SlideShare a Scribd company logo

Lex mundi 2011 confidentiality and knowledge collaboration presentation - facilitated by dave cunningham sep 2011

Download as PPTX, PDF
David Cunningham
David Cunningham
TechnologyNews & Politics
1 of 25
Confidentiality and Knowledge Collaboration Issues Relating to the Interrelationship of Knowledge Management and Data Privacy in Law Firms Presented by: James A. Harvey, Partner, Alston & Bird David Cunningham, Managing Director, HBR Consulting © 2011 HBR CONSULTING LLC. All rights reserved.
Data Privacy Overview Regulatory Obligations Data Privacy Client Confidential Firm Confidential Information Information 2
Examples of data that is regulated by one or more privacy/security statutes  Name  Physical or mental health  Social security number conditions  Last four of social security  Information regarding provision number of or payment for health care  Drivers license number  Financial information (electronic payroll deposit)  Date of birth  Credit card or debit card  Passport information information  Health information  Government identification  Maiden name numbers  Electronic or digitized signature  Tax information  Address or phone numbers  Biometric information (fingerprint, voice print, etc.) 3
Data Privacy Data Privacy Regulations HITECH / HIPAA Protected Health Information (PHI) Health and Human Services and Governing Body Federal Trade Commission State Privacy Laws Personally Identifiable Information (PII) Protected Health Information Sensitive Data • Internal HR data • Client data EU Data Protection Directive / Safe Harbor Personally Identifiable Information (PII) Compliance Date February 17, 2010 Red Flag $100 - $50,000 per incident; $1.5M Personally Identifiable Information (PII) Penalty max per year. Plus potential criminal penalties ITAR Classified Defense Information 4
Data Privacy Data Privacy Regulations HITECH / HIPAA Protected Health Information (PHI) State of Massachusetts Governing Body (example state) State Privacy Laws Personally Identifiable Information (PII) Personal information about a Sensitive Data resident of the Commonwealth of Massachusetts EU Data Protection Directive / Safe Harbor Compliance Date March 1, 2010 Personally Identifiable Information (PII) Red Flag $5,000 per incident plus costs of Personally Identifiable Information (PII) Penalty investigation, litigation and legal fees, plus potential civil penalties ITAR Classified Defense Information 5
Data Privacy Data Privacy Regulations HITECH / HIPAA Protected Health Information (PHI) US Dept of Commerce / Governing Body Federal Trade Commission State Privacy Laws Personally Identifiable Information (PII) Personal information transferred to Sensitive Data or from 27 Members States of the European Union EU Data Protection Directive / Voluntary Safe Harbor Compliance Date (replaces Data Transfer Agreements) Red Flag Personally Identifiable Information (PII) Penalty Up to $12,000 per day for violations ITAR Classified Defense Information 6
Data Privacy Data Privacy Regulations - Federal Trade Commission HITECH / HIPAA Governing Body Protected Health Information (PHI) via Fair Credit Reporting Act State Privacy Laws - Require financial institutions and Personally Identifiable Information (PII) creditors to create a program that provides for the identification, detection, and response to patterns, EU Data Protection Sensitive Data practices, or specific activities – Directive / known as “red flags.” Safe Harbor Personally Identifiable Information (PII) -The purpose of the Red Flags Rules is to help avoid identity theft. Red Flag Personally Identifiable Information (PII) Compliance Date - June 1, 2010 (law firms exempt) ITAR Classified Defense Information - $2,500 - $3,500 per violation, then Penalty up to $16,000 per violation for continued non-compliance 7
Data Privacy Data Privacy Regulations HITECH / HIPAA Protected Health Information (PHI) Governing Body US Department of State State Privacy Laws Personally Identifiable Information (PII) “Export of technical data and Sensitive Data classified defense articles”, as defined by the US Munitions List EU Data Protection Directive / 60 days in advance of any intended Safe Harbor Personally Identifiable Information (PII) Compliance Date sale or transfer to a foreign person of ownership or control Red Flag Personally Identifiable Information (PII) Per violation, civil fines up to $500K; Penalty criminal penalties up to $1M and 10 ITAR years imprisonment Classified Defense Information 8
Data Privacy Data Privacy Regulations Protection of Sensitive Data HITECH / HIPAA Protected Health Information (PHI) Client Data Leaks Client and Case / Transaction Data State Privacy Laws Personally Identifiable Information (PII) Firm Data Leaks Firm and Partner Confidential Data EU Data Protection Directive / Safe Harbor Personally Identifiable Information (PII) Red Flag Personally Identifiable Information (PII) ITAR Classified Defense Information 9
Data Privacy Data Privacy Regulations Protection of Sensitive Data HITECH / HIPAA Protected Health Information (PHI) Client Data Leaks Client and Case / Transaction Data State Privacy Laws Personally Identifiable Information (PII) Firm Data Leaks Firm and Partner Confidential Data EU Data Protection Directive / Safe Harbor Preservation Orders Personally Identifiable Information (PII) Litigation, Subpoena or Client Requests Red Flag Personally Identifiable Information (PII) Confidential Walls - Inclusionary Walls for Privacy and Subpoenas - Exclusionary Walls for Conflicts ITAR Classified Defense Information 10
Data Privacy Data Privacy Regulations Protection of Sensitive Data Standards Data HITECH / HIPAA Protected Health Information (PHI) Client Data Leaks Client and Case / Transaction Data State Privacy Laws Personally Identifiable Information (PII) Firm Data Leaks Firm and Partner Confidential Data EU Data Protection ISO 27001 Directive / Competence in Addressing Data Safe Harbor Preservation Orders Confidentiality Personally Identifiable Information (PII) Litigation, Subpoena or Client Requests Red Flag Personally Identifiable Information (PII) Confidential Walls - Inclusionary Walls for Privacy and Subpoenas - Exclusionary Walls for Conflicts ITAR Classified Defense Information 11
12
13 13
„Anonymous‟ Hacking of HB Gary  HB Gary, a security firm, was working with Hunton & Williams to help protect Bank of America from Wikileaks contributions.  The CEO of HB Gary announces his company has infiltrated the security group Anonymous.  In retaliation, Anonymous took control of HB Gary‟s e-mail, dumping 68,000 e-mails, erasing files, and taking down their phone system.  They exposed contributors to Wikileaks and HB Gary‟s CEO‟s home address and social security number. 14
Security Hacking for a Cause  Hackers appear to be widening their targets, stealing information from vendors or contractors that may have strategic data about their clients, including public relations and law firms  Law firms have been hacked due to their roles associated with copyright law  King & Spalding was a large firm known to have been attacked 15
Ex-Sonsini Attorney Charged In $32M Insider Trading Case  A former senior associate at Wilson Sonsini Goodrich & Rosati PC was arrested and charged in connection with allegations that he stole inside information from three firms that netted $32 million in a decades long insider trading scheme.  Kluger regularly “stole and disclosed material, nonpublic information regarding anticipated corporate mergers and acquisitions on which his law firms were working,” according to a copy of the criminal complaint. 16
From whom are knowledge managers protecting data?  Internal – Employees with insider trading intentions – Employees who accidentally see confidential data – Employees who re-use content outside their expertise – Attorney client privilege – Stock trading without appropriate notification and disclosure  External – Clients and third parties who may accidentally be sent confidential information 17
What sources of information may be useful to insiders?  Document management  Extranet sites (document names and  Verbal discussions descriptions)  Records data  Precedents  Newsletters and status  Active material reports  Litigation support data  Physical war rooms  Conflicts  Travel agendas  New business intake  Legal project management  Time entry systems 18
How do firms protect this information? Standard Tools  Policies  Password protection for documents  Ethical training and and spreadsheets reinforcement  Locking and wiping of remote  Ethical walls for known sensitive access devices; security software matters on remote device  Project code names  Minimum password sophistication  Enterprise searching that  Required screen saver usage recognizes folder and file  Two-factor authentication security  Account auditing / monitoring 19
How do firms protect this information? Emerging Tools  Document naming standards  Matters secured by default / ethical walls for all matters  Knowledge Management as gatekeeper  Third party agreements and procedures  Identity management  Monitoring for unusual activity (users and IT)  Encryption (data in transit / data at rest)  Intelligent redaction software 20
Data Privacy Solutions 21
Questions?  Jim Harvey jim.harvey@alston.com  Dave Cunningham dcunningham@hbrconsulting.com 22
Data Privacy - General Adequacy Questions  Does the Firm need the personal data that it is collecting about an individual?  Can the Firm document what it will use the personal data for?  Do these individuals know that the Firm has their personal data and do they understand what it will be used for?  If the Firm is asked to pass on personal data, would these individuals expect the Firm to do this?  Is the Firm satisfied that the information is being held securely, whether it is on paper, on computer, or during transfer? Is the Firm willing to face a regulatory audit on this security?  Is it secure and are proper contracts with the third parties in place?  Is access to personal data limited to those with a strict need to know at the Firm?  Is the Firm sure that all personal data is accurate and up to date?  Does the Firm delete or destroy personal information as soon as it has no more need for it?  Has the Firm trained all of its attorneys and staff in their duties and responsibilities under all relevant data protection laws and are all of its attorneys and staff satisfying their duties and responsibilities?  Are all notifications to all Data or Information Commissioners current? 23
Selected Articles Block, Meg & David Cunningham. “Legal Information Risk – Action Plan and Roadmap,” Peer to Peer, June 2011. http://www.mygazines.com/issue/34686/33 Harbert, Tam. “Catch Me If You Can,” Law Technology News, June 1, 2011. http://www.law.com/jsp/lawtechnologynews/PubArticleLTN.jsp?id =1202494769505&slreturn=1&hbxlogin=1 Nelson, Sharon. “Your Chance of Being Hacked in Twelve Months Now a „Statistical Certainty,‟” Ride The Lightning Electronic Evidence Blog, June 30, 2011. http://ridethelightning.senseient.com/2011/06/your-chance-of- being-hacked-in-twelve-months-now-a-statistical-certainty.html 24
Selected Resources Law Firm Risk Resouces (short list from 2009). http://lawfirmriskresources.wikispaces.com/ Law Firm Risk Management Blog. http://www.lawfirmrisk.com/ InfoRiskAwareness Blog (UK focus). http://inforiskawareness.co.uk/best_practice/ Hildebrandt Baker Robbins Blog (selected posts). http://info.hbrconsulting.com/blog/archive/2011/06/01/balancing- information-security-and-collaboration-a-knowledge-management- view.aspx and http://info.hbrconsulting.com/blog/archive/2011/05/13/risk- management-at-law-firms-a-rapidly-evolving-issue.aspx 25

