Your SlideShare is downloading. ×
0
Privacy & Data Breach: 2012 Recap, 2013 Predictions
Privacy & Data Breach: 2012 Recap, 2013 Predictions
Privacy & Data Breach: 2012 Recap, 2013 Predictions
Privacy & Data Breach: 2012 Recap, 2013 Predictions
Privacy & Data Breach: 2012 Recap, 2013 Predictions
Privacy & Data Breach: 2012 Recap, 2013 Predictions
Privacy & Data Breach: 2012 Recap, 2013 Predictions
Privacy & Data Breach: 2012 Recap, 2013 Predictions
Privacy & Data Breach: 2012 Recap, 2013 Predictions
Privacy & Data Breach: 2012 Recap, 2013 Predictions
Privacy & Data Breach: 2012 Recap, 2013 Predictions
Privacy & Data Breach: 2012 Recap, 2013 Predictions
Privacy & Data Breach: 2012 Recap, 2013 Predictions
Privacy & Data Breach: 2012 Recap, 2013 Predictions
Privacy & Data Breach: 2012 Recap, 2013 Predictions
Privacy & Data Breach: 2012 Recap, 2013 Predictions
Privacy & Data Breach: 2012 Recap, 2013 Predictions
Privacy & Data Breach: 2012 Recap, 2013 Predictions
Privacy & Data Breach: 2012 Recap, 2013 Predictions
Privacy & Data Breach: 2012 Recap, 2013 Predictions
Privacy & Data Breach: 2012 Recap, 2013 Predictions
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Privacy & Data Breach: 2012 Recap, 2013 Predictions

610

Published on

It's been a particularly tough year for data breaches. So far this year, datalossdb.org has tracked over 1,300 breaches which sets an all-time record, beating last year's figure by more than 20%. This …

It's been a particularly tough year for data breaches. So far this year, datalossdb.org has tracked over 1,300 breaches which sets an all-time record, beating last year's figure by more than 20%. This year we've witnessed multiple breaches at the same organization, botched response efforts, and large class action lawsuits. The regulatory environment presented challenges as well. Texas and California continued to "innovate," other states had incremental updates, and SEC guidance on data breaches continues to loom on the horizon.

Were 2012 breach levels an anomaly? What might California have up its sleeve for next year? This webinar will review the highlights and lowlights of 2012 and make predictions about what's in store for 2013.

Our featured speakers for this timely webinar are:

-Andrew Serwin, Esq. - Partner, Foley & Lardner LLP. Andy is a well-known, highly regarded figure in the privacy and security realms. His many accomplishments include authoring definitive privacy books, "Information Security and Privacy: A Guide to Federal and State Law and Compliance," and "Information Security and Privacy: A Guide to International Law and Compliance."

-Gant Redmon, Esq. (CIPP/US) - General Counsel & Vice President of Business Development, Co3 Systems. Gant has practiced law for nineteen years; fifteen of those years as in-house counsel for security software companies including: Arbor Networks, Authentica and AXENT. In 1997, Gant was appointed membership on the President Clinton’s Export Counsel Subcommittee on Encryption (PECSENC).

