Data Breaches: The Cost of Being Unprepared A Thought Leadership Panel Discussion May 28, 2009
Getting the most from today’s webcast <ul><li>Turn off pop-up blockers </li></ul><ul><li>Submit questions to the panelists...
Introductions <ul><li>Moderator </li></ul><ul><ul><li>Bob Bragdon  -   Publisher,  CSO  magazine </li></ul></ul><ul><li>Pa...
A Legal Perspective   Lisa J. Sotto Partner, Hunton & Williams LLP <ul><li>Lisa J. Sotto, a partner in the New York office...
A Legal Perspective <ul><li>Overview of Data Breach Landscape </li></ul><ul><li>Data security incidents are ubiquitous </l...
A Legal Perspective <ul><li>State Security Breach Notification Laws </li></ul><ul><li>There are over 40 state data breach ...
A Legal Perspective <ul><li>New Federal Regulations </li></ul><ul><li>For the first time, there is now a federal breach no...
A Legal Perspective <ul><li>Immediate Steps to Take Following a Breach </li></ul><ul><li>Conduct an investigation to deter...
More Information on Data Breach and Privacy Laws
A Chief Privacy Officer’s Perspective Christopher T. Pierson, Ph.D., J.D.  CPO & SVP, Citizens Financial Group, Inc.   <ul...
A Chief Privacy Officer’s Perspective <ul><li>Preparedness and Response: Five High-Level Themes </li></ul><ul><li>I.  Prep...
A Chief Privacy Officer’s Perspective  -  Preparedness and Response  <ul><li>I.  Preplanning – Not If, But When . . . Plan...
A Chief Privacy Officer’s Perspective  -  Preparedness and Response <ul><li>III.  Collaboration – Team Efforts are Critica...
A Public Relations Perspective Michael Fox Senior Managing Director, ICR Inc. <ul><li>Michael is a senior managing directo...
A Public Relations Perspective <ul><li>Crisis Management = Reputation & Relationship Management </li></ul><ul><ul><li>Busi...
A Public Relations Perspective <ul><li>Data Security and Breach Incidents </li></ul><ul><ul><li>Specific negative  persona...
A Public Relations Perspective   Conflicting Perspectives in a Crisis <ul><li>Company </li></ul><ul><li>Let’s make sure </...
A Public Relations Perspective <ul><li>The Media Will be Ruthless </li></ul><ul><li>The public can forgive error and mista...
<ul><li>Crisis Response Imperatives </li></ul><ul><ul><li>Preparation –  develop a crisis plan and conduct simulations </l...
<ul><li>What to  Say  in the Midst of a Crisis: </li></ul><ul><li>5 Steps to Eliminate “Fear” </li></ul><ul><ul><li>F acts...
<ul><li>Data Breach PR Response Best Practices </li></ul><ul><ul><li>Effective planning and preparation </li></ul></ul><ul...
Tom Rusin CEO, Affinion Security Center <ul><li>Tom Rusin is the President and C.E.O. of Affinion Group’s North American d...
Panel Discussion <ul><li>How big are the actual issues stemming from data breaches, and should only large businesses be co...
Panel Discussion <ul><li>What are the challenges that any business faces when dealing with a data breach?  </li></ul>
Panel Discussion <ul><li>What role does regulation play in driving breach response, and how important is it for businesses...
Panel Discussion <ul><li>Are most businesses adequately prepared? </li></ul>
Panel Discussion <ul><li>What needs to be considered when proactively preparing for a data breach, and how is that differe...
Panel Discussion <ul><li>What advantages are there in being proactive vs. reactive from both legal and reputational perspe...
Panel Discussion <ul><li>Are typical businesses capable of responding to breaches with their own internal resources? </li>...
Affinion Security Center’s Expertise <ul><li>A leading provider of identity theft solutions worldwide </li></ul><ul><ul><l...
Data Breaches – A Complex, High-Stakes Environment <ul><li>Breaches Continue To Rise </li></ul><ul><li>According to the Id...
We provide turn-key, end-to-end solutions by leveraging the expertise and infrastructure of a $1.4 billion organization. B...