Recommended

Law firm data privacy by dave cunningham
Law firm data privacy by dave cunninghamLaw firm data privacy by dave cunningham
Law firm data privacy by dave cunninghamDavid Cunningham
 
Cyber & Privacy Liability for Health Care Industry
Cyber & Privacy Liability for Health Care IndustryCyber & Privacy Liability for Health Care Industry
Cyber & Privacy Liability for Health Care IndustryFerrariT1
 
Federal Data Protection Act (FDPA)
Federal Data Protection Act (FDPA)Federal Data Protection Act (FDPA)
Federal Data Protection Act (FDPA)AMIPCI
 
Massachusetts New Data Security Laws Presentation
Massachusetts New Data Security Laws PresentationMassachusetts New Data Security Laws Presentation
Massachusetts New Data Security Laws Presentationbillanetworks
 
Ecommerce Chap 10
Ecommerce Chap 10Ecommerce Chap 10
Ecommerce Chap 10Pimsat University
 
California Privacy Law: Resources & Protections
California Privacy Law: Resources & ProtectionsCalifornia Privacy Law: Resources & Protections
California Privacy Law: Resources & Protectionsipspat
 
Privacy Impact Assessment Methodologies for Protection of Personal Data
Privacy Impact Assessment Methodologies for Protection of Personal DataPrivacy Impact Assessment Methodologies for Protection of Personal Data
Privacy Impact Assessment Methodologies for Protection of Personal DataH. T. Besik
 
Privacy - USC 2005
Privacy - USC 2005Privacy - USC 2005
Privacy - USC 2005Internet Law Center
 

Recommended

Law firm data privacy by dave cunningham
Law firm data privacy by dave cunninghamLaw firm data privacy by dave cunningham
Law firm data privacy by dave cunninghamDavid Cunningham
 
Cyber & Privacy Liability for Health Care Industry
Cyber & Privacy Liability for Health Care IndustryCyber & Privacy Liability for Health Care Industry
Cyber & Privacy Liability for Health Care IndustryFerrariT1
 
Federal Data Protection Act (FDPA)
Federal Data Protection Act (FDPA)Federal Data Protection Act (FDPA)
Federal Data Protection Act (FDPA)AMIPCI
 
Massachusetts New Data Security Laws Presentation
Massachusetts New Data Security Laws PresentationMassachusetts New Data Security Laws Presentation
Massachusetts New Data Security Laws Presentationbillanetworks
 
Ecommerce Chap 10
Ecommerce Chap 10Ecommerce Chap 10
Ecommerce Chap 10Pimsat University
 
California Privacy Law: Resources & Protections
California Privacy Law: Resources & ProtectionsCalifornia Privacy Law: Resources & Protections
California Privacy Law: Resources & Protectionsipspat
 
Privacy Impact Assessment Methodologies for Protection of Personal Data
Privacy Impact Assessment Methodologies for Protection of Personal DataPrivacy Impact Assessment Methodologies for Protection of Personal Data
Privacy Impact Assessment Methodologies for Protection of Personal DataH. T. Besik
 
