SlideShare a Scribd company logo

March 10 Cyber Presentation

T
Todd Rowe
1 of 12
Download to read offline
© 2016 Tressler LLP Presented by: Cyber Security: Concerns for Your Agency March 10, 2016 Todd M. Rowe, Tressler LLP Kevin Mahoney, Tressler LLP Chandler Howell, Nexum Inc.
© 2016 Tressler LLP » Who Is Our Audience Today? » Current trends in Data Breaches » Concerns for Municipal Bodies » The State of Data Breach Litigation Pre-Breach Considerations 2
© 2016 Tressler LLP » Determining Areas of Vulnerability › What information do we keep? › What information do we need to keep? › How is information accessed by employees or third parties? › Is that access narrowly tailored to what’s necessary? » Developing a plan › Who is responsible for implementing the plan? › Is the plan feasible with our systems and capabilities › Can one plan address every situation? Pre-Breach Considerations 3
© 2016 Tressler LLP » Can we be sued for this? » Are there statutory requirements for what we need to do next? » Can we get someone else to pay for this? » What we can we do to lower our potential liability? Pre-Breach Considerations: The Lawyers 4
© 2016 Tressler LLP » Identifying Threats » Devices Provided To Employees » Vendors » Malware » Non-Traditional Sources Pre-Breach Considerations: The Technology Concerns 5
© 2016 Tressler LLP » Identify decisionmaking authority. › IT personnel? Consultant? Director? Create a defined Breach Response Team with clearly outlined responsibilities. » Determine what data is at risk and how to secure it as quickly as possible. › Different contingencies for financial, medical, and personal identifying information. » Decide whether and how to restrict access to systems. › Differs depending on type of data breach. › Is it feasible for your organization to be without access for a period of time? What systems will be affected? » Information Disposal › Do certain elements of your system need to be changed or deleted immediately? The Response Plan 6
© 2016 Tressler LLP » Determine the source of the breach. › External? Employee? Consider different contingency plans for each. » If you need outside help, have them in place beforehand. › Don’t wait until a breach to have to educate a vendor on your system. » Determine who will handle contact from potentially affected individuals, and what they are permitted to say. The Response Plan (Cont.) 7
© 2016 Tressler LLP » Begin the process of notification. › Law enforcement. Other governmental bodies. Potential data breach victims. Special concerns for governmental bodies. Time to bring in the lawyers for the notification letter itself. » Insurance notification. › Determine who is responsible for putting a carrier on notice and when to do so. » Preservation of evidence. › Have a written policy regarding data deletion or alteration in case of potential discovery issues. › Documenting efforts during the incident response period. » Debriefing after the breach. › What steps should be taken to lower future risks? The Response Plan (Cont.) 8
© 2016 Tressler LLP » Inadvertent disclosures in response to FOIA requests » Employees/Employee Information » Patron Information » Medical Information » Vendors » Special reporting requirements » Open meeting requirements Response Plan Considerations for Governmental Bodies 9
© 2016 Tressler LLP The Response Plan (Cont.) 10 » TRAIN! › Staff members › Vendors › Attorneys › Document regular training.
© 2016 Tressler LLP Technology Considerations 11 » Information stored on the cloud. » The rise of ransomware.
© 2016 Tressler LLP » Insurance Issues » Breaches continue through the “Internet of Things” » Coming changes to Illinois State Law. Observations for 2016 12

Recommended

CPSU Presentation
CPSU PresentationCPSU Presentation
CPSU PresentationTodd Rowe
 
Be Confident in Your Research with LexisNexis
Be Confident in Your Research with LexisNexisBe Confident in Your Research with LexisNexis
Be Confident in Your Research with LexisNexisLexisNexis
 
New Rules for Cleared Contractors Starting Nov
New Rules for Cleared Contractors Starting NovNew Rules for Cleared Contractors Starting Nov
New Rules for Cleared Contractors Starting NovDavid Dargatis
 
Issue screening tool
Issue screening toolIssue screening tool
Issue screening toolKamal Gregory, MBA
 