ID Theft -  Complicated Crimes Demanding a Complete Solution <ul><li>New account fraud makes up only 28% of ID theft insta...
<ul><li>Proven History & Expertise:  ASC provides its solutions to over 10 million individuals today, and services  major ...
Contact Us <ul><li>For 24/7 assistance in the event of a breach, call ASC toll-free: </li></ul><ul><li>1-800-350-7209 </li...
Questions and Answers <ul><li>For more Information on Affinion Security Center please visit:  </li></ul><ul><ul><li>www.af...
Upcoming SlideShare
Loading in …5
×

Data Breaches: The Cost of Being Unprepared

829
-1

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
829
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Data Breaches: The Cost of Being Unprepared

  1. 1. Data Breaches: The Cost of Being Unprepared A Thought Leadership Panel Discussion May 28, 2009
  2. 2. Getting the most from today’s webcast <ul><li>Turn off pop-up blockers </li></ul><ul><li>Submit questions to the panelists and access additional supporting information through the “Additional Information Tab” in your webcast viewer </li></ul><ul><li>Agenda: </li></ul><ul><ul><li>Panelist overviews </li></ul></ul><ul><ul><li>General panel discussion </li></ul></ul><ul><ul><li>Response solutions </li></ul></ul><ul><ul><li>Open Q&A with the listening audience </li></ul></ul>
  3. 3. Introductions <ul><li>Moderator </li></ul><ul><ul><li>Bob Bragdon - Publisher, CSO magazine </li></ul></ul><ul><li>Panelists </li></ul><ul><ul><li>Lisa Sotto - Partner, Hunton & Williams LLP </li></ul></ul><ul><ul><li>Chris Pierson - CPO & SVP, Citizens Financial Group, Inc. </li></ul></ul><ul><ul><li>Michael Fox - Senior Managing Director, ICR Inc. </li></ul></ul><ul><ul><li>Tom Rusin – CEO, Affinion Security Center </li></ul></ul>The content and opinions shared by the panelists do not necessarily reflect those of their employers, Affinion Security Center, or CSO magazine, and should not be considered legal advice. This content is not offered as legal advice or any other advice on any particular matter.
  4. 4. A Legal Perspective Lisa J. Sotto Partner, Hunton & Williams LLP <ul><li>Lisa J. Sotto, a partner in the New York office of Hunton & Williams LLP, heads the firm’s Privacy and Information Management Practice. She was voted the world’s leading privacy advisor in Computerworld’s 2007 and 2008 surveys and was ranked &quot;Band 1&quot; by Chambers USA in the category of Privacy & Data Security. </li></ul><ul><li>Ms. Sotto assists clients in identifying and managing risks associated with privacy and information security issues, and advises clients on GLB, HIPAA, COPPA, CAN-SPAM and other U.S. state and federal information privacy and security requirements (including state breach notification laws), as well as international data protection laws. She has advised clients in over 500 data breaches. </li></ul><ul><li>Ms. Sotto has testified before Congress and Executive Branch agencies on privacy and data security issues and is a routinely quoted source regarding privacy and data security. </li></ul>
  5. 5. A Legal Perspective <ul><li>Overview of Data Breach Landscape </li></ul><ul><li>Data security incidents are ubiquitous </li></ul><ul><ul><li>Any company that has not experienced one isn’t looking in the right places </li></ul></ul><ul><li>There have been over 1,100 security breaches reported to date </li></ul><ul><ul><li>This number represents just the tip of the iceberg </li></ul></ul><ul><li>Over 250 million reported records have been impacted to date </li></ul><ul><li>Breaches are not one-size-fits-all </li></ul><ul><ul><li>They can differ dramatically </li></ul></ul><ul><ul><li>They range from laptop losses to network intrusions </li></ul></ul><ul><li>Breaches Can Occur Through: </li></ul><ul><ul><li>Authorized access ( e.g. , an employee or contractor) </li></ul></ul><ul><ul><li>Unauthorized access ( e.g. , a hacker or phisher) </li></ul></ul><ul><ul><li>Small incidents that are unlikely to cause harm </li></ul></ul><ul><ul><li>Massive, organized attacks that cause significant harm </li></ul></ul>
