SlideShare a Scribd company logo

Cloud Security Law Issues--an Overview

Download as PPTX, PDF
Michael C. Keeling, Esq.
Michael C. Keeling, Esq.

Legal perspective of cloud computing security matters including: Cloud Industry Perspectives Breach Statistics State Regulatory Reach/ Exposure FTC/FCC Reach/Exposure Cyber-risk Mitigation Models Breach Response Legal Issues Post Leak Litigation Prevention Board of Directors Liabilities/Mitigation

Law
1 of 21
CLOUD SECURITY LAW MICHAEL KEELING, PE, ESQ. KEELING LAW OFFICES, PC PHOENIXANDCORONADO Presented at Cloud Security Alliance Meeting January 20, 2015 Phoenix NOTE: Information contained in this presentation is intended for informational purposes ONLY. It is not intended to be, and should not be construed as, legal advice to any person or in connection with any transaction. Always consult with an experienced attorney before engaging in any transaction that might involve the legal issues discussed herein.
Cloud Perspectives Gartner sees the cloud as a: “style of computing where scalable and elastic IT-related capabilities are provided as a service to customers using Internet technologies.” Government sees Enforcement of specific statutes HIPAA CAN-SPAM (Commercial messaging) GLB (Financial services) COPPA (Children) Compliance—Federal Guidelines NIST State Actions State patchwork of statutes Federal Trade Commission Primary federal enforcer.
Percentage of Claims by Data Type NetDiligence® 2013 Cyber Liability & Data Breach Insurance Claims
Percentage of Claims by Business Sector NetDiligence® 2013 Cyber Liability & Data Breach Insurance Claims
Percentage of Claims by Cause of Loss NetDiligence® 2013 Cyber Liability & Data Breach Insurance Claims
State Regulatory Exposure 47 States require notice of security breaches (not AL, NM, SD as of 1/1/2015) After unauthorized access of PII/PHI If unencrypted computerized PII/PHI Many States Require Notice to state attorney general, state consumer protection agencies, and credit monitoring agencies Allow private right of action for violations Encryption often a safe harbor • Data-at-rest • Data in transit
FTC Act • Prohibits “unfair or deceptive practices in or affecting commerce.” • “Unfair” if …Practice • Causes or is likely to cause substantial injury to consumers • Cannot reasonably be avoided by consumers • Is not outweighed by countervailing benefits to consumers or to competition • “deceptive” if … Practice, or Representation, or Omission • Misleads or is likely to mislead consumers • Based on Consumers’ interpretation under circumstances • Is it material? • No intent required (strict liability).
Liability Equals Common Law 101 • Duty • Breach • Causation • Injury/Harm • Damages • Defenses. Federal Trade Commission • No “unfair or deceptive practices in or affecting commerce.” • Broad dragnet • No Intent required • No actual harm required.
Court Ruled FTC Can Enforce Breaches As An Unfair Practice Under FTC Act • FTC sued Wyndham Worldwide Corporation in 2012, alleging • Violated FTC Act’s prohibition against unfair or deceptive acts or practices. • Failure to maintain reasonable and appropriate data security for consumers’ sensitive personal information” • Wyndham, moved to dismiss, arguing • FTC did not have authority to bring an “unfairness” claim involving data security. • Court disagreed • Finding specific data security legislation passed after FTC Act merely complemented FTC’s unfairness authority—but did not preclude it. • Wyndham also argued • FTC had to publicize regulations to provide fair notice of its data security standards • Court disagreed • Court determined taking such publication was not the only way to do so. • It noted FTC Act, Section 5 provides a three-part test • Suggesting entities look to complaints, consent agreements and public statements to figure out FTC’s standard for bringing an unfairness claim under the Act.
FTC—In Action Practices FTC attacks as “deceptive” Violating your published privacy policies Failing to verify identity of persons to whom confidential consumer information was disclosed Downloading spyware/adware onto unsuspecting users’ devices Practices FTC attacks as “unfair” Failing to implement reasonable safeguards to protect privacy of consumer information As compared to “developing” federal standards FTC’s “yardstick” is a moving target.
FTC Suit—Snapchat Misleads By Claiming Messages “Disappear Forever” • FTC accused Snapchat of violating FTC Act, Section 5—barring deceptive business practices. • “if you make promises about privacy, you must honor those promises.” • FTC alleged Snapchat messages are not ephemeral as promised • Snapchat wrongly informed its users that their messages would vanish • Company’s FAQ: “Is there any way to view an image after the time has expired? No, snaps disappear after the timer runs out.” • FTC interpreted as an absolute statement. Period. • Snapchat deceived consumers about PII it collected and what it did with the PII. • Snapchat users were likely attracted by promise that their messages would disappear. • “Several methods exist by which a recipient can save both photo and video messages, allowing access indefinitely.” • Settlement • Bars Snapchat from misrepresenting its privacy policies • Requires Snapchat implement “a comprehensive privacy program”…monitored 20 yrs. • Violations of settlement, liable for up to $16,000 per violation per day
FCC Expands Its Data Security Regulatory Reach • FCC $10 million fines, October 24, 2014 • TerraCom Inc. and YourTel America Inc. • First time, but per FCC Enforcement Bureau Chief • “it will not be the last” • Allegedly the 2-companies • collected consumer PII to demonstrate eligibility for FCC’s Lifeline program • Stored-online unencrypted customer PII • with no security safeguards • Alleged failure is • Violation under FCC ACT, Section 222(a), and • Unjust and unreasonable practice in violation of Section 201(b) • Section 503(b)(1) • Empowers FCC to order forfeiture penalties for violations of the Act, • But does not specify a base forfeiture per violation.
Security Breach Litigation Breach of Contract/Implied Contact and Negligence Anderson v. Hannaford Brothers Co., 659 F.3d 151 (1st Cir. 2011) Finding Implied contract duty by grocery store to protect customers’ data Patco Construction Co. v. People’s United Bank, 684 F.3d 197 (1st Cir. 2012) Holding defendant’s security procedures not commercially reasonable Standing in Class Action Cases Lambert v. Hartman, 517 F.3d 433 (6th Cir. 2008) Finding standing where P’s information posted on municipal website, taken by identity thief, causing actual financial loss traceable to D’s conduct Resnick v. AvMed, Inc., 693 F.3d 1317 (11th Cir. 2012) Finding standing where plaintiffs were identity-theft victims Pisciotta v. Old National Bancorp., 499 F.3d 629 (7th Cir. 2007) Finding standing based on threat of future harm Krottner v. Starbucks Corp., 628 F.3d 1139 (9th Cir. 2010) Finding standing where plaintiffs unencrypted PII stored on a stolen laptop Reilly v. Ceridian Corp., 664 F.3d 38 (3d Cir. 2011) Finding no standing in employee risk-of-identity theft suit alleging negligence and breach of contract against a payroll processing firm.
Court Allows HIPAA “Standard of Care" Negligence Claim • Connecticut Supreme Court rules plaintiffs can sue for negligence if a healthcare provider violates HIPAA privacy regulations • Emily Byrne vs. Avery Center for Obstetrics and Gynecology (2014) • HIPAA does not provide for the “private right of action” • In data-breach cases, plaintiffs argue • healthcare provider, insurer or other covered entity (Business Associates) did not meet the “standard of care” under HIPAA security or privacy rule in protecting records • and that failure to meet that standard of care was negligent. • BUT—in negligence lawsuits, plaintiffs must show damages.
Defenses Shrinking Krottner v. Starbucks Corp. Increased risk of identity theft constitutes an injury-in-fact Anderson v. Hannaford Alleged fraud in population and money spent in mitigation efforts sufficient (instead of time/effort) ITERA (Identity Theft Enforcement and Restitution Act) Pay an amount equal to Victims’ value of time reasonably spent In re Hannaford Bros. Data Security Breach Litigation  Time equals money—if fraud; credit monitoring damages ChoicePoint Data Breach Settlement “Time they [victims] may have spent monitoring their credit or taking other steps in response”
Director Liability Arising From Data Breach Palkonv.Holmes,No.14-cv-01234(D.N.J.),WyndhamSHssuedD&O’s,claimingtheirfailuretoimplementadequateinformation-securitypoliciesallowed3databreaches • Shareholder derivative actions • Plaintiff is not required to prove damages resulting from theft of PII. • Directors owe Duties Of Care (BJR) and Loyalty—including Duty of Oversight (No BJR) • Did not implement reporting or information system or controls; or • Implemented controls, BUT “consciously failed to monitor or oversee its operations.” Stone. • After a data breach, claims against board probably will be • Breach of Duty of Care and • Breach of Duty Loyalty/Oversight • Court “look[s] for evidence of whether a board has acted in a deliberate and knowledgeable way identifying and exploring alternatives.” Citron v. Fairchild Camera • Directors may rely on reports prepared by others, BUT MUST TAKE an active and direct role • Board that fails to manage and monitor cybersecurity probably breaches its duties of care and oversight • Protect Against Liability • Board must become well-informed • Board should appoint a committee responsible for privacy and security • Recruit and hire at least one tech-savvy member • Follow best industry practices • Indemnification and Insurance • Articles of incorporation—provision eliminating director personal-liability for monetary damages for breach of the Duty of Care/Loyalty. • D & O Policy—WITHOUT exclusions to liability resulting from a privacy breach • Example Problem Exclusion: Insurer shall not be liable for Loss relating to a Claim made against an Insured: • “for emotional distress of any person, • or for injury from libel, slander, defamation or disparagement, • or for injury from a violation of a person’s right of privacy.”
Strategies to Minimize Exposure  Review privacy/security policies and practices  Are you waking the talk?  If not—change it—ensure your policies never out-pace your practices  Make privacy/security policy a binding contract  Use arbitration provision in consumer contracts  Review third party contracts that collect/store/transport PII/PHI  Add indemnification provisions in agreements • Does your indemnifying contracting-party have adequate resources?  Review/add insurance  Evaluate credit card practices under state laws  Technology solutions—tied to policy elements
Audit Your Cloud Service Provider Responsibilities Service Level Agreements (SLAs) Risk assessments Performance and frequency Where is the data? Compliance Right to Audit Third-party Reviews ISO 27001, etc. Incident Response, Notification and Remediation Legal and regulatory compliance Exercising of response plans Data Security Encryption Identity and Access Management Who am I/What do I know/What do I have?
Prevent/Mitigate Litigation End-User Measures: • Encrypt data before sending to Cloud • Industry-specific restrictive rules—on data storage/transport • Notify customer/client HOW data is stored as part of contract governing basic relationship • E.g., FINRA/securities and HIPAA/medical providers • Sophisticated/often-changed pass-phrases • Address Cloud storage issues • Leak response plan • Compliance
Post-Leak Litigation Prevention • Immediate internal investigation • Retain counsel – privilege/work product issues • Interview key personnel • Document actions taken • Immediately and fully notify customers • No cover up, minimization, or delayed reporting • Include plan/potential compensation offer • Establish customer hotline
QUESTIONS Cloud Security Law Michael Keeling, PE, Esq. Keeling Law Offices, PC Phoenix and Coronado, CA www.keelinglawoffices.com NOTE: Information contained in this presentation is intended for informational purposes ONLY. It is not intended to be, and should not be construed as, legal advice to any person or in connection with any transaction. Always consult with an experienced attorney before engaging in any transaction that might involve the legal issues discussed herein.