Healthcare's Losing Battle Against the Hyper-Connected Machines
Healthcare's Losing Battle Against the Hyper-Connected MachinesHealthcare's Losing Battle Against the Hyper-Connected Machines
Healthcare's Losing Battle Against the Hyper-Connected MachinesKurt Hagerman
 
Privacy, Security + Risk: Case Studies + Best Practices for Your Company
Privacy, Security + Risk: Case Studies + Best Practices for Your CompanyPrivacy, Security + Risk: Case Studies + Best Practices for Your Company
Privacy, Security + Risk: Case Studies + Best Practices for Your CompanyKegler Brown Hill + Ritter
 
Craig Allen McGannon
Craig Allen McGannonCraig Allen McGannon
Craig Allen McGannonCraig Allen McGannon
 
Don't Let Cybersecurity Trip You Up
Don't Let Cybersecurity Trip You UpDon't Let Cybersecurity Trip You Up
Don't Let Cybersecurity Trip You UpEAI Information Systems
 

Recommended

CPSU Presentation
CPSU PresentationCPSU Presentation
CPSU PresentationTodd Rowe
 
Be Confident in Your Research with LexisNexis
Be Confident in Your Research with LexisNexisBe Confident in Your Research with LexisNexis
Be Confident in Your Research with LexisNexisLexisNexis
 
New Rules for Cleared Contractors Starting Nov
New Rules for Cleared Contractors Starting NovNew Rules for Cleared Contractors Starting Nov
New Rules for Cleared Contractors Starting NovDavid Dargatis
 
Issue screening tool
Issue screening toolIssue screening tool
Issue screening toolKamal Gregory, MBA
 
Healthcare's Losing Battle Against the Hyper-Connected Machines
Healthcare's Losing Battle Against the Hyper-Connected MachinesHealthcare's Losing Battle Against the Hyper-Connected Machines
Healthcare's Losing Battle Against the Hyper-Connected MachinesKurt Hagerman
 
Privacy, Security + Risk: Case Studies + Best Practices for Your Company
Privacy, Security + Risk: Case Studies + Best Practices for Your CompanyPrivacy, Security + Risk: Case Studies + Best Practices for Your Company
Privacy, Security + Risk: Case Studies + Best Practices for Your CompanyKegler Brown Hill + Ritter
 
Craig Allen McGannon
Craig Allen McGannonCraig Allen McGannon
Craig Allen McGannonCraig Allen McGannon
 
Don't Let Cybersecurity Trip You Up
Don't Let Cybersecurity Trip You UpDon't Let Cybersecurity Trip You Up
Don't Let Cybersecurity Trip You UpEAI Information Systems
 
Ali-Abbas-Resume 3
Ali-Abbas-Resume 3Ali-Abbas-Resume 3
Ali-Abbas-Resume 3Ali Abbas
 
Fotografía
FotografíaFotografía
Fotografíajuliacaro16
 
SampleOfWritingByJenniferStone
SampleOfWritingByJenniferStoneSampleOfWritingByJenniferStone
SampleOfWritingByJenniferStoneJennifer Stone
 
Herramientas web brisle
Herramientas web brisleHerramientas web brisle
Herramientas web brislebrisleidy22
 
XXXIX International conference devoted to the problems of social sciences Feb...
XXXIX International conference devoted to the problems of social sciences Feb...XXXIX International conference devoted to the problems of social sciences Feb...
XXXIX International conference devoted to the problems of social sciences Feb...Center for Humanitarian Studies Society
 
Mmo linux
Mmo linuxMmo linux
Mmo linuxdermgraterdream1986
 
Post_Number Systems_8
Post_Number Systems_8Post_Number Systems_8
Post_Number Systems_8Marc King
 
El deporte jenny benitez
El deporte jenny benitezEl deporte jenny benitez
El deporte jenny benitezJenny Benitez
 
March Event Will Showcase Pittsburgh as World Leader in Robotics
March Event Will Showcase Pittsburgh as World Leader in RoboticsMarch Event Will Showcase Pittsburgh as World Leader in Robotics
March Event Will Showcase Pittsburgh as World Leader in RoboticsCohenGrigsby
 
2015 LOMA Conference - Third party risk management - Session 20
2015 LOMA Conference - Third party risk management - Session 202015 LOMA Conference - Third party risk management - Session 20
2015 LOMA Conference - Third party risk management - Session 20Marc S. Sokol
 
Cybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law FirmCybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law FirmNext Dimension Inc.
 
