SlideShare a Scribd company logo

Responding to Data Breaches

Download as PPTX, PDF
Dan Michaluk
Dan Michaluk

Presentation to Canadian in-house counsel on data breach response and crises communications. Dan Michaluk and Ian Dick of Hicks Morley and Karen Gordon of Squeaky Wheel Communications.

Law
1 of 26
Responding to Data Breaches March 25, 2015
Better breach response – how to be good when things go bad Ian Dick Dan Michaluk
Responding to Data Breaches March 25, 2015 Better breach response • The Rules of Professional Conduct • The basis for good breach response • Incident response planning • Notification, harm mitigation and risk management
Responding to Data Breaches March 25, 2015 Rules of Professional Conduct • Rule 3.2-2 – shall be honest and candid (breach reporting duty?) • Rule 3.3-1 – shall hold in strict confidence • Rule 3.5-2 – shall care of a client's property as a careful and prudent owner would…
Responding to Data Breaches March 25, 2015 Why have a formal, written plan? • Breaches are best managed as crises • This means • Time is of the essence • Organizational behaviour can be problematic • Also • Formal incident response plans are required by recognized data security standards
Responding to Data Breaches March 25, 2015 The basis for good breach response • Good records management • Records classified in accordance with sensitivity • Records with personal information tagged • Strong logging of system activity • Security intelligence and periodical vulnerability assessments • Strong vendor contracts (notification, cooperation, control of breach response)
Responding to Data Breaches March 25, 2015 What's in a plan? • Identification – what is an "incident" • Escalation – reporting duties and accountabilities • Role and process definition (typically featuring a multi-disciplinary "breach response team") • Assess – gather facts and triage • Contain – immediate • Investigate – five Ws • Manage – liability, public affairs
Responding to Data Breaches March 25, 2015 What's in a plan? • Don't forget! • Communication norms • Recordkeeping • Confidentiality
Responding to Data Breaches March 25, 2015 Identification and escalation • Internal reporting supports identification • Make clear that individuals are not to self-assess
Responding to Data Breaches March 25, 2015 Identification and escalation • Other means of identification • Internal security analysis (network and system analysis is becoming the norm) • External reports (police, customers, credit card companies and others)
Responding to Data Breaches March 25, 2015 The incident response team • Privacy office • Information security / corporate security • Legal • Risk management • Communications • Management from affected business (or human resources if employees are affected)
Responding to Data Breaches March 25, 2015 Experts to retain in advance • Why? • Objectivity can wither in a crises • Bench strength may be required • Who? • IT forensics • Crises communications • Legal counsel
Responding to Data Breaches March 25, 2015 Role of legal counsel • Control strategic direction • Identify legal risks and potential liabilities • Input into advocacy • Affected persons • The media and public • Regulators • Litigation management
Responding to Data Breaches March 25, 2015 Practice, test, update • Annual update • Plans should, in general, be scenario-neutral • Update based on external and internal analysis • From new contact information to new procedure • Tests / fire drills • Identify flaws in detection capability • Develop tactical IT skills required for correction • Discover data gaps and other problems • Garner decision-making confidence • Can be an intervention that supports change
Responding to Data Breaches March 25, 2015 Notification and remediation • Outside the health sector, only under Alberta legislation currently (S-4 will amend PIPEDA) • But foreign laws will often apply (and notifying half of an affected population does not work) • Notification may be required by a common law duty if harm is reasonably foreseeable • Notification may be desirable b/c people will find out and you can't tolerate the justification process
Responding to Data Breaches March 25, 2015 Notification and remediation • What happened (with identification of personal information elements) • What you've done to contain it • Contact information • Consider • An apology • Telling people where to get help • Making a protective offer
Better breach response – how to be good when things go bad Ian Dick Dan Michaluk
Responding to Data Breaches March 25, 2015

Recommended

How to manage a data breach
How to manage a data breachHow to manage a data breach
How to manage a data breach
Dan Michaluk
 
The Future of Employment Law
The Future of Employment LawThe Future of Employment Law
The Future of Employment Law
Dan Michaluk
 
Cyber legal update oct 7 2015
Cyber legal update oct 7 2015Cyber legal update oct 7 2015
Cyber legal update oct 7 2015
Dan Michaluk
 
Cas cyber prez
Cas cyber prezCas cyber prez
Cas cyber prez
Dan Michaluk
 
The internet as a corporate security resource
The internet as a corporate security resourceThe internet as a corporate security resource
The internet as a corporate security resource
Dan Michaluk
 
Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016
Dan Michaluk
 
Social media – issues and trends caus 2014
Social media – issues and trends caus 2014Social media – issues and trends caus 2014
Social media – issues and trends caus 2014
Dan Michaluk
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Paul C. Van Slyke
 

Recommended

How to manage a data breach
How to manage a data breachHow to manage a data breach
How to manage a data breach
Dan Michaluk
 
The Future of Employment Law
The Future of Employment LawThe Future of Employment Law
The Future of Employment Law
Dan Michaluk
 
Cyber legal update oct 7 2015
Cyber legal update oct 7 2015Cyber legal update oct 7 2015
Cyber legal update oct 7 2015
Dan Michaluk
 
Cas cyber prez
Cas cyber prezCas cyber prez
Cas cyber prez
Dan Michaluk
 
The internet as a corporate security resource
The internet as a corporate security resourceThe internet as a corporate security resource
The internet as a corporate security resource
Dan Michaluk
 
Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016
Dan Michaluk
 
Social media – issues and trends caus 2014
Social media – issues and trends caus 2014Social media – issues and trends caus 2014
Social media – issues and trends caus 2014
Dan Michaluk
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Paul C. Van Slyke
 
Advantage ppt data breaches km approved - final (djm notes)
Advantage ppt data breaches km approved - final (djm notes)Advantage ppt data breaches km approved - final (djm notes)
Advantage ppt data breaches km approved - final (djm notes)
Dan Michaluk
 
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Dan Michaluk
 
Gdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationGdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulation
James Mulhern
 
Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?
Dan Michaluk
 
Cyber Insurance and Incident Response Practice
Cyber Insurance and Incident Response Practice Cyber Insurance and Incident Response Practice
Cyber Insurance and Incident Response Practice
Dan Michaluk
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
TechSoup Canada
 
Not IF, but WHEN
Not IF, but WHENNot IF, but WHEN
Not IF, but WHEN
Michael Scheidell
 
What is Information Security and why you should care ...
What is Information Security and why you should care ...What is Information Security and why you should care ...
What is Information Security and why you should care ...
James Mulhern
 
One hour cyber july 2013
One hour cyber july 2013One hour cyber july 2013
One hour cyber july 2013
Dan Michaluk
 
Cyber, secrecy and the public body
Cyber, secrecy and the public bodyCyber, secrecy and the public body
Cyber, secrecy and the public body
Dan Michaluk
 
How your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyHow your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacy
TechSoup Canada
 
CISSP-WEB
CISSP-WEBCISSP-WEB
CISSP-WEB
MEHMET FATIH YALDIZ
 
What to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breachWhat to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breach
East Midlands Cyber Security Forum
 
2014-08-28 AAA* Approach to Financial Forensics: Anticipation, Acquisition, A...
2014-08-28 AAA* Approach to Financial Forensics: Anticipation, Acquisition, A...2014-08-28 AAA* Approach to Financial Forensics: Anticipation, Acquisition, A...
2014-08-28 AAA* Approach to Financial Forensics: Anticipation, Acquisition, A...
Frederick Lane
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response Plan
Next Dimension Inc.
 
Next Dimension: How to create a Cybersecurity Strategy
Next Dimension: How to create a Cybersecurity StrategyNext Dimension: How to create a Cybersecurity Strategy
Next Dimension: How to create a Cybersecurity Strategy
Next Dimension Inc.
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk Governance
Dan Michaluk
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The Ugly
Resilient Systems
 
Data Breach Response: Before and After the Breach
Data Breach Response: Before and After the BreachData Breach Response: Before and After the Breach
Data Breach Response: Before and After the Breach
Financial Poise
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam Compliance
Dan Michaluk
 
Strategic role of the CIO
Strategic role of the CIOStrategic role of the CIO
Strategic role of the CIO
Peter Henley
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital Signatures
Peter Henley
 

More Related Content

What's hot

Advantage ppt data breaches km approved - final (djm notes)
Advantage ppt data breaches km approved - final (djm notes)Advantage ppt data breaches km approved - final (djm notes)
Advantage ppt data breaches km approved - final (djm notes)
Dan Michaluk
 
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Dan Michaluk
 
Gdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationGdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulation
James Mulhern
 
Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?
Dan Michaluk
 
Cyber Insurance and Incident Response Practice
Cyber Insurance and Incident Response Practice Cyber Insurance and Incident Response Practice
Cyber Insurance and Incident Response Practice
Dan Michaluk
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
TechSoup Canada
 
Not IF, but WHEN
Not IF, but WHENNot IF, but WHEN
Not IF, but WHEN
Michael Scheidell
 
What is Information Security and why you should care ...
What is Information Security and why you should care ...What is Information Security and why you should care ...
What is Information Security and why you should care ...
James Mulhern
 
One hour cyber july 2013
One hour cyber july 2013One hour cyber july 2013
One hour cyber july 2013
Dan Michaluk
 
Cyber, secrecy and the public body
Cyber, secrecy and the public bodyCyber, secrecy and the public body
Cyber, secrecy and the public body
Dan Michaluk
 
How your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyHow your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacy
TechSoup Canada
 
CISSP-WEB
CISSP-WEBCISSP-WEB
CISSP-WEB
MEHMET FATIH YALDIZ
 
What to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breachWhat to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breach
East Midlands Cyber Security Forum
 
2014-08-28 AAA* Approach to Financial Forensics: Anticipation, Acquisition, A...
2014-08-28 AAA* Approach to Financial Forensics: Anticipation, Acquisition, A...2014-08-28 AAA* Approach to Financial Forensics: Anticipation, Acquisition, A...
2014-08-28 AAA* Approach to Financial Forensics: Anticipation, Acquisition, A...
Frederick Lane
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response Plan
Next Dimension Inc.
 
Next Dimension: How to create a Cybersecurity Strategy
Next Dimension: How to create a Cybersecurity StrategyNext Dimension: How to create a Cybersecurity Strategy
Next Dimension: How to create a Cybersecurity Strategy
Next Dimension Inc.
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk Governance
Dan Michaluk
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The Ugly
Resilient Systems
 
Data Breach Response: Before and After the Breach
Data Breach Response: Before and After the BreachData Breach Response: Before and After the Breach
Data Breach Response: Before and After the Breach
Financial Poise
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam Compliance
Dan Michaluk
 

What's hot (20)

Advantage ppt data breaches km approved - final (djm notes)
Advantage ppt data breaches km approved - final (djm notes)Advantage ppt data breaches km approved - final (djm notes)
Advantage ppt data breaches km approved - final (djm notes)
 
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
 
Gdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationGdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulation
 
Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?
 