Recommended

Social Media and the Law
Social Media and the LawSocial Media and the Law
Social Media and the LawChristina Gagnier
 
Gagnier's Portion of TechWeek Chicago Presentation
Gagnier's Portion of TechWeek Chicago PresentationGagnier's Portion of TechWeek Chicago Presentation
Gagnier's Portion of TechWeek Chicago PresentationChristina Gagnier
 
Privacy and Data Protection CLE Presentation for Touro Law Center
Privacy and Data Protection CLE Presentation for Touro Law CenterPrivacy and Data Protection CLE Presentation for Touro Law Center
Privacy and Data Protection CLE Presentation for Touro Law CenterJonathan Ezor
 
HIPAA Privacy, Security, Breach Overview
HIPAA Privacy, Security, Breach OverviewHIPAA Privacy, Security, Breach Overview
HIPAA Privacy, Security, Breach OverviewHealthCare Too, LLC
 
Hot Topics in Data Breach Litigation
Hot Topics in Data Breach LitigationHot Topics in Data Breach Litigation
Hot Topics in Data Breach LitigationBradley Arant Boult Cummings LLP
 
Data Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident SimulationData Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident SimulationBradley Arant Boult Cummings LLP
 
Legal Issues Impacting Data Center Owners, Operators & Users
Legal Issues Impacting Data Center Owners, Operators & UsersLegal Issues Impacting Data Center Owners, Operators & Users
Legal Issues Impacting Data Center Owners, Operators & Usersjyates
 
Privacy Implications of Biometric Data - Kevin Nevias
Privacy Implications of Biometric Data - Kevin NeviasPrivacy Implications of Biometric Data - Kevin Nevias
Privacy Implications of Biometric Data - Kevin NeviasKevin Nevias
 

Recommended

Social Media and the Law
Social Media and the LawSocial Media and the Law
Social Media and the LawChristina Gagnier
 
Gagnier's Portion of TechWeek Chicago Presentation
Gagnier's Portion of TechWeek Chicago PresentationGagnier's Portion of TechWeek Chicago Presentation
Gagnier's Portion of TechWeek Chicago PresentationChristina Gagnier
 