GDPR: Into Practice
GDPR: Into PracticeGDPR: Into Practice
GDPR: Into PracticeJisc
 
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...Shawn Tuma
 
Fun Writing Paper
Fun Writing PaperFun Writing Paper
Fun Writing PaperStacy Johnson
 
Fun Writing Paper
Fun Writing PaperFun Writing Paper
Fun Writing PaperCristina Franklin
 
Fun Writing Paper. Online assignment writing service.
Fun Writing Paper. Online assignment writing service.Fun Writing Paper. Online assignment writing service.
Fun Writing Paper. Online assignment writing service.Maureen Nonweiler
 
Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowShawn Tuma
 
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las VegasGet the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las VegasShawn Tuma
 
Experion Data Breach Response Excerpts
Experion Data Breach Response ExcerptsExperion Data Breach Response Excerpts
Experion Data Breach Response ExcerptsPeter Henley
 
Data Breach Response: Before and After the Breach
Data Breach Response: Before and After the BreachData Breach Response: Before and After the Breach
Data Breach Response: Before and After the BreachFinancial Poise
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018Human Capital Department
 
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...centralohioissa
 

More Related Content

Viewers also liked

Ali-Abbas-Resume 3
Ali-Abbas-Resume 3Ali-Abbas-Resume 3
Ali-Abbas-Resume 3Ali Abbas
 
SampleOfWritingByJenniferStone
SampleOfWritingByJenniferStoneSampleOfWritingByJenniferStone
SampleOfWritingByJenniferStoneJennifer Stone
 
Herramientas web brisle
Herramientas web brisleHerramientas web brisle
Herramientas web brislebrisleidy22
 
XXXIX International conference devoted to the problems of social sciences Feb...
XXXIX International conference devoted to the problems of social sciences Feb...XXXIX International conference devoted to the problems of social sciences Feb...
XXXIX International conference devoted to the problems of social sciences Feb...Center for Humanitarian Studies Society
 
Post_Number Systems_8
Post_Number Systems_8Post_Number Systems_8
Post_Number Systems_8Marc King
 
El deporte jenny benitez
El deporte jenny benitezEl deporte jenny benitez
El deporte jenny benitezJenny Benitez
 
March Event Will Showcase Pittsburgh as World Leader in Robotics
March Event Will Showcase Pittsburgh as World Leader in RoboticsMarch Event Will Showcase Pittsburgh as World Leader in Robotics
March Event Will Showcase Pittsburgh as World Leader in RoboticsCohenGrigsby
 

Viewers also liked (9)

Ali-Abbas-Resume 3
Ali-Abbas-Resume 3Ali-Abbas-Resume 3
Ali-Abbas-Resume 3
 
Fotografía
FotografíaFotografía
Fotografía
 
SampleOfWritingByJenniferStone
SampleOfWritingByJenniferStoneSampleOfWritingByJenniferStone
SampleOfWritingByJenniferStone
 
Herramientas web brisle
Herramientas web brisleHerramientas web brisle
Herramientas web brisle
 
XXXIX International conference devoted to the problems of social sciences Feb...
XXXIX International conference devoted to the problems of social sciences Feb...XXXIX International conference devoted to the problems of social sciences Feb...
XXXIX International conference devoted to the problems of social sciences Feb...
 
