SlideShare a Scribd company logo

Do You Wannacry: Your Ethical and Legal Duties Regarding Cybersecurity & Privacy

Download as PPT, PDF
B
ButlerRubin

Butler Rubin Partner, Dan Cotter discusses in detail the changes to the Model Rules of Professional Conduct that impact lawyers and their obligations to understand technology and safeguard against inadvertent data breaches.

Law
1 of 81
Do You Wannacry: Your Ethical and Legal Duties Regarding Cybersecurity & Privacy May 23, 2017 Presenters: Daniel A. Cotter Butler Rubin Saltarelli & Boyd LLP 321 N. Clark Street, Suite 400 Chicago, IL 60654 Dcotter@butlerrubin.com
The materials in this presentation are intended to provide a general overview of the issues contained herein and are not intended nor should they be construed to provide specific legal or regulatory guidance or advice. If you have any questions or issues of a specific nature, you should consult with appropriate legal or regulatory counsel to review the specific circumstances involved. Views expressed are those of the speaker and are not to be attributed to his firm or clients.
Goals/Roadmap • A Little Bit of History and Looking Back • Why do you as a lawyer care? • RPCs • Some actual application
OLD/NEW MEANING TO A NEW TERM?
Who Wants to Cry? “Mummy, you're a fool to cry You're a fool to cry.”- Fool to Cry
A Quick Look in the Rearview Mirror
1991 30MB storage 386 – FAST! 2MB RAM?
1991
1997 AOL was the main email and Internet provider
1997 (cont’d) Anyone remember AltaVista? Google was not “live” until 1998
Mid- to late-1990s – Most Famous Man on the Internet?
Life Was Good “I can't complain but sometimes i still do Life's been good to me so far”- Life’s Been Good
But Then… What the heck happened?
A Pictorial of 2000 to 2008 and beyond
WE’VE COME A LONG WAY, BABY!
E-Discovery
E-Discovery
The World in Law and Tech/AI in 2016 Source: Goodman, Joanna, Robots in Law: How Artificial Intelligence is Transforming Legal Services (ARK Group 2016)
In Addition, We Now We Have…
STATISTICS - 2013 – 181.4 million United States users - 2017- was expected to climb to 222.4 million users
What about:
OR THIS?
WHAT ABOUT THIS?
WATCH, ANYONE?
WHAT ABOUT?
More Basic Office Equipment
AND?
IMPLANT DEVICES
Name Badges - WIVB Feature -Boston - Humanyze badges - Bluetooth - Infrared - Motion sensors - Microphones
While Technology and Data Proliferates - The Hackers have come alive:
Some Basics—Identity Theft Resource Center http://www.idtheftcenter.org/2016databreaches.html “The ITRC currently tracks seven categories of data loss methods: -Insider Theft, - Hacking/Skimming/Phishing, - Data on the Move, - Subcontractor/Third Party/BA, - Employee error/Negligence/Improper disposal/Lost, - Accidental web/Internet Exposure, and - Physical Theft.”
Some sobering numbers from ITRC 2005 to October 14, 2016 Number of Breaches = Number of Records =
Some sobering numbers from ITRC 2005 to October 14, 2016 Number of Breaches = 6,573 Number of Records =
Some sobering numbers from ITRC 2005 to October 14, 2016 Number of Breaches = 6,573 Number of Records = 880,651,559
Industries Most Impacted by Breaches 2015 data (Baker Hostetler Data Security Incident Response Report):
Increase in Cyber Attacks on U.S. Health Insurers 2015 – a Banner Year BlueCross/Blue Shield Company Number of Health Records Breached Anthem 57.8M Premera 11M Excellus 10M Total 78.8M Percentage of Annual Health Care Breaches Reported in 2015 70.48% Value of Records on DarkNet $78.8B
Why Do We as Lawyers Care?
The Parade of Horribles - Inadvertence, mistake: Law Firm’s Documents Dumped in Trash, Gainesville Times, October 16, 2011. - Cyber attack: Wiley Rein Hack LLP Hack (2011). - Physical Security. Laptop Stolen from Law Offices of David A. Krausz, Sensitive Info at Risk, Softpedia. - Insider threats: Orrick breach. - Readers of WSJ on 3/29/2016: “Hackers Breach Law Firms, Including Cravath and Weil Gotshal” - Edelson Law putative class action against Johnson & Bell (N.D. IL 2016) and what has since happened - Real Estate closings
Why?
Are you worried?
Should You Be?
Rules of Professional Conduct Some Relevant Ethical Rules •Illinois Rule 1.1 (Competence) •Illinois Rule 1.6 (Confidentiality of Information) •Illinois Rule 1.4 (Communication) •Illinois Rules 1.15, 1.16 (Duty to Safeguard Client Property) •Illinois Rules 5.1, 5.2, 5.3 (Duty of Supervision)
Rules of Professional Conduct Illinois Rule 1.1   Duty of Competence     A lawyer shall provide competent representation to a client. Competent representation requires the legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation.
Duty of Competence Rule 1.1 includes competence in selecting and using technology. It requires attorneys who lack the necessary technical competence for security (many, if not most attorneys) to consult with qualified people who have the requisite expertise. Comment [8] MRPC: To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject.
Relevant Laws Relating to Legal Obligations All 50 states and DC have adopted ABA Model Rule 1.1 (either in whole or with modifications). At least 25 states have adopted Comment 8. 45
Florida Rule - September 30, 2016- every lawyer admitted to Florida Bar must take three hours of technology-related CLE during a three-year cycle.
HOW HARD CAN IT BE? Nick Burns: Move! [ sits down ] ... See where it says "4" and "FL". That's fourth floor. That's where we are, we're on the fourth floor. That's it. You pick that one. Is that so hard? Geeze Louise, I can't wait to get my NTSC and quit this job. [ steps over to the Female Employee's computer ] What's your problem? Female Employee: Well, it just crashes every time my screen saver comes up. Nick Burns: Alright, let's run a test, just type in: XY.VIOLATOR/467 F47 Female Employee: Type in? Nick Burns: Move!
ABC’S OF CYBER AI Bitcoin Cyber insurance Data privacy E-discovery and e-sign Fintech GDPR
ABC’S (CONT’D) Health information IOT Jurisdiction/Japan Korea Litecoin Masters Conference Notice of Breach
ABC’S (CONT’D) Online privacy Privacy Shield Quotes Ransomware Soviet Union aka Russia Target Uganda
ABC’S (CONT’D) Victims Wannacry ransomware XHTML Yahoo! Zip files
Duty of Confidentiality Illinois Rule 1.6(e)(amended October 15, 2015, effective January 1, 2016) – “A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to information relating to the representation of a client.”
Duty of Confidentiality Comments to Illinois Rule 1.6 Acting Competently to Preserve Confidentiality [19] When transmitting a communication that includes information relating to the representation of a client, the lawyer must take reasonable precautions to prevent the information from coming into the hands of unintended recipients. This duty, however, does not require that the lawyer use special security measures if the method of communication affords a reasonable expectation of privacy. Special circumstances, however, may warrant special precautions. Factors to be considered in determining the reasonableness of the lawyer’s expectation of confidentiality include the sensitivity of the information and the extent to which the privacy of the communication is protected by law or by a confidentiality agreement. A client may require the lawyer to implement special security measures not required by this Rule or may give informed consent to the use of a means of communication that would otherwise be prohibited by this Rule.
Duty of Confidentiality Comment to Model Rule 1.6, now in comments to Illinois Rule, effective January 1, 2016 Acting Competently to Preserve Confidentiality [18] Factors to be considered in determining the reasonableness of the lawyer’s efforts include, but are not limited to, the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, the cost of employing additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer’s ability to represent clients (e.g., by making a device or important piece of software excessively difficult to use).
What does your client want? Illinois Rule 1.6, Comment [19]: “A client may require the lawyer to implement special security measures not required by this Rule or may give informed consent to forgo security measures that would otherwise be required by this Rule.”
The Duties of Competence and Confidentiality Ariz. Bar. Op. 09-04 Lawyer encrypted files, installed layers of password protection, randomly generated folder names and passwords, and converted each document to PDF format that required password. • “In satisfying the duty to take reasonable security precautions, lawyers should consider firewalls, password protection schemes, encryption, anti-virus measures, etc.” • The duty “does not require a guarantee that the system will be invulnerable to unauthorized access.”
Duty to Safeguard Client Property Illinois RPC 1.15(a) “A lawyer shall hold property of clients or third persons that is in a lawyer's possession in connection with a representation separate from the lawyer’s own property. ... Other property shall be identified as such and appropriately safeguarded.”
