SlideShare a Scribd company logo

Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss

Shawn Tuma
Shawn Tuma

Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss. This is a keynote speech delivered by Shawn Tuma to the Paralegal Division of the State Bar of Texas on June 17, 2016.

Law
1 of 41
Download to read offline
www.solidcounsel.com
Shawn Tuma Cybersecurity Partner Scheef & Stone, L.L.P. 214.472.2135 shawn.tuma@solidcounsel.com @shawnetuma blog: www.shawnetuma.com web: www.solidcounsel.com This information provided is for educational purposes only, does not constitute legal advice, and no attorney-client relationship is created by this presentation. ShawnTuma is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud and data privacy law. He is a Cybersecurity & Data Protection Partner at Scheef & Stone, LLP, a full- service commercial law firm inTexas that represents businesses of all sizes throughout the United States and around the world.  Board of Directors, NorthTexas Cyber Forensics Lab  Board of Directors & General Counsel, Cyber Future Foundation  Texas SuperLawyers 2015-16 (IP Litigation)  Best Lawyers in Dallas 2014-16, D Magazine (Digital Information Law)  Council, Computer &Technology Section, State Bar ofTexas  Chair, Civil Litigation & Appellate Section, Collin County Bar Association  College of the State Bar ofTexas  Privacy and Data Security Committee, Litigation, Intellectual Property Law, and Business Sections of the State Bar ofTexas  Information Security Committee of the Section on Science & Technology Committee of the American Bar Association  NorthTexas Crime Commission,Cybercrime Committee  Infragard (FBI)  International Association of Privacy Professionals (IAPP)  Information Systems Security Association (ISSA)  Board of Advisors, Optiv Security  Editor, Business Cybersecurity Business Law Blog
“There are only two types of companies: those that have been hacked, and those that will be.” –Robert Mueller
“It’s not a matter of if, but a matter of when”
62% of Cyber Attacks  SMBs
Odds: Security @100% / Hacker @ 1
TargetHome DepotNeiman MarcusMichael’sSpecsTJ MaxxeBaySally BeautyPF Chang’sUPSDairy QueenJimmy John’sJP Morgan ChaseKmartStaplesSonyAshley Madison
Yes, Legal
www.solidcounsel.com “Security and IT protect companies’ data; Legal protects companies from their data.” -Shawn E. Tuma
KEEP CALM I’M A FIRST RESPONDER
KEEP CALM I’M A FIRST RESPONDER
KEEP CALM I’M A FIRST RESPONDER
Immediate Priorities • Assess the situation • Be a counselor • Instill confidence • Bring peace • Facilitate rational thought & behavior
www.solidcounsel.com Who are targets? Key Point: We are all targets  Your clients’ businesses  Your law firms  Big firms (give examples)  James Shelton Example  Rural Texas solo practitioner  Employee left, didn’t change password or disable acct  Hackers accessed, spoofed email, sent “pleadings” all over, including other countries
www.solidcounsel.com Privilege / Work Product KEY POINT: Attorney’s may have privilege “Target has demonstrated . . . that the work of the Data Breach Task Force was focused not on remediation of the breach . . . but on informing Target’s in-house and outside counsel about the breach so that Target’s attorneys could provide the company with legal advice and prepare to defend the company in litigation that was already pending and was reasonably expected to follow.” In re Target Corp. Customer Data Breach Litigation
www.solidcounsel.com ACC Study (Sept ‘15) What concerns keep Chief Legal Officers awake at night? #2 = Data Breaches 82% consider as somewhat, very, or extremely important
www.solidcounsel.com Cost of a Data Breach – US 2013 Cost • $188.00 per record • $5.4 million = total average cost paid by organizations 2014 Cost • $201 per record • $5.9 million = total average cost paid by organizations 2015 Cost • $217 per record • $6.5 million = total average cost paid by organizations (Ponemon Institute Cost of Data Breach Studies)
www.solidcounsel.com Legal Obligations  International Laws  Safe Harbor  Privacy Shield  Federal Laws & Regs  HIPAA, GLBA, FERPA  FTC, FCC, SEC  State Laws  47 states (Ala, NM, SD)  Fla (w/in 30 days)  OH & VT (45 days)  Industry Groups  PCI, FINRA, etc.  Contracts  Vendors & Suppliers  Business Partners  Data Security Addendum
www.solidcounsel.com Ancient Cybersecurity Wisdom  Water shapes its course according to the nature of the ground over which it flows; the soldier works out his victory in relation to the foe whom he is facing.”  “In all fighting the direct method may be used for joining battle, but indirect methods will be needed to secure victory.”
“An ounce of prevention is cheaper than the first day of litigation.”
Litigation
www.solidcounsel.com Consumer Litigation Peters v. St. Joseph Services, 74 F.Supp.3d 847 (S.D. Tex. Feb. 11, 2015) Remijas v. Neiman Marcus Group, LLC, 794 F.3d 688, 693 (7th Cir. 2015) Whalen v. Michael Stores Inc., 2015 WL 9462108 (E.D.N.Y. Dec. 28, 2015) In re SuperValu, Inc., 2016 WL 81792 (D. Minn. Jan. 7, 2016) In re Anthem Data Breach Litigation, 2016 WL 589760 (N.D. Cal. Feb. 14, 2016) (J. Lucy Koh)
Regulatory & Administrative