Mmo linux
Mmo linuxMmo linux
Mmo linux
 
Post_Number Systems_8
Post_Number Systems_8Post_Number Systems_8
Post_Number Systems_8
 
El deporte jenny benitez
El deporte jenny benitezEl deporte jenny benitez
El deporte jenny benitez
 
March Event Will Showcase Pittsburgh as World Leader in Robotics
March Event Will Showcase Pittsburgh as World Leader in RoboticsMarch Event Will Showcase Pittsburgh as World Leader in Robotics
March Event Will Showcase Pittsburgh as World Leader in Robotics
 

Similar to March 10 Cyber Presentation

2015 LOMA Conference - Third party risk management - Session 20
2015 LOMA Conference - Third party risk management - Session 202015 LOMA Conference - Third party risk management - Session 20
2015 LOMA Conference - Third party risk management - Session 20Marc S. Sokol
 
Cybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law FirmCybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law FirmNext Dimension Inc.
 
GDPR: Into Practice
GDPR: Into PracticeGDPR: Into Practice
GDPR: Into PracticeJisc
 
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...Shawn Tuma
 
Fun Writing Paper. Online assignment writing service.
Fun Writing Paper. Online assignment writing service.Fun Writing Paper. Online assignment writing service.
Fun Writing Paper. Online assignment writing service.Maureen Nonweiler
 
Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowShawn Tuma
 
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las VegasGet the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las VegasShawn Tuma
 
Experion Data Breach Response Excerpts
Experion Data Breach Response ExcerptsExperion Data Breach Response Excerpts
Experion Data Breach Response ExcerptsPeter Henley
 
Data Breach Response: Before and After the Breach
Data Breach Response: Before and After the BreachData Breach Response: Before and After the Breach
Data Breach Response: Before and After the BreachFinancial Poise
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018Human Capital Department
 
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...centralohioissa
 
Are you preparing for GDPR?
Are you preparing for GDPR?Are you preparing for GDPR?
Are you preparing for GDPR?Chris Bullock
 
DR. OLIVER MASSMANN - PRIVACY LAWS IN ASIA
DR. OLIVER MASSMANN - PRIVACY LAWS IN ASIADR. OLIVER MASSMANN - PRIVACY LAWS IN ASIA
DR. OLIVER MASSMANN - PRIVACY LAWS IN ASIADr. Oliver Massmann
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach SecurityMetrics
 
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)Shawn Tuma
 
005. Ethics, Privacy and Security
005. Ethics, Privacy and Security005. Ethics, Privacy and Security
005. Ethics, Privacy and SecurityArianto Muditomo
 
Policy primer net303 study period 3, 2017
Policy primer net303 study period 3, 2017Policy primer net303 study period 3, 2017
Policy primer net303 study period 3, 2017Steve Mckee
 
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...Shawn Tuma
 

Similar to March 10 Cyber Presentation (20)

2015 LOMA Conference - Third party risk management - Session 20
2015 LOMA Conference - Third party risk management - Session 202015 LOMA Conference - Third party risk management - Session 20
2015 LOMA Conference - Third party risk management - Session 20
 
Cybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law FirmCybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law Firm
 
GDPR: Into Practice
GDPR: Into PracticeGDPR: Into Practice
GDPR: Into Practice
 
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
 
Fun Writing Paper
Fun Writing PaperFun Writing Paper
Fun Writing Paper
 
Fun Writing Paper
Fun Writing PaperFun Writing Paper
Fun Writing Paper
 
Fun Writing Paper. Online assignment writing service.
Fun Writing Paper. Online assignment writing service.Fun Writing Paper. Online assignment writing service.
Fun Writing Paper. Online assignment writing service.
 
Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to Know
 
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las VegasGet the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
 
Experion Data Breach Response Excerpts
Experion Data Breach Response ExcerptsExperion Data Breach Response Excerpts
Experion Data Breach Response Excerpts
 
Data Breach Response: Before and After the Breach
Data Breach Response: Before and After the BreachData Breach Response: Before and After the Breach
Data Breach Response: Before and After the Breach
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
 
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
 
Are you preparing for GDPR?
Are you preparing for GDPR?Are you preparing for GDPR?
Are you preparing for GDPR?
 