ABA Formal Opinion 477 (May 11, 2017) • Unencrypted generally okay • But special circumstances/laws may require. • Lawyer must make “reasonable efforts to prevent inadvertent or unauthorized access” • Includes a “reasonable efforts” balancing • Concludes that: “A lawyer generally may transmit information relating to the representation of a client over the Internet….where…has undertaken reasonable efforts….”
Termination of Representation Illinois RPC 1.16(d) “Upon termination of representation, a lawyer shall take steps to the extent reasonably practicable to protect a client's interests, such as giving reasonable notice to the client, allowing time for employment of other counsel, surrendering papers and property to which the client is entitled and refunding any advance payment of fee or expense that has not been earned or incurred. The lawyer may retain papers relating to the client to the extent permitted by other law.”
Other Applicable Rules Duty to supervise (Rules 5.1 and 5.3) Illinois Rule 5.1(a): “A partner in a law firm, and a lawyer who individually or together with other lawyers possesses comparable managerial authority in a law firm, shall make reasonable efforts to ensure that the firm has in effect measures giving reasonable assurance that all lawyers in the firm conform to the Rules of Professional Conduct.”
Other Applicable Rules Duty to supervise (Rules 5.1, 5.2 and 5.3) Illinois Rule 5.3: “With respect to a nonlawyer employed or retained by or associated with a lawyer: (a)    The lawyer, and, in a law firm, each partner, shall make reasonable efforts to ensure that the firm has in effect measures giving reasonable assurance that the nonlawyer's conduct is compatible with the professional obligations of the lawyer and the firm;
Other Applicable Rules Warning to client? •You are obligated under Rule 1.4 to warn your client about the risk of using electronic communications where there is a significant risk that a 3d party may gain access. •E.g., when representing a company employee, employer could read/access the email. •And a warning may not be enough – you may be required to recommend to the client methods of ensuring that electronic communications remain confidential. •ABA Formal Op. 11-459 (8/4/11) •Texas Opinion No. 648
And that’s not all… Duty to Former clients? Model Rule1.9(c) “[A] lawyer who has formerly represented a client in a matter or whose present or former firm has formerly represented a client in a matter shall not thereafter ... reveal information relating to the representation except as these Rules would permit or require with respect to a client.”
What laws might be relevant? • Mass. Security Regulations (201 CMR 17.00) • Data Breach Notification laws (47 states, including Illinois have these laws) HIPAA/HITECH • Gramm Leach Bliley • Data Security Laws • Fiduciary Duty? • Malpractice laws?
Applying the Rules • Your emails? • Your trash? • Your desk and office? • Working at a coffee shop? • Your workspace at home? • Portable data storage devices? • Your laptop? • Working in the “cloud”?
Is there a duty to encrypt emails? – “A lawyer may transmit information relating to the representation of a client by unencrypted e-mail . . . because the mode of transmission affords a reasonable expectation of privacy from a technological and legal standpoint.” – “A lawyer should consult with the client and follow her instructions, however, as to the mode of transmitting highly sensitive information....” • ABA Formal Op. 99-413 (Mar. 10, 1999). •Texas Opinion No. 648
Is there a duty to encrypt emails? – “Encrypting email may be a reasonable step for an attorney to take ... when the circumstance calls for it, particularly if the information at issue is highly sensitive and the use of encryption is not onerous.” • Cal. Op. 2010-179.
Encryption- Illinois State Bar Association ISBA considered the question of sending unencrypted emails in ISBA Advisory Opinion 96-10 (which was reaffirmed in 2010), available at https://www.isba.org/sites/default/files/ethicsopinions/9 6-10.pdf, advised that unencrypted email is acceptable: “Because (1) the expectation of privacy for electronic mail is no less reasonable than the expectation of privacy for ordinary telephone calls, and (2) the unauthorized interception of an electronic message is subject to the [Electronic Communications Privacy Act ].”
Encryption Revisited? - Many opinions on encryption outdated - Times/technology have changed - NYDFS Regulations - Does your client require encryption?
Trash and recycling Shred everything privileged or confidential. When in doubt, or when you don’t know: Shred.
Your office and your files Are you working with hard copies of sensitive information, like Protected Health Information (PHI) or Personally Identifiable Information (PII)?
Can you use the Wifi at Starbucks? THE STATE BAR OF CALIFORNIA FORMAL OPINION NO. 2010-179 • Short answer: probably, if you take appropriate steps. • Before using a particular technology in the course of representing a client, an attorney must take appropriate steps to evaluate: 1) the level of security attendant to the use of that technology, including whether reasonable precautions may be taken when using the technology to increase the level of security; 2) the legal ramifications to a third party who intercepts, accesses or exceeds authorized use of the electronic information; 3) the degree of sensitivity of the information; 4) the possible impact on the client of an inadvertent disclosure of privileged or confidential information or work product; 5) the urgency of the situation; and 6) the client’s instructions and circumstances, such as access by others to the client’s devices and communications.
Can you use the Wifi at Starbucks? THE STATE BAR OF CALIFORNIA FORMAL OPINION NO. 2010-179 • Attorney goes to local coffee shop and uses public wifi to work on firm laptop. • California state bar applied the multi-factor test, and said, not, an attorney risks violating his professional obligations unless • BUT…”With regard to the use of a public wireless connection, the Committee believes that, due to the lack of security features provided in most public wireless access locations, Attorney risks violating his duties of confidentiality and competence in using the wireless connection at the coffee shop to work on Client’s matter unless he takes appropriate precautions, such as using a combination of file encryption, encryption of wireless transmissions and a personal firewall. Depending on the sensitivity of the matter, Attorney may need to avoid using the public wireless connection entirely or notify Client of possible risks attendant to his use of the public wireless connection, including potential disclosure of confidential information and possible waiver of attorney-client privilege or work product protections, and seek her informed consent to do so.”
What about the Wifi at home? THE STATE BAR OF CALIFORNIA FORMAL OPINION NO. 2010-179 “[I]f Attorney’s personal wireless system has been configured with appropriate security features, the Committee does not believe that Attorney would violate his duties of confidentiality and competence by working on Client’s matter at home. Otherwise, Attorney may need to notify Client of the risks and seek her informed consent, as with the public wireless connection.” • Citrix: Citrix XenApp offers “end to end” security and is generally considered secure.
Portable Electronic Storage Devices Duties of Confidentiality And Competence What is an attorney’s obligation with respect to information stored on portable electronic storage devices, such as thumb drives, CD discs, and back- up storage drives? What are “reasonable steps”?
What’s in your hard drive?
Cloud “I says, Hey! You! Get off of my cloud Hey! You! Get off of my cloud Hey! You! Get off of my cloud Don't hang around 'cause two's a crowd.”- Get Off of My Cloud
Working in the cloud? • Numerous ethical opinions relevant to this topic: •ISBA Ethics Op. 10-01 (July 2009) - ISBA Ethics Op. 16-06 (October 2016) - Affirms ability to use, but reasonable steps •Pennsylvania Formal Opinion 2011-200 •North Carolina 2011 Formal Op. 6 •New York State Bar Ethics Opinion 842 •Alabama Ethics Opinion 2010-2 •Washington State Bar Advisory Opinion 2215 •Iowa Bar Ethic Opinion 11-01 •Vermont Ethics Opinion 2010-6 •Massachusetts Bar Ethics Opinion 12-03 •New Hampshire Ethics Committee Advisory Op. #2012-13/4
ISBA and Cloud - July 2009, Opinion No. 10-01- off-site network administrator - 2016: - Use of cloud vendor - Focused on 1.1 and 1.16(e) - Did attorney in selecting vendor act “reasonably and competently”?
CONCLUSION
Do You Wannacry: Your Ethical and Legal Duties Regarding Cybersecurity & Privacy