www.solidcounsel.com Regulatory & Administrative - FTC KEY POINT: You must have basic IT security F.T.C. v. Wyndham Worldwide Corp., 799 F.3d 236 (3rd Cir. Aug. 24, 2015).  The FTC has authority to regulate cybersecurity under the unfairness prong of § 45(a) of the Federal Trade Commission Act.  Companies have fair notice that their specific cybersecurity practices could fall short of that provision.  3 breaches / 619,000 records / $10.6 million in fraud  Rudimentary practices v. 2007 guidebook  Website Privacy Policy misrepresentations  Jurisdiction v. set standard?
www.solidcounsel.com The Basics “Some people try to find things in this game that don’t exist but football is only two things – blocking and tackling.” -Lombardi
www.solidcounsel.com The Basics Best Practices  Documented  Basic IT Security  Basic Physical Security  Security Focused P&P  Company  Workforce  Network  Website / Privacy / TOS  Business Associates  Social Engineering  Implementation  Training
www.solidcounsel.com Regulatory & Administrative – FTC KEY POINT: You must evaluate business partners’ security In re GMR Transcription Svcs, Inc., 2014 WL 4252393 (Aug. 14, 2014). FTC’s Order requires business to follow 3 steps when contracting with third party service providers: 1. Investigate before hiring data service providers. 2. Obligate their data service providers to adhere to the appropriate level of data security protections. 3. Verify that the data service providers are complying with obligations (contracts).
www.solidcounsel.com Addendum to Business Contracts KEY POINT: Know your contractual obligations  Common names for the Addendum:  Data Security & Privacy; Data Privacy; Cybersecurity; Privacy; Information Security.  Common features  Defines subject “Data” being protected in categories.  Describes acceptable and prohibited uses for Data.  Describes standards for protecting Data.  Describes requirements for deleting Data.  Describes obligations if a breach of Data.  Allocates responsibility if a breach of Data.  Requires binding third parties to similar provisions.
www.solidcounsel.com Regulatory & Administrative – SEC KEY POINT: You must have written (1) Policies & Procedures and (2) Incident Response Plan S.E.C. v. R.T. Jones Capital Equities Management, Consent Order (Sept. 22, 2015).  “Firms must adopt written policies to protect their clients’ private information”  “they need to anticipate potential cybersecurity events and  have clear procedures in place rather than waiting to react once a breach occurs.”  violated this “safeguards rule  100,000 records (no reports of harm)  $75,000 penalty
www.solidcounsel.com Responding: Execute Response Plan This is only a checklist – not a Response Plan
How Fast? • 45 days (most states) • 30 days (some states) • 3 days (fed contracts) • 2 days (bus expectation) • Immediately (contracts)
Officer & Director Liability
www.solidcounsel.com Officer & Director Liability KEY POINT: “boards that choose to ignore, or minimize, the importance of cybersecurity oversight responsibility, do so at their own peril.” SEC Commissioner Luis A. Aguilar, June 10, 2014.  Heartland Payment Systems, TJ Maxx, Target, Home Depot, Wyndham  Derivative claims premised on the harm to the company from data breach.  Caremark Claims:  Premised on lack of oversight = breach of the duty of loyalty and good faith  Cannot insulate the officers and directors = PERSONAL LIABILITY!  Standard:  (1) “utterly failed” to implement reporting system or controls; or  (2) “consciously failed” to monitor or oversee system.
www.solidcounsel.com Officer & Director Liability Palkon v. Holmes, 2014 WL 5341880, *5-6 (D. NJ Oct. 20, 2014).  Derivative action for failing to ensure Wyndham implemented adequate security policies and procedures.  Order Dismissing: The board satisfied the business judgement rule by staying reasonably informed of the cybersecurity risks and exercising appropriate oversight in the face of the known risks.  Well-documented history of diligence showed Board  Discussed cybersecurity risks, company security policies and proposed enhancements in 14 quarterly meetings; and  Implemented some of those cybersecurity measures.
Cyber Insurance
www.solidcounsel.com Cyber Insurance – Key Questions  Even know if you have it?  What period does the policy cover?  Are Officers & Directors Covered?  Cover 3rd Party Caused Events?  Social Engineering coverage?  Cover insiders intentional acts (vs. negligent)  Contractual liability?  What is the triggering event?  What types of data are covered?  What kind of incidents are covered?  Acts of war?  Required carrier list for attorneys & experts?  Other similar risks?
Virtually all companies will be breached.Will they be liable? It’s not the breach; it’s their diligence and response that matter most. Companies have a duty to be reasonably informed of and take reasonable measures to protect against cybersecurity risks.
Cyber Risk Assessment Strategic Planning Deploy Defense Assets Develop, Implement &Train on P&P Tabletop Testing Reassess & Refine Cybersecurity Risk Management Program
3 Must-Haves for Every Organization 1. Basic IT Security 2. Written Policies & Procedures 3. Written Incident Response Plan ***Document3***
“You don’t drown by falling in the water; You drown by staying there.”