Cyber Insurance and Incident Response Practice
Cyber Insurance and Incident Response Practice Cyber Insurance and Incident Response Practice
Cyber Insurance and Incident Response Practice
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
 
Not IF, but WHEN
Not IF, but WHENNot IF, but WHEN
Not IF, but WHEN
 
What is Information Security and why you should care ...
What is Information Security and why you should care ...What is Information Security and why you should care ...
What is Information Security and why you should care ...
 
One hour cyber july 2013
One hour cyber july 2013One hour cyber july 2013
One hour cyber july 2013
 
Cyber, secrecy and the public body
Cyber, secrecy and the public bodyCyber, secrecy and the public body
Cyber, secrecy and the public body
 
How your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyHow your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacy
 
CISSP-WEB
CISSP-WEBCISSP-WEB
CISSP-WEB
 
What to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breachWhat to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breach
 
2014-08-28 AAA* Approach to Financial Forensics: Anticipation, Acquisition, A...
2014-08-28 AAA* Approach to Financial Forensics: Anticipation, Acquisition, A...2014-08-28 AAA* Approach to Financial Forensics: Anticipation, Acquisition, A...
2014-08-28 AAA* Approach to Financial Forensics: Anticipation, Acquisition, A...
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response Plan
 
Next Dimension: How to create a Cybersecurity Strategy
Next Dimension: How to create a Cybersecurity StrategyNext Dimension: How to create a Cybersecurity Strategy
Next Dimension: How to create a Cybersecurity Strategy
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk Governance
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The Ugly
 
Data Breach Response: Before and After the Breach
Data Breach Response: Before and After the BreachData Breach Response: Before and After the Breach
Data Breach Response: Before and After the Breach
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam Compliance
 

Viewers also liked

Strategic role of the CIO
Strategic role of the CIOStrategic role of the CIO
Strategic role of the CIO
Peter Henley
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital Signatures
Peter Henley
 
Experion Data Breach Response Excerpts
Experion Data Breach Response ExcerptsExperion Data Breach Response Excerpts
Experion Data Breach Response Excerpts
Peter Henley
 
Executive Breach Response Playbook
Executive Breach Response PlaybookExecutive Breach Response Playbook
Executive Breach Response Playbook
Hewlett Packard Enterprise Business Value Exchange
 
Data Breach Response Guide for Credit Unions
Data Breach Response Guide for Credit UnionsData Breach Response Guide for Credit Unions
Data Breach Response Guide for Credit Unions
NAFCU Services Corporation
 
Data Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident SimulationData Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident Simulation
Bradley Arant Boult Cummings LLP
 
Bracket Capability For Distributed Systems Security
Bracket Capability For Distributed Systems SecurityBracket Capability For Distributed Systems Security
Bracket Capability For Distributed Systems Security
Talal Alsubaie
 
Secure code
Secure codeSecure code
Secure code
ddeogun
 
Keylogger
KeyloggerKeylogger
Keylogger
frank
 
Chapter 09 - Access Control Lists
Chapter 09 - Access Control ListsChapter 09 - Access Control Lists
Chapter 09 - Access Control Lists
Yaser Rahmati
 
Dealing Data Leaks: Creating Your Data Breach Response Plan
Dealing Data Leaks: Creating Your Data Breach Response PlanDealing Data Leaks: Creating Your Data Breach Response Plan
Dealing Data Leaks: Creating Your Data Breach Response Plan
benefitexpress
 
Firewals in Network Security NS10
Firewals in Network Security NS10Firewals in Network Security NS10
Firewals in Network Security NS10
koolkampus
 
TWO-FACTOR DATA SECURITY PROTECTION MECHANISM FOR CLOUD STORAGE SYSTEM
TWO-FACTOR DATA SECURITY PROTECTION MECHANISM FOR CLOUD STORAGE SYSTEMTWO-FACTOR DATA SECURITY PROTECTION MECHANISM FOR CLOUD STORAGE SYSTEM
TWO-FACTOR DATA SECURITY PROTECTION MECHANISM FOR CLOUD STORAGE SYSTEM
Nexgen Technology
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
Scott Hurrey
 
Access control list 2
Access control list 2Access control list 2
Access control list 2
Kishore Kumar
 
Access control list
Access control listAccess control list
Access control list
Narendra Kumar
 
Operating System Security
Operating System SecurityOperating System Security
Operating System Security
Ramesh Upadhaya
 
Access Control List 1
Access Control List 1Access Control List 1
Access Control List 1
Kishore Kumar
 
Mba Basics
Mba BasicsMba Basics
Mba Basics
Vasantkumar Parakhiya
 
Chapter 14 - Protection
Chapter 14 - ProtectionChapter 14 - Protection
Chapter 14 - Protection
Wayne Jones Jnr
 

Viewers also liked (20)

Strategic role of the CIO
Strategic role of the CIOStrategic role of the CIO
Strategic role of the CIO
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital Signatures
 
Experion Data Breach Response Excerpts
Experion Data Breach Response ExcerptsExperion Data Breach Response Excerpts
Experion Data Breach Response Excerpts
 