Privacy and Data Protection CLE Presentation for Touro Law Center
Privacy and Data Protection CLE Presentation for Touro Law CenterPrivacy and Data Protection CLE Presentation for Touro Law Center
Privacy and Data Protection CLE Presentation for Touro Law CenterJonathan Ezor
 
HIPAA Privacy, Security, Breach Overview
HIPAA Privacy, Security, Breach OverviewHIPAA Privacy, Security, Breach Overview
HIPAA Privacy, Security, Breach OverviewHealthCare Too, LLC
 
Hot Topics in Data Breach Litigation
Hot Topics in Data Breach LitigationHot Topics in Data Breach Litigation
Hot Topics in Data Breach LitigationBradley Arant Boult Cummings LLP
 
Data Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident SimulationData Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident SimulationBradley Arant Boult Cummings LLP
 
Legal Issues Impacting Data Center Owners, Operators & Users
Legal Issues Impacting Data Center Owners, Operators & UsersLegal Issues Impacting Data Center Owners, Operators & Users
Legal Issues Impacting Data Center Owners, Operators & Usersjyates
 
Privacy Implications of Biometric Data - Kevin Nevias
Privacy Implications of Biometric Data - Kevin NeviasPrivacy Implications of Biometric Data - Kevin Nevias
Privacy Implications of Biometric Data - Kevin NeviasKevin Nevias
 
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...Shawn Tuma
 
Cyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation IndustryCyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation IndustryHNI Risk Services
 
MA Privacy Law
MA Privacy LawMA Privacy Law
MA Privacy Lawtravismd
 
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...Shawn Tuma
 
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Diana Maier
 
Update on Access to Digital Assets: Are We There Yet?
Update on Access to Digital Assets: Are We There Yet?Update on Access to Digital Assets: Are We There Yet?
Update on Access to Digital Assets: Are We There Yet?gallowayandcollens
 
Data Security and Privacy Landscape 2012 (September 2012)
Data Security and Privacy Landscape 2012 (September 2012)Data Security and Privacy Landscape 2012 (September 2012)
Data Security and Privacy Landscape 2012 (September 2012)Jason Haislmaier
 
CSI 2008, Legal Developments In Security and Privacy Law
CSI 2008, Legal Developments In Security and Privacy Law CSI 2008, Legal Developments In Security and Privacy Law
CSI 2008, Legal Developments In Security and Privacy Law padler01
 
Overview and Update on the Computer Fraud and Abuse Act (CFAA) for the Data ...
Overview and Update on the Computer Fraud and Abuse Act (CFAA) for the Data ...Overview and Update on the Computer Fraud and Abuse Act (CFAA) for the Data ...
Overview and Update on the Computer Fraud and Abuse Act (CFAA) for the Data ...Shawn Tuma
 
piiLabsSeattleWorkshop_ChristinaGagnier
piiLabsSeattleWorkshop_ChristinaGagnierpiiLabsSeattleWorkshop_ChristinaGagnier
piiLabsSeattleWorkshop_ChristinaGagnierpii2011
 
The Evolving Computer Fraud and Abuse Act
The Evolving Computer Fraud and Abuse ActThe Evolving Computer Fraud and Abuse Act
The Evolving Computer Fraud and Abuse ActShawn Tuma
 
Computer Fraud and Abuse Act CLE - Dallas Bar Ass'n (8.22.11)
Computer Fraud and Abuse Act CLE - Dallas Bar Ass'n (8.22.11)Computer Fraud and Abuse Act CLE - Dallas Bar Ass'n (8.22.11)
Computer Fraud and Abuse Act CLE - Dallas Bar Ass'n (8.22.11)Shawn Tuma
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White PaperDmcenter
 
Legal Matters in E-commerce
Legal Matters in E-commerceLegal Matters in E-commerce
Legal Matters in E-commerceE-commerce Course of Boğaziçi University
 
Managing the Legal Concerns of Cloud Computing
Managing the Legal Concerns of Cloud ComputingManaging the Legal Concerns of Cloud Computing
Managing the Legal Concerns of Cloud ComputingAmy Larrimore
 
E commerce - ppt
E commerce - ppt E commerce - ppt
E commerce - ppt Saiqa Hashmi
 
Govt authentication brief ca v
Govt authentication brief ca vGovt authentication brief ca v
Govt authentication brief ca vMike Kuhn
 
Data Privacy & Security Update 2012
Data Privacy & Security Update 2012Data Privacy & Security Update 2012
Data Privacy & Security Update 2012Jason Haislmaier
 
Avoiding Privacy Pitfalls When Using Big Data in Marketing
Avoiding Privacy Pitfalls When Using Big Data in MarketingAvoiding Privacy Pitfalls When Using Big Data in Marketing
Avoiding Privacy Pitfalls When Using Big Data in MarketingTokusoudeka
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
 
Abrona 01112010
Abrona 01112010Abrona 01112010
Abrona 01112010Johan Lapidaire
 
jose juan
jose juanjose juan
jose juanguest5653c8
 

More Related Content

What's hot

Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...Shawn Tuma
 
Cyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation IndustryCyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation IndustryHNI Risk Services
 
MA Privacy Law
MA Privacy LawMA Privacy Law
MA Privacy Lawtravismd
 
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...Shawn Tuma
 
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Diana Maier
 
Update on Access to Digital Assets: Are We There Yet?
Update on Access to Digital Assets: Are We There Yet?Update on Access to Digital Assets: Are We There Yet?
Update on Access to Digital Assets: Are We There Yet?gallowayandcollens
 
Data Security and Privacy Landscape 2012 (September 2012)
Data Security and Privacy Landscape 2012 (September 2012)Data Security and Privacy Landscape 2012 (September 2012)
Data Security and Privacy Landscape 2012 (September 2012)Jason Haislmaier
 
CSI 2008, Legal Developments In Security and Privacy Law
CSI 2008, Legal Developments In Security and Privacy Law CSI 2008, Legal Developments In Security and Privacy Law
CSI 2008, Legal Developments In Security and Privacy Law padler01
 
Overview and Update on the Computer Fraud and Abuse Act (CFAA) for the Data ...
Overview and Update on the Computer Fraud and Abuse Act (CFAA) for the Data ...Overview and Update on the Computer Fraud and Abuse Act (CFAA) for the Data ...
Overview and Update on the Computer Fraud and Abuse Act (CFAA) for the Data ...Shawn Tuma
 
piiLabsSeattleWorkshop_ChristinaGagnier
piiLabsSeattleWorkshop_ChristinaGagnierpiiLabsSeattleWorkshop_ChristinaGagnier
piiLabsSeattleWorkshop_ChristinaGagnierpii2011
 