Recommended

Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossShawn Tuma
 
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsCybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsShawn Tuma
 
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...Shawn Tuma
 
Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowShawn Tuma
 
Cybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The ConvergenceCybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The ConvergenceShawn Tuma
 
Cyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach ResponseCyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach ResponseShawn Tuma
 
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsCyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsShawn Tuma
 
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)Shawn Tuma
 

Recommended

Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossShawn Tuma
 
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsCybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsShawn Tuma
 
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...Shawn Tuma
 
Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowShawn Tuma
 
Cybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The ConvergenceCybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The ConvergenceShawn Tuma
 
Cyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach ResponseCyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach ResponseShawn Tuma
 
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsCyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsShawn Tuma
 
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)Shawn Tuma
 
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionCybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionShawn Tuma
 
Government Notification of Data Breach
Government Notification of Data BreachGovernment Notification of Data Breach
Government Notification of Data BreachShawn Tuma
 
Digital Information Law & Your Business - The Alternative Board
Digital Information Law & Your Business - The Alternative BoardDigital Information Law & Your Business - The Alternative Board
Digital Information Law & Your Business - The Alternative BoardShawn Tuma
 
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...Shawn Tuma
 
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...Shawn Tuma
 
Cyber Security For Law Firms - February 2015 -Westchester County Bar Associat...
Cyber Security For Law Firms - February 2015 -Westchester County Bar Associat...Cyber Security For Law Firms - February 2015 -Westchester County Bar Associat...
Cyber Security For Law Firms - February 2015 -Westchester County Bar Associat...dmenken60
 
2011 Garden State Council SHRM Conference "Ethics in Human Resource Management"
2011 Garden State Council SHRM Conference "Ethics in Human Resource Management"2011 Garden State Council SHRM Conference "Ethics in Human Resource Management"
2011 Garden State Council SHRM Conference "Ethics in Human Resource Management"Employers Association of New Jersey
 
Preservation and Proportionality: Lowering the Burden of Preserving Data in C...
Preservation and Proportionality: Lowering the Burden of Preserving Data in C...Preservation and Proportionality: Lowering the Burden of Preserving Data in C...
Preservation and Proportionality: Lowering the Burden of Preserving Data in C...Zapproved
 
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the RiskPrivacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the Riskduffeeandeitzen
 
Cybersecurity White Paper 05_2016
Cybersecurity White Paper 05_2016Cybersecurity White Paper 05_2016
Cybersecurity White Paper 05_2016Jennifer Sharf Adler
 
Non-competition and Non-solicitation Provisions
Non-competition and Non-solicitation ProvisionsNon-competition and Non-solicitation Provisions
Non-competition and Non-solicitation ProvisionsKevin Learned
 
Whitepaper: The Enlightened Legal Hold 2014
Whitepaper: The Enlightened Legal Hold 2014Whitepaper: The Enlightened Legal Hold 2014
Whitepaper: The Enlightened Legal Hold 2014Zapproved
 
Federal Computer Fraud and Abuse Act & Texas Computer Hacking Statutes
Federal Computer Fraud and Abuse Act & Texas Computer Hacking StatutesFederal Computer Fraud and Abuse Act & Texas Computer Hacking Statutes
Federal Computer Fraud and Abuse Act & Texas Computer Hacking StatutesShawn Tuma
 
Para 01 (Misbah ul Quran)
Para 01 (Misbah ul Quran)Para 01 (Misbah ul Quran)
Para 01 (Misbah ul Quran)Adeel Ahmad Munir Ahmad
 
Para 02 (Misbah Ul Quran)
Para 02 (Misbah Ul Quran)Para 02 (Misbah Ul Quran)
Para 02 (Misbah Ul Quran)Adeel Ahmad Munir Ahmad
 
Cuenta de youtube
Cuenta de youtubeCuenta de youtube
Cuenta de youtubepiliferro
 
Simple tutorial : Android get and post data
Simple tutorial : Android get and post dataSimple tutorial : Android get and post data
Simple tutorial : Android get and post dataPikiring Hutama
 
Blogs
BlogsBlogs
Blogssila
 
Since coming to university
Since coming to universitySince coming to university
Since coming to universityguestb5e9c9d7
 
healthcare auditing and monitoring tools
healthcare auditing and monitoring toolshealthcare auditing and monitoring tools
healthcare auditing and monitoring toolshurt3303
 
Como crear tu cuenta en youtobe
Como crear tu cuenta en youtobeComo crear tu cuenta en youtobe
Como crear tu cuenta en youtobeSandrita Guzman
 
Bath tour
Bath tourBath tour
Bath tourSong Dee
 

More Related Content

What's hot

Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionCybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionShawn Tuma
 
Government Notification of Data Breach
Government Notification of Data BreachGovernment Notification of Data Breach
Government Notification of Data BreachShawn Tuma
 
Digital Information Law & Your Business - The Alternative Board
Digital Information Law & Your Business - The Alternative BoardDigital Information Law & Your Business - The Alternative Board
Digital Information Law & Your Business - The Alternative BoardShawn Tuma
 
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...Shawn Tuma
 
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...Shawn Tuma
 
Cyber Security For Law Firms - February 2015 -Westchester County Bar Associat...
Cyber Security For Law Firms - February 2015 -Westchester County Bar Associat...Cyber Security For Law Firms - February 2015 -Westchester County Bar Associat...
Cyber Security For Law Firms - February 2015 -Westchester County Bar Associat...dmenken60
 
2011 Garden State Council SHRM Conference "Ethics in Human Resource Management"
2011 Garden State Council SHRM Conference "Ethics in Human Resource Management"2011 Garden State Council SHRM Conference "Ethics in Human Resource Management"
2011 Garden State Council SHRM Conference "Ethics in Human Resource Management"Employers Association of New Jersey
 