Executive Breach Response Playbook
Executive Breach Response PlaybookExecutive Breach Response Playbook
Executive Breach Response Playbook
 
Data Breach Response Guide for Credit Unions
Data Breach Response Guide for Credit UnionsData Breach Response Guide for Credit Unions
Data Breach Response Guide for Credit Unions
 
Data Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident SimulationData Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident Simulation
 
Bracket Capability For Distributed Systems Security
Bracket Capability For Distributed Systems SecurityBracket Capability For Distributed Systems Security
Bracket Capability For Distributed Systems Security
 
Secure code
Secure codeSecure code
Secure code
 
Keylogger
KeyloggerKeylogger
Keylogger
 
Chapter 09 - Access Control Lists
Chapter 09 - Access Control ListsChapter 09 - Access Control Lists
Chapter 09 - Access Control Lists
 
Dealing Data Leaks: Creating Your Data Breach Response Plan
Dealing Data Leaks: Creating Your Data Breach Response PlanDealing Data Leaks: Creating Your Data Breach Response Plan
Dealing Data Leaks: Creating Your Data Breach Response Plan
 
Firewals in Network Security NS10
Firewals in Network Security NS10Firewals in Network Security NS10
Firewals in Network Security NS10
 
TWO-FACTOR DATA SECURITY PROTECTION MECHANISM FOR CLOUD STORAGE SYSTEM
TWO-FACTOR DATA SECURITY PROTECTION MECHANISM FOR CLOUD STORAGE SYSTEMTWO-FACTOR DATA SECURITY PROTECTION MECHANISM FOR CLOUD STORAGE SYSTEM
TWO-FACTOR DATA SECURITY PROTECTION MECHANISM FOR CLOUD STORAGE SYSTEM
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
 
Access control list 2
Access control list 2Access control list 2
Access control list 2
 
Access control list
Access control listAccess control list
Access control list
 
Operating System Security
Operating System SecurityOperating System Security
Operating System Security
 
Access Control List 1
Access Control List 1Access Control List 1
Access Control List 1
 
Mba Basics
Mba BasicsMba Basics
Mba Basics
 
Chapter 14 - Protection
Chapter 14 - ProtectionChapter 14 - Protection
Chapter 14 - Protection
 

Similar to Responding to Data Breaches

DPA seminar presentation
DPA seminar presentationDPA seminar presentation
DPA seminar presentation
Rodonoghue72
 
Data Breach Response is a Team Sport
Data Breach Response is a Team SportData Breach Response is a Team Sport
Data Breach Response is a Team Sport
Quarles & Brady
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk Management
Sam Bowne
 
How To Build An Incident Response Function
How To Build An Incident Response FunctionHow To Build An Incident Response Function
How To Build An Incident Response Function
Resilient Systems
 
ch1.pptx Chapter 1 of CISSP ch1.pptx Chapter 1 of CISSPch1.pptx Chapter 1 of ...
ch1.pptx Chapter 1 of CISSP ch1.pptx Chapter 1 of CISSPch1.pptx Chapter 1 of ...ch1.pptx Chapter 1 of CISSP ch1.pptx Chapter 1 of CISSPch1.pptx Chapter 1 of ...
ch1.pptx Chapter 1 of CISSP ch1.pptx Chapter 1 of CISSPch1.pptx Chapter 1 of ...
drsajjad13
 
Ingenia consultants-9 basic steps towards TRM compliance
Ingenia consultants-9 basic steps towards TRM complianceIngenia consultants-9 basic steps towards TRM compliance
Ingenia consultants-9 basic steps towards TRM compliance
Sami Benafia
 
Role of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve HowseRole of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve Howse
CGTI
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk Management
Sam Bowne
 
CNIT 125: Ch 2. Security and Risk Management (Part 1)
CNIT 125: Ch 2. Security and Risk Management (Part 1)CNIT 125: Ch 2. Security and Risk Management (Part 1)
CNIT 125: Ch 2. Security and Risk Management (Part 1)
Sam Bowne
 
Broadening Your Cybersecurity Mindset
Broadening Your Cybersecurity MindsetBroadening Your Cybersecurity Mindset
Broadening Your Cybersecurity Mindset
CSI Solutions
 
5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan
Resilient Systems
 
Privacy Breaches - The Private Sector Perspective
Privacy Breaches - The Private Sector PerspectivePrivacy Breaches - The Private Sector Perspective
Privacy Breaches - The Private Sector Perspective
canadianlawyer
 
Lecture 06 - Incident Management and SOC.pptx
Lecture 06 - Incident Management and SOC.pptxLecture 06 - Incident Management and SOC.pptx
Lecture 06 - Incident Management and SOC.pptx
prasadsanjaya2
 
Webinar: Don’t Be a Victim to Cyber Liability Risks
Webinar: Don’t Be a Victim to Cyber Liability RisksWebinar: Don’t Be a Victim to Cyber Liability Risks
Webinar: Don’t Be a Victim to Cyber Liability Risks
KeenanSolutions
 
Privacy, Security & Access to Data
Privacy, Security & Access to DataPrivacy, Security & Access to Data
Privacy, Security & Access to Data
Cybera Inc.
 
Dancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehDancyrityshy 1foundatioieh
Dancyrityshy 1foundatioieh
Anne Starr
 
Why your Information Security MUST mesh with your Business Continuity Program
Why your Information Security MUST mesh with your Business Continuity ProgramWhy your Information Security MUST mesh with your Business Continuity Program
Why your Information Security MUST mesh with your Business Continuity Program
PECB
 
Getting Ready for GDPR
Getting Ready for GDPRGetting Ready for GDPR
Getting Ready for GDPR
Jessvin Thomas
 
Wayne richard - pia risk management - atlseccon2011
Wayne richard - pia risk management - atlseccon2011Wayne richard - pia risk management - atlseccon2011
Wayne richard - pia risk management - atlseccon2011
Atlantic Security Conference
 
Setting up an Effective Security and Compliance Office
Setting up an Effective Security and Compliance OfficeSetting up an Effective Security and Compliance Office
Setting up an Effective Security and Compliance Office
Cloud Watchmen Inc.
 

Similar to Responding to Data Breaches (20)

DPA seminar presentation
DPA seminar presentationDPA seminar presentation
DPA seminar presentation
 
Data Breach Response is a Team Sport
Data Breach Response is a Team SportData Breach Response is a Team Sport
Data Breach Response is a Team Sport
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk Management
 
How To Build An Incident Response Function
How To Build An Incident Response FunctionHow To Build An Incident Response Function
How To Build An Incident Response Function
 
ch1.pptx Chapter 1 of CISSP ch1.pptx Chapter 1 of CISSPch1.pptx Chapter 1 of ...
ch1.pptx Chapter 1 of CISSP ch1.pptx Chapter 1 of CISSPch1.pptx Chapter 1 of ...ch1.pptx Chapter 1 of CISSP ch1.pptx Chapter 1 of CISSPch1.pptx Chapter 1 of ...
ch1.pptx Chapter 1 of CISSP ch1.pptx Chapter 1 of CISSPch1.pptx Chapter 1 of ...
 
Ingenia consultants-9 basic steps towards TRM compliance
Ingenia consultants-9 basic steps towards TRM complianceIngenia consultants-9 basic steps towards TRM compliance
Ingenia consultants-9 basic steps towards TRM compliance
 
Role of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve HowseRole of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve Howse
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk Management
 
CNIT 125: Ch 2. Security and Risk Management (Part 1)
CNIT 125: Ch 2. Security and Risk Management (Part 1)CNIT 125: Ch 2. Security and Risk Management (Part 1)
CNIT 125: Ch 2. Security and Risk Management (Part 1)
 
Broadening Your Cybersecurity Mindset
Broadening Your Cybersecurity MindsetBroadening Your Cybersecurity Mindset
Broadening Your Cybersecurity Mindset
 
5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan
 
Privacy Breaches - The Private Sector Perspective
Privacy Breaches - The Private Sector PerspectivePrivacy Breaches - The Private Sector Perspective
Privacy Breaches - The Private Sector Perspective
 
Lecture 06 - Incident Management and SOC.pptx
Lecture 06 - Incident Management and SOC.pptxLecture 06 - Incident Management and SOC.pptx
Lecture 06 - Incident Management and SOC.pptx
 
Webinar: Don’t Be a Victim to Cyber Liability Risks
Webinar: Don’t Be a Victim to Cyber Liability RisksWebinar: Don’t Be a Victim to Cyber Liability Risks
Webinar: Don’t Be a Victim to Cyber Liability Risks
 
Privacy, Security & Access to Data
Privacy, Security & Access to DataPrivacy, Security & Access to Data
Privacy, Security & Access to Data
 
Dancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehDancyrityshy 1foundatioieh
Dancyrityshy 1foundatioieh
 
Why your Information Security MUST mesh with your Business Continuity Program
Why your Information Security MUST mesh with your Business Continuity ProgramWhy your Information Security MUST mesh with your Business Continuity Program
Why your Information Security MUST mesh with your Business Continuity Program
 
Getting Ready for GDPR
Getting Ready for GDPRGetting Ready for GDPR
Getting Ready for GDPR
 
Wayne richard - pia risk management - atlseccon2011
Wayne richard - pia risk management - atlseccon2011Wayne richard - pia risk management - atlseccon2011
Wayne richard - pia risk management - atlseccon2011
 
Setting up an Effective Security and Compliance Office
Setting up an Effective Security and Compliance OfficeSetting up an Effective Security and Compliance Office
Setting up an Effective Security and Compliance Office
 

More from Dan Michaluk

Ecno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptxEcno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptx
Dan Michaluk
 
Critical Issues in School Board Cyber Security
Critical Issues in School Board Cyber SecurityCritical Issues in School Board Cyber Security
Critical Issues in School Board Cyber Security
Dan Michaluk
 
Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)
Dan Michaluk
 
Higher Education Sexual Violence Presentation
Higher Education Sexual Violence PresentationHigher Education Sexual Violence Presentation
Higher Education Sexual Violence Presentation
Dan Michaluk
 
Cyber class action claims at an inflection point
Cyber class action claims at an inflection pointCyber class action claims at an inflection point
Cyber class action claims at an inflection point
Dan Michaluk
 
The pandemic and privacy
The pandemic and privacyThe pandemic and privacy
The pandemic and privacy
Dan Michaluk
 
Union access to information
Union access to informationUnion access to information
Union access to information
Dan Michaluk
 
The Current State of FOI
The Current State of FOIThe Current State of FOI
The Current State of FOI
Dan Michaluk
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analytics
Dan Michaluk
 