The Evolving Computer Fraud and Abuse Act
The Evolving Computer Fraud and Abuse ActThe Evolving Computer Fraud and Abuse Act
The Evolving Computer Fraud and Abuse ActShawn Tuma
 
Computer Fraud and Abuse Act CLE - Dallas Bar Ass'n (8.22.11)
Computer Fraud and Abuse Act CLE - Dallas Bar Ass'n (8.22.11)Computer Fraud and Abuse Act CLE - Dallas Bar Ass'n (8.22.11)
Computer Fraud and Abuse Act CLE - Dallas Bar Ass'n (8.22.11)Shawn Tuma
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White PaperDmcenter
 
Managing the Legal Concerns of Cloud Computing
Managing the Legal Concerns of Cloud ComputingManaging the Legal Concerns of Cloud Computing
Managing the Legal Concerns of Cloud ComputingAmy Larrimore
 
Govt authentication brief ca v
Govt authentication brief ca vGovt authentication brief ca v
Govt authentication brief ca vMike Kuhn
 
Data Privacy & Security Update 2012
Data Privacy & Security Update 2012Data Privacy & Security Update 2012
Data Privacy & Security Update 2012Jason Haislmaier
 
Avoiding Privacy Pitfalls When Using Big Data in Marketing
Avoiding Privacy Pitfalls When Using Big Data in MarketingAvoiding Privacy Pitfalls When Using Big Data in Marketing
Avoiding Privacy Pitfalls When Using Big Data in MarketingTokusoudeka
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
 

What's hot (20)

Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
 
Cyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation IndustryCyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation Industry
 
MA Privacy Law
MA Privacy LawMA Privacy Law
MA Privacy Law
 
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
 
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
 
Update on Access to Digital Assets: Are We There Yet?
Update on Access to Digital Assets: Are We There Yet?Update on Access to Digital Assets: Are We There Yet?
Update on Access to Digital Assets: Are We There Yet?
 
Data Security and Privacy Landscape 2012 (September 2012)
Data Security and Privacy Landscape 2012 (September 2012)Data Security and Privacy Landscape 2012 (September 2012)
Data Security and Privacy Landscape 2012 (September 2012)
 
CSI 2008, Legal Developments In Security and Privacy Law
CSI 2008, Legal Developments In Security and Privacy Law CSI 2008, Legal Developments In Security and Privacy Law
CSI 2008, Legal Developments In Security and Privacy Law
 
Overview and Update on the Computer Fraud and Abuse Act (CFAA) for the Data ...
Overview and Update on the Computer Fraud and Abuse Act (CFAA) for the Data ...Overview and Update on the Computer Fraud and Abuse Act (CFAA) for the Data ...
Overview and Update on the Computer Fraud and Abuse Act (CFAA) for the Data ...
 
piiLabsSeattleWorkshop_ChristinaGagnier
piiLabsSeattleWorkshop_ChristinaGagnierpiiLabsSeattleWorkshop_ChristinaGagnier
piiLabsSeattleWorkshop_ChristinaGagnier
 
The Evolving Computer Fraud and Abuse Act
The Evolving Computer Fraud and Abuse ActThe Evolving Computer Fraud and Abuse Act
The Evolving Computer Fraud and Abuse Act
 
Computer Fraud and Abuse Act CLE - Dallas Bar Ass'n (8.22.11)
Computer Fraud and Abuse Act CLE - Dallas Bar Ass'n (8.22.11)Computer Fraud and Abuse Act CLE - Dallas Bar Ass'n (8.22.11)
Computer Fraud and Abuse Act CLE - Dallas Bar Ass'n (8.22.11)
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White Paper
 
Legal Matters in E-commerce
Legal Matters in E-commerceLegal Matters in E-commerce
Legal Matters in E-commerce
 
Managing the Legal Concerns of Cloud Computing
Managing the Legal Concerns of Cloud ComputingManaging the Legal Concerns of Cloud Computing
Managing the Legal Concerns of Cloud Computing
 
E commerce - ppt
E commerce - ppt E commerce - ppt
E commerce - ppt
 
Govt authentication brief ca v
Govt authentication brief ca vGovt authentication brief ca v
Govt authentication brief ca v
 
Data Privacy & Security Update 2012
Data Privacy & Security Update 2012Data Privacy & Security Update 2012
Data Privacy & Security Update 2012
 
Avoiding Privacy Pitfalls When Using Big Data in Marketing
Avoiding Privacy Pitfalls When Using Big Data in MarketingAvoiding Privacy Pitfalls When Using Big Data in Marketing
Avoiding Privacy Pitfalls When Using Big Data in Marketing
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
 

Viewers also liked

Code Reviews - developer conference 2013
Code Reviews - developer conference 2013Code Reviews - developer conference 2013
Code Reviews - developer conference 2013Frank Sons
 
The future will be Realtime & Collaborative
The future will be Realtime & CollaborativeThe future will be Realtime & Collaborative
The future will be Realtime & CollaborativeJoseph Gentle
 
FISL 2012 Prezo
FISL 2012 PrezoFISL 2012 Prezo
FISL 2012 Prezochefhja
 
Ошибки при формулировании исковых требований в исках о защите прав 
относител...
Ошибки при формулировании исковых требований в исках о защите прав 
относител...Ошибки при формулировании исковых требований в исках о защите прав 
относител...
Ошибки при формулировании исковых требований в исках о защите прав 
относител...Krainiak
 
Fontys Gastles Svh 04122012
Fontys Gastles Svh 04122012Fontys Gastles Svh 04122012
Fontys Gastles Svh 04122012Johan Lapidaire
 
CS/IT: Where Content and Technology Meet
CS/IT: Where Content and Technology MeetCS/IT: Where Content and Technology Meet
CS/IT: Where Content and Technology MeetLaura Blaydon
 
A Changing Paradigm: Is Your Content Strategy Keeping Up?
A Changing Paradigm: Is Your Content Strategy Keeping Up?A Changing Paradigm: Is Your Content Strategy Keeping Up?
A Changing Paradigm: Is Your Content Strategy Keeping Up?Laura Blaydon
 
Building Disciples in the Practice: Getting Started
Building Disciples in the Practice: Getting StartedBuilding Disciples in the Practice: Getting Started
Building Disciples in the Practice: Getting StartedAllan Carrington
 
Thesis Final120309
Thesis Final120309Thesis Final120309
Thesis Final120309klee4vp
 
PHP 5.3, a walkthrough
PHP 5.3, a walkthroughPHP 5.3, a walkthrough
PHP 5.3, a walkthroughDavid Coallier
 

Viewers also liked (20)

Abrona 01112010
Abrona 01112010Abrona 01112010
Abrona 01112010
 
jose juan
jose juanjose juan
jose juan
 
Code Reviews - developer conference 2013
Code Reviews - developer conference 2013Code Reviews - developer conference 2013
Code Reviews - developer conference 2013
 