Preservation and Proportionality: Lowering the Burden of Preserving Data in C...
Preservation and Proportionality: Lowering the Burden of Preserving Data in C...Preservation and Proportionality: Lowering the Burden of Preserving Data in C...
Preservation and Proportionality: Lowering the Burden of Preserving Data in C...Zapproved
 
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the RiskPrivacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the Riskduffeeandeitzen
 
Non-competition and Non-solicitation Provisions
Non-competition and Non-solicitation ProvisionsNon-competition and Non-solicitation Provisions
Non-competition and Non-solicitation ProvisionsKevin Learned
 
Whitepaper: The Enlightened Legal Hold 2014
Whitepaper: The Enlightened Legal Hold 2014Whitepaper: The Enlightened Legal Hold 2014
Whitepaper: The Enlightened Legal Hold 2014Zapproved
 
Federal Computer Fraud and Abuse Act & Texas Computer Hacking Statutes
Federal Computer Fraud and Abuse Act & Texas Computer Hacking StatutesFederal Computer Fraud and Abuse Act & Texas Computer Hacking Statutes
Federal Computer Fraud and Abuse Act & Texas Computer Hacking StatutesShawn Tuma
 

What's hot (13)

Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionCybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data Encryption
 
Government Notification of Data Breach
Government Notification of Data BreachGovernment Notification of Data Breach
Government Notification of Data Breach
 
Digital Information Law & Your Business - The Alternative Board
Digital Information Law & Your Business - The Alternative BoardDigital Information Law & Your Business - The Alternative Board
Digital Information Law & Your Business - The Alternative Board
 
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
 
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
 
Cyber Security For Law Firms - February 2015 -Westchester County Bar Associat...
Cyber Security For Law Firms - February 2015 -Westchester County Bar Associat...Cyber Security For Law Firms - February 2015 -Westchester County Bar Associat...
Cyber Security For Law Firms - February 2015 -Westchester County Bar Associat...
 
2011 Garden State Council SHRM Conference "Ethics in Human Resource Management"
2011 Garden State Council SHRM Conference "Ethics in Human Resource Management"2011 Garden State Council SHRM Conference "Ethics in Human Resource Management"
2011 Garden State Council SHRM Conference "Ethics in Human Resource Management"
 
Preservation and Proportionality: Lowering the Burden of Preserving Data in C...
Preservation and Proportionality: Lowering the Burden of Preserving Data in C...Preservation and Proportionality: Lowering the Burden of Preserving Data in C...
Preservation and Proportionality: Lowering the Burden of Preserving Data in C...
 
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the RiskPrivacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
 
Cybersecurity White Paper 05_2016
Cybersecurity White Paper 05_2016Cybersecurity White Paper 05_2016
Cybersecurity White Paper 05_2016
 
Non-competition and Non-solicitation Provisions
Non-competition and Non-solicitation ProvisionsNon-competition and Non-solicitation Provisions
Non-competition and Non-solicitation Provisions
 
Whitepaper: The Enlightened Legal Hold 2014
Whitepaper: The Enlightened Legal Hold 2014Whitepaper: The Enlightened Legal Hold 2014
Whitepaper: The Enlightened Legal Hold 2014
 
Federal Computer Fraud and Abuse Act & Texas Computer Hacking Statutes
Federal Computer Fraud and Abuse Act & Texas Computer Hacking StatutesFederal Computer Fraud and Abuse Act & Texas Computer Hacking Statutes
Federal Computer Fraud and Abuse Act & Texas Computer Hacking Statutes
 

Viewers also liked

Cuenta de youtube
Cuenta de youtubeCuenta de youtube
Cuenta de youtubepiliferro
 
Simple tutorial : Android get and post data
Simple tutorial : Android get and post dataSimple tutorial : Android get and post data
Simple tutorial : Android get and post dataPikiring Hutama
 
Blogs
BlogsBlogs
Blogssila
 
Since coming to university
Since coming to universitySince coming to university
Since coming to universityguestb5e9c9d7
 
healthcare auditing and monitoring tools
healthcare auditing and monitoring toolshealthcare auditing and monitoring tools
healthcare auditing and monitoring toolshurt3303
 
Como crear tu cuenta en youtobe
Como crear tu cuenta en youtobeComo crear tu cuenta en youtobe
Como crear tu cuenta en youtobeSandrita Guzman
 
Factories of the Future - and What They Mean for Your Business
Factories of the Future - and What They Mean for Your BusinessFactories of the Future - and What They Mean for Your Business
Factories of the Future - and What They Mean for Your BusinessSanderson Group
 
Material design for android (Diggest)
Material design for android (Diggest)Material design for android (Diggest)
Material design for android (Diggest)Google
 

Viewers also liked (11)

Para 01 (Misbah ul Quran)
Para 01 (Misbah ul Quran)Para 01 (Misbah ul Quran)
Para 01 (Misbah ul Quran)
 
Para 02 (Misbah Ul Quran)
Para 02 (Misbah Ul Quran)Para 02 (Misbah Ul Quran)
Para 02 (Misbah Ul Quran)
 
Cuenta de youtube
Cuenta de youtubeCuenta de youtube
Cuenta de youtube
 
Simple tutorial : Android get and post data
Simple tutorial : Android get and post dataSimple tutorial : Android get and post data
Simple tutorial : Android get and post data
 