  6. 6. A Legal Perspective <ul><li>State Security Breach Notification Laws </li></ul><ul><li>There are over 40 state data breach laws, including D.C. and Puerto Rico </li></ul><ul><li>The laws are not harmonized </li></ul><ul><li>Generally, the duty to notify arises when unencrypted computerized “personal information” was acquired or accessed by an unauthorized person </li></ul><ul><li>“ Personal information” typically is an individual’s name, combined with: </li></ul><ul><ul><li>SSN </li></ul></ul><ul><ul><li>driver’s license or state ID card number </li></ul></ul><ul><ul><li>account, credit or debit card number, along with password or access code </li></ul></ul><ul><li>Differences Among State Breach Laws </li></ul><ul><li>Definition of “Personal Information” </li></ul><ul><ul><li>Many states use the standard definition, but other states add data elements such as health data, DOB, mother’s maiden name, employee ID number, passport number or user name </li></ul></ul><ul><li>Most laws apply to computerized data </li></ul><ul><ul><li>But a few affect information in hard-copy format as well </li></ul></ul><ul><li>A number of states require direct notification to state agencies </li></ul><ul><ul><li>This is essentially self-reporting </li></ul></ul><ul><li>Most states require notification to credit reporting agencies </li></ul>
  7. 7. A Legal Perspective <ul><li>New Federal Regulations </li></ul><ul><li>For the first time, there is now a federal breach notification requirement that applies to the private sector </li></ul><ul><li>ARRA requires HIPAA covered entities to </li></ul><ul><ul><li>notify individuals whose “unsecured protected health information” in any format has been , or is reasonably believed to have been “accessed, acquired or disclosed” as a result of a breach </li></ul></ul><ul><li>BAs are responsible for notifying covered entities if BA has a breach </li></ul><ul><li>Notice must be provided 60 calendar days after “discovery” </li></ul><ul><li>Law enforcement delay </li></ul><ul><li>Notification to HHS and media </li></ul><ul><ul><li>Posted on HHS website </li></ul></ul><ul><li>When should you involve law enforcement? </li></ul><ul><ul><li>Local law enforcement </li></ul></ul><ul><ul><li>Federal agents </li></ul></ul><ul><ul><li>Foreign law enforcement </li></ul></ul>
  8. 8. A Legal Perspective <ul><li>Immediate Steps to Take Following a Breach </li></ul><ul><li>Conduct an investigation to determine the facts </li></ul><ul><ul><li>What happened? </li></ul></ul><ul><ul><li>Who was affected? </li></ul></ul><ul><ul><li>What data? </li></ul></ul><ul><ul><li>What systems? </li></ul></ul><ul><li>Consider whether the investigation should be conducted by internal or external parties </li></ul><ul><li>Does the event trigger notification to individuals under the state breach notification laws? </li></ul><ul><ul><li>Was the PI “acquired” or “accessed” by an “unauthorized” person? </li></ul></ul><ul><li>Consider your obligations </li></ul><ul><ul><li>Are you the data owner or licensee? </li></ul></ul><ul><ul><li>Are you a service provider? </li></ul></ul>
  9. 9. More Information on Data Breach and Privacy Laws
  10. 10. A Chief Privacy Officer’s Perspective Christopher T. Pierson, Ph.D., J.D. CPO & SVP, Citizens Financial Group, Inc. <ul><li>Dr. Chris Pierson is the Chief Privacy Officer, Senior VP for Citizens Financial Group.  In this role he is responsible for developing and implementing the company’s privacy compliance program across all business lines, including Citizens and Charter One banks.  </li></ul><ul><li>Prior to joining Citizens, Chris worked as an attorney for a large US corporate law firm where he previously established their Cybersecurity and Privacy Practice Area.  While in practice he assisted his clients on numerous privacy compliance matters, data loss incidents, and handled the first data breach in the US.  </li></ul><ul><li>Chris has also been involved in other aspects of cybersecurity including serving homeland security committees, briefing DHS, FBI, Director of National Intelligence, and Secret Service on cybercrime matters and critical infrastructure threats, and serving as President of the FBI’s Phoenix InfraGard.   </li></ul><ul><li>Dr. Pierson is a frequent speaker at national and international cybersecurity and privacy conferences and is regularly interviewed by the media on these topics and homeland security matters. </li></ul>