Privacy - USC 2005
Privacy - USC 2005Privacy - USC 2005
Privacy - USC 2005Internet Law Center
 
The Case for Mandatory Data Breach Disclosure Laws
The Case for Mandatory Data Breach Disclosure LawsThe Case for Mandatory Data Breach Disclosure Laws
The Case for Mandatory Data Breach Disclosure LawsBrian Honan
 
Your User's Privacy
Your User's PrivacyYour User's Privacy
Your User's Privacyadunne
 
Regulatory compliance 2018
Regulatory compliance 2018Regulatory compliance 2018
Regulatory compliance 2018ProColombia
 
MA 201 CMR 17.00 Personal Identity Security
MA 201 CMR 17.00 Personal Identity SecurityMA 201 CMR 17.00 Personal Identity Security
MA 201 CMR 17.00 Personal Identity SecurityArpin Consulting
 
Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009brentcarey
 
4. florence dupre new usagesprivacy legal framework fd
4. florence dupre new usagesprivacy legal framework fd4. florence dupre new usagesprivacy legal framework fd
4. florence dupre new usagesprivacy legal framework fdGlobalForum
 
10 Things You Need To Know About Privacy
10 Things You Need To Know About Privacy10 Things You Need To Know About Privacy
10 Things You Need To Know About PrivacyNow Dentons
 
Developing a Legal Framework to Combat Cybercrime
Developing a Legal Framework to Combat CybercrimeDeveloping a Legal Framework to Combat Cybercrime
Developing a Legal Framework to Combat CybercrimeMarcelo Gomes Freire
 
Privacy in India: Legal issues
Privacy in India: Legal issuesPrivacy in India: Legal issues
Privacy in India: Legal issuesSagar Rahurkar
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_indiaAltacit Global
 
What happens to our virtual account or digital asset or data after our death ?
What happens to our virtual account or digital asset or data after our death ?What happens to our virtual account or digital asset or data after our death ?
What happens to our virtual account or digital asset or data after our death ?Bivas Chatterjee
 
Under Lock And Key
Under Lock And KeyUnder Lock And Key
Under Lock And KeyYarko Petriw
 
State Data Breach Laws - A National Patchwork Quilt
State Data Breach Laws - A National Patchwork QuiltState Data Breach Laws - A National Patchwork Quilt
State Data Breach Laws - A National Patchwork QuiltRochester Security Summit
 
Case for-secure-email-encryption
Case for-secure-email-encryptionCase for-secure-email-encryption
Case for-secure-email-encryptionNeoCertified
 
10. law invest & ethics
10. law invest & ethics10. law invest & ethics
10. law invest & ethics7wounders
 
Advisory April Showers 02.19.2009
Advisory April Showers 02.19.2009Advisory April Showers 02.19.2009
Advisory April Showers 02.19.2009Davis Wright Tremaine LLP
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislationUlf Mattsson
 
1307 Privacy Act
1307 Privacy Act1307 Privacy Act
1307 Privacy ActZowie Murray
 
2004 national science foundation knowledge management and network collaborati...
2004 national science foundation knowledge management and network collaborati...2004 national science foundation knowledge management and network collaborati...
2004 national science foundation knowledge management and network collaborati...Christopher Thorn
 
Wikis In Knowledge Management Enabling Effective Collaboration
Wikis In Knowledge Management Enabling Effective CollaborationWikis In Knowledge Management Enabling Effective Collaboration
Wikis In Knowledge Management Enabling Effective CollaborationColin Mooney
 
Lessons from the front line: Next generation knowledge management using socia...
Lessons from the front line: Next generation knowledge management using socia...Lessons from the front line: Next generation knowledge management using socia...
Lessons from the front line: Next generation knowledge management using socia...Velrada
 
Knowledge Management Using Enterprise Wiki, Collaboration and Social Media? A...
Knowledge Management Using Enterprise Wiki, Collaboration and Social Media? A...Knowledge Management Using Enterprise Wiki, Collaboration and Social Media? A...
Knowledge Management Using Enterprise Wiki, Collaboration and Social Media? A...Alex Heiphetz
 

More Related Content

What's hot

The Case for Mandatory Data Breach Disclosure Laws
The Case for Mandatory Data Breach Disclosure LawsThe Case for Mandatory Data Breach Disclosure Laws
The Case for Mandatory Data Breach Disclosure LawsBrian Honan
 
Your User's Privacy
Your User's PrivacyYour User's Privacy
Your User's Privacyadunne
 
Regulatory compliance 2018
Regulatory compliance 2018Regulatory compliance 2018
Regulatory compliance 2018ProColombia
 
MA 201 CMR 17.00 Personal Identity Security
MA 201 CMR 17.00 Personal Identity SecurityMA 201 CMR 17.00 Personal Identity Security
MA 201 CMR 17.00 Personal Identity SecurityArpin Consulting
 
Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009brentcarey
 
4. florence dupre new usagesprivacy legal framework fd
4. florence dupre new usagesprivacy legal framework fd4. florence dupre new usagesprivacy legal framework fd
4. florence dupre new usagesprivacy legal framework fdGlobalForum
 
10 Things You Need To Know About Privacy
10 Things You Need To Know About Privacy10 Things You Need To Know About Privacy
10 Things You Need To Know About PrivacyNow Dentons
 
Developing a Legal Framework to Combat Cybercrime
Developing a Legal Framework to Combat CybercrimeDeveloping a Legal Framework to Combat Cybercrime
Developing a Legal Framework to Combat CybercrimeMarcelo Gomes Freire
 
Privacy in India: Legal issues
Privacy in India: Legal issuesPrivacy in India: Legal issues
Privacy in India: Legal issuesSagar Rahurkar
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_indiaAltacit Global
 
What happens to our virtual account or digital asset or data after our death ?
What happens to our virtual account or digital asset or data after our death ?What happens to our virtual account or digital asset or data after our death ?
What happens to our virtual account or digital asset or data after our death ?Bivas Chatterjee
 
Under Lock And Key
Under Lock And KeyUnder Lock And Key
Under Lock And KeyYarko Petriw
 
State Data Breach Laws - A National Patchwork Quilt
State Data Breach Laws - A National Patchwork QuiltState Data Breach Laws - A National Patchwork Quilt
State Data Breach Laws - A National Patchwork QuiltRochester Security Summit
 
Case for-secure-email-encryption
Case for-secure-email-encryptionCase for-secure-email-encryption
Case for-secure-email-encryptionNeoCertified
 
10. law invest & ethics
10. law invest & ethics10. law invest & ethics
10. law invest & ethics7wounders
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislationUlf Mattsson
 

What's hot (18)

The Case for Mandatory Data Breach Disclosure Laws
The Case for Mandatory Data Breach Disclosure LawsThe Case for Mandatory Data Breach Disclosure Laws
The Case for Mandatory Data Breach Disclosure Laws
 