Advocates' Society Tricks of the Trade 2019 - A Privacy Update
Advocates' Society Tricks of the Trade 2019 - A Privacy UpdateAdvocates' Society Tricks of the Trade 2019 - A Privacy Update
Advocates' Society Tricks of the Trade 2019 - A Privacy Update
Dan Michaluk
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam Compliance
Dan Michaluk
 
Role of a breach coach
Role of a breach coachRole of a breach coach
Role of a breach coach
Dan Michaluk
 
PHIPA for school boards
PHIPA for school boardsPHIPA for school boards
PHIPA for school boards
Dan Michaluk
 
Finding internet evidence
Finding internet evidenceFinding internet evidence
Finding internet evidence
Dan Michaluk
 
Sexual Assault in Higher Education - Law Policy and Practice
Sexual Assault in Higher Education - Law Policy and PracticeSexual Assault in Higher Education - Law Policy and Practice
Sexual Assault in Higher Education - Law Policy and Practice
Dan Michaluk
 
Student Conduct Investigations - Examining Evidence and Determining Credibiliity
Student Conduct Investigations - Examining Evidence and Determining CredibiliityStudent Conduct Investigations - Examining Evidence and Determining Credibiliity
Student Conduct Investigations - Examining Evidence and Determining Credibiliity
Dan Michaluk
 
Cybersecurity and data loss - It's not just about lost USB keys today
Cybersecurity and data loss - It's not just about lost USB keys todayCybersecurity and data loss - It's not just about lost USB keys today
Cybersecurity and data loss - It's not just about lost USB keys today
Dan Michaluk
 
Privacy and breaches in health care - a legal update
Privacy and breaches in health care - a legal updatePrivacy and breaches in health care - a legal update
Privacy and breaches in health care - a legal update
Dan Michaluk
 
Cacuss 2015 sexual violence
Cacuss 2015 sexual violenceCacuss 2015 sexual violence
Cacuss 2015 sexual violence
Dan Michaluk
 

More from Dan Michaluk (19)

Ecno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptxEcno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptx
 
Critical Issues in School Board Cyber Security
Critical Issues in School Board Cyber SecurityCritical Issues in School Board Cyber Security
Critical Issues in School Board Cyber Security
 
Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)
 
Higher Education Sexual Violence Presentation
Higher Education Sexual Violence PresentationHigher Education Sexual Violence Presentation
Higher Education Sexual Violence Presentation
 
Cyber class action claims at an inflection point
Cyber class action claims at an inflection pointCyber class action claims at an inflection point
Cyber class action claims at an inflection point
 
The pandemic and privacy
The pandemic and privacyThe pandemic and privacy
The pandemic and privacy
 
Union access to information
Union access to informationUnion access to information
Union access to information
 
The Current State of FOI
The Current State of FOIThe Current State of FOI
The Current State of FOI
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analytics
 
Advocates' Society Tricks of the Trade 2019 - A Privacy Update
Advocates' Society Tricks of the Trade 2019 - A Privacy UpdateAdvocates' Society Tricks of the Trade 2019 - A Privacy Update
Advocates' Society Tricks of the Trade 2019 - A Privacy Update
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam Compliance
 
Role of a breach coach
Role of a breach coachRole of a breach coach
Role of a breach coach
 
PHIPA for school boards
PHIPA for school boardsPHIPA for school boards
PHIPA for school boards
 
Finding internet evidence
Finding internet evidenceFinding internet evidence
Finding internet evidence
 
Sexual Assault in Higher Education - Law Policy and Practice
Sexual Assault in Higher Education - Law Policy and PracticeSexual Assault in Higher Education - Law Policy and Practice
Sexual Assault in Higher Education - Law Policy and Practice
 
Student Conduct Investigations - Examining Evidence and Determining Credibiliity
Student Conduct Investigations - Examining Evidence and Determining CredibiliityStudent Conduct Investigations - Examining Evidence and Determining Credibiliity
Student Conduct Investigations - Examining Evidence and Determining Credibiliity
 
Cybersecurity and data loss - It's not just about lost USB keys today
Cybersecurity and data loss - It's not just about lost USB keys todayCybersecurity and data loss - It's not just about lost USB keys today
Cybersecurity and data loss - It's not just about lost USB keys today
 
Privacy and breaches in health care - a legal update
Privacy and breaches in health care - a legal updatePrivacy and breaches in health care - a legal update
Privacy and breaches in health care - a legal update
 
Cacuss 2015 sexual violence
Cacuss 2015 sexual violenceCacuss 2015 sexual violence
Cacuss 2015 sexual violence
 

Recently uploaded

一比一原版(trent毕业证书)加拿大特伦特大学毕业证如何办理
一比一原版(trent毕业证书)加拿大特伦特大学毕业证如何办理一比一原版(trent毕业证书)加拿大特伦特大学毕业证如何办理
一比一原版(trent毕业证书)加拿大特伦特大学毕业证如何办理
mecyyn
 
快速办理(SCU毕业证书)澳洲南十字星大学毕业证文凭证书一模一样
快速办理(SCU毕业证书)澳洲南十字星大学毕业证文凭证书一模一样快速办理(SCU毕业证书)澳洲南十字星大学毕业证文凭证书一模一样
快速办理(SCU毕业证书)澳洲南十字星大学毕业证文凭证书一模一样
15e6o6u
 
一比一原版(ual毕业证书)伦敦艺术大学毕业证如何办理
一比一原版(ual毕业证书)伦敦艺术大学毕业证如何办理一比一原版(ual毕业证书)伦敦艺术大学毕业证如何办理
一比一原版(ual毕业证书)伦敦艺术大学毕业证如何办理
ayvace
 
