary Club- Identity TheftSteve Meek
 
Privacy PPT by Axel Kloth_March 18 2021
Privacy PPT by Axel Kloth_March 18 2021Privacy PPT by Axel Kloth_March 18 2021
Privacy PPT by Axel Kloth_March 18 2021Nicole Fucile-Borsian
 
IST Presentation
IST PresentationIST Presentation
IST Presentationguest1d1ed5
 
Privacy Presentation for SOCAP-3
Privacy Presentation for SOCAP-3Privacy Presentation for SOCAP-3
Privacy Presentation for SOCAP-3Gary Kazmer
 
Recovering from a Cyber Attack
Recovering from a Cyber AttackRecovering from a Cyber Attack
Recovering from a Cyber AttackShawn Tuma
 
Cyber Security For Law Firms - February 2015 -Westchester County Bar Associat...
Cyber Security For Law Firms - February 2015 -Westchester County Bar Associat...Cyber Security For Law Firms - February 2015 -Westchester County Bar Associat...
Cyber Security For Law Firms - February 2015 -Westchester County Bar Associat...dmenken60
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Financial Poise
 
Cybersecurity & Data Protection: Thinking About Risk & Compliance
Cybersecurity & Data Protection: Thinking About Risk & ComplianceCybersecurity & Data Protection: Thinking About Risk & Compliance
Cybersecurity & Data Protection: Thinking About Risk & ComplianceShawn Tuma
 
Information Compromise and the Risk of Identity Theft Guidance for your Business
Information Compromise and the Risk of Identity Theft Guidance for your BusinessInformation Compromise and the Risk of Identity Theft Guidance for your Business
Information Compromise and the Risk of Identity Theft Guidance for your Business- Mark - Fullbright
 
Social Media Law: It is Real, and, Yes, It Really Can Impact Your Business - ...
Social Media Law: It is Real, and, Yes, It Really Can Impact Your Business - ...Social Media Law: It is Real, and, Yes, It Really Can Impact Your Business - ...
Social Media Law: It is Real, and, Yes, It Really Can Impact Your Business - ...Shawn Tuma
 
PBPATL - Privacy Seminar 2011
PBPATL - Privacy Seminar 2011PBPATL - Privacy Seminar 2011
PBPATL - Privacy Seminar 2011Kimberly Verska
 
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...Steve Werby
 

Semelhante a Cyber Liability Insurance Counseling and Breach Response (20)

Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11
 
Affirmative Defense Reponse System
Affirmative Defense Reponse SystemAffirmative Defense Reponse System
Affirmative Defense Reponse System
 
CCPA: What You Need to Know
CCPA: What You Need to KnowCCPA: What You Need to Know
CCPA: What You Need to Know
 
Gagnier's Portion of TechWeek Chicago Presentation
Gagnier's Portion of TechWeek Chicago PresentationGagnier's Portion of TechWeek Chicago Presentation
Gagnier's Portion of TechWeek Chicago Presentation
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
 
Data Breach Response: A Guide for Business
Data Breach Response: A Guide for BusinessData Breach Response: A Guide for Business
Data Breach Response: A Guide for Business
 
Texas Privacy Laws - Tough New Changes
Texas Privacy Laws - Tough New ChangesTexas Privacy Laws - Tough New Changes
Texas Privacy Laws - Tough New Changes
 
Fulcrum Rotary Club- Identity Theft
Fulcrum Rotary Club- Identity TheftFulcrum Rotary Club- Identity Theft
Fulcrum Rotary Club- Identity Theft
 
Privacy PPT by Axel Kloth_March 18 2021
Privacy PPT by Axel Kloth_March 18 2021Privacy PPT by Axel Kloth_March 18 2021
Privacy PPT by Axel Kloth_March 18 2021
 
IST Presentation
IST PresentationIST Presentation
IST Presentation
 
Privacy Presentation for SOCAP-3
Privacy Presentation for SOCAP-3Privacy Presentation for SOCAP-3
Privacy Presentation for SOCAP-3
 
Recovering from a Cyber Attack
Recovering from a Cyber AttackRecovering from a Cyber Attack
Recovering from a Cyber Attack
 