Your User's Privacy
Your User's PrivacyYour User's Privacy
Your User's Privacy
 
Regulatory compliance 2018
Regulatory compliance 2018Regulatory compliance 2018
Regulatory compliance 2018
 
MA 201 CMR 17.00 Personal Identity Security
MA 201 CMR 17.00 Personal Identity SecurityMA 201 CMR 17.00 Personal Identity Security
MA 201 CMR 17.00 Personal Identity Security
 
Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009
 
4. florence dupre new usagesprivacy legal framework fd
4. florence dupre new usagesprivacy legal framework fd4. florence dupre new usagesprivacy legal framework fd
4. florence dupre new usagesprivacy legal framework fd
 
10 Things You Need To Know About Privacy
10 Things You Need To Know About Privacy10 Things You Need To Know About Privacy
10 Things You Need To Know About Privacy
 
Developing a Legal Framework to Combat Cybercrime
Developing a Legal Framework to Combat CybercrimeDeveloping a Legal Framework to Combat Cybercrime
Developing a Legal Framework to Combat Cybercrime
 
Privacy in India: Legal issues
Privacy in India: Legal issuesPrivacy in India: Legal issues
Privacy in India: Legal issues
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_india
 
What happens to our virtual account or digital asset or data after our death ?
What happens to our virtual account or digital asset or data after our death ?What happens to our virtual account or digital asset or data after our death ?
What happens to our virtual account or digital asset or data after our death ?
 
Under Lock And Key
Under Lock And KeyUnder Lock And Key
Under Lock And Key
 
State Data Breach Laws - A National Patchwork Quilt
State Data Breach Laws - A National Patchwork QuiltState Data Breach Laws - A National Patchwork Quilt
State Data Breach Laws - A National Patchwork Quilt
 
Case for-secure-email-encryption
Case for-secure-email-encryptionCase for-secure-email-encryption
Case for-secure-email-encryption
 
10. law invest & ethics
10. law invest & ethics10. law invest & ethics
10. law invest & ethics
 
Advisory April Showers 02.19.2009
Advisory April Showers 02.19.2009Advisory April Showers 02.19.2009
Advisory April Showers 02.19.2009
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislation
 
1307 Privacy Act
1307 Privacy Act1307 Privacy Act
1307 Privacy Act
 

Viewers also liked

2004 national science foundation knowledge management and network collaborati...
2004 national science foundation knowledge management and network collaborati...2004 national science foundation knowledge management and network collaborati...
2004 national science foundation knowledge management and network collaborati...Christopher Thorn
 
Wikis In Knowledge Management Enabling Effective Collaboration
Wikis In Knowledge Management Enabling Effective CollaborationWikis In Knowledge Management Enabling Effective Collaboration
Wikis In Knowledge Management Enabling Effective CollaborationColin Mooney
 
Lessons from the front line: Next generation knowledge management using socia...
Lessons from the front line: Next generation knowledge management using socia...Lessons from the front line: Next generation knowledge management using socia...
Lessons from the front line: Next generation knowledge management using socia...Velrada
 
Knowledge Management Using Enterprise Wiki, Collaboration and Social Media? A...
Knowledge Management Using Enterprise Wiki, Collaboration and Social Media? A...Knowledge Management Using Enterprise Wiki, Collaboration and Social Media? A...
Knowledge Management Using Enterprise Wiki, Collaboration and Social Media? A...Alex Heiphetz
 
New Wave Collaboration And Enterprise 2.0
New Wave Collaboration And Enterprise 2.0New Wave Collaboration And Enterprise 2.0
New Wave Collaboration And Enterprise 2.0Daniel Pritchett
 
Strategic technology roadmap for space x
Strategic technology roadmap for space xStrategic technology roadmap for space x
Strategic technology roadmap for space xCarles Debart
 

Viewers also liked (6)

2004 national science foundation knowledge management and network collaborati...
2004 national science foundation knowledge management and network collaborati...2004 national science foundation knowledge management and network collaborati...
2004 national science foundation knowledge management and network collaborati...
 
Wikis In Knowledge Management Enabling Effective Collaboration
Wikis In Knowledge Management Enabling Effective CollaborationWikis In Knowledge Management Enabling Effective Collaboration
Wikis In Knowledge Management Enabling Effective Collaboration
 
Lessons from the front line: Next generation knowledge management using socia...
Lessons from the front line: Next generation knowledge management using socia...Lessons from the front line: Next generation knowledge management using socia...
Lessons from the front line: Next generation knowledge management using socia...
 
Knowledge Management Using Enterprise Wiki, Collaboration and Social Media? A...
Knowledge Management Using Enterprise Wiki, Collaboration and Social Media? A...Knowledge Management Using Enterprise Wiki, Collaboration and Social Media? A...
Knowledge Management Using Enterprise Wiki, Collaboration and Social Media? A...
 
New Wave Collaboration And Enterprise 2.0
New Wave Collaboration And Enterprise 2.0New Wave Collaboration And Enterprise 2.0
New Wave Collaboration And Enterprise 2.0
 
Strategic technology roadmap for space x
Strategic technology roadmap for space xStrategic technology roadmap for space x
Strategic technology roadmap for space x
 

Similar to Lex mundi 2011 confidentiality and knowledge collaboration presentation - facilitated by dave cunningham sep 2011

Personally Identifiable Information – FTC: Identity theft is the most common ...
Personally Identifiable Information – FTC: Identity theft is the most common ...Personally Identifiable Information – FTC: Identity theft is the most common ...
Personally Identifiable Information – FTC: Identity theft is the most common ...Jan Carroza
 
How Will Privacy Regulation Impact Your Business in 2012
How Will Privacy Regulation Impact Your Business in 2012How Will Privacy Regulation Impact Your Business in 2012
How Will Privacy Regulation Impact Your Business in 2012Vivastream
 
Lily lim data privacy ownership and ethics
Lily lim data privacy ownership and ethicsLily lim data privacy ownership and ethics
Lily lim data privacy ownership and ethicsMassTLC
 
Hildebrandt baker robbins presentation for coo roundtable 2010 by dave cunn...
Hildebrandt baker robbins presentation for coo roundtable 2010 by dave cunn...Hildebrandt baker robbins presentation for coo roundtable 2010 by dave cunn...
Hildebrandt baker robbins presentation for coo roundtable 2010 by dave cunn...David Cunningham
 
Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000n|u - The Open Security Community
 
Protecting PHI with encryption for HIPAA compliance
Protecting PHI with encryption for HIPAA complianceProtecting PHI with encryption for HIPAA compliance
Protecting PHI with encryption for HIPAA complianceTodd Merrill
 
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionTrend Micro
 
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfAll_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfJakeAldrinDegala1
 