  11. 11. A Chief Privacy Officer’s Perspective <ul><li>Preparedness and Response: Five High-Level Themes </li></ul><ul><li>I. Preplanning </li></ul><ul><ul><li>Not if, but when . . . plan accordingly </li></ul></ul><ul><li>II. Awareness and Exercise </li></ul><ul><ul><li>Practice, practice, practice! </li></ul></ul><ul><li>III. Collaboration </li></ul><ul><ul><li>Team efforts are critical to success </li></ul></ul><ul><li>IV. Communication </li></ul><ul><ul><li>Clarity, consistency, and single voice </li></ul></ul><ul><li>V. Avoiding Pitfalls </li></ul><ul><ul><li>Understand and predict all possible future outcomes </li></ul></ul>
  12. 12. A Chief Privacy Officer’s Perspective - Preparedness and Response <ul><li>I. Preplanning – Not If, But When . . . Plan Accordingly </li></ul><ul><li>Do not stick you head in the sand </li></ul><ul><ul><li>“ Loss of Control” of information incidents can happen </li></ul></ul><ul><li>Know what data you own or possess and where it is </li></ul><ul><ul><li>Data inventories, data flow diagrams, audits </li></ul></ul><ul><ul><li>Out-sourcing/off-shoring </li></ul></ul><ul><li>Relationships can be made ahead of time </li></ul><ul><li>Create critical documents ahead of time </li></ul><ul><ul><li>Letters, communications, website and media statements </li></ul></ul><ul><li>II. Awareness and Exercise – Practice, Practice, Practice </li></ul><ul><li>Design the plan, test it, socialize it, and revise </li></ul><ul><ul><li>Table top exercises prevent panic </li></ul></ul>
  13. 13. A Chief Privacy Officer’s Perspective - Preparedness and Response <ul><li>III. Collaboration – Team Efforts are Critical to Success </li></ul><ul><li>Ensure roles are clearly delineated </li></ul><ul><ul><li>Pre-planned roles keep people on-track </li></ul></ul><ul><li>Receive buy-in to the process during calm </li></ul><ul><ul><li>Assemble the core team to walk through critical elements of response ahead of time </li></ul></ul><ul><li>Make sure everyone can succeed by joining the team </li></ul><ul><ul><li>Partners who can claim success are more willing to join the team </li></ul></ul><ul><li>Do not forget outside relationships </li></ul><ul><ul><li>Credit Monitoring, Help Centers, Printing, Mailing, Counsel, etc. </li></ul></ul><ul><ul><li>Law Enforcement and/or Regulators (insurance, financial, healthcare, government sectors) </li></ul></ul><ul><li>IV. Communication – Clarity, Consistency and Single Voice </li></ul><ul><li>One Voice, One Message </li></ul><ul><ul><li>Be consistent </li></ul></ul><ul><ul><li>Time-line event scenarios </li></ul></ul><ul><li>V. Avoiding Pitfalls – Understand and Predict Future Hazards </li></ul><ul><li>Do not react to only what is in front of you </li></ul><ul><ul><li>Where uncertainty exists, examine options and react accordingly </li></ul></ul>
  14. 14. A Public Relations Perspective Michael Fox Senior Managing Director, ICR Inc. <ul><li>Michael is a senior managing director of ICR, Inc. a leading financial communications consulting firm. He heads the corporate communications team, providing strategic financial communications services to a broad spectrum of clients, including energy, defense and financial services companies. </li></ul><ul><li>Michael’s clients turn to him for counsel on wide variety of issues, ranging from activist shareholder actions to corporate data breaches. His work has included crisis communications counsel for both retail and payment processors victimized in recent high-profile data breaches. </li></ul><ul><li>Michael previously served as the Group Director of the U.S. Corporate Communications Practice for Ogilvy Public Relations Worldwide where he provided strategic communications counsel, internal relations and crisis and issues management services to several Fortune 500 companies. Prior to his work in communications, he served as a legislative director to Congressman Chris Shays (CT-4). </li></ul>