Cyber Security For Law Firms - February 2015 -Westchester County Bar Associat...
Cyber Security For Law Firms - February 2015 -Westchester County Bar Associat...Cyber Security For Law Firms - February 2015 -Westchester County Bar Associat...
Cyber Security For Law Firms - February 2015 -Westchester County Bar Associat...
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
 
Cybersecurity & Data Protection: Thinking About Risk & Compliance
Cybersecurity & Data Protection: Thinking About Risk & ComplianceCybersecurity & Data Protection: Thinking About Risk & Compliance
Cybersecurity & Data Protection: Thinking About Risk & Compliance
 
Information Compromise and the Risk of Identity Theft Guidance for your Business
Information Compromise and the Risk of Identity Theft Guidance for your BusinessInformation Compromise and the Risk of Identity Theft Guidance for your Business
Information Compromise and the Risk of Identity Theft Guidance for your Business
 
Social Media Law: It is Real, and, Yes, It Really Can Impact Your Business - ...
Social Media Law: It is Real, and, Yes, It Really Can Impact Your Business - ...Social Media Law: It is Real, and, Yes, It Really Can Impact Your Business - ...
Social Media Law: It is Real, and, Yes, It Really Can Impact Your Business - ...
 
PBPATL - Privacy Seminar 2011
PBPATL - Privacy Seminar 2011PBPATL - Privacy Seminar 2011
PBPATL - Privacy Seminar 2011
 
Security Basics for Law Firms
Security Basics for Law FirmsSecurity Basics for Law Firms
Security Basics for Law Firms
 
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...
 

Mais de Shawn Tuma

Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Shawn Tuma
 
The Dark Side of Digital Engagement
The Dark Side of Digital EngagementThe Dark Side of Digital Engagement
The Dark Side of Digital EngagementShawn Tuma
 
Incident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware AttackIncident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware AttackShawn Tuma
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
 
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...Shawn Tuma
 
The Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data BreachThe Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data BreachShawn Tuma
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
 
Lawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for CybersecurityLawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for CybersecurityShawn Tuma
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
 
Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.Shawn Tuma
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeShawn Tuma
 
Cyber Hygiene Checklist
Cyber Hygiene ChecklistCyber Hygiene Checklist
Cyber Hygiene ChecklistShawn Tuma
 
Cyber Incident Response Checklist
Cyber Incident Response ChecklistCyber Incident Response Checklist
Cyber Incident Response ChecklistShawn Tuma
 
Cybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and ClientsCybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and ClientsShawn Tuma
 
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Shawn Tuma
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
 
Something is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid ThemSomething is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid ThemShawn Tuma
 
Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)Shawn Tuma
 
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500Shawn Tuma
 
Cybersecurity Update
Cybersecurity UpdateCybersecurity Update
Cybersecurity UpdateShawn Tuma
 

Mais de Shawn Tuma (20)

Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
 
The Dark Side of Digital Engagement
The Dark Side of Digital EngagementThe Dark Side of Digital Engagement
The Dark Side of Digital Engagement
 
Incident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware AttackIncident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware Attack
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
 
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
 
The Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data BreachThe Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data Breach
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
 
Lawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for CybersecurityLawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for Cybersecurity
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
 
Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should Include
 
Cyber Hygiene Checklist
Cyber Hygiene ChecklistCyber Hygiene Checklist
Cyber Hygiene Checklist
 
Cyber Incident Response Checklist
Cyber Incident Response ChecklistCyber Incident Response Checklist
Cyber Incident Response Checklist
 
Cybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and ClientsCybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and Clients
 
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
 
Something is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid ThemSomething is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid Them
 
Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)
 
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
 
Cybersecurity Update
Cybersecurity UpdateCybersecurity Update
Cybersecurity Update
 

Último

一比一原版(IC毕业证书)帝国理工学院毕业证如何办理
一比一原版(IC毕业证书)帝国理工学院毕业证如何办理一比一原版(IC毕业证书)帝国理工学院毕业证如何办理
一比一原版(IC毕业证书)帝国理工学院毕业证如何办理Fir La
 