Recommended

Cyber Liability Coverage in the Marketplace with Dan Cotter
Cyber Liability Coverage in the Marketplace with Dan CotterCyber Liability Coverage in the Marketplace with Dan Cotter
Cyber Liability Coverage in the Marketplace with Dan CotterButlerRubin
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11pdewitte
 
Legal Issues in Mobile Security Research
Legal Issues in Mobile Security ResearchLegal Issues in Mobile Security Research
Legal Issues in Mobile Security Researchmarciahofmann
 
Data Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model RulesData Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model Rulessaurnou
 
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...Eric Vanderburg
 
10. law invest & ethics
10. law invest & ethics10. law invest & ethics
10. law invest & ethics7wounders
 
CYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMSCYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMSScott Suhy
 
Privacy in India: Legal issues
Privacy in India: Legal issuesPrivacy in India: Legal issues
Privacy in India: Legal issuesSagar Rahurkar
 

Recommended

Cyber Liability Coverage in the Marketplace with Dan Cotter
Cyber Liability Coverage in the Marketplace with Dan CotterCyber Liability Coverage in the Marketplace with Dan Cotter
Cyber Liability Coverage in the Marketplace with Dan CotterButlerRubin
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11pdewitte
 
Legal Issues in Mobile Security Research
Legal Issues in Mobile Security ResearchLegal Issues in Mobile Security Research
Legal Issues in Mobile Security Researchmarciahofmann
 
Data Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model RulesData Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model Rulessaurnou
 
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...Eric Vanderburg
 
10. law invest & ethics
10. law invest & ethics10. law invest & ethics
10. law invest & ethics7wounders
 
CYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMSCYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMSScott Suhy
 
Privacy in India: Legal issues
Privacy in India: Legal issuesPrivacy in India: Legal issues
Privacy in India: Legal issuesSagar Rahurkar
 
Aba gp solo magazine schumann technology article-20160319_as published
Aba gp solo magazine schumann technology article-20160319_as publishedAba gp solo magazine schumann technology article-20160319_as published
Aba gp solo magazine schumann technology article-20160319_as publishedRalph Schumann
 
Privacy and Data Security: Minimizing Reputational and Legal Risks
Privacy and Data Security: Minimizing Reputational and Legal RisksPrivacy and Data Security: Minimizing Reputational and Legal Risks
Privacy and Data Security: Minimizing Reputational and Legal RisksTechWell
 