  15. 15. A Public Relations Perspective <ul><li>Crisis Management = Reputation & Relationship Management </li></ul><ul><ul><li>Business success is based on strong relationships – customers, partners, employees, investors, regulators, etc. </li></ul></ul><ul><ul><li>Crisis undermines trust and strains relationships </li></ul></ul><ul><ul><li>Crisis communication is the art of managing relationships in the aftermath of a negative event </li></ul></ul><ul><ul><li>Effective crisis response can actually strengthen relationships </li></ul></ul><ul><li>Characteristics of a Crisis </li></ul><ul><ul><li>Unplanned : Sudden and unexpected </li></ul></ul><ul><ul><li>Negative : Will adversely impact the company </li></ul></ul><ul><ul><li>Public : Is or likely to become publicly known </li></ul></ul><ul><ul><li>Serious : Impact could be significant/lasting </li></ul></ul>
  16. 16. A Public Relations Perspective <ul><li>Data Security and Breach Incidents </li></ul><ul><ul><li>Specific negative personal impact on key stakeholders </li></ul></ul><ul><ul><li>Directly undermine trust </li></ul></ul><ul><ul><li>Raise questions of competence and care </li></ul></ul><ul><ul><li>Easy for unaffected parties to relate… “could have been me” </li></ul></ul><ul><ul><li>Have lasting impact </li></ul></ul><ul><li>Unique Challenges </li></ul><ul><ul><li>Confusion over responsibility and accountability </li></ul></ul><ul><ul><ul><li>Whose fault? Whose customer? </li></ul></ul></ul><ul><ul><li>Challenges of identifying who might have been harmed </li></ul></ul><ul><ul><li>Difficult to accurately predict the potential negative impact </li></ul></ul><ul><ul><li>Conflicting rules around notification </li></ul></ul><ul><ul><li>Conflict between prompt disclosure and first fixing the problem </li></ul></ul>
  17. 17. A Public Relations Perspective Conflicting Perspectives in a Crisis <ul><li>Company </li></ul><ul><li>Let’s make sure </li></ul><ul><li>It’s not that bad </li></ul><ul><li>It will blow over </li></ul><ul><li>It’s not entirely our fault </li></ul><ul><li>Talking about it will just make it worse </li></ul><ul><li>We can’t say anything until we know everything </li></ul><ul><li>Stakeholders </li></ul><ul><li>What happened? </li></ul><ul><li>Why did it happen? </li></ul><ul><li>How will it affect me? </li></ul><ul><li>When will it end? </li></ul><ul><li>Will it happen again? </li></ul><ul><li>I want to know now! </li></ul>Disconnect
  18. 18. A Public Relations Perspective <ul><li>The Media Will be Ruthless </li></ul><ul><li>The public can forgive error and mistakes, but it can be ruthless in the face of: </li></ul><ul><ul><li>Indifference, Arrogance, Obfuscation, Deflection, Insensitivity, Cover-up </li></ul></ul>“ Retailer Wards Failed To Notify Customers Of Data Breach” “ TJX Breach Skewers Customers, Bank” “ Heartland Has No Heart for Violated Customers” “ Democrats Question Handling of Data Breach”
  19. 19. <ul><li>Crisis Response Imperatives </li></ul><ul><ul><li>Preparation – develop a crisis plan and conduct simulations </li></ul></ul><ul><ul><ul><li>Crisis plan: Team, contact information, core principles, draft materials, scenarios </li></ul></ul></ul><ul><ul><li>Leadership – a senior executive must lead the process </li></ul></ul><ul><ul><li>Speed – decisive action is critical </li></ul></ul><ul><ul><li>Thoroughness – cover all bases, anticipate all contingencies </li></ul></ul><ul><ul><li>Control – take the initiative and stay one step ahead </li></ul></ul><ul><ul><li>Accuracy – get the facts, correct errors, never speculate </li></ul></ul><ul><ul><li>Closure – tie all loose ends before you can move on </li></ul></ul>A Public Relations Perspective