一比一原版悉尼大学毕业证如何办理
一比一原版悉尼大学毕业证如何办理一比一原版悉尼大学毕业证如何办理
一比一原版悉尼大学毕业证如何办理Airst S
 
Career As Legal Reporters for Law Students
Career As Legal Reporters for Law StudentsCareer As Legal Reporters for Law Students
Career As Legal Reporters for Law StudentsNilendra Kumar
 
Understanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective BargainingUnderstanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective Bargainingbartzlawgroup1
 
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理Airst S
 
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理e9733fc35af6
 
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理bd2c5966a56d
 
Relationship Between International Law and Municipal Law MIR.pdf
Relationship Between International Law and Municipal Law MIR.pdfRelationship Between International Law and Municipal Law MIR.pdf
Relationship Between International Law and Municipal Law MIR.pdfKelechi48
 
Navigating Employment Law - Term Project.pptx
Navigating Employment Law - Term Project.pptxNavigating Employment Law - Term Project.pptx
Navigating Employment Law - Term Project.pptxelysemiller87
 
Shubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptxShubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptxShubham Wadhonkar
 
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理Airst S
 
Cyber Laws : National and International Perspective.
Cyber Laws : National and International Perspective.Cyber Laws : National and International Perspective.
Cyber Laws : National and International Perspective.Nilendra Kumar
 
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...Finlaw Associates
 
Elective Course on Forensic Science in Law
Elective Course on Forensic Science in LawElective Course on Forensic Science in Law
Elective Course on Forensic Science in LawNilendra Kumar
 
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理bd2c5966a56d
 
一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理
一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理
一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理e9733fc35af6
 
Reason Behind the Success of Law Firms in India
Reason Behind the Success of Law Firms in IndiaReason Behind the Success of Law Firms in India
Reason Behind the Success of Law Firms in IndiaYash
 
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptxAnalysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptxadvabhayjha2627
 
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam TakersPhilippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam TakersJillianAsdala
 

Último (20)

Chambers Global Practice Guide - Canada M&A
Chambers Global Practice Guide - Canada M&AChambers Global Practice Guide - Canada M&A
Chambers Global Practice Guide - Canada M&A
 
一比一原版(IC毕业证书)帝国理工学院毕业证如何办理
一比一原版(IC毕业证书)帝国理工学院毕业证如何办理一比一原版(IC毕业证书)帝国理工学院毕业证如何办理
一比一原版(IC毕业证书)帝国理工学院毕业证如何办理
 
一比一原版悉尼大学毕业证如何办理
一比一原版悉尼大学毕业证如何办理一比一原版悉尼大学毕业证如何办理
一比一原版悉尼大学毕业证如何办理
 
Career As Legal Reporters for Law Students
Career As Legal Reporters for Law StudentsCareer As Legal Reporters for Law Students
Career As Legal Reporters for Law Students
 
Understanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective BargainingUnderstanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective Bargaining
 
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
 
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
 
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
 
Relationship Between International Law and Municipal Law MIR.pdf
Relationship Between International Law and Municipal Law MIR.pdfRelationship Between International Law and Municipal Law MIR.pdf
Relationship Between International Law and Municipal Law MIR.pdf
 
Navigating Employment Law - Term Project.pptx
Navigating Employment Law - Term Project.pptxNavigating Employment Law - Term Project.pptx
Navigating Employment Law - Term Project.pptx
 
Shubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptxShubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptx
 
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
 
Cyber Laws : National and International Perspective.
Cyber Laws : National and International Perspective.Cyber Laws : National and International Perspective.
Cyber Laws : National and International Perspective.
 