NIST Cybersecurity Requirements for Government Contractors
NIST Cybersecurity Requirements for Government ContractorsNIST Cybersecurity Requirements for Government Contractors
NIST Cybersecurity Requirements for Government ContractorsUnanet
 
Cybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementCybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementKeelan Stewart
 
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAINCOMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAINamiable_indian
 
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the RiskPrivacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the Riskduffeeandeitzen
 
Best Practices Regarding Technology (Series: Legal Ethics - Best Practices)
Best Practices Regarding Technology (Series: Legal Ethics - Best Practices)Best Practices Regarding Technology (Series: Legal Ethics - Best Practices)
Best Practices Regarding Technology (Series: Legal Ethics - Best Practices)Financial Poise
 
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Raleigh ISSA
 
IS4799 Final Project (1)
IS4799 Final Project (1)IS4799 Final Project (1)
IS4799 Final Project (1)Mark Milburn
 
Cybersecurity Brief: Understanding Risk, Legal Framework, & Insurance
Cybersecurity Brief: Understanding Risk, Legal Framework, & InsuranceCybersecurity Brief: Understanding Risk, Legal Framework, & Insurance
Cybersecurity Brief: Understanding Risk, Legal Framework, & InsuranceSecureDocs
 
Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)KP Naidu
 
2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance 2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance Raffa Learning Community
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...- Mark - Fullbright
 
Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...
Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...
Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...Accellis Technology Group
 
2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?Raffa Learning Community
 
Ilta 2011 balancing km with data privacy facilitated by dave cunningham aug...
Ilta 2011 balancing km with data privacy facilitated by dave cunningham aug...Ilta 2011 balancing km with data privacy facilitated by dave cunningham aug...
Ilta 2011 balancing km with data privacy facilitated by dave cunningham aug...David Cunningham
 
CULCT Cybersecurity Workshop 2.10.15
CULCT Cybersecurity Workshop 2.10.15CULCT Cybersecurity Workshop 2.10.15
CULCT Cybersecurity Workshop 2.10.15E Andrew Keeney
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA Compliance2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA ComplianceRaffa Learning Community
 
20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet Law20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet LawKlemchuk LLP
 
How can you improve cybersecurity at your law firm?
How can you improve cybersecurity at your law firm?How can you improve cybersecurity at your law firm?
How can you improve cybersecurity at your law firm?Clio - Cloud-Based Legal Technology
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselCasey Ellis
 

More Related Content

What's hot

Aba gp solo magazine schumann technology article-20160319_as published
Aba gp solo magazine schumann technology article-20160319_as publishedAba gp solo magazine schumann technology article-20160319_as published
Aba gp solo magazine schumann technology article-20160319_as publishedRalph Schumann
 
Privacy and Data Security: Minimizing Reputational and Legal Risks
Privacy and Data Security: Minimizing Reputational and Legal RisksPrivacy and Data Security: Minimizing Reputational and Legal Risks
Privacy and Data Security: Minimizing Reputational and Legal RisksTechWell
 
NIST Cybersecurity Requirements for Government Contractors
NIST Cybersecurity Requirements for Government ContractorsNIST Cybersecurity Requirements for Government Contractors
NIST Cybersecurity Requirements for Government ContractorsUnanet
 
Cybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementCybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementKeelan Stewart
 
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAINCOMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAINamiable_indian
 
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the RiskPrivacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the Riskduffeeandeitzen
 
Best Practices Regarding Technology (Series: Legal Ethics - Best Practices)
Best Practices Regarding Technology (Series: Legal Ethics - Best Practices)Best Practices Regarding Technology (Series: Legal Ethics - Best Practices)
Best Practices Regarding Technology (Series: Legal Ethics - Best Practices)Financial Poise
 
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Raleigh ISSA
 
IS4799 Final Project (1)
IS4799 Final Project (1)IS4799 Final Project (1)
IS4799 Final Project (1)Mark Milburn
 
Cybersecurity Brief: Understanding Risk, Legal Framework, & Insurance
Cybersecurity Brief: Understanding Risk, Legal Framework, & InsuranceCybersecurity Brief: Understanding Risk, Legal Framework, & Insurance
Cybersecurity Brief: Understanding Risk, Legal Framework, & InsuranceSecureDocs
 
Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)KP Naidu
 
2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance 2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance Raffa Learning Community
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...- Mark - Fullbright
 
Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...
Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...
Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...Accellis Technology Group
 
2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?Raffa Learning Community
 
Ilta 2011 balancing km with data privacy facilitated by dave cunningham aug...
Ilta 2011 balancing km with data privacy facilitated by dave cunningham aug...Ilta 2011 balancing km with data privacy facilitated by dave cunningham aug...
Ilta 2011 balancing km with data privacy facilitated by dave cunningham aug...David Cunningham
 
CULCT Cybersecurity Workshop 2.10.15
CULCT Cybersecurity Workshop 2.10.15CULCT Cybersecurity Workshop 2.10.15
CULCT Cybersecurity Workshop 2.10.15E Andrew Keeney
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA Compliance2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA ComplianceRaffa Learning Community
 
20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet Law20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet LawKlemchuk LLP
 

What's hot (20)

Aba gp solo magazine schumann technology article-20160319_as published
Aba gp solo magazine schumann technology article-20160319_as publishedAba gp solo magazine schumann technology article-20160319_as published
Aba gp solo magazine schumann technology article-20160319_as published
 
Privacy and Data Security: Minimizing Reputational and Legal Risks
Privacy and Data Security: Minimizing Reputational and Legal RisksPrivacy and Data Security: Minimizing Reputational and Legal Risks
Privacy and Data Security: Minimizing Reputational and Legal Risks
 
NIST Cybersecurity Requirements for Government Contractors
NIST Cybersecurity Requirements for Government ContractorsNIST Cybersecurity Requirements for Government Contractors
NIST Cybersecurity Requirements for Government Contractors
 
Cybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementCybersecurity Law and Risk Management
Cybersecurity Law and Risk Management
 
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAINCOMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
 
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the RiskPrivacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
 
Best Practices Regarding Technology (Series: Legal Ethics - Best Practices)
Best Practices Regarding Technology (Series: Legal Ethics - Best Practices)Best Practices Regarding Technology (Series: Legal Ethics - Best Practices)
Best Practices Regarding Technology (Series: Legal Ethics - Best Practices)
 
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
 
IS4799 Final Project (1)
IS4799 Final Project (1)IS4799 Final Project (1)
IS4799 Final Project (1)
 
Cybersecurity Brief: Understanding Risk, Legal Framework, & Insurance
Cybersecurity Brief: Understanding Risk, Legal Framework, & InsuranceCybersecurity Brief: Understanding Risk, Legal Framework, & Insurance
Cybersecurity Brief: Understanding Risk, Legal Framework, & Insurance
 
Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)
 
2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance 2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...
 
Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...
Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...
Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...
 
2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?
 
Ilta 2011 balancing km with data privacy facilitated by dave cunningham aug...
Ilta 2011 balancing km with data privacy facilitated by dave cunningham aug...Ilta 2011 balancing km with data privacy facilitated by dave cunningham aug...
Ilta 2011 balancing km with data privacy facilitated by dave cunningham aug...
 
CULCT Cybersecurity Workshop 2.10.15
CULCT Cybersecurity Workshop 2.10.15CULCT Cybersecurity Workshop 2.10.15
CULCT Cybersecurity Workshop 2.10.15
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
 
2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA Compliance2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA Compliance
 
20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet Law20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet Law
 

Similar to Do You Wannacry: Your Ethical and Legal Duties Regarding Cybersecurity & Privacy

Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselCasey Ellis
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counselbugcrowd
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
 
Pubcon Privacy Legal Presentation by David Mink
Pubcon Privacy Legal Presentation by David MinkPubcon Privacy Legal Presentation by David Mink
Pubcon Privacy Legal Presentation by David MinkMatt Siltala
 
Don't be a robot: You can't automate your ethical considerations
Don't be a robot: You can't automate your ethical considerationsDon't be a robot: You can't automate your ethical considerations
Don't be a robot: You can't automate your ethical considerationsNehal Madhani
 
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Diana Maier
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachJim Brashear
 
Crossing the streams: How security professionals can leverage the NZ Privacy ...
Crossing the streams: How security professionals can leverage the NZ Privacy ...Crossing the streams: How security professionals can leverage the NZ Privacy ...
Crossing the streams: How security professionals can leverage the NZ Privacy ...Chris Hails
 
BYOD: Advice for Employers and Employees
BYOD: Advice for Employers and EmployeesBYOD: Advice for Employers and Employees
BYOD: Advice for Employers and EmployeesCassie McGarvey, JD
 
Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...David Cunningham
 
Ethics and Security of Cloud Computing for Lawyers
Ethics and Security of Cloud Computing for LawyersEthics and Security of Cloud Computing for Lawyers
Ethics and Security of Cloud Computing for LawyersRobert Ambrogi
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
 
Legal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the BreachLegal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the BreachDawn Yankeelov
 
Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowShawn Tuma
 
Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2MLG College of Learning, Inc
 
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015Robert Craig
 

Similar to Do You Wannacry: Your Ethical and Legal Duties Regarding Cybersecurity & Privacy (20)

How can you improve cybersecurity at your law firm?
How can you improve cybersecurity at your law firm?How can you improve cybersecurity at your law firm?
How can you improve cybersecurity at your law firm?
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
 
Pubcon Privacy Legal Presentation by David Mink
Pubcon Privacy Legal Presentation by David MinkPubcon Privacy Legal Presentation by David Mink
Pubcon Privacy Legal Presentation by David Mink
 
Don't be a robot: You can't automate your ethical considerations
Don't be a robot: You can't automate your ethical considerationsDon't be a robot: You can't automate your ethical considerations
Don't be a robot: You can't automate your ethical considerations
 
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data Breach
 
Crossing the streams: How security professionals can leverage the NZ Privacy ...
Crossing the streams: How security professionals can leverage the NZ Privacy ...Crossing the streams: How security professionals can leverage the NZ Privacy ...
Crossing the streams: How security professionals can leverage the NZ Privacy ...
 
BYOD: Advice for Employers and Employees
BYOD: Advice for Employers and EmployeesBYOD: Advice for Employers and Employees
BYOD: Advice for Employers and Employees
 
Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...
 
Data Privacy
Data PrivacyData Privacy
Data Privacy
 
Ethics and Security of Cloud Computing for Lawyers
Ethics and Security of Cloud Computing for LawyersEthics and Security of Cloud Computing for Lawyers
Ethics and Security of Cloud Computing for Lawyers
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
 
Legal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the BreachLegal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the Breach
 
Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to Know
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2
 
Lesson 2-Identify Theft
Lesson 2-Identify TheftLesson 2-Identify Theft
Lesson 2-Identify Theft
 
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
 

Recently uploaded

如何办理威斯康星大学密尔沃基分校毕业证学位证书
如何办理威斯康星大学密尔沃基分校毕业证学位证书 如何办理威斯康星大学密尔沃基分校毕业证学位证书
如何办理威斯康星大学密尔沃基分校毕业证学位证书Fir sss
 
John Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix
 
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791BlayneRush1
 
如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书 如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书Fir sss
 
Alexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogiAlexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogiBlayneRush1
 
Comparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesComparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesritwikv20
 
SecuritiesContracts(Regulation)Act,1956.pdf
SecuritiesContracts(Regulation)Act,1956.pdfSecuritiesContracts(Regulation)Act,1956.pdf
SecuritiesContracts(Regulation)Act,1956.pdfDrNiteshSaraswat
 
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书SD DS
 
Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...shubhuc963
 
Key Factors That Influence Property Tax Rates
Key Factors That Influence Property Tax RatesKey Factors That Influence Property Tax Rates
Key Factors That Influence Property Tax RatesHome Tax Saver
 
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis LeeAlexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis LeeBlayneRush1
 
What Types of Social Media Frauds Are Prevalent in India? Investigator Perspe...
What Types of Social Media Frauds Are Prevalent in India? Investigator Perspe...What Types of Social Media Frauds Are Prevalent in India? Investigator Perspe...
What Types of Social Media Frauds Are Prevalent in India? Investigator Perspe...Milind Agarwal
 
Role and Responsibilities of Mediator and Approach
Role and Responsibilities of Mediator and ApproachRole and Responsibilities of Mediator and Approach
Role and Responsibilities of Mediator and Approach2020000445musaib
 
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTSVIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTSDr. Oliver Massmann
 