Gagnier's Portion of TechWeek Chicago Presentation
Gagnier's Portion of TechWeek Chicago PresentationGagnier's Portion of TechWeek Chicago Presentation
Gagnier's Portion of TechWeek Chicago PresentationChristina Gagnier
 
Deconstructing the cost of a data breach
Deconstructing the cost of a data breachDeconstructing the cost of a data breach
Deconstructing the cost of a data breachPatrick Florer
 
The 5 Things All In-House Counsel Need to Know about Privacy + Data Security
The 5 Things All In-House Counsel Need to Know about Privacy + Data SecurityThe 5 Things All In-House Counsel Need to Know about Privacy + Data Security
The 5 Things All In-House Counsel Need to Know about Privacy + Data SecurityKegler Brown Hill + Ritter
 
IBM Smarter Commerce Florida 2014 The Furture of Privacy by Aurélie Pols & Bl...
IBM Smarter Commerce Florida 2014 The Furture of Privacy by Aurélie Pols & Bl...IBM Smarter Commerce Florida 2014 The Furture of Privacy by Aurélie Pols & Bl...
IBM Smarter Commerce Florida 2014 The Furture of Privacy by Aurélie Pols & Bl...FLUZO
 
2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?Raffa Learning Community
 
Privacy Implications of Biometric Data - Kevin Nevias
Privacy Implications of Biometric Data - Kevin NeviasPrivacy Implications of Biometric Data - Kevin Nevias
Privacy Implications of Biometric Data - Kevin NeviasKevin Nevias
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentDonald E. Hester
 
Ethical & Legal Issues for Health IT in Thailand's Context
Ethical & Legal Issues for Health IT in Thailand's ContextEthical & Legal Issues for Health IT in Thailand's Context
Ethical & Legal Issues for Health IT in Thailand's ContextNawanan Theera-Ampornpunt
 
Deconstructing The Cost Of A Data Breach
Deconstructing The Cost Of A Data BreachDeconstructing The Cost Of A Data Breach
Deconstructing The Cost Of A Data Breachhgoodnight
 
Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw bu...
Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw bu...Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw bu...
Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw bu...DDMA
 
Data Security and Regulatory Compliance
Data Security and Regulatory ComplianceData Security and Regulatory Compliance
Data Security and Regulatory ComplianceLifeline Data Centers
 

Similar to Lex mundi 2011 confidentiality and knowledge collaboration presentation - facilitated by dave cunningham sep 2011 (20)

Personally Identifiable Information – FTC: Identity theft is the most common ...
Personally Identifiable Information – FTC: Identity theft is the most common ...Personally Identifiable Information – FTC: Identity theft is the most common ...
Personally Identifiable Information – FTC: Identity theft is the most common ...
 
How Will Privacy Regulation Impact Your Business in 2012
How Will Privacy Regulation Impact Your Business in 2012How Will Privacy Regulation Impact Your Business in 2012
How Will Privacy Regulation Impact Your Business in 2012
 
Lily lim data privacy ownership and ethics
Lily lim data privacy ownership and ethicsLily lim data privacy ownership and ethics
Lily lim data privacy ownership and ethics
 
Hildebrandt baker robbins presentation for coo roundtable 2010 by dave cunn...
Hildebrandt baker robbins presentation for coo roundtable 2010 by dave cunn...Hildebrandt baker robbins presentation for coo roundtable 2010 by dave cunn...
Hildebrandt baker robbins presentation for coo roundtable 2010 by dave cunn...
 
Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000
 
Protecting PHI with encryption for HIPAA compliance
Protecting PHI with encryption for HIPAA complianceProtecting PHI with encryption for HIPAA compliance
Protecting PHI with encryption for HIPAA compliance
 
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryption
 
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfAll_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
 
HIPAA vs GDPR The How, What, and Why ?
HIPAA vs GDPR The How, What, and Why ? HIPAA vs GDPR The How, What, and Why ?
HIPAA vs GDPR The How, What, and Why ?
 
Gagnier's Portion of TechWeek Chicago Presentation
Gagnier's Portion of TechWeek Chicago PresentationGagnier's Portion of TechWeek Chicago Presentation
Gagnier's Portion of TechWeek Chicago Presentation
 
Deconstructing the cost of a data breach
Deconstructing the cost of a data breachDeconstructing the cost of a data breach
Deconstructing the cost of a data breach
 
The 5 Things All In-House Counsel Need to Know about Privacy + Data Security
The 5 Things All In-House Counsel Need to Know about Privacy + Data SecurityThe 5 Things All In-House Counsel Need to Know about Privacy + Data Security
The 5 Things All In-House Counsel Need to Know about Privacy + Data Security
 
IBM Smarter Commerce Florida 2014 The Furture of Privacy by Aurélie Pols & Bl...
IBM Smarter Commerce Florida 2014 The Furture of Privacy by Aurélie Pols & Bl...IBM Smarter Commerce Florida 2014 The Furture of Privacy by Aurélie Pols & Bl...
IBM Smarter Commerce Florida 2014 The Furture of Privacy by Aurélie Pols & Bl...
 
2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?
 
Privacy Implications of Biometric Data - Kevin Nevias
Privacy Implications of Biometric Data - Kevin NeviasPrivacy Implications of Biometric Data - Kevin Nevias
Privacy Implications of Biometric Data - Kevin Nevias
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local Government
 
Ethical & Legal Issues for Health IT in Thailand's Context
Ethical & Legal Issues for Health IT in Thailand's ContextEthical & Legal Issues for Health IT in Thailand's Context
Ethical & Legal Issues for Health IT in Thailand's Context
 
Deconstructing The Cost Of A Data Breach
Deconstructing The Cost Of A Data BreachDeconstructing The Cost Of A Data Breach
Deconstructing The Cost Of A Data Breach
 
Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw bu...
Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw bu...Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw bu...
Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw bu...
 
Data Security and Regulatory Compliance
Data Security and Regulatory ComplianceData Security and Regulatory Compliance
Data Security and Regulatory Compliance
 

More from David Cunningham

The business of data analytics and business intelligence 15 nov 2016
The business of data analytics and business intelligence 15 nov 2016The business of data analytics and business intelligence 15 nov 2016
The business of data analytics and business intelligence 15 nov 2016David Cunningham
 
CLOC Legal Project Management and Simple RFPs
CLOC Legal Project Management and Simple RFPsCLOC Legal Project Management and Simple RFPs
CLOC Legal Project Management and Simple RFPsDavid Cunningham
 
Iltacon cio corporate legal operations consortium (cloc) metrics aug 2015
Iltacon cio corporate legal operations consortium (cloc) metrics aug 2015Iltacon cio corporate legal operations consortium (cloc) metrics aug 2015
Iltacon cio corporate legal operations consortium (cloc) metrics aug 2015David Cunningham
 