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
 
Elective Course on Forensic Science in Law
Elective Course on Forensic Science in LawElective Course on Forensic Science in Law
Elective Course on Forensic Science in Law
 
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
 
一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理
一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理
一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理
 
Reason Behind the Success of Law Firms in India
Reason Behind the Success of Law Firms in IndiaReason Behind the Success of Law Firms in India
Reason Behind the Success of Law Firms in India
 
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptxAnalysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
 
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam TakersPhilippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
 

Cyber Liability Insurance Counseling and Breach Response

  • 1. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Cyber Liability Insurance Counseling and Breach Response Elizabeth Rogers Greenberg Traurig, LLP rogersel@gtlaw.com @Lonestar_Lawyer Shawn Tuma Scheef & Stone, LLP Shawn.tuma@solidcounsel.com @shawnetuma
  • 2. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Breach! Immediate Priorities • Leadership! • Assess the situation • Be a counselor • Instill confidence • Bring peace • Facilitate rational thought & rational behavior
  • 3. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Data Breach Foundations Is the cyber event an incident or a breach? ▪ Event: any occurrence. ▪ Incident: an event that actually or potentially jeopardizes the confidentiality, integrity, or availability of the system, data, policies, or practices. ▪ Breach: actual loss of control, compromise, unauthorized disclosure, acquisition or access of data. ▪ Ransomware? Encryption safe harbor?
  • 4. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Data Breach Foundations Is the cyber event caused by criminal or negligent actions? ▪ Hacker stealing IP from network. ▪ Employee misplaces unencrypted USB drive with PII. ▪ Focus on the action – why was it done? ▪ Report criminal events to law enforcement, not usually with negligent.
  • 5. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Data Breach Foundations The difference between reporting, disclosing, notifying? ▪ Used interchangeably, not official – just used for clarity. ▪ Reporting: to report a crime to law enforcement. ▪ Disclosing: to disclose (notify) to a state or federal regulator of a data breach. ▪ Notification: to notify the data subjects of a data breach.
  • 6. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Disclosure to Government Regulators ▪ Remember our fiction: reporting / notifying / disclosing ▪ What type of data was breached? (PII, PHI, Fin. Data, PCI) ▪ Which laws apply? ▪ Regulated industry? (HHS, SEC, FDIC, FINRA) ▪ i.e., Health → HHS, then ≥ 500 = 60 days to report < 500 = annual report ▪ State jurisdictions?
  • 7. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Data Breach Response The difference between reporting, disclosing, notifying? ▪ Used interchangeably, not official – just used for clarity. ▪ Reporting: to report a crime to law enforcement. OPTIONAL, MAYBE. ▪ Disclosing: to disclose (notify) to a state or federal regulator of a data breach. NOT OPTIONAL. ▪ Notification: to notify the data subjects of a data breach. NOT OPTIONAL.
  • 8. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Disclosure to Government Regulators Breach Notification Laws ▪ No national breach notification law ▪ 47 States w/ laws + DC, PR, VI (≠ AL, NM, SD) ▪ Data subjects’ residence determines + state doing bus. ▪ Some consistency but some not (e.g., MA & CA) ▪ Review each time – constantly changing.
  • 9. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Disclosure to Government Regulators ▪ Is it a triggering “breach” under each relevant states’ laws? ▪ Which states’ laws require disclosure to their AG? ▪ Most, under certain circumstances (not TX). ▪ Which require pre-notice of a breach notification? ▪ CA, CT, NH, NJ, NY, NC, PR, WA ▪ When must disclosures be made? (w/ notif. 30/45/reas.) ▪ How must disclosure be made? (template / portal)
  • 10. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Texas Breach Notification Law Notification Required Following Breach of Security of Computerized Data, Tex. Bus. Comm. Code § 521.053 ▪ “A person who conducts business in this state and owns or licenses computerized data that includes sensitive personal information shall disclose any breach of system security, after discovering or receiving notification of the breach, to any individual whose sensitive personal information was, or is reasonably believed to have been, acquired by an unauthorized person.” (See Appendix B)
  • 11. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Texas Breach Notification Law ▪ Breach of System Security: “unauthorized acquisition ... compromises the security, confidentiality, or integrity of” SPI.  Employee leaving with customer data? ▪ Applies to anyone doing business in Texas. ▪ Notify any individual whose SPI “was, or is reasonably believed to have been, acquired by an unauthorized person.” ▪ When: “as quickly as possible” but allows for LE delay ▪ Penalty: $100 per individual per day for delayed time, not to exceed $250,000 for a single breach (AG / no civil remedy)