The Prevention Of Corruption Act Presentation.pptx
The Prevention Of Corruption Act Presentation.pptxThe Prevention Of Corruption Act Presentation.pptx
The Prevention Of Corruption Act Presentation.pptxNeeteshKumar71
 
Difference between LLP, Partnership, and Company
Difference between LLP, Partnership, and CompanyDifference between LLP, Partnership, and Company
Difference between LLP, Partnership, and Companyaneesashraf6
 
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书SD DS
 
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一st Las
 
如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书
如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书
如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书SD DS
 
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...Dr. Oliver Massmann
 

Recently uploaded (20)

如何办理威斯康星大学密尔沃基分校毕业证学位证书
如何办理威斯康星大学密尔沃基分校毕业证学位证书 如何办理威斯康星大学密尔沃基分校毕业证学位证书
如何办理威斯康星大学密尔沃基分校毕业证学位证书
 
John Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A History
 
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
 
如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书 如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书
 
Alexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogiAlexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogi
 
Comparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesComparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use cases
 
SecuritiesContracts(Regulation)Act,1956.pdf
SecuritiesContracts(Regulation)Act,1956.pdfSecuritiesContracts(Regulation)Act,1956.pdf
SecuritiesContracts(Regulation)Act,1956.pdf
 
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
 
Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...
 
Key Factors That Influence Property Tax Rates
Key Factors That Influence Property Tax RatesKey Factors That Influence Property Tax Rates
Key Factors That Influence Property Tax Rates
 
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis LeeAlexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
 
What Types of Social Media Frauds Are Prevalent in India? Investigator Perspe...
What Types of Social Media Frauds Are Prevalent in India? Investigator Perspe...What Types of Social Media Frauds Are Prevalent in India? Investigator Perspe...
What Types of Social Media Frauds Are Prevalent in India? Investigator Perspe...
 
Role and Responsibilities of Mediator and Approach
Role and Responsibilities of Mediator and ApproachRole and Responsibilities of Mediator and Approach
Role and Responsibilities of Mediator and Approach
 
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTSVIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
 
The Prevention Of Corruption Act Presentation.pptx
The Prevention Of Corruption Act Presentation.pptxThe Prevention Of Corruption Act Presentation.pptx
The Prevention Of Corruption Act Presentation.pptx
 
Difference between LLP, Partnership, and Company
Difference between LLP, Partnership, and CompanyDifference between LLP, Partnership, and Company
Difference between LLP, Partnership, and Company
 
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
 
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
 
如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书
如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书
如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书
 