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
610
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
53
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Privacy & Data Breach2012 Recap, 2013 Predictions
  • 2. Agenda• Introductions• 2012 Highlights• 2013 Predictions• Q&A Page 2
  • 3. Introductions: Today’s Speakers• Gant Redmon, Esq. - General Counsel, Co3 Systems • 15 years corporate counsel, CIPP• Andrew Serwin, Esq. - Partner, Foley & Lardner LLP • CIPP/E, CIPP/US, CIPP/G • Chair: Privacy Security and Information Management Practice • Author of "Information Security and Privacy: A Guide to Federal and State Law and Compliance," and "Information Security and Privacy: A Guide to International Law and Compliance." Page 3
  • 4. Co3 Automates Breach ManagementPREPARE ASSESSImprove Organizational Quantify Potential Impact,Readiness Support Privacy Impact• Assign response team Assessments• Describe environment • Track events• Simulate events and incidents • Scope regulatory requirements• Focus on organizational gaps • See $ exposure • Send notice to team • Generate Impact AssessmentsREPORT MANAGEDocument Results and Easily Generate DetailedTrack Performance Incident Response Plans• Document incident results • Escalate to complete IR plan• Track historical performance • Oversee the complete plan• Demonstrate organizational • Assign tasks: who/what/when preparedness • Notify regulators and clients• Generate audit/compliance reports • Monitor progress to completion Page 4
  • 5. About Foley & Larder LLP• Chambers 2012 • “Lawyers in the group are particularly strong in FTC representation, healthcare privacy matters and privacy litigation. The practice is noteworthy for its international clientele, including a series of internet giants . ..”• Legal 500 2012 • “Foley & Lardner LLP’s well-respected Andrew Serwin in San Diego, chair of the practice and co-chair of the privacy litigation team, has a high profile in privacy and data security. ‘He literally wrote the book,’ comments one client. Clients appreciate the group’s ‘excellent service and terrific, responsive advisors’. Highlights included providing strategic advice to social gaming company Playdom, a subsidiary of Disney Enterprises, in a ground breaking matter before the FTC.” Page 5
  • 6. About Foley & Larder LLP• In the Matter of Spokeo, Inc., • Represented Spokeo, a data broker, in the first FTC matter alleging violations of the FCRA and Section 5, arising from the sale of Internet information, as well as an alleged violation of the endorsement guidelines.• In the Matter of CVS Caremark, • Represents CVS/Caremark before the FTC and the Office of Civil Rights in connection with a consent decree and resolution agreement arising from allegations related to information security.• In the Matter of Playdom, Inc., a subsidiary of Disney Enterprises, Inc., • Represented company before the FTC in an investigation alleging a violation of COPPA and Section 5.• In the Matter of MySpace, • Represents MySpace before the FTC in a matter alleging violation of Section 5.• F.T.C. v. Lights of America, Inc., et. al, • Represents defendants in an FTC litigation matter brought in the Central District of California. Page 6
  • 7. 2012 A Record Year Page 7
  • 8. 2012 RecapThe White House Privacy Bill of Rights • Came out in February • Looks like FIPs: the 1973 US Department of Health, Education, and Welfare (known today as the Department of Health and Human Services) Code of Fair Information Practices Page 8
  • 9. 2012 RecapThe White House Privacy Bill of Rights• Recent Developments: In July, the Commerce Department began holding meetings to decide concrete enforcement terms for the Privacy Bill of Rights with a focus on creating a consumer data transparency code of conduct for mobile apps.• Possible Future: Something for NIST to work with as part of Cyber Security Standards Page 9
  • 10. 2012 Recap• Access v. Acquisition• Information Liability• Miscellaneous State Updates• Advertising Liability Page 10
  • 11. 2012 RecapCanada: C-12 The Safeguarding Canadians’ PersonalInformation Act• Bill C-12 will amend the Personal Information Protection and Electronic Documents Act (PIPEDA)• Introduced in the House of Commons by the Minister of Industry on 29 September 2011• Creates national breach notification obligation. PIPEDA’s notice provision is not mandatory. Page 11
  • 12. 2012 RecapCanada: C-12 The Safeguarding Canadians’ PersonalInformation Act• Recent Development: On 12/11/12, Privacy Commissioner, Jennifer Stoddart, “no longer certain I can provide wholehearted support for the legislation as currently drafted.”• Not happy with inability to fine. As drafted, must take the company to court. Page 12
  • 13. 2012 RecapEU General Data Protection Regulation• Published December 2011• Extends the jurisdictional reach of EU privacy laws to any data controller that processing data of EU residents, no matter where the controller is located or the processing occurs• Most remarkable for the 24 hour notice period, sanctions up to 5% of annual revenue, and the right to be forgotten.• Seems stalled, but Viviane Reding, Vice-President of the European Commission has until 2014 to get these items passed. Page 13
  • 14. 2012 RecapEU General Data Protection Regulation• Recent Plan B: EU’s executive committee plans to introduce their recommendation in February of 2013 that critical companies provide breach notification to EU authorities. These include mobile carriers, banks, energy companies, and other critical infrastructure providers.• Starting to look sectorial based rather than comprehensive. Page 14
  • 15. 2012 Recap• Brand Issues• Employment Issues• Dissemination Of Confidential Information• Computer Crimes• “Operator” Liability Page 15
  • 16. POLL
  • 17. 2013 Predictions• Breach Levels• Emerging Breach Issues• De-Identification v. Transparency & Access• FTC Act Page 17
  • 18. POLL
  • 19. 2013 Predictions• Regulatory Environment• CA and TX Page 19
  • 20. QUESTIONS
  • 21. “Co3 Systems makes the process of planning for a nightmare scenario as painless as possible, making it an Editors’ Choice.” PC MAGAZINE, EDITOR’S CHOICEOne Alewife Center, Suite 450 “Co3…defines what software packagesCambridge, MA 02140 for privacy look like.”PHONE 617.206.3900 GARTNERWWW.CO3SYS.COM “Platform is comprehensive, user friendly, and very well designed.” PONEMON INSTITUTE Andrew Serwin Chair: Privacy Security and Information Management Practice Foley & Lardner LLP aserwin@foley.com

×