ALA 2005 Outsourcing - Making a Decision that Fits by Dave Cunningham Apr 2005
ALA 2005 Outsourcing - Making a Decision that Fits by Dave Cunningham Apr 2005ALA 2005 Outsourcing - Making a Decision that Fits by Dave Cunningham Apr 2005
ALA 2005 Outsourcing - Making a Decision that Fits by Dave Cunningham Apr 2005David Cunningham
 
Ilta 2005 - Evaluating Managed Services - Benchmarks and Case Studies by Dave...
Ilta 2005 - Evaluating Managed Services - Benchmarks and Case Studies by Dave...Ilta 2005 - Evaluating Managed Services - Benchmarks and Case Studies by Dave...
Ilta 2005 - Evaluating Managed Services - Benchmarks and Case Studies by Dave...David Cunningham
 
Ilta06 developing and selling an enterprise risk management approach by dave ...
Ilta06 developing and selling an enterprise risk management approach by dave ...Ilta06 developing and selling an enterprise risk management approach by dave ...
Ilta06 developing and selling an enterprise risk management approach by dave ...David Cunningham
 
Establishing a framework for it governance by dave cunningham 2007
Establishing a framework for it governance by dave cunningham 2007Establishing a framework for it governance by dave cunningham 2007
Establishing a framework for it governance by dave cunningham 2007David Cunningham
 
Ilta 2008 challenges in demonstrating it payoff presentation by dave cunningh...
Ilta 2008 challenges in demonstrating it payoff presentation by dave cunningh...Ilta 2008 challenges in demonstrating it payoff presentation by dave cunningh...
Ilta 2008 challenges in demonstrating it payoff presentation by dave cunningh...David Cunningham
 
Lit con 2009 collaborate to mitigate panel - facilitated by dave cunningham...
Lit con 2009 collaborate to mitigate panel - facilitated by dave cunningham...Lit con 2009 collaborate to mitigate panel - facilitated by dave cunningham...
Lit con 2009 collaborate to mitigate panel - facilitated by dave cunningham...David Cunningham
 
Ilta 2009 law firm risk management can it grow profitability - panel member...
Ilta 2009 law firm risk management can it grow profitability - panel member...Ilta 2009 law firm risk management can it grow profitability - panel member...
Ilta 2009 law firm risk management can it grow profitability - panel member...David Cunningham
 
Out with the old it in with the new by david cunningham - sep 2009
Out with the old it in with the new by david cunningham - sep 2009Out with the old it in with the new by david cunningham - sep 2009
Out with the old it in with the new by david cunningham - sep 2009David Cunningham
 
Managing partner retreat using technology to streamline the practice of law...
Managing partner retreat using technology to streamline the practice of law...Managing partner retreat using technology to streamline the practice of law...
Managing partner retreat using technology to streamline the practice of law...David Cunningham
 
Law journal news it is dead article; long live it controlling costs while g...
Law journal news it is dead article; long live it controlling costs while g...Law journal news it is dead article; long live it controlling costs while g...
Law journal news it is dead article; long live it controlling costs while g...David Cunningham
 
Risk management for law firms chapter 1 ark 2009 by dave cunningham
Risk management for law firms chapter 1 ark 2009 by dave cunninghamRisk management for law firms chapter 1 ark 2009 by dave cunningham
Risk management for law firms chapter 1 ark 2009 by dave cunninghamDavid Cunningham
 
Risk management for law firms chapter 2 ark 2009 by meg block
Risk management for law firms chapter 2 ark 2009 by meg blockRisk management for law firms chapter 2 ark 2009 by meg block
Risk management for law firms chapter 2 ark 2009 by meg blockDavid Cunningham
 
Trends shaping the future of legal risk management by dave cunningham and m...
Trends shaping the future of legal risk management by dave cunningham and m...Trends shaping the future of legal risk management by dave cunningham and m...
Trends shaping the future of legal risk management by dave cunningham and m...David Cunningham
 
Ltn 2010 02 risk glossary by dave cunningham on page 23
Ltn 2010 02 risk glossary by dave cunningham on page 23Ltn 2010 02 risk glossary by dave cunningham on page 23
Ltn 2010 02 risk glossary by dave cunningham on page 23David Cunningham
 
Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...David Cunningham
 
Ala 2005 rfp best practices by dave cunningham apr 2005
Ala 2005 rfp best practices by dave cunningham apr 2005Ala 2005 rfp best practices by dave cunningham apr 2005
Ala 2005 rfp best practices by dave cunningham apr 2005David Cunningham
 

More from David Cunningham (20)

The business of data analytics and business intelligence 15 nov 2016
The business of data analytics and business intelligence 15 nov 2016The business of data analytics and business intelligence 15 nov 2016
The business of data analytics and business intelligence 15 nov 2016
 
50 Shades of Metrics
50 Shades of Metrics50 Shades of Metrics
50 Shades of Metrics
 
CLOC Legal Project Management and Simple RFPs
CLOC Legal Project Management and Simple RFPsCLOC Legal Project Management and Simple RFPs
CLOC Legal Project Management and Simple RFPs
 
Iltacon cio corporate legal operations consortium (cloc) metrics aug 2015
Iltacon cio corporate legal operations consortium (cloc) metrics aug 2015Iltacon cio corporate legal operations consortium (cloc) metrics aug 2015
Iltacon cio corporate legal operations consortium (cloc) metrics aug 2015
 
ALA 2005 Outsourcing - Making a Decision that Fits by Dave Cunningham Apr 2005
ALA 2005 Outsourcing - Making a Decision that Fits by Dave Cunningham Apr 2005ALA 2005 Outsourcing - Making a Decision that Fits by Dave Cunningham Apr 2005
ALA 2005 Outsourcing - Making a Decision that Fits by Dave Cunningham Apr 2005
 
Ilta 2005 - Evaluating Managed Services - Benchmarks and Case Studies by Dave...
Ilta 2005 - Evaluating Managed Services - Benchmarks and Case Studies by Dave...Ilta 2005 - Evaluating Managed Services - Benchmarks and Case Studies by Dave...
Ilta 2005 - Evaluating Managed Services - Benchmarks and Case Studies by Dave...
 
Ilta06 developing and selling an enterprise risk management approach by dave ...
Ilta06 developing and selling an enterprise risk management approach by dave ...Ilta06 developing and selling an enterprise risk management approach by dave ...
Ilta06 developing and selling an enterprise risk management approach by dave ...
 
Establishing a framework for it governance by dave cunningham 2007
Establishing a framework for it governance by dave cunningham 2007Establishing a framework for it governance by dave cunningham 2007
Establishing a framework for it governance by dave cunningham 2007
 
Ilta 2008 challenges in demonstrating it payoff presentation by dave cunningh...
Ilta 2008 challenges in demonstrating it payoff presentation by dave cunningh...Ilta 2008 challenges in demonstrating it payoff presentation by dave cunningh...
Ilta 2008 challenges in demonstrating it payoff presentation by dave cunningh...
 