  20. 20. <ul><li>What to Say in the Midst of a Crisis: </li></ul><ul><li>5 Steps to Eliminate “Fear” </li></ul><ul><ul><li>F acts – Communicate what you know/don’t know, correct inaccuracies, never speculate. In the absence of facts, talk “process.” </li></ul></ul><ul><ul><li>E mpathy – Always express concern for affected parties. </li></ul></ul><ul><ul><li>A ccountability – Demonstrate you will do everything necessary to assist (even if it’s not your fault!) </li></ul></ul><ul><ul><li>A ction – Be explicit about what you are doing, how and when. </li></ul></ul><ul><ul><li>R emediation – Take specific steps to eliminate and compensate for any negative impact in the future. Don’t skimp. </li></ul></ul>A Public Relations Perspective
  21. 21. <ul><li>Data Breach PR Response Best Practices </li></ul><ul><ul><li>Effective planning and preparation </li></ul></ul><ul><ul><li>Timely disclosure and notification </li></ul></ul><ul><ul><li>Responsibility and empathy </li></ul></ul><ul><ul><li>Direct and redundant communication </li></ul></ul><ul><ul><li>Good use of website (FAQs to simplify process) </li></ul></ul><ul><ul><li>Tangible and commensurate remediation </li></ul></ul><ul><ul><ul><li>Err on the side of inclusiveness </li></ul></ul></ul><ul><ul><li>Active online monitoring </li></ul></ul>A Public Relations Perspective
  22. 22. Tom Rusin CEO, Affinion Security Center <ul><li>Tom Rusin is the President and C.E.O. of Affinion Group’s North American division, which generated over $1.1 billion in revenue and a quarter of a billion dollars in operating income in 2008. He also serves as C.E.O. of the Affinion Security Center, a division of Affinion Group and a leading provider of solutions in identity theft protection to consumers. </li></ul><ul><li>Tom has extensive experience in product development, customer service and direct marketing in the Identity Protection, Insurance, Travel, and Loyalty industries. Tom is a seasoned and engaging speaker on multiple subjects including; the criticality of media diversity, using consumer attitudes to better target direct marketing, turning customers into fans, and the continuing evolution of identity theft and how consumers can really protect themselves. As an expert on the growing crime of identity theft, Tom has been featured in a wide variety of leading media, including Network World, C/Net, and BusinessWeek TV, and has also moderated forum discussions with industry and global leaders, including former US Secretary of State Gen (r) Colin Powell. </li></ul>
  23. 23. Panel Discussion <ul><li>How big are the actual issues stemming from data breaches, and should only large businesses be concerned? </li></ul>
  24. 24. Panel Discussion <ul><li>What are the challenges that any business faces when dealing with a data breach? </li></ul>
  25. 25. Panel Discussion <ul><li>What role does regulation play in driving breach response, and how important is it for businesses to be prepared to respond to a breach in advance? </li></ul>
  26. 26. Panel Discussion <ul><li>Are most businesses adequately prepared? </li></ul>
  27. 27. Panel Discussion <ul><li>What needs to be considered when proactively preparing for a data breach, and how is that different from simply reacting to a breach? </li></ul>
  28. 28. Panel Discussion <ul><li>What advantages are there in being proactive vs. reactive from both legal and reputational perspectives? </li></ul>
  29. 29. Panel Discussion <ul><li>Are typical businesses capable of responding to breaches with their own internal resources? </li></ul>