Blogs
BlogsBlogs
Blogs
 
Since coming to university
Since coming to universitySince coming to university
Since coming to university
 
healthcare auditing and monitoring tools
healthcare auditing and monitoring toolshealthcare auditing and monitoring tools
healthcare auditing and monitoring tools
 
Como crear tu cuenta en youtobe
Como crear tu cuenta en youtobeComo crear tu cuenta en youtobe
Como crear tu cuenta en youtobe
 
Bath tour
Bath tourBath tour
Bath tour
 
Factories of the Future - and What They Mean for Your Business
Factories of the Future - and What They Mean for Your BusinessFactories of the Future - and What They Mean for Your Business
Factories of the Future - and What They Mean for Your Business
 
Material design for android (Diggest)
Material design for android (Diggest)Material design for android (Diggest)
Material design for android (Diggest)
 

Similar to Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss

Cybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowCybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowShawn Tuma
 
Cybersecurity & Data Protection: What the GC & CEO Need to Know
Cybersecurity & Data Protection: What the GC & CEO Need to KnowCybersecurity & Data Protection: What the GC & CEO Need to Know
Cybersecurity & Data Protection: What the GC & CEO Need to KnowShawn Tuma
 
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...Shawn Tuma
 
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...Shawn Tuma
 
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...Shawn Tuma
 
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Shawn Tuma
 
Cybersecurity & Data Protection: Thinking About Risk & Compliance
Cybersecurity & Data Protection: Thinking About Risk & ComplianceCybersecurity & Data Protection: Thinking About Risk & Compliance
Cybersecurity & Data Protection: Thinking About Risk & ComplianceShawn Tuma
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Shawn Tuma
 
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Shawn Tuma
 
Recovering from a Cyber Attack
Recovering from a Cyber AttackRecovering from a Cyber Attack
Recovering from a Cyber AttackShawn Tuma
 
Data Security and Privacy by Contract: Hacking Us All Into Business Associate...
Data Security and Privacy by Contract: Hacking Us All Into Business Associate...Data Security and Privacy by Contract: Hacking Us All Into Business Associate...
Data Security and Privacy by Contract: Hacking Us All Into Business Associate...Shawn Tuma
 
Data Breach Response: Before and After the Breach
Data Breach Response: Before and After the BreachData Breach Response: Before and After the Breach
Data Breach Response: Before and After the BreachFinancial Poise
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Shawn Tuma
 
Translating Geek To Attorneys It Security
Translating Geek To Attorneys It SecurityTranslating Geek To Attorneys It Security
Translating Geek To Attorneys It SecurityCTIN
 
David Shonka, Esq., FTC on eDiscovery
David Shonka, Esq., FTC on eDiscoveryDavid Shonka, Esq., FTC on eDiscovery
David Shonka, Esq., FTC on eDiscoveryJ. David Morris
 
Legal Issues Impacting Data Center Owners, Operators & Users
Legal Issues Impacting Data Center Owners, Operators & UsersLegal Issues Impacting Data Center Owners, Operators & Users
Legal Issues Impacting Data Center Owners, Operators & Usersjyates
 
The Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityThe Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityRachel Hamilton
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White PaperTodd Ruback
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paperspencerharry
 
DAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) DataDAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) DataDATAVERSITY
 

Similar to Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss (20)

Cybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowCybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to Know
 
Cybersecurity & Data Protection: What the GC & CEO Need to Know
Cybersecurity & Data Protection: What the GC & CEO Need to KnowCybersecurity & Data Protection: What the GC & CEO Need to Know
Cybersecurity & Data Protection: What the GC & CEO Need to Know
 
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
 
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
 
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
 
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
 
Cybersecurity & Data Protection: Thinking About Risk & Compliance
Cybersecurity & Data Protection: Thinking About Risk & ComplianceCybersecurity & Data Protection: Thinking About Risk & Compliance
Cybersecurity & Data Protection: Thinking About Risk & Compliance
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
 
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
 
Recovering from a Cyber Attack
Recovering from a Cyber AttackRecovering from a Cyber Attack
Recovering from a Cyber Attack
 
Data Security and Privacy by Contract: Hacking Us All Into Business Associate...
Data Security and Privacy by Contract: Hacking Us All Into Business Associate...Data Security and Privacy by Contract: Hacking Us All Into Business Associate...
Data Security and Privacy by Contract: Hacking Us All Into Business Associate...
 
Data Breach Response: Before and After the Breach
Data Breach Response: Before and After the BreachData Breach Response: Before and After the Breach
Data Breach Response: Before and After the Breach
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
 
Translating Geek To Attorneys It Security
Translating Geek To Attorneys It SecurityTranslating Geek To Attorneys It Security
Translating Geek To Attorneys It Security
 
David Shonka, Esq., FTC on eDiscovery
David Shonka, Esq., FTC on eDiscoveryDavid Shonka, Esq., FTC on eDiscovery
David Shonka, Esq., FTC on eDiscovery
 
Legal Issues Impacting Data Center Owners, Operators & Users
Legal Issues Impacting Data Center Owners, Operators & UsersLegal Issues Impacting Data Center Owners, Operators & Users
Legal Issues Impacting Data Center Owners, Operators & Users
 
The Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityThe Changing Landscape of Cyber Liability
The Changing Landscape of Cyber Liability
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
 
DAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) DataDAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) Data
 