Lit con 2009 collaborate to mitigate panel - facilitated by dave cunningham...
Lit con 2009 collaborate to mitigate panel - facilitated by dave cunningham...Lit con 2009 collaborate to mitigate panel - facilitated by dave cunningham...
Lit con 2009 collaborate to mitigate panel - facilitated by dave cunningham...
 
Ilta 2009 law firm risk management can it grow profitability - panel member...
Ilta 2009 law firm risk management can it grow profitability - panel member...Ilta 2009 law firm risk management can it grow profitability - panel member...
Ilta 2009 law firm risk management can it grow profitability - panel member...
 
Out with the old it in with the new by david cunningham - sep 2009
Out with the old it in with the new by david cunningham - sep 2009Out with the old it in with the new by david cunningham - sep 2009
Out with the old it in with the new by david cunningham - sep 2009
 
Managing partner retreat using technology to streamline the practice of law...
Managing partner retreat using technology to streamline the practice of law...Managing partner retreat using technology to streamline the practice of law...
Managing partner retreat using technology to streamline the practice of law...
 
Law journal news it is dead article; long live it controlling costs while g...
Law journal news it is dead article; long live it controlling costs while g...Law journal news it is dead article; long live it controlling costs while g...
Law journal news it is dead article; long live it controlling costs while g...
 
Risk management for law firms chapter 1 ark 2009 by dave cunningham
Risk management for law firms chapter 1 ark 2009 by dave cunninghamRisk management for law firms chapter 1 ark 2009 by dave cunningham
Risk management for law firms chapter 1 ark 2009 by dave cunningham
 
Risk management for law firms chapter 2 ark 2009 by meg block
Risk management for law firms chapter 2 ark 2009 by meg blockRisk management for law firms chapter 2 ark 2009 by meg block
Risk management for law firms chapter 2 ark 2009 by meg block
 
Trends shaping the future of legal risk management by dave cunningham and m...
Trends shaping the future of legal risk management by dave cunningham and m...Trends shaping the future of legal risk management by dave cunningham and m...
Trends shaping the future of legal risk management by dave cunningham and m...
 
Ltn 2010 02 risk glossary by dave cunningham on page 23
Ltn 2010 02 risk glossary by dave cunningham on page 23Ltn 2010 02 risk glossary by dave cunningham on page 23
Ltn 2010 02 risk glossary by dave cunningham on page 23
 
Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...
 
Ala 2005 rfp best practices by dave cunningham apr 2005
Ala 2005 rfp best practices by dave cunningham apr 2005Ala 2005 rfp best practices by dave cunningham apr 2005
Ala 2005 rfp best practices by dave cunningham apr 2005
 

Recently uploaded

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 

Recently uploaded (20)

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 

Lex mundi 2011 confidentiality and knowledge collaboration presentation - facilitated by dave cunningham sep 2011