  30. 30. Affinion Security Center’s Expertise <ul><li>A leading provider of identity theft solutions worldwide </li></ul><ul><ul><li>Currently serving 10 million+ individuals </li></ul></ul><ul><ul><li>Over 100 custom or branded programs managed for many of the world’s leading financial institutions </li></ul></ul><ul><li>Dedicated research & development team committed to staying ahead of the identity theft curve </li></ul><ul><ul><li>Hot-Line first offered in 1969 </li></ul></ul><ul><ul><li>One of the first to market with credit monitoring services (PrivacyGuard - 1992) </li></ul></ul><ul><ul><li>Card Cops acquired in 2007 </li></ul></ul><ul><ul><li>Recent innovations include launch of IdentitySecure and BreachShield </li></ul></ul><ul><ul><li>ID theft and privacy expert Frank Abagnale serves as product advisor and spokesman </li></ul></ul><ul><li>Committed to the highest security and operational standards </li></ul><ul><ul><li>Process over 150 million transactions/year through variety of payment processors and direct relationships </li></ul></ul><ul><ul><li>ISO 27001 certified (one of only 85 US companies to earn this credential) </li></ul></ul><ul><ul><li>PCI Level 1 compliant </li></ul></ul><ul><ul><li>Six Sigma trained experts </li></ul></ul><ul><li>Addressing the growing threat of data breaches by leveraging ASC’s infrastructure </li></ul>Strategic solutions for personal data security
  31. 31. Data Breaches – A Complex, High-Stakes Environment <ul><li>Breaches Continue To Rise </li></ul><ul><li>According to the Identity Theft Resource Center, breaches increased by 47% in 2008 </li></ul><ul><li>Complexities of the crime continue to change </li></ul><ul><li>Legislative Environment Increasingly Complex </li></ul><ul><li>Breach notification laws now in 44 states </li></ul><ul><li>Emerging trend of state laws require that all businesses encrypt personally identifiable information </li></ul><ul><ul><li>Additional Federal legislation proposed </li></ul></ul><ul><li>Federal Trade Commission’s Red Flag rules </li></ul>“ If a company or institution that experienced a data breach of your personal information offered you an identity protection service, would you most prefer a service that…”* Customers Expect More Than Just Notification and Credit Monitoring * Javelin Strategy & Research on Data Breach Notification – June 2008
  32. 32. We provide turn-key, end-to-end solutions by leveraging the expertise and infrastructure of a $1.4 billion organization. BreachShield – Comprehensive Solutions & Advanced Protection <ul><li>Incident Response Consulting </li></ul><ul><ul><li>Pre-contract and proactively prepare response plans </li></ul></ul><ul><li>List Services </li></ul><ul><ul><li>Our database services include address hygiene and NCOA services, ensuring USPS compliance, optimizing mailing and postal costs and minimizing undeliverable mail </li></ul></ul><ul><li>Notification Drafting & Print Services </li></ul><ul><ul><li>Leverage our capabilities as one of the nation’s largest direct mailers </li></ul></ul><ul><li>Customer Support </li></ul><ul><ul><li>Pre-enrollment: VRU minimizes costs and mitigates poor customer experience from increased call volumes </li></ul></ul><ul><ul><li>Includes FAQ Support </li></ul></ul><ul><ul><li>Post-enrollments: tenured, FCRA-certified Identity Fraud Support Specialists dedicated to each case until resolved </li></ul></ul><ul><li>ID Theft Protection Solutions </li></ul><ul><ul><li>Our data breach solutions utilize the latest ID theft protection technologies available through ASC </li></ul></ul><ul><li>Multi-Channel Enrollment Options– Ensure the affected population can enroll quickly, easily and conveniently </li></ul><ul><ul><li>Full File Enrollment </li></ul></ul><ul><ul><ul><li>Simply provide an encrypted file of all records </li></ul></ul></ul><ul><ul><li>Online </li></ul></ul><ul><ul><ul><li>Allows instant enrollment through a dedicated URL </li></ul></ul></ul><ul><ul><li>USPS </li></ul></ul><ul><ul><ul><li>Customers fill out and return the supplied enrollment form </li></ul></ul></ul><ul><ul><li>Telephone – VRU with Live Agent Option </li></ul></ul><ul><ul><ul><li>Customers enroll with the numeric activation code provided in the Notification Letter </li></ul></ul></ul><ul><li>Ongoing Support & Reporting </li></ul><ul><ul><li>Our team is always available to assist with your needs and can support standard or ‘a la carte’ requests </li></ul></ul>Incident Response Consulting List Services (Deduping & NCOA) Customer Support (Pre & Post Enrollment) ID Theft Protection Solutions Multi-Channel Enrollment Options Ongoing Support & Reporting Notification Drafting & Print Services