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
 

Do You Wannacry: Your Ethical and Legal Duties Regarding Cybersecurity & Privacy

  • 1. Do You Wannacry: Your Ethical and Legal Duties Regarding Cybersecurity & Privacy May 23, 2017 Presenters: Daniel A. Cotter Butler Rubin Saltarelli & Boyd LLP 321 N. Clark Street, Suite 400 Chicago, IL 60654 Dcotter@butlerrubin.com
  • 2. The materials in this presentation are intended to provide a general overview of the issues contained herein and are not intended nor should they be construed to provide specific legal or regulatory guidance or advice. If you have any questions or issues of a specific nature, you should consult with appropriate legal or regulatory counsel to review the specific circumstances involved. Views expressed are those of the speaker and are not to be attributed to his firm or clients.
  • 3. Goals/Roadmap • A Little Bit of History and Looking Back • Why do you as a lawyer care? • RPCs • Some actual application
  • 4. OLD/NEW MEANING TO A NEW TERM?
  • 5. Who Wants to Cry? “Mummy, you're a fool to cry You're a fool to cry.”- Fool to Cry
  • 6. A Quick Look in the Rearview Mirror
  • 7. 1991 30MB storage 386 – FAST! 2MB RAM?
  • 9. 1997 AOL was the main email and Internet provider
  • 10. 1997 (cont’d) Anyone remember AltaVista? Google was not “live” until 1998
  • 11. Mid- to late-1990s – Most Famous Man on the Internet?
  • 12. Life Was Good “I can't complain but sometimes i still do Life's been good to me so far”- Life’s Been Good
  • 13. But Then… What the heck happened?
  • 14. A Pictorial of 2000 to 2008 and beyond
  • 15. WE’VE COME A LONG WAY, BABY!
  • 18. The World in Law and Tech/AI in 2016 Source: Goodman, Joanna, Robots in Law: How Artificial Intelligence is Transforming Legal Services (ARK Group 2016)
  • 19. In Addition, We Now We Have…
  • 20. STATISTICS - 2013 – 181.4 million United States users - 2017- was expected to climb to 222.4 million users
  • 26. More Basic Office Equipment
  • 27. AND?
  • 29. Name Badges - WIVB Feature -Boston - Humanyze badges - Bluetooth - Infrared - Motion sensors - Microphones
  • 30. While Technology and Data Proliferates - The Hackers have come alive:
  • 31. Some Basics—Identity Theft Resource Center http://www.idtheftcenter.org/2016databreaches.html “The ITRC currently tracks seven categories of data loss methods: -Insider Theft, - Hacking/Skimming/Phishing, - Data on the Move, - Subcontractor/Third Party/BA, - Employee error/Negligence/Improper disposal/Lost, - Accidental web/Internet Exposure, and - Physical Theft.”
  • 32. Some sobering numbers from ITRC 2005 to October 14, 2016 Number of Breaches = Number of Records =
  • 33. Some sobering numbers from ITRC 2005 to October 14, 2016 Number of Breaches = 6,573 Number of Records =
  • 34. Some sobering numbers from ITRC 2005 to October 14, 2016 Number of Breaches = 6,573 Number of Records = 880,651,559
  • 35. Industries Most Impacted by Breaches 2015 data (Baker Hostetler Data Security Incident Response Report):
  • 36. Increase in Cyber Attacks on U.S. Health Insurers 2015 – a Banner Year BlueCross/Blue Shield Company Number of Health Records Breached Anthem 57.8M Premera 11M Excellus 10M Total 78.8M Percentage of Annual Health Care Breaches Reported in 2015 70.48% Value of Records on DarkNet $78.8B
  • 37. Why Do We as Lawyers Care?
  • 38. The Parade of Horribles - Inadvertence, mistake: Law Firm’s Documents Dumped in Trash, Gainesville Times, October 16, 2011. - Cyber attack: Wiley Rein Hack LLP Hack (2011). - Physical Security. Laptop Stolen from Law Offices of David A. Krausz, Sensitive Info at Risk, Softpedia. - Insider threats: Orrick breach. - Readers of WSJ on 3/29/2016: “Hackers Breach Law Firms, Including Cravath and Weil Gotshal” - Edelson Law putative class action against Johnson & Bell (N.D. IL 2016) and what has since happened - Real Estate closings
  • 39. Why?
  • 42. Rules of Professional Conduct Some Relevant Ethical Rules •Illinois Rule 1.1 (Competence) •Illinois Rule 1.6 (Confidentiality of Information) •Illinois Rule 1.4 (Communication) •Illinois Rules 1.15, 1.16 (Duty to Safeguard Client Property) •Illinois Rules 5.1, 5.2, 5.3 (Duty of Supervision)
  • 43. Rules of Professional Conduct Illinois Rule 1.1   Duty of Competence     A lawyer shall provide competent representation to a client. Competent representation requires the legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation.
  • 44. Duty of Competence Rule 1.1 includes competence in selecting and using technology. It requires attorneys who lack the necessary technical competence for security (many, if not most attorneys) to consult with qualified people who have the requisite expertise. Comment [8] MRPC: To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject.
  • 45. Relevant Laws Relating to Legal Obligations All 50 states and DC have adopted ABA Model Rule 1.1 (either in whole or with modifications). At least 25 states have adopted Comment 8. 45
  • 46. Florida Rule - September 30, 2016- every lawyer admitted to Florida Bar must take three hours of technology-related CLE during a three-year cycle.
  • 47. HOW HARD CAN IT BE? Nick Burns: Move! [ sits down ] ... See where it says "4" and "FL". That's fourth floor. That's where we are, we're on the fourth floor. That's it. You pick that one. Is that so hard? Geeze Louise, I can't wait to get my NTSC and quit this job. [ steps over to the Female Employee's computer ] What's your problem? Female Employee: Well, it just crashes every time my screen saver comes up. Nick Burns: Alright, let's run a test, just type in: XY.VIOLATOR/467 F47 Female Employee: Type in? Nick Burns: Move!
  • 48. ABC’S OF CYBER AI Bitcoin Cyber insurance Data privacy E-discovery and e-sign Fintech GDPR
  • 50. ABC’S (CONT’D) Online privacy Privacy Shield Quotes Ransomware Soviet Union aka Russia Target Uganda
  • 52. Duty of Confidentiality Illinois Rule 1.6(e)(amended October 15, 2015, effective January 1, 2016) – “A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to information relating to the representation of a client.”
  • 53. Duty of Confidentiality Comments to Illinois Rule 1.6 Acting Competently to Preserve Confidentiality [19] When transmitting a communication that includes information relating to the representation of a client, the lawyer must take reasonable precautions to prevent the information from coming into the hands of unintended recipients. This duty, however, does not require that the lawyer use special security measures if the method of communication affords a reasonable expectation of privacy. Special circumstances, however, may warrant special precautions. Factors to be considered in determining the reasonableness of the lawyer’s expectation of confidentiality include the sensitivity of the information and the extent to which the privacy of the communication is protected by law or by a confidentiality agreement. A client may require the lawyer to implement special security measures not required by this Rule or may give informed consent to the use of a means of communication that would otherwise be prohibited by this Rule.
  • 54. Duty of Confidentiality Comment to Model Rule 1.6, now in comments to Illinois Rule, effective January 1, 2016 Acting Competently to Preserve Confidentiality [18] Factors to be considered in determining the reasonableness of the lawyer’s efforts include, but are not limited to, the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, the cost of employing additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer’s ability to represent clients (e.g., by making a device or important piece of software excessively difficult to use).
  • 55. What does your client want? Illinois Rule 1.6, Comment [19]: “A client may require the lawyer to implement special security measures not required by this Rule or may give informed consent to forgo security measures that would otherwise be required by this Rule.”
  • 56. The Duties of Competence and Confidentiality Ariz. Bar. Op. 09-04 Lawyer encrypted files, installed layers of password protection, randomly generated folder names and passwords, and converted each document to PDF format that required password. • “In satisfying the duty to take reasonable security precautions, lawyers should consider firewalls, password protection schemes, encryption, anti-virus measures, etc.” • The duty “does not require a guarantee that the system will be invulnerable to unauthorized access.”
  • 57. Duty to Safeguard Client Property Illinois RPC 1.15(a) “A lawyer shall hold property of clients or third persons that is in a lawyer's possession in connection with a representation separate from the lawyer’s own property. ... Other property shall be identified as such and appropriately safeguarded.”