Synkron læring
Synkron læringSynkron læring
Synkron læring
 
ARE Americas Presentation
ARE Americas PresentationARE Americas Presentation
ARE Americas Presentation
 
The future will be Realtime & Collaborative
The future will be Realtime & CollaborativeThe future will be Realtime & Collaborative
The future will be Realtime & Collaborative
 
Tenesi
TenesiTenesi
Tenesi
 
ShareJS launch talk
ShareJS launch talkShareJS launch talk
ShareJS launch talk
 
FISL 2012 Prezo
FISL 2012 PrezoFISL 2012 Prezo
FISL 2012 Prezo
 
Ошибки при формулировании исковых требований в исках о защите прав 
относител...
Ошибки при формулировании исковых требований в исках о защите прав 
относител...Ошибки при формулировании исковых требований в исках о защите прав 
относител...
Ошибки при формулировании исковых требований в исках о защите прав 
относител...
 
lll
llllll
lll
 
Fontys Gastles Svh 04122012
Fontys Gastles Svh 04122012Fontys Gastles Svh 04122012
Fontys Gastles Svh 04122012
 
Losh
LoshLosh
Losh
 
CS/IT: Where Content and Technology Meet
CS/IT: Where Content and Technology MeetCS/IT: Where Content and Technology Meet
CS/IT: Where Content and Technology Meet
 
Sosiale studentmedier
Sosiale studentmedierSosiale studentmedier
Sosiale studentmedier
 
A Changing Paradigm: Is Your Content Strategy Keeping Up?
A Changing Paradigm: Is Your Content Strategy Keeping Up?A Changing Paradigm: Is Your Content Strategy Keeping Up?
A Changing Paradigm: Is Your Content Strategy Keeping Up?
 
Intro To Social Media
Intro To Social MediaIntro To Social Media
Intro To Social Media
 
Building Disciples in the Practice: Getting Started
Building Disciples in the Practice: Getting StartedBuilding Disciples in the Practice: Getting Started
Building Disciples in the Practice: Getting Started
 
Thesis Final120309
Thesis Final120309Thesis Final120309
Thesis Final120309
 
PHP 5.3, a walkthrough
PHP 5.3, a walkthroughPHP 5.3, a walkthrough
PHP 5.3, a walkthrough
 

Similar to Cloud Security Law Issues--an Overview

Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsCyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsShawn Tuma
 
Cybersecurity and Data Privacy
Cybersecurity and Data PrivacyCybersecurity and Data Privacy
Cybersecurity and Data PrivacyIFLP
 
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Shawn Tuma
 
Cyber security legal and regulatory environment - Executive Discussion
Cyber security legal and regulatory environment - Executive DiscussionCyber security legal and regulatory environment - Executive Discussion
Cyber security legal and regulatory environment - Executive DiscussionJoe Nathans
 
The Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityThe Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityRachel Hamilton
 
74 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.1674 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.16Glenn E. Davis
 
Internet Law 2014 - Presentation at CalBar IP Institute
Internet Law 2014 - Presentation at CalBar IP InstituteInternet Law 2014 - Presentation at CalBar IP Institute
Internet Law 2014 - Presentation at CalBar IP InstituteInternet Law Center
 
Legal vectors - Survey of Law, Regulation and Technology Risk
Legal vectors - Survey of Law, Regulation and Technology RiskLegal vectors - Survey of Law, Regulation and Technology Risk
Legal vectors - Survey of Law, Regulation and Technology RiskWilliam Gamble
 
Data protection & security breakfast briefing master slides 28 june-final
Data protection & security breakfast briefing master slides 28 june-finalData protection & security breakfast briefing master slides 28 june-final
Data protection & security breakfast briefing master slides 28 june-finalDr. Donald Macfarlane
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalData Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalDr. Donald Macfarlane
 
Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowShawn Tuma
 
2017: Privacy Issues on the Horizon
2017: Privacy Issues on the Horizon2017: Privacy Issues on the Horizon
2017: Privacy Issues on the HorizonWinston & Strawn LLP
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Shawn Tuma
 
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015Robert Craig
 
Data breach protection from a DB2 perspective
Data breach protection from a DB2 perspectiveData breach protection from a DB2 perspective
Data breach protection from a DB2 perspectiveCraig Mullins
 

Similar to Cloud Security Law Issues--an Overview (20)

Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsCyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
 
Cybersecurity and Data Privacy
Cybersecurity and Data PrivacyCybersecurity and Data Privacy
Cybersecurity and Data Privacy
 
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
 
Data Privacy
Data PrivacyData Privacy
Data Privacy
 
Cyber security legal and regulatory environment - Executive Discussion
Cyber security legal and regulatory environment - Executive DiscussionCyber security legal and regulatory environment - Executive Discussion
Cyber security legal and regulatory environment - Executive Discussion
 
The Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityThe Changing Landscape of Cyber Liability
The Changing Landscape of Cyber Liability
 
Privacy Compliance for Law Firms: Moving Beyond Confidentiality
Privacy Compliance for Law Firms: Moving Beyond ConfidentialityPrivacy Compliance for Law Firms: Moving Beyond Confidentiality
Privacy Compliance for Law Firms: Moving Beyond Confidentiality
 
Cybersecurity and Data Privacy Whistleblower Protections
Cybersecurity and Data Privacy Whistleblower ProtectionsCybersecurity and Data Privacy Whistleblower Protections
Cybersecurity and Data Privacy Whistleblower Protections
 
Cloud primer
Cloud primerCloud primer
Cloud primer
 
74 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.1674 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.16
 
Internet Law 2014 - Presentation at CalBar IP Institute
Internet Law 2014 - Presentation at CalBar IP InstituteInternet Law 2014 - Presentation at CalBar IP Institute
Internet Law 2014 - Presentation at CalBar IP Institute
 
Legal vectors - Survey of Law, Regulation and Technology Risk
Legal vectors - Survey of Law, Regulation and Technology RiskLegal vectors - Survey of Law, Regulation and Technology Risk
Legal vectors - Survey of Law, Regulation and Technology Risk
 
Data protection & security breakfast briefing master slides 28 june-final
Data protection & security breakfast briefing master slides 28 june-finalData protection & security breakfast briefing master slides 28 june-final
Data protection & security breakfast briefing master slides 28 june-final
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalData Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
 
Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to Know
 
2017: Privacy Issues on the Horizon
2017: Privacy Issues on the Horizon2017: Privacy Issues on the Horizon
2017: Privacy Issues on the Horizon
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
 
Privacy Needs to be Personal
Privacy Needs to be PersonalPrivacy Needs to be Personal
Privacy Needs to be Personal
 
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
 
Data breach protection from a DB2 perspective
Data breach protection from a DB2 perspectiveData breach protection from a DB2 perspective
Data breach protection from a DB2 perspective
 