More from Shawn Tuma

Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Shawn Tuma
 
The Dark Side of Digital Engagement
The Dark Side of Digital EngagementThe Dark Side of Digital Engagement
The Dark Side of Digital EngagementShawn Tuma
 
Incident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware AttackIncident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware AttackShawn Tuma
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
 
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...Shawn Tuma
 
The Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data BreachThe Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data BreachShawn Tuma
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
 
Lawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for CybersecurityLawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for CybersecurityShawn Tuma
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
 
Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.Shawn Tuma
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeShawn Tuma
 
Cyber Hygiene Checklist
Cyber Hygiene ChecklistCyber Hygiene Checklist
Cyber Hygiene ChecklistShawn Tuma
 
Cyber Incident Response Checklist
Cyber Incident Response ChecklistCyber Incident Response Checklist
Cyber Incident Response ChecklistShawn Tuma
 
Cybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and ClientsCybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and ClientsShawn Tuma
 
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Shawn Tuma
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
 
Something is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid ThemSomething is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid ThemShawn Tuma
 
Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)Shawn Tuma
 
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500Shawn Tuma
 
Cybersecurity Update
Cybersecurity UpdateCybersecurity Update
Cybersecurity UpdateShawn Tuma
 

More from Shawn Tuma (20)

Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
 
The Dark Side of Digital Engagement
The Dark Side of Digital EngagementThe Dark Side of Digital Engagement
The Dark Side of Digital Engagement
 
Incident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware AttackIncident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware Attack
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
 
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
 
The Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data BreachThe Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data Breach
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
 
Lawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for CybersecurityLawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for Cybersecurity
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
 
Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should Include
 
Cyber Hygiene Checklist
Cyber Hygiene ChecklistCyber Hygiene Checklist
Cyber Hygiene Checklist
 
Cyber Incident Response Checklist
Cyber Incident Response ChecklistCyber Incident Response Checklist
Cyber Incident Response Checklist
 
Cybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and ClientsCybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and Clients
 
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
 
Something is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid ThemSomething is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid Them
 
Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)
 
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
 
Cybersecurity Update
Cybersecurity UpdateCybersecurity Update
Cybersecurity Update
 

Recently uploaded

PPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training CenterPPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training Centerejlfernandez22
 
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis LeeAlexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis LeeBlayneRush1
 
Attestation presentation under Transfer of property Act
Attestation presentation under Transfer of property ActAttestation presentation under Transfer of property Act
Attestation presentation under Transfer of property Act2020000445musaib
 
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptxThe Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptxgurcharnsinghlecengl
 
Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...shubhuc963
 
Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791BlayneRush1
 
Guide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docxGuide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docxjennysansano2
 
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdfWurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdfssuser3e15612
 
Conditions Restricting Transfer Under TPA,1882
Conditions Restricting Transfer Under TPA,1882Conditions Restricting Transfer Under TPA,1882
Conditions Restricting Transfer Under TPA,18822020000445musaib
 
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceLaw360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceMichael Cicero
 
Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.2020000445musaib
 
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksUnderstanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksFinlaw Associates
 
1990-2004 Bar Questions and Answers in Sales
1990-2004 Bar Questions and Answers in Sales1990-2004 Bar Questions and Answers in Sales
1990-2004 Bar Questions and Answers in SalesMelvinPernez2
 
Comparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesComparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesritwikv20
 
Grey Area of the Information Technology Act, 2000.pptx
Grey Area of the Information Technology Act, 2000.pptxGrey Area of the Information Technology Act, 2000.pptx
Grey Area of the Information Technology Act, 2000.pptxBharatMunjal4
 
Current Ethical Issues for Legal Professionals.ppt
Current Ethical Issues for Legal Professionals.pptCurrent Ethical Issues for Legal Professionals.ppt
Current Ethical Issues for Legal Professionals.pptVidyaAdsule1
 
Alexis OConnell mugshot Lexileeyogi 512-840-8791
Alexis OConnell mugshot Lexileeyogi 512-840-8791Alexis OConnell mugshot Lexileeyogi 512-840-8791
Alexis OConnell mugshot Lexileeyogi 512-840-8791BlayneRush1
 
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsVanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsAbdul-Hakim Shabazz
 
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTSTHE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTSRoshniSingh312153
 
citizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicablecitizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicableSaraSantiago44
 

Recently uploaded (20)

PPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training CenterPPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training Center
 
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis LeeAlexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
 
Attestation presentation under Transfer of property Act
Attestation presentation under Transfer of property ActAttestation presentation under Transfer of property Act
Attestation presentation under Transfer of property Act
 
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptxThe Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
 
Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...
 
Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791
 
Guide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docxGuide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docx
 
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdfWurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
 
Conditions Restricting Transfer Under TPA,1882
Conditions Restricting Transfer Under TPA,1882Conditions Restricting Transfer Under TPA,1882
Conditions Restricting Transfer Under TPA,1882
 
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceLaw360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
 
Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.
 