  • 58. ABA Formal Opinion 477 (May 11, 2017) • Unencrypted generally okay • But special circumstances/laws may require. • Lawyer must make “reasonable efforts to prevent inadvertent or unauthorized access” • Includes a “reasonable efforts” balancing • Concludes that: “A lawyer generally may transmit information relating to the representation of a client over the Internet….where…has undertaken reasonable efforts….”
  • 59. Termination of Representation Illinois RPC 1.16(d) “Upon termination of representation, a lawyer shall take steps to the extent reasonably practicable to protect a client's interests, such as giving reasonable notice to the client, allowing time for employment of other counsel, surrendering papers and property to which the client is entitled and refunding any advance payment of fee or expense that has not been earned or incurred. The lawyer may retain papers relating to the client to the extent permitted by other law.”
  • 60. Other Applicable Rules Duty to supervise (Rules 5.1 and 5.3) Illinois Rule 5.1(a): “A partner in a law firm, and a lawyer who individually or together with other lawyers possesses comparable managerial authority in a law firm, shall make reasonable efforts to ensure that the firm has in effect measures giving reasonable assurance that all lawyers in the firm conform to the Rules of Professional Conduct.”
  • 61. Other Applicable Rules Duty to supervise (Rules 5.1, 5.2 and 5.3) Illinois Rule 5.3: “With respect to a nonlawyer employed or retained by or associated with a lawyer: (a)    The lawyer, and, in a law firm, each partner, shall make reasonable efforts to ensure that the firm has in effect measures giving reasonable assurance that the nonlawyer's conduct is compatible with the professional obligations of the lawyer and the firm;
  • 62. Other Applicable Rules Warning to client? •You are obligated under Rule 1.4 to warn your client about the risk of using electronic communications where there is a significant risk that a 3d party may gain access. •E.g., when representing a company employee, employer could read/access the email. •And a warning may not be enough – you may be required to recommend to the client methods of ensuring that electronic communications remain confidential. •ABA Formal Op. 11-459 (8/4/11) •Texas Opinion No. 648
  • 63. And that’s not all… Duty to Former clients? Model Rule1.9(c) “[A] lawyer who has formerly represented a client in a matter or whose present or former firm has formerly represented a client in a matter shall not thereafter ... reveal information relating to the representation except as these Rules would permit or require with respect to a client.”
  • 64. What laws might be relevant? • Mass. Security Regulations (201 CMR 17.00) • Data Breach Notification laws (47 states, including Illinois have these laws) HIPAA/HITECH • Gramm Leach Bliley • Data Security Laws • Fiduciary Duty? • Malpractice laws?
  • 65. Applying the Rules • Your emails? • Your trash? • Your desk and office? • Working at a coffee shop? • Your workspace at home? • Portable data storage devices? • Your laptop? • Working in the “cloud”?
  • 66. Is there a duty to encrypt emails? – “A lawyer may transmit information relating to the representation of a client by unencrypted e-mail . . . because the mode of transmission affords a reasonable expectation of privacy from a technological and legal standpoint.” – “A lawyer should consult with the client and follow her instructions, however, as to the mode of transmitting highly sensitive information....” • ABA Formal Op. 99-413 (Mar. 10, 1999). •Texas Opinion No. 648
  • 67. Is there a duty to encrypt emails? – “Encrypting email may be a reasonable step for an attorney to take ... when the circumstance calls for it, particularly if the information at issue is highly sensitive and the use of encryption is not onerous.” • Cal. Op. 2010-179.
  • 68. Encryption- Illinois State Bar Association ISBA considered the question of sending unencrypted emails in ISBA Advisory Opinion 96-10 (which was reaffirmed in 2010), available at https://www.isba.org/sites/default/files/ethicsopinions/9 6-10.pdf, advised that unencrypted email is acceptable: “Because (1) the expectation of privacy for electronic mail is no less reasonable than the expectation of privacy for ordinary telephone calls, and (2) the unauthorized interception of an electronic message is subject to the [Electronic Communications Privacy Act ].”
  • 69. Encryption Revisited? - Many opinions on encryption outdated - Times/technology have changed - NYDFS Regulations - Does your client require encryption?
  • 70. Trash and recycling Shred everything privileged or confidential. When in doubt, or when you don’t know: Shred.
  • 71. Your office and your files Are you working with hard copies of sensitive information, like Protected Health Information (PHI) or Personally Identifiable Information (PII)?
  • 72. Can you use the Wifi at Starbucks? THE STATE BAR OF CALIFORNIA FORMAL OPINION NO. 2010-179 • Short answer: probably, if you take appropriate steps. • Before using a particular technology in the course of representing a client, an attorney must take appropriate steps to evaluate: 1) the level of security attendant to the use of that technology, including whether reasonable precautions may be taken when using the technology to increase the level of security; 2) the legal ramifications to a third party who intercepts, accesses or exceeds authorized use of the electronic information; 3) the degree of sensitivity of the information; 4) the possible impact on the client of an inadvertent disclosure of privileged or confidential information or work product; 5) the urgency of the situation; and 6) the client’s instructions and circumstances, such as access by others to the client’s devices and communications.
  • 73. Can you use the Wifi at Starbucks? THE STATE BAR OF CALIFORNIA FORMAL OPINION NO. 2010-179 • Attorney goes to local coffee shop and uses public wifi to work on firm laptop. • California state bar applied the multi-factor test, and said, not, an attorney risks violating his professional obligations unless • BUT…”With regard to the use of a public wireless connection, the Committee believes that, due to the lack of security features provided in most public wireless access locations, Attorney risks violating his duties of confidentiality and competence in using the wireless connection at the coffee shop to work on Client’s matter unless he takes appropriate precautions, such as using a combination of file encryption, encryption of wireless transmissions and a personal firewall. Depending on the sensitivity of the matter, Attorney may need to avoid using the public wireless connection entirely or notify Client of possible risks attendant to his use of the public wireless connection, including potential disclosure of confidential information and possible waiver of attorney-client privilege or work product protections, and seek her informed consent to do so.”
  • 74. What about the Wifi at home? THE STATE BAR OF CALIFORNIA FORMAL OPINION NO. 2010-179 “[I]f Attorney’s personal wireless system has been configured with appropriate security features, the Committee does not believe that Attorney would violate his duties of confidentiality and competence by working on Client’s matter at home. Otherwise, Attorney may need to notify Client of the risks and seek her informed consent, as with the public wireless connection.” • Citrix: Citrix XenApp offers “end to end” security and is generally considered secure.
  • 75. Portable Electronic Storage Devices Duties of Confidentiality And Competence What is an attorney’s obligation with respect to information stored on portable electronic storage devices, such as thumb drives, CD discs, and back- up storage drives? What are “reasonable steps”?
  • 76. What’s in your hard drive?
  • 77. Cloud “I says, Hey! You! Get off of my cloud Hey! You! Get off of my cloud Hey! You! Get off of my cloud Don't hang around 'cause two's a crowd.”- Get Off of My Cloud
  • 78. Working in the cloud? • Numerous ethical opinions relevant to this topic: •ISBA Ethics Op. 10-01 (July 2009) - ISBA Ethics Op. 16-06 (October 2016) - Affirms ability to use, but reasonable steps •Pennsylvania Formal Opinion 2011-200 •North Carolina 2011 Formal Op. 6 •New York State Bar Ethics Opinion 842 •Alabama Ethics Opinion 2010-2 •Washington State Bar Advisory Opinion 2215 •Iowa Bar Ethic Opinion 11-01 •Vermont Ethics Opinion 2010-6 •Massachusetts Bar Ethics Opinion 12-03 •New Hampshire Ethics Committee Advisory Op. #2012-13/4
  • 79. ISBA and Cloud - July 2009, Opinion No. 10-01- off-site network administrator - 2016: - Use of cloud vendor - Focused on 1.1 and 1.16(e) - Did attorney in selecting vendor act “reasonably and competently”?