Recently uploaded

一比一原版(TheAuckland毕业证书)新西兰奥克兰大学毕业证如何办理
一比一原版(TheAuckland毕业证书)新西兰奥克兰大学毕业证如何办理一比一原版(TheAuckland毕业证书)新西兰奥克兰大学毕业证如何办理
一比一原版(TheAuckland毕业证书)新西兰奥克兰大学毕业证如何办理F La
 
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理e9733fc35af6
 
Who is Spencer McDaniel? And Does He Actually Exist?
Who is Spencer McDaniel? And Does He Actually Exist?Who is Spencer McDaniel? And Does He Actually Exist?
Who is Spencer McDaniel? And Does He Actually Exist?Abdul-Hakim Shabazz
 
The Main Procedures for a Divorce in Greece
The Main Procedures for a Divorce in GreeceThe Main Procedures for a Divorce in Greece
The Main Procedures for a Divorce in GreeceBridgeWest.eu
 
一比一原版悉尼科技大学毕业证如何办理
一比一原版悉尼科技大学毕业证如何办理一比一原版悉尼科技大学毕业证如何办理
一比一原版悉尼科技大学毕业证如何办理e9733fc35af6
 
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...ZurliaSoop
 
Petitioner Moot Memorial including Charges and Argument Advanced.docx
Petitioner Moot Memorial including Charges and Argument Advanced.docxPetitioner Moot Memorial including Charges and Argument Advanced.docx
Petitioner Moot Memorial including Charges and Argument Advanced.docxRumantSharma
 
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理ss
 
一比一原版(ASU毕业证书)亚利桑那州立大学毕业证成绩单原件一模一样
一比一原版(ASU毕业证书)亚利桑那州立大学毕业证成绩单原件一模一样一比一原版(ASU毕业证书)亚利桑那州立大学毕业证成绩单原件一模一样
一比一原版(ASU毕业证书)亚利桑那州立大学毕业证成绩单原件一模一样mefyqyn
 
一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理Airst S
 
Skill Development in Law, Para Legal & other Fields and Export of Trained Man...
Skill Development in Law, Para Legal & other Fields and Export of Trained Man...Skill Development in Law, Para Legal & other Fields and Export of Trained Man...
Skill Development in Law, Para Legal & other Fields and Export of Trained Man...Nilendra Kumar
 
一比一原版(UNSW毕业证书)新南威尔士大学毕业证如何办理
一比一原版(UNSW毕业证书)新南威尔士大学毕业证如何办理一比一原版(UNSW毕业证书)新南威尔士大学毕业证如何办理
一比一原版(UNSW毕业证书)新南威尔士大学毕业证如何办理ss
 
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理Airst S
 
一比一原版(IC毕业证书)帝国理工学院毕业证如何办理
一比一原版(IC毕业证书)帝国理工学院毕业证如何办理一比一原版(IC毕业证书)帝国理工学院毕业证如何办理
一比一原版(IC毕业证书)帝国理工学院毕业证如何办理Fir La
 
OVERVIEW OF LABOUR LAWS with Case Studies- ppt.ppt
OVERVIEW OF LABOUR LAWS with Case Studies- ppt.pptOVERVIEW OF LABOUR LAWS with Case Studies- ppt.ppt
OVERVIEW OF LABOUR LAWS with Case Studies- ppt.pptRRR Chambers
 
Jim Eiberger Rental Agreement Redacted Former Lease.docx
Jim Eiberger Rental Agreement Redacted Former Lease.docxJim Eiberger Rental Agreement Redacted Former Lease.docx
Jim Eiberger Rental Agreement Redacted Former Lease.docxDenver CO
 
Judgement__Mode_and_other_provisions_BY_Anshika[1][1].pptx
Judgement__Mode_and_other_provisions_BY_Anshika[1][1].pptxJudgement__Mode_and_other_provisions_BY_Anshika[1][1].pptx
Judgement__Mode_and_other_provisions_BY_Anshika[1][1].pptxSuneelSONU1
 
Sangyun Lee, Duplicate Powers in the Criminal Referral Process and the Overla...
Sangyun Lee, Duplicate Powers in the Criminal Referral Process and the Overla...Sangyun Lee, Duplicate Powers in the Criminal Referral Process and the Overla...
Sangyun Lee, Duplicate Powers in the Criminal Referral Process and the Overla...Sangyun Lee
 
posts-harmful-to-secular-structure-of-the-country-539103-1.pdf
posts-harmful-to-secular-structure-of-the-country-539103-1.pdfposts-harmful-to-secular-structure-of-the-country-539103-1.pdf
posts-harmful-to-secular-structure-of-the-country-539103-1.pdfbhavenpr
 

Recently uploaded (20)

一比一原版(TheAuckland毕业证书)新西兰奥克兰大学毕业证如何办理
一比一原版(TheAuckland毕业证书)新西兰奥克兰大学毕业证如何办理一比一原版(TheAuckland毕业证书)新西兰奥克兰大学毕业证如何办理
一比一原版(TheAuckland毕业证书)新西兰奥克兰大学毕业证如何办理
 
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
 
Who is Spencer McDaniel? And Does He Actually Exist?
Who is Spencer McDaniel? And Does He Actually Exist?Who is Spencer McDaniel? And Does He Actually Exist?
Who is Spencer McDaniel? And Does He Actually Exist?
 
The Main Procedures for a Divorce in Greece
The Main Procedures for a Divorce in GreeceThe Main Procedures for a Divorce in Greece
The Main Procedures for a Divorce in Greece
 
一比一原版悉尼科技大学毕业证如何办理
一比一原版悉尼科技大学毕业证如何办理一比一原版悉尼科技大学毕业证如何办理
一比一原版悉尼科技大学毕业证如何办理
 
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
 
Petitioner Moot Memorial including Charges and Argument Advanced.docx
Petitioner Moot Memorial including Charges and Argument Advanced.docxPetitioner Moot Memorial including Charges and Argument Advanced.docx
Petitioner Moot Memorial including Charges and Argument Advanced.docx
 
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
 
一比一原版(ASU毕业证书)亚利桑那州立大学毕业证成绩单原件一模一样
一比一原版(ASU毕业证书)亚利桑那州立大学毕业证成绩单原件一模一样一比一原版(ASU毕业证书)亚利桑那州立大学毕业证成绩单原件一模一样
一比一原版(ASU毕业证书)亚利桑那州立大学毕业证成绩单原件一模一样
 
一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理
 
Skill Development in Law, Para Legal & other Fields and Export of Trained Man...
Skill Development in Law, Para Legal & other Fields and Export of Trained Man...Skill Development in Law, Para Legal & other Fields and Export of Trained Man...
Skill Development in Law, Para Legal & other Fields and Export of Trained Man...
 