  • 12. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE first name or first initial last name SSN DLN or GovtID data breach first name or first initial last name Acct or Card # Access or Security Code data breach Info that IDs Individ. Health- care, provided, or pay data breach Duty to notify when “unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of sensitive personal information …” Tx. Bus. Comm. Code § 521.053 CIVIL PENALTY $100.00 per individual per day for notification delay, not to exceed $250,000 for single breach § 521.151
  • 13. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Reporting to Law Enforcement ▪ Role of law enforcement. ▪ When to report to law enforcement? ▪ Federal, state, or local law enforcement? ▪ When will law enforcement not get involved (usually)?
  • 14. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Reporting to Law Enforcement ▪ Is it mandatory to report to law enforcement? ▪ State breach notification presume reporting. ▪ DOJ, NIST, FTC (“we’d view that company more favorably than a company that hasn’t”) ▪ US Senate (Yahoo) – when did you report to law enforcement or other government authorities? ▪ Credibility – the “state sponsored” “unprecedented” game.
  • 15. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Reporting to Law Enforcement Benefits of reporting to law enforcement. ▪ Agencies can compel info from 3rd parties. ▪ Can work with foreign counterparts. ▪ Viewed favorably by regulators, shareholders, public. ▪ Can request delay of reporting. ▪ Result in successful prosecution. ▪ Resources, expertise, institutional knowledge, your $$$
  • 16. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Reporting to Law Enforcement Dispelling myths of reporting to law enforcement. ▪ Reporting to law enforcement is not same as disclosing to regulators. ▪ Doesn’t “take over” your operations, not like regulatory enforcement action. ▪ Law enforcement uses discretion, doesn’t tattle on you. ▪ Company is still viewed as the victim. ▪ Use hypotheticals, if needed.
  • 18. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Cyber Insurance – Key Questions • Even know if you have it? • What period does the policy cover? • Are Officers & Directors Covered? • Cover 3rd Party Caused Events? • Social Engineering coverage? • Cover insiders intentional acts (vs. negligent) • Contractual liability? • What is the triggering event? • What types of data are covered? • What kind of incidents are covered? • Acts of war? • Required carrier list for attorneys & experts? • Other similar risks?
  • 19.
  • 20. 10 Key Issues in Cybersecurity Insurance Policies
  • 21. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE 1.What period does the policy cover?
  • 22. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE 2.Will Officers & Directors fall into the gap?
  • 23. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE 3. Does policy exclude liability for injuries arising from breach of contract?
  • 24. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE 4. Does policy cover actions caused by your vendors and contractors?
  • 25. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE 5. Does policy provide excess coverage with a drop-down provision?
  • 26. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE 6. Does policy provide coverage for insiders’ intentional acts – as opposed to negligent acts?
  • 27. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE 7.What is the triggering event for coverage?
  • 28. Data Sources Company Data Workforce Data Customer / Client Data Other Parties’ Data 3rd Party Business Associates’ Data Outsiders’ Data 8.What types of data are covered?
  • 30. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE 10. How are exclusions for “cyber acts of war” and “cyber terrorism” treated?
  • 32. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Contracts • 3rd party liability • Healthcare (BA) • Software license audit • Permissible access & use in policies, BYOD • EULA / TOS Marketing • FTC Act § 5 • SPAM laws • NLRB rules • CDA § 230 • Website audits • IP issues • Acct ownership Privacy • Privacy policies • Privacy & data practices • Destruction policies • Monitoring workforce • Business intelligence Industry Regulation • PCI (Payment Card Industry) • FFIEC (Federal Financial Institution Examination Council) • FINRA (Financial Industry Regulatory Authority) • SIFMA (Securities Industry and Financial Markets Association) What other cyber risks events are covered?
  • 33. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE What coverage do you need, and how much?
  • 34. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Should you agree to using the carrier’s list of attorneys and experts?
  • 36. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Shawn Tuma Scheef & Stone, LLP Frisco, Texas 214.472.2135 shawn.tuma@solidcounsel.com www.solidcounsel.com www.shawnetuma.com (blog) @shawnetuma Elizabeth Rogers Greenberg Traurig, LLP Austin, Texas 512.320.7256 rogersel@gtlaw.com www.gtlaw.com @Lonestar_Lawyer