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksUnderstanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
 
1990-2004 Bar Questions and Answers in Sales
1990-2004 Bar Questions and Answers in Sales1990-2004 Bar Questions and Answers in Sales
1990-2004 Bar Questions and Answers in Sales
 
Comparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesComparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use cases
 
Grey Area of the Information Technology Act, 2000.pptx
Grey Area of the Information Technology Act, 2000.pptxGrey Area of the Information Technology Act, 2000.pptx
Grey Area of the Information Technology Act, 2000.pptx
 
Current Ethical Issues for Legal Professionals.ppt
Current Ethical Issues for Legal Professionals.pptCurrent Ethical Issues for Legal Professionals.ppt
Current Ethical Issues for Legal Professionals.ppt
 
Alexis OConnell mugshot Lexileeyogi 512-840-8791
Alexis OConnell mugshot Lexileeyogi 512-840-8791Alexis OConnell mugshot Lexileeyogi 512-840-8791
Alexis OConnell mugshot Lexileeyogi 512-840-8791
 
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsVanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
 
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTSTHE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
 
citizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicablecitizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicable
 

Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss

  • 2. Shawn Tuma Cybersecurity Partner Scheef & Stone, L.L.P. 214.472.2135 shawn.tuma@solidcounsel.com @shawnetuma blog: www.shawnetuma.com web: www.solidcounsel.com This information provided is for educational purposes only, does not constitute legal advice, and no attorney-client relationship is created by this presentation. ShawnTuma is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud and data privacy law. He is a Cybersecurity & Data Protection Partner at Scheef & Stone, LLP, a full- service commercial law firm inTexas that represents businesses of all sizes throughout the United States and around the world.  Board of Directors, NorthTexas Cyber Forensics Lab  Board of Directors & General Counsel, Cyber Future Foundation  Texas SuperLawyers 2015-16 (IP Litigation)  Best Lawyers in Dallas 2014-16, D Magazine (Digital Information Law)  Council, Computer &Technology Section, State Bar ofTexas  Chair, Civil Litigation & Appellate Section, Collin County Bar Association  College of the State Bar ofTexas  Privacy and Data Security Committee, Litigation, Intellectual Property Law, and Business Sections of the State Bar ofTexas  Information Security Committee of the Section on Science & Technology Committee of the American Bar Association  NorthTexas Crime Commission,Cybercrime Committee  Infragard (FBI)  International Association of Privacy Professionals (IAPP)  Information Systems Security Association (ISSA)  Board of Advisors, Optiv Security  Editor, Business Cybersecurity Business Law Blog
  • 3. “There are only two types of companies: those that have been hacked, and those that will be.” –Robert Mueller
  • 4. “It’s not a matter of if, but a matter of when”
  • 5. 62% of Cyber Attacks  SMBs
  • 6. Odds: Security @100% / Hacker @ 1
  • 7. TargetHome DepotNeiman MarcusMichael’sSpecsTJ MaxxeBaySally BeautyPF Chang’sUPSDairy QueenJimmy John’sJP Morgan ChaseKmartStaplesSonyAshley Madison
  • 8.
  • 10. www.solidcounsel.com “Security and IT protect companies’ data; Legal protects companies from their data.” -Shawn E. Tuma
  • 14. Immediate Priorities • Assess the situation • Be a counselor • Instill confidence • Bring peace • Facilitate rational thought & behavior
  • 15. www.solidcounsel.com Who are targets? Key Point: We are all targets  Your clients’ businesses  Your law firms  Big firms (give examples)  James Shelton Example  Rural Texas solo practitioner  Employee left, didn’t change password or disable acct  Hackers accessed, spoofed email, sent “pleadings” all over, including other countries
  • 16. www.solidcounsel.com Privilege / Work Product KEY POINT: Attorney’s may have privilege “Target has demonstrated . . . that the work of the Data Breach Task Force was focused not on remediation of the breach . . . but on informing Target’s in-house and outside counsel about the breach so that Target’s attorneys could provide the company with legal advice and prepare to defend the company in litigation that was already pending and was reasonably expected to follow.” In re Target Corp. Customer Data Breach Litigation
  • 17. www.solidcounsel.com ACC Study (Sept ‘15) What concerns keep Chief Legal Officers awake at night? #2 = Data Breaches 82% consider as somewhat, very, or extremely important
  • 18. www.solidcounsel.com Cost of a Data Breach – US 2013 Cost • $188.00 per record • $5.4 million = total average cost paid by organizations 2014 Cost • $201 per record • $5.9 million = total average cost paid by organizations 2015 Cost • $217 per record • $6.5 million = total average cost paid by organizations (Ponemon Institute Cost of Data Breach Studies)
  • 19. www.solidcounsel.com Legal Obligations  International Laws  Safe Harbor  Privacy Shield  Federal Laws & Regs  HIPAA, GLBA, FERPA  FTC, FCC, SEC  State Laws  47 states (Ala, NM, SD)  Fla (w/in 30 days)  OH & VT (45 days)  Industry Groups  PCI, FINRA, etc.  Contracts  Vendors & Suppliers  Business Partners  Data Security Addendum
  • 20. www.solidcounsel.com Ancient Cybersecurity Wisdom  Water shapes its course according to the nature of the ground over which it flows; the soldier works out his victory in relation to the foe whom he is facing.”  “In all fighting the direct method may be used for joining battle, but indirect methods will be needed to secure victory.”