一比一原版(UNSW毕业证书)新南威尔士大学毕业证如何办理
一比一原版(UNSW毕业证书)新南威尔士大学毕业证如何办理一比一原版(UNSW毕业证书)新南威尔士大学毕业证如何办理
一比一原版(UNSW毕业证书)新南威尔士大学毕业证如何办理
 
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
 
一比一原版(IC毕业证书)帝国理工学院毕业证如何办理
一比一原版(IC毕业证书)帝国理工学院毕业证如何办理一比一原版(IC毕业证书)帝国理工学院毕业证如何办理
一比一原版(IC毕业证书)帝国理工学院毕业证如何办理
 
OVERVIEW OF LABOUR LAWS with Case Studies- ppt.ppt
OVERVIEW OF LABOUR LAWS with Case Studies- ppt.pptOVERVIEW OF LABOUR LAWS with Case Studies- ppt.ppt
OVERVIEW OF LABOUR LAWS with Case Studies- ppt.ppt
 
Jim Eiberger Rental Agreement Redacted Former Lease.docx
Jim Eiberger Rental Agreement Redacted Former Lease.docxJim Eiberger Rental Agreement Redacted Former Lease.docx
Jim Eiberger Rental Agreement Redacted Former Lease.docx
 
Judgement__Mode_and_other_provisions_BY_Anshika[1][1].pptx
Judgement__Mode_and_other_provisions_BY_Anshika[1][1].pptxJudgement__Mode_and_other_provisions_BY_Anshika[1][1].pptx
Judgement__Mode_and_other_provisions_BY_Anshika[1][1].pptx
 
Sangyun Lee, Duplicate Powers in the Criminal Referral Process and the Overla...
Sangyun Lee, Duplicate Powers in the Criminal Referral Process and the Overla...Sangyun Lee, Duplicate Powers in the Criminal Referral Process and the Overla...
Sangyun Lee, Duplicate Powers in the Criminal Referral Process and the Overla...
 
posts-harmful-to-secular-structure-of-the-country-539103-1.pdf
posts-harmful-to-secular-structure-of-the-country-539103-1.pdfposts-harmful-to-secular-structure-of-the-country-539103-1.pdf
posts-harmful-to-secular-structure-of-the-country-539103-1.pdf
 
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy NovicesIt’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
 