DR. OLIVER MASSMANN - PRIVACY LAWS IN ASIA
DR. OLIVER MASSMANN - PRIVACY LAWS IN ASIADR. OLIVER MASSMANN - PRIVACY LAWS IN ASIA
DR. OLIVER MASSMANN - PRIVACY LAWS IN ASIA
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach
 
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
 
005. Ethics, Privacy and Security
005. Ethics, Privacy and Security005. Ethics, Privacy and Security
005. Ethics, Privacy and Security
 
Policy primer net303 study period 3, 2017
Policy primer net303 study period 3, 2017Policy primer net303 study period 3, 2017
Policy primer net303 study period 3, 2017
 
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
 

March 10 Cyber Presentation

  • 1. © 2016 Tressler LLP Presented by: Cyber Security: Concerns for Your Agency March 10, 2016 Todd M. Rowe, Tressler LLP Kevin Mahoney, Tressler LLP Chandler Howell, Nexum Inc.
  • 2. © 2016 Tressler LLP » Who Is Our Audience Today? » Current trends in Data Breaches » Concerns for Municipal Bodies » The State of Data Breach Litigation Pre-Breach Considerations 2
  • 3. © 2016 Tressler LLP » Determining Areas of Vulnerability › What information do we keep? › What information do we need to keep? › How is information accessed by employees or third parties? › Is that access narrowly tailored to what’s necessary? » Developing a plan › Who is responsible for implementing the plan? › Is the plan feasible with our systems and capabilities › Can one plan address every situation? Pre-Breach Considerations 3
  • 4. © 2016 Tressler LLP » Can we be sued for this? » Are there statutory requirements for what we need to do next? » Can we get someone else to pay for this? » What we can we do to lower our potential liability? Pre-Breach Considerations: The Lawyers 4
  • 5. © 2016 Tressler LLP » Identifying Threats » Devices Provided To Employees » Vendors » Malware » Non-Traditional Sources Pre-Breach Considerations: The Technology Concerns 5
  • 6. © 2016 Tressler LLP » Identify decisionmaking authority. › IT personnel? Consultant? Director? Create a defined Breach Response Team with clearly outlined responsibilities. » Determine what data is at risk and how to secure it as quickly as possible. › Different contingencies for financial, medical, and personal identifying information. » Decide whether and how to restrict access to systems. › Differs depending on type of data breach. › Is it feasible for your organization to be without access for a period of time? What systems will be affected? » Information Disposal › Do certain elements of your system need to be changed or deleted immediately? The Response Plan 6
  • 7. © 2016 Tressler LLP » Determine the source of the breach. › External? Employee? Consider different contingency plans for each. » If you need outside help, have them in place beforehand. › Don’t wait until a breach to have to educate a vendor on your system. » Determine who will handle contact from potentially affected individuals, and what they are permitted to say. The Response Plan (Cont.) 7
  • 8. © 2016 Tressler LLP » Begin the process of notification. › Law enforcement. Other governmental bodies. Potential data breach victims. Special concerns for governmental bodies. Time to bring in the lawyers for the notification letter itself. » Insurance notification. › Determine who is responsible for putting a carrier on notice and when to do so. » Preservation of evidence. › Have a written policy regarding data deletion or alteration in case of potential discovery issues. › Documenting efforts during the incident response period. » Debriefing after the breach. › What steps should be taken to lower future risks? The Response Plan (Cont.) 8
  • 9. © 2016 Tressler LLP » Inadvertent disclosures in response to FOIA requests » Employees/Employee Information » Patron Information » Medical Information » Vendors » Special reporting requirements » Open meeting requirements Response Plan Considerations for Governmental Bodies 9
  • 10. © 2016 Tressler LLP The Response Plan (Cont.) 10 » TRAIN! › Staff members › Vendors › Attorneys › Document regular training.
  • 11. © 2016 Tressler LLP Technology Considerations 11 » Information stored on the cloud. » The rise of ransomware.
  • 12. © 2016 Tressler LLP » Insurance Issues » Breaches continue through the “Internet of Things” » Coming changes to Illinois State Law. Observations for 2016 12