  • 21. “An ounce of prevention is cheaper than the first day of litigation.”
  • 23. www.solidcounsel.com Consumer Litigation Peters v. St. Joseph Services, 74 F.Supp.3d 847 (S.D. Tex. Feb. 11, 2015) Remijas v. Neiman Marcus Group, LLC, 794 F.3d 688, 693 (7th Cir. 2015) Whalen v. Michael Stores Inc., 2015 WL 9462108 (E.D.N.Y. Dec. 28, 2015) In re SuperValu, Inc., 2016 WL 81792 (D. Minn. Jan. 7, 2016) In re Anthem Data Breach Litigation, 2016 WL 589760 (N.D. Cal. Feb. 14, 2016) (J. Lucy Koh)
  • 25. www.solidcounsel.com Regulatory & Administrative - FTC KEY POINT: You must have basic IT security F.T.C. v. Wyndham Worldwide Corp., 799 F.3d 236 (3rd Cir. Aug. 24, 2015).  The FTC has authority to regulate cybersecurity under the unfairness prong of § 45(a) of the Federal Trade Commission Act.  Companies have fair notice that their specific cybersecurity practices could fall short of that provision.  3 breaches / 619,000 records / $10.6 million in fraud  Rudimentary practices v. 2007 guidebook  Website Privacy Policy misrepresentations  Jurisdiction v. set standard?
  • 26. www.solidcounsel.com The Basics “Some people try to find things in this game that don’t exist but football is only two things – blocking and tackling.” -Lombardi
  • 27. www.solidcounsel.com The Basics Best Practices  Documented  Basic IT Security  Basic Physical Security  Security Focused P&P  Company  Workforce  Network  Website / Privacy / TOS  Business Associates  Social Engineering  Implementation  Training
  • 28. www.solidcounsel.com Regulatory & Administrative – FTC KEY POINT: You must evaluate business partners’ security In re GMR Transcription Svcs, Inc., 2014 WL 4252393 (Aug. 14, 2014). FTC’s Order requires business to follow 3 steps when contracting with third party service providers: 1. Investigate before hiring data service providers. 2. Obligate their data service providers to adhere to the appropriate level of data security protections. 3. Verify that the data service providers are complying with obligations (contracts).
  • 29. www.solidcounsel.com Addendum to Business Contracts KEY POINT: Know your contractual obligations  Common names for the Addendum:  Data Security & Privacy; Data Privacy; Cybersecurity; Privacy; Information Security.  Common features  Defines subject “Data” being protected in categories.  Describes acceptable and prohibited uses for Data.  Describes standards for protecting Data.  Describes requirements for deleting Data.  Describes obligations if a breach of Data.  Allocates responsibility if a breach of Data.  Requires binding third parties to similar provisions.
  • 30. www.solidcounsel.com Regulatory & Administrative – SEC KEY POINT: You must have written (1) Policies & Procedures and (2) Incident Response Plan S.E.C. v. R.T. Jones Capital Equities Management, Consent Order (Sept. 22, 2015).  “Firms must adopt written policies to protect their clients’ private information”  “they need to anticipate potential cybersecurity events and  have clear procedures in place rather than waiting to react once a breach occurs.”  violated this “safeguards rule  100,000 records (no reports of harm)  $75,000 penalty
  • 31. www.solidcounsel.com Responding: Execute Response Plan This is only a checklist – not a Response Plan
  • 32. How Fast? • 45 days (most states) • 30 days (some states) • 3 days (fed contracts) • 2 days (bus expectation) • Immediately (contracts)
  • 33. Officer & Director Liability
  • 34. www.solidcounsel.com Officer & Director Liability KEY POINT: “boards that choose to ignore, or minimize, the importance of cybersecurity oversight responsibility, do so at their own peril.” SEC Commissioner Luis A. Aguilar, June 10, 2014.  Heartland Payment Systems, TJ Maxx, Target, Home Depot, Wyndham  Derivative claims premised on the harm to the company from data breach.  Caremark Claims:  Premised on lack of oversight = breach of the duty of loyalty and good faith  Cannot insulate the officers and directors = PERSONAL LIABILITY!  Standard:  (1) “utterly failed” to implement reporting system or controls; or  (2) “consciously failed” to monitor or oversee system.
  • 35. www.solidcounsel.com Officer & Director Liability Palkon v. Holmes, 2014 WL 5341880, *5-6 (D. NJ Oct. 20, 2014).  Derivative action for failing to ensure Wyndham implemented adequate security policies and procedures.  Order Dismissing: The board satisfied the business judgement rule by staying reasonably informed of the cybersecurity risks and exercising appropriate oversight in the face of the known risks.  Well-documented history of diligence showed Board  Discussed cybersecurity risks, company security policies and proposed enhancements in 14 quarterly meetings; and  Implemented some of those cybersecurity measures.
  • 37. www.solidcounsel.com Cyber Insurance – Key Questions  Even know if you have it?  What period does the policy cover?  Are Officers & Directors Covered?  Cover 3rd Party Caused Events?  Social Engineering coverage?  Cover insiders intentional acts (vs. negligent)  Contractual liability?  What is the triggering event?  What types of data are covered?  What kind of incidents are covered?  Acts of war?  Required carrier list for attorneys & experts?  Other similar risks?
  • 38. Virtually all companies will be breached.Will they be liable? It’s not the breach; it’s their diligence and response that matter most. Companies have a duty to be reasonably informed of and take reasonable measures to protect against cybersecurity risks.
  • 40. 3 Must-Haves for Every Organization 1. Basic IT Security 2. Written Policies & Procedures 3. Written Incident Response Plan ***Document3***
  • 41. “You don’t drown by falling in the water; You drown by staying there.”