Cloud Security Law Issues--an Overview

  • 1. CLOUD SECURITY LAW MICHAEL KEELING, PE, ESQ. KEELING LAW OFFICES, PC PHOENIXANDCORONADO Presented at Cloud Security Alliance Meeting January 20, 2015 Phoenix NOTE: Information contained in this presentation is intended for informational purposes ONLY. It is not intended to be, and should not be construed as, legal advice to any person or in connection with any transaction. Always consult with an experienced attorney before engaging in any transaction that might involve the legal issues discussed herein.
  • 2. Cloud Perspectives Gartner sees the cloud as a: “style of computing where scalable and elastic IT-related capabilities are provided as a service to customers using Internet technologies.” Government sees Enforcement of specific statutes HIPAA CAN-SPAM (Commercial messaging) GLB (Financial services) COPPA (Children) Compliance—Federal Guidelines NIST State Actions State patchwork of statutes Federal Trade Commission Primary federal enforcer.
  • 3. Percentage of Claims by Data Type NetDiligence® 2013 Cyber Liability & Data Breach Insurance Claims
  • 4. Percentage of Claims by Business Sector NetDiligence® 2013 Cyber Liability & Data Breach Insurance Claims
  • 5. Percentage of Claims by Cause of Loss NetDiligence® 2013 Cyber Liability & Data Breach Insurance Claims
  • 6. State Regulatory Exposure 47 States require notice of security breaches (not AL, NM, SD as of 1/1/2015) After unauthorized access of PII/PHI If unencrypted computerized PII/PHI Many States Require Notice to state attorney general, state consumer protection agencies, and credit monitoring agencies Allow private right of action for violations Encryption often a safe harbor • Data-at-rest • Data in transit
  • 7. FTC Act • Prohibits “unfair or deceptive practices in or affecting commerce.” • “Unfair” if …Practice • Causes or is likely to cause substantial injury to consumers • Cannot reasonably be avoided by consumers • Is not outweighed by countervailing benefits to consumers or to competition • “deceptive” if … Practice, or Representation, or Omission • Misleads or is likely to mislead consumers • Based on Consumers’ interpretation under circumstances • Is it material? • No intent required (strict liability).
  • 8. Liability Equals Common Law 101 • Duty • Breach • Causation • Injury/Harm • Damages • Defenses. Federal Trade Commission • No “unfair or deceptive practices in or affecting commerce.” • Broad dragnet • No Intent required • No actual harm required.
  • 9. Court Ruled FTC Can Enforce Breaches As An Unfair Practice Under FTC Act • FTC sued Wyndham Worldwide Corporation in 2012, alleging • Violated FTC Act’s prohibition against unfair or deceptive acts or practices. • Failure to maintain reasonable and appropriate data security for consumers’ sensitive personal information” • Wyndham, moved to dismiss, arguing • FTC did not have authority to bring an “unfairness” claim involving data security. • Court disagreed • Finding specific data security legislation passed after FTC Act merely complemented FTC’s unfairness authority—but did not preclude it. • Wyndham also argued • FTC had to publicize regulations to provide fair notice of its data security standards • Court disagreed • Court determined taking such publication was not the only way to do so. • It noted FTC Act, Section 5 provides a three-part test • Suggesting entities look to complaints, consent agreements and public statements to figure out FTC’s standard for bringing an unfairness claim under the Act.
  • 10. FTC—In Action Practices FTC attacks as “deceptive” Violating your published privacy policies Failing to verify identity of persons to whom confidential consumer information was disclosed Downloading spyware/adware onto unsuspecting users’ devices Practices FTC attacks as “unfair” Failing to implement reasonable safeguards to protect privacy of consumer information As compared to “developing” federal standards FTC’s “yardstick” is a moving target.
  • 11. FTC Suit—Snapchat Misleads By Claiming Messages “Disappear Forever” • FTC accused Snapchat of violating FTC Act, Section 5—barring deceptive business practices. • “if you make promises about privacy, you must honor those promises.” • FTC alleged Snapchat messages are not ephemeral as promised • Snapchat wrongly informed its users that their messages would vanish • Company’s FAQ: “Is there any way to view an image after the time has expired? No, snaps disappear after the timer runs out.” • FTC interpreted as an absolute statement. Period. • Snapchat deceived consumers about PII it collected and what it did with the PII. • Snapchat users were likely attracted by promise that their messages would disappear. • “Several methods exist by which a recipient can save both photo and video messages, allowing access indefinitely.” • Settlement • Bars Snapchat from misrepresenting its privacy policies • Requires Snapchat implement “a comprehensive privacy program”…monitored 20 yrs. • Violations of settlement, liable for up to $16,000 per violation per day
  • 12. FCC Expands Its Data Security Regulatory Reach • FCC $10 million fines, October 24, 2014 • TerraCom Inc. and YourTel America Inc. • First time, but per FCC Enforcement Bureau Chief • “it will not be the last” • Allegedly the 2-companies • collected consumer PII to demonstrate eligibility for FCC’s Lifeline program • Stored-online unencrypted customer PII • with no security safeguards • Alleged failure is • Violation under FCC ACT, Section 222(a), and • Unjust and unreasonable practice in violation of Section 201(b) • Section 503(b)(1) • Empowers FCC to order forfeiture penalties for violations of the Act, • But does not specify a base forfeiture per violation.
  • 13. Security Breach Litigation Breach of Contract/Implied Contact and Negligence Anderson v. Hannaford Brothers Co., 659 F.3d 151 (1st Cir. 2011) Finding Implied contract duty by grocery store to protect customers’ data Patco Construction Co. v. People’s United Bank, 684 F.3d 197 (1st Cir. 2012) Holding defendant’s security procedures not commercially reasonable Standing in Class Action Cases Lambert v. Hartman, 517 F.3d 433 (6th Cir. 2008) Finding standing where P’s information posted on municipal website, taken by identity thief, causing actual financial loss traceable to D’s conduct Resnick v. AvMed, Inc., 693 F.3d 1317 (11th Cir. 2012) Finding standing where plaintiffs were identity-theft victims Pisciotta v. Old National Bancorp., 499 F.3d 629 (7th Cir. 2007) Finding standing based on threat of future harm Krottner v. Starbucks Corp., 628 F.3d 1139 (9th Cir. 2010) Finding standing where plaintiffs unencrypted PII stored on a stolen laptop Reilly v. Ceridian Corp., 664 F.3d 38 (3d Cir. 2011) Finding no standing in employee risk-of-identity theft suit alleging negligence and breach of contract against a payroll processing firm.
  • 14. Court Allows HIPAA “Standard of Care" Negligence Claim • Connecticut Supreme Court rules plaintiffs can sue for negligence if a healthcare provider violates HIPAA privacy regulations • Emily Byrne vs. Avery Center for Obstetrics and Gynecology (2014) • HIPAA does not provide for the “private right of action” • In data-breach cases, plaintiffs argue • healthcare provider, insurer or other covered entity (Business Associates) did not meet the “standard of care” under HIPAA security or privacy rule in protecting records • and that failure to meet that standard of care was negligent. • BUT—in negligence lawsuits, plaintiffs must show damages.
  • 15. Defenses Shrinking Krottner v. Starbucks Corp. Increased risk of identity theft constitutes an injury-in-fact Anderson v. Hannaford Alleged fraud in population and money spent in mitigation efforts sufficient (instead of time/effort) ITERA (Identity Theft Enforcement and Restitution Act) Pay an amount equal to Victims’ value of time reasonably spent In re Hannaford Bros. Data Security Breach Litigation  Time equals money—if fraud; credit monitoring damages ChoicePoint Data Breach Settlement “Time they [victims] may have spent monitoring their credit or taking other steps in response”
  • 16. Director Liability Arising From Data Breach Palkonv.Holmes,No.14-cv-01234(D.N.J.),WyndhamSHssuedD&O’s,claimingtheirfailuretoimplementadequateinformation-securitypoliciesallowed3databreaches • Shareholder derivative actions • Plaintiff is not required to prove damages resulting from theft of PII. • Directors owe Duties Of Care (BJR) and Loyalty—including Duty of Oversight (No BJR) • Did not implement reporting or information system or controls; or • Implemented controls, BUT “consciously failed to monitor or oversee its operations.” Stone. • After a data breach, claims against board probably will be • Breach of Duty of Care and • Breach of Duty Loyalty/Oversight • Court “look[s] for evidence of whether a board has acted in a deliberate and knowledgeable way identifying and exploring alternatives.” Citron v. Fairchild Camera • Directors may rely on reports prepared by others, BUT MUST TAKE an active and direct role • Board that fails to manage and monitor cybersecurity probably breaches its duties of care and oversight • Protect Against Liability • Board must become well-informed • Board should appoint a committee responsible for privacy and security • Recruit and hire at least one tech-savvy member • Follow best industry practices • Indemnification and Insurance • Articles of incorporation—provision eliminating director personal-liability for monetary damages for breach of the Duty of Care/Loyalty. • D & O Policy—WITHOUT exclusions to liability resulting from a privacy breach • Example Problem Exclusion: Insurer shall not be liable for Loss relating to a Claim made against an Insured: • “for emotional distress of any person, • or for injury from libel, slander, defamation or disparagement, • or for injury from a violation of a person’s right of privacy.”
  • 17. Strategies to Minimize Exposure  Review privacy/security policies and practices  Are you waking the talk?  If not—change it—ensure your policies never out-pace your practices  Make privacy/security policy a binding contract  Use arbitration provision in consumer contracts  Review third party contracts that collect/store/transport PII/PHI  Add indemnification provisions in agreements • Does your indemnifying contracting-party have adequate resources?  Review/add insurance  Evaluate credit card practices under state laws  Technology solutions—tied to policy elements
  • 18. Audit Your Cloud Service Provider Responsibilities Service Level Agreements (SLAs) Risk assessments Performance and frequency Where is the data? Compliance Right to Audit Third-party Reviews ISO 27001, etc. Incident Response, Notification and Remediation Legal and regulatory compliance Exercising of response plans Data Security Encryption Identity and Access Management Who am I/What do I know/What do I have?
  • 19. Prevent/Mitigate Litigation End-User Measures: • Encrypt data before sending to Cloud • Industry-specific restrictive rules—on data storage/transport • Notify customer/client HOW data is stored as part of contract governing basic relationship • E.g., FINRA/securities and HIPAA/medical providers • Sophisticated/often-changed pass-phrases • Address Cloud storage issues • Leak response plan • Compliance
  • 20. Post-Leak Litigation Prevention • Immediate internal investigation • Retain counsel – privilege/work product issues • Interview key personnel • Document actions taken • Immediately and fully notify customers • No cover up, minimization, or delayed reporting • Include plan/potential compensation offer • Establish customer hotline
  • 21. QUESTIONS Cloud Security Law Michael Keeling, PE, Esq. Keeling Law Offices, PC Phoenix and Coronado, CA www.keelinglawoffices.com NOTE: Information contained in this presentation is intended for informational purposes ONLY. It is not intended to be, and should not be construed as, legal advice to any person or in connection with any transaction. Always consult with an experienced attorney before engaging in any transaction that might involve the legal issues discussed herein.