  • 1. Confidentiality and Knowledge Collaboration Issues Relating to the Interrelationship of Knowledge Management and Data Privacy in Law Firms Presented by: James A. Harvey, Partner, Alston & Bird David Cunningham, Managing Director, HBR Consulting © 2011 HBR CONSULTING LLC. All rights reserved.
  • 2. Data Privacy Overview Regulatory Obligations Data Privacy Client Confidential Firm Confidential Information Information 2
  • 3. Examples of data that is regulated by one or more privacy/security statutes  Name  Physical or mental health  Social security number conditions  Last four of social security  Information regarding provision number of or payment for health care  Drivers license number  Financial information (electronic payroll deposit)  Date of birth  Credit card or debit card  Passport information information  Health information  Government identification  Maiden name numbers  Electronic or digitized signature  Tax information  Address or phone numbers  Biometric information (fingerprint, voice print, etc.) 3
  • 4. Data Privacy Data Privacy Regulations HITECH / HIPAA Protected Health Information (PHI) Health and Human Services and Governing Body Federal Trade Commission State Privacy Laws Personally Identifiable Information (PII) Protected Health Information Sensitive Data • Internal HR data • Client data EU Data Protection Directive / Safe Harbor Personally Identifiable Information (PII) Compliance Date February 17, 2010 Red Flag $100 - $50,000 per incident; $1.5M Personally Identifiable Information (PII) Penalty max per year. Plus potential criminal penalties ITAR Classified Defense Information 4
  • 5. Data Privacy Data Privacy Regulations HITECH / HIPAA Protected Health Information (PHI) State of Massachusetts Governing Body (example state) State Privacy Laws Personally Identifiable Information (PII) Personal information about a Sensitive Data resident of the Commonwealth of Massachusetts EU Data Protection Directive / Safe Harbor Compliance Date March 1, 2010 Personally Identifiable Information (PII) Red Flag $5,000 per incident plus costs of Personally Identifiable Information (PII) Penalty investigation, litigation and legal fees, plus potential civil penalties ITAR Classified Defense Information 5
  • 6. Data Privacy Data Privacy Regulations HITECH / HIPAA Protected Health Information (PHI) US Dept of Commerce / Governing Body Federal Trade Commission State Privacy Laws Personally Identifiable Information (PII) Personal information transferred to Sensitive Data or from 27 Members States of the European Union EU Data Protection Directive / Voluntary Safe Harbor Compliance Date (replaces Data Transfer Agreements) Red Flag Personally Identifiable Information (PII) Penalty Up to $12,000 per day for violations ITAR Classified Defense Information 6
  • 7. Data Privacy Data Privacy Regulations - Federal Trade Commission HITECH / HIPAA Governing Body Protected Health Information (PHI) via Fair Credit Reporting Act State Privacy Laws - Require financial institutions and Personally Identifiable Information (PII) creditors to create a program that provides for the identification, detection, and response to patterns, EU Data Protection Sensitive Data practices, or specific activities – Directive / known as “red flags.” Safe Harbor Personally Identifiable Information (PII) -The purpose of the Red Flags Rules is to help avoid identity theft. Red Flag Personally Identifiable Information (PII) Compliance Date - June 1, 2010 (law firms exempt) ITAR Classified Defense Information - $2,500 - $3,500 per violation, then Penalty up to $16,000 per violation for continued non-compliance 7
  • 8. Data Privacy Data Privacy Regulations HITECH / HIPAA Protected Health Information (PHI) Governing Body US Department of State State Privacy Laws Personally Identifiable Information (PII) “Export of technical data and Sensitive Data classified defense articles”, as defined by the US Munitions List EU Data Protection Directive / 60 days in advance of any intended Safe Harbor Personally Identifiable Information (PII) Compliance Date sale or transfer to a foreign person of ownership or control Red Flag Personally Identifiable Information (PII) Per violation, civil fines up to $500K; Penalty criminal penalties up to $1M and 10 ITAR years imprisonment Classified Defense Information 8
  • 9. Data Privacy Data Privacy Regulations Protection of Sensitive Data HITECH / HIPAA Protected Health Information (PHI) Client Data Leaks Client and Case / Transaction Data State Privacy Laws Personally Identifiable Information (PII) Firm Data Leaks Firm and Partner Confidential Data EU Data Protection Directive / Safe Harbor Personally Identifiable Information (PII) Red Flag Personally Identifiable Information (PII) ITAR Classified Defense Information 9
  • 10. Data Privacy Data Privacy Regulations Protection of Sensitive Data HITECH / HIPAA Protected Health Information (PHI) Client Data Leaks Client and Case / Transaction Data State Privacy Laws Personally Identifiable Information (PII) Firm Data Leaks Firm and Partner Confidential Data EU Data Protection Directive / Safe Harbor Preservation Orders Personally Identifiable Information (PII) Litigation, Subpoena or Client Requests Red Flag Personally Identifiable Information (PII) Confidential Walls - Inclusionary Walls for Privacy and Subpoenas - Exclusionary Walls for Conflicts ITAR Classified Defense Information 10
  • 11. Data Privacy Data Privacy Regulations Protection of Sensitive Data Standards Data HITECH / HIPAA Protected Health Information (PHI) Client Data Leaks Client and Case / Transaction Data State Privacy Laws Personally Identifiable Information (PII) Firm Data Leaks Firm and Partner Confidential Data EU Data Protection ISO 27001 Directive / Competence in Addressing Data Safe Harbor Preservation Orders Confidentiality Personally Identifiable Information (PII) Litigation, Subpoena or Client Requests Red Flag Personally Identifiable Information (PII) Confidential Walls - Inclusionary Walls for Privacy and Subpoenas - Exclusionary Walls for Conflicts ITAR Classified Defense Information 11
  • 12. 12
  • 13. 13 13
  • 14. „Anonymous‟ Hacking of HB Gary  HB Gary, a security firm, was working with Hunton & Williams to help protect Bank of America from Wikileaks contributions.  The CEO of HB Gary announces his company has infiltrated the security group Anonymous.  In retaliation, Anonymous took control of HB Gary‟s e-mail, dumping 68,000 e-mails, erasing files, and taking down their phone system.  They exposed contributors to Wikileaks and HB Gary‟s CEO‟s home address and social security number. 14
  • 15. Security Hacking for a Cause  Hackers appear to be widening their targets, stealing information from vendors or contractors that may have strategic data about their clients, including public relations and law firms  Law firms have been hacked due to their roles associated with copyright law  King & Spalding was a large firm known to have been attacked 15
  • 16. Ex-Sonsini Attorney Charged In $32M Insider Trading Case  A former senior associate at Wilson Sonsini Goodrich & Rosati PC was arrested and charged in connection with allegations that he stole inside information from three firms that netted $32 million in a decades long insider trading scheme.  Kluger regularly “stole and disclosed material, nonpublic information regarding anticipated corporate mergers and acquisitions on which his law firms were working,” according to a copy of the criminal complaint. 16
  • 17. From whom are knowledge managers protecting data?  Internal – Employees with insider trading intentions – Employees who accidentally see confidential data – Employees who re-use content outside their expertise – Attorney client privilege – Stock trading without appropriate notification and disclosure  External – Clients and third parties who may accidentally be sent confidential information 17
  • 18. What sources of information may be useful to insiders?  Document management  Extranet sites (document names and  Verbal discussions descriptions)  Records data  Precedents  Newsletters and status  Active material reports  Litigation support data  Physical war rooms  Conflicts  Travel agendas  New business intake  Legal project management  Time entry systems 18
  • 19. How do firms protect this information? Standard Tools  Policies  Password protection for documents  Ethical training and and spreadsheets reinforcement  Locking and wiping of remote  Ethical walls for known sensitive access devices; security software matters on remote device  Project code names  Minimum password sophistication  Enterprise searching that  Required screen saver usage recognizes folder and file  Two-factor authentication security  Account auditing / monitoring 19
  • 20. How do firms protect this information? Emerging Tools  Document naming standards  Matters secured by default / ethical walls for all matters  Knowledge Management as gatekeeper  Third party agreements and procedures  Identity management  Monitoring for unusual activity (users and IT)  Encryption (data in transit / data at rest)  Intelligent redaction software 20
  • 22. Questions?  Jim Harvey jim.harvey@alston.com  Dave Cunningham dcunningham@hbrconsulting.com 22
  • 23. Data Privacy - General Adequacy Questions  Does the Firm need the personal data that it is collecting about an individual?  Can the Firm document what it will use the personal data for?  Do these individuals know that the Firm has their personal data and do they understand what it will be used for?  If the Firm is asked to pass on personal data, would these individuals expect the Firm to do this?  Is the Firm satisfied that the information is being held securely, whether it is on paper, on computer, or during transfer? Is the Firm willing to face a regulatory audit on this security?  Is it secure and are proper contracts with the third parties in place?  Is access to personal data limited to those with a strict need to know at the Firm?  Is the Firm sure that all personal data is accurate and up to date?  Does the Firm delete or destroy personal information as soon as it has no more need for it?  Has the Firm trained all of its attorneys and staff in their duties and responsibilities under all relevant data protection laws and are all of its attorneys and staff satisfying their duties and responsibilities?  Are all notifications to all Data or Information Commissioners current? 23
  • 24. Selected Articles Block, Meg & David Cunningham. “Legal Information Risk – Action Plan and Roadmap,” Peer to Peer, June 2011. http://www.mygazines.com/issue/34686/33 Harbert, Tam. “Catch Me If You Can,” Law Technology News, June 1, 2011. http://www.law.com/jsp/lawtechnologynews/PubArticleLTN.jsp?id =1202494769505&slreturn=1&hbxlogin=1 Nelson, Sharon. “Your Chance of Being Hacked in Twelve Months Now a „Statistical Certainty,‟” Ride The Lightning Electronic Evidence Blog, June 30, 2011. http://ridethelightning.senseient.com/2011/06/your-chance-of- being-hacked-in-twelve-months-now-a-statistical-certainty.html 24
  • 25. Selected Resources Law Firm Risk Resouces (short list from 2009). http://lawfirmriskresources.wikispaces.com/ Law Firm Risk Management Blog. http://www.lawfirmrisk.com/ InfoRiskAwareness Blog (UK focus). http://inforiskawareness.co.uk/best_practice/ Hildebrandt Baker Robbins Blog (selected posts). http://info.hbrconsulting.com/blog/archive/2011/06/01/balancing- information-security-and-collaboration-a-knowledge-management- view.aspx and http://info.hbrconsulting.com/blog/archive/2011/05/13/risk- management-at-law-firms-a-rapidly-evolving-issue.aspx 25

Editor's Notes

  1. Third party agreements / due diligenceEncryptionAuditing of IT capabilityThird-party agreements (for extranets/collaboration rooms) and for subcontractors hosting client data