Safeguarding Against Financial Crime: AML Compliance Regulations Demystified
Safeguarding Against Financial Crime: AML Compliance Regulations DemystifiedSafeguarding Against Financial Crime: AML Compliance Regulations Demystified
Safeguarding Against Financial Crime: AML Compliance Regulations Demystified
PROF. PAUL ALLIEU KAMARA
 
一比一原版(uottawa毕业证书)加拿大渥太华大学毕业证如何办理
一比一原版(uottawa毕业证书)加拿大渥太华大学毕业证如何办理一比一原版(uottawa毕业证书)加拿大渥太华大学毕业证如何办理
一比一原版(uottawa毕业证书)加拿大渥太华大学毕业证如何办理
uhsox
 
一比一原版(glasgow毕业证书)格拉斯哥大学毕业证如何办理
一比一原版(glasgow毕业证书)格拉斯哥大学毕业证如何办理一比一原版(glasgow毕业证书)格拉斯哥大学毕业证如何办理
一比一原版(glasgow毕业证书)格拉斯哥大学毕业证如何办理
ooqzo
 
一比一原版新加坡南洋理工大学毕业证(本硕)ntu学位证书如何办理
一比一原版新加坡南洋理工大学毕业证(本硕)ntu学位证书如何办理一比一原版新加坡南洋理工大学毕业证(本硕)ntu学位证书如何办理
一比一原版新加坡南洋理工大学毕业证(本硕)ntu学位证书如何办理
hedonxu
 
suture removal ppt.pptx medical surgical
suture removal ppt.pptx medical surgicalsuture removal ppt.pptx medical surgical
suture removal ppt.pptx medical surgical
AlanSudhan
 
A Critical Study of ICC Prosecutor's Move on GAZA War
A Critical Study of ICC Prosecutor's Move on GAZA WarA Critical Study of ICC Prosecutor's Move on GAZA War
A Critical Study of ICC Prosecutor's Move on GAZA War
Nilendra Kumar
 
Asian legal busiess india you are invited
Asian legal busiess india you are invitedAsian legal busiess india you are invited
Asian legal busiess india you are invited
digitalrashi12
 
一比一原版加拿大多伦多大学毕业证(uoft毕业证书)如何办理
一比一原版加拿大多伦多大学毕业证(uoft毕业证书)如何办理一比一原版加拿大多伦多大学毕业证(uoft毕业证书)如何办理
一比一原版加拿大多伦多大学毕业证(uoft毕业证书)如何办理
onduyv
 
一比一原版林肯大学毕业证(lincoln毕业证)如何办理
一比一原版林肯大学毕业证(lincoln毕业证)如何办理一比一原版林肯大学毕业证(lincoln毕业证)如何办理
一比一原版林肯大学毕业证(lincoln毕业证)如何办理
fexbqa
 
一比一原版(uwgb毕业证书)美国威斯康星大学绿湾分校毕业证如何办理
一比一原版(uwgb毕业证书)美国威斯康星大学绿湾分校毕业证如何办理一比一原版(uwgb毕业证书)美国威斯康星大学绿湾分校毕业证如何办理
一比一原版(uwgb毕业证书)美国威斯康星大学绿湾分校毕业证如何办理
pdeehy
 
17-03 2022 -full agreement full version .pdf
17-03 2022 -full agreement full version .pdf17-03 2022 -full agreement full version .pdf
17-03 2022 -full agreement full version .pdf
ssuser0dfed9
 
一比一原版朴次茅斯大学毕业证(uop毕业证)如何办理
一比一原版朴次茅斯大学毕业证(uop毕业证)如何办理一比一原版朴次茅斯大学毕业证(uop毕业证)如何办理
一比一原版朴次茅斯大学毕业证(uop毕业证)如何办理
onduyv
 
一比一原版(liverpool毕业证书)利物浦大学毕业证如何办理
一比一原版(liverpool毕业证书)利物浦大学毕业证如何办理一比一原版(liverpool毕业证书)利物浦大学毕业证如何办理
一比一原版(liverpool毕业证书)利物浦大学毕业证如何办理
aypxuyw
 
V.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdf
V.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdfV.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdf
V.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdf
bhavenpr
 
在线办理(UNE毕业证书)新英格兰大学毕业证成绩单一模一样
在线办理(UNE毕业证书)新英格兰大学毕业证成绩单一模一样在线办理(UNE毕业证书)新英格兰大学毕业证成绩单一模一样
在线办理(UNE毕业证书)新英格兰大学毕业证成绩单一模一样
15e6o6u
 
一比一原版(uwlc毕业证书)美国威斯康星大学拉克罗斯分校毕业证如何办理
一比一原版(uwlc毕业证书)美国威斯康星大学拉克罗斯分校毕业证如何办理一比一原版(uwlc毕业证书)美国威斯康星大学拉克罗斯分校毕业证如何办理
一比一原版(uwlc毕业证书)美国威斯康星大学拉克罗斯分校毕业证如何办理
qevye
 
San Remo Manual on International Law Applicable to Armed Conflict at Sea
San Remo Manual on International Law Applicable to Armed Conflict at SeaSan Remo Manual on International Law Applicable to Armed Conflict at Sea
San Remo Manual on International Law Applicable to Armed Conflict at Sea
Justin Ordoyo
 