  33. 33. ID Theft - Complicated Crimes Demanding a Complete Solution <ul><li>New account fraud makes up only 28% of ID theft instances </li></ul><ul><li>Need solution that addresses all aspects of ID theft </li></ul><ul><li>BreachShield is committed to providing the most robust and comprehensive solutions </li></ul><ul><li>PREVENTION </li></ul><ul><li>Best-in class technology, proactively combating emerging identity theft threats </li></ul><ul><ul><li>Card Cops Internet Surveillance </li></ul></ul><ul><ul><li>Credit Card Registry Service </li></ul></ul><ul><ul><li>Fraud Alerts with Automated Reminders </li></ul></ul><ul><li>DETECTION </li></ul><ul><li>Solutions to quickly identify instances where identity theft has occurred </li></ul><ul><ul><li>Credit Monitoring and Alerts </li></ul></ul><ul><ul><li>Credit Reports and Scores </li></ul></ul><ul><ul><li>Credit Information Hotline </li></ul></ul><ul><li>RESOLUTION </li></ul><ul><li>The right resources to help customers restore their good name </li></ul><ul><ul><li>Identity Fraud Support Services </li></ul></ul><ul><ul><li>ID Theft Insurance </li></ul></ul>* Javelin Strategy & Research - 2008 Identity Fraud Survey Report
  34. 34. <ul><li>Proven History & Expertise: ASC provides its solutions to over 10 million individuals today, and services major financial institutions and top corporations. </li></ul><ul><li>Comprehensive End-to-End Solution: We can help with all aspects of data breach response, leveraging the back-end capabilities of a $1.4 billion organization </li></ul><ul><li>Advanced ID Theft Protection: Our services utilize proprietary technologies and offer the most complete protection available, with tools for preventing, detecting and resolving ID theft </li></ul><ul><li>Highest Security Standards: Ongoing commitment to data security – ISO 27001 & PCI Level 1 compliance </li></ul><ul><li>24/7 Availability: Available to take your call about a breach within your organization anytime, day or night </li></ul><ul><li>Speed to Launch: ASC BreachShield solutions can be deployed as quickly as 24 hours from time of request, demonstrating to your customers that you take the security of their personal data seriously </li></ul>Why Partner with ASC BreachShield? <ul><li>Customer Service: Exceptional call center expertise from over 35 years of experience </li></ul><ul><li>Notification & Fulfillment Services: We can consult on or draft the Notification Letter. Our state of the art production center allows us to print and mail Notification Letters </li></ul><ul><li>Trusted Provider: BreachShield solutions are powered by PrivacyGuard, the nation’s leading ID theft solution, and the only service endorsed by leading ID theft expert, Frank Abagnale </li></ul>The only provider to offer comprehensive, turn-key solutions combined with advanced ID theft protection and world class customer service
  35. 35. Contact Us <ul><li>For 24/7 assistance in the event of a breach, call ASC toll-free: </li></ul><ul><li>1-800-350-7209 </li></ul><ul><li>For general inquiry, call or email: </li></ul><ul><li>Chris Haynor </li></ul><ul><li>203-956-1103 </li></ul><ul><li>[email_address] </li></ul><ul><li>Helen Boyian </li></ul><ul><li>203-956-8926 </li></ul><ul><li>[email_address] </li></ul><ul><li>Mike Morelli </li></ul><ul><li>203-956-1078 </li></ul><ul><li>[email_address] </li></ul>
  36. 36. Questions and Answers <ul><li>For more Information on Affinion Security Center please visit: </li></ul><ul><ul><li>www.affinionsecuritycenter.com </li></ul></ul><ul><li>For more information on data breach response planning and ASC’s Breachshield solutions please visit: </li></ul><ul><ul><li>www.breachshield.com </li></ul></ul><ul><li>BreachShield’s latest resource, the </li></ul><ul><li>Data Breach Response Guide, is available </li></ul><ul><li>for download at no cost, by clicking here : </li></ul>
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×