Recently uploaded (20)

一比一原版(trent毕业证书)加拿大特伦特大学毕业证如何办理
一比一原版(trent毕业证书)加拿大特伦特大学毕业证如何办理一比一原版(trent毕业证书)加拿大特伦特大学毕业证如何办理
一比一原版(trent毕业证书)加拿大特伦特大学毕业证如何办理
 
快速办理(SCU毕业证书)澳洲南十字星大学毕业证文凭证书一模一样
快速办理(SCU毕业证书)澳洲南十字星大学毕业证文凭证书一模一样快速办理(SCU毕业证书)澳洲南十字星大学毕业证文凭证书一模一样
快速办理(SCU毕业证书)澳洲南十字星大学毕业证文凭证书一模一样
 
一比一原版(ual毕业证书)伦敦艺术大学毕业证如何办理
一比一原版(ual毕业证书)伦敦艺术大学毕业证如何办理一比一原版(ual毕业证书)伦敦艺术大学毕业证如何办理
一比一原版(ual毕业证书)伦敦艺术大学毕业证如何办理
 
Safeguarding Against Financial Crime: AML Compliance Regulations Demystified
Safeguarding Against Financial Crime: AML Compliance Regulations DemystifiedSafeguarding Against Financial Crime: AML Compliance Regulations Demystified
Safeguarding Against Financial Crime: AML Compliance Regulations Demystified
 
一比一原版(uottawa毕业证书)加拿大渥太华大学毕业证如何办理
一比一原版(uottawa毕业证书)加拿大渥太华大学毕业证如何办理一比一原版(uottawa毕业证书)加拿大渥太华大学毕业证如何办理
一比一原版(uottawa毕业证书)加拿大渥太华大学毕业证如何办理
 
一比一原版(glasgow毕业证书)格拉斯哥大学毕业证如何办理
一比一原版(glasgow毕业证书)格拉斯哥大学毕业证如何办理一比一原版(glasgow毕业证书)格拉斯哥大学毕业证如何办理
一比一原版(glasgow毕业证书)格拉斯哥大学毕业证如何办理
 
一比一原版新加坡南洋理工大学毕业证(本硕)ntu学位证书如何办理
一比一原版新加坡南洋理工大学毕业证(本硕)ntu学位证书如何办理一比一原版新加坡南洋理工大学毕业证(本硕)ntu学位证书如何办理
一比一原版新加坡南洋理工大学毕业证(本硕)ntu学位证书如何办理
 
suture removal ppt.pptx medical surgical
suture removal ppt.pptx medical surgicalsuture removal ppt.pptx medical surgical
suture removal ppt.pptx medical surgical
 
A Critical Study of ICC Prosecutor's Move on GAZA War
A Critical Study of ICC Prosecutor's Move on GAZA WarA Critical Study of ICC Prosecutor's Move on GAZA War
A Critical Study of ICC Prosecutor's Move on GAZA War
 
Asian legal busiess india you are invited
Asian legal busiess india you are invitedAsian legal busiess india you are invited
Asian legal busiess india you are invited
 
一比一原版加拿大多伦多大学毕业证(uoft毕业证书)如何办理
一比一原版加拿大多伦多大学毕业证(uoft毕业证书)如何办理一比一原版加拿大多伦多大学毕业证(uoft毕业证书)如何办理
一比一原版加拿大多伦多大学毕业证(uoft毕业证书)如何办理
 
一比一原版林肯大学毕业证(lincoln毕业证)如何办理
一比一原版林肯大学毕业证(lincoln毕业证)如何办理一比一原版林肯大学毕业证(lincoln毕业证)如何办理
一比一原版林肯大学毕业证(lincoln毕业证)如何办理
 
一比一原版(uwgb毕业证书)美国威斯康星大学绿湾分校毕业证如何办理
一比一原版(uwgb毕业证书)美国威斯康星大学绿湾分校毕业证如何办理一比一原版(uwgb毕业证书)美国威斯康星大学绿湾分校毕业证如何办理
一比一原版(uwgb毕业证书)美国威斯康星大学绿湾分校毕业证如何办理
 
17-03 2022 -full agreement full version .pdf
17-03 2022 -full agreement full version .pdf17-03 2022 -full agreement full version .pdf
17-03 2022 -full agreement full version .pdf
 
一比一原版朴次茅斯大学毕业证(uop毕业证)如何办理
一比一原版朴次茅斯大学毕业证(uop毕业证)如何办理一比一原版朴次茅斯大学毕业证(uop毕业证)如何办理
一比一原版朴次茅斯大学毕业证(uop毕业证)如何办理
 
一比一原版(liverpool毕业证书)利物浦大学毕业证如何办理
一比一原版(liverpool毕业证书)利物浦大学毕业证如何办理一比一原版(liverpool毕业证书)利物浦大学毕业证如何办理
一比一原版(liverpool毕业证书)利物浦大学毕业证如何办理
 
V.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdf
V.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdfV.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdf
V.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdf
 
在线办理(UNE毕业证书)新英格兰大学毕业证成绩单一模一样
在线办理(UNE毕业证书)新英格兰大学毕业证成绩单一模一样在线办理(UNE毕业证书)新英格兰大学毕业证成绩单一模一样
在线办理(UNE毕业证书)新英格兰大学毕业证成绩单一模一样
 
一比一原版(uwlc毕业证书)美国威斯康星大学拉克罗斯分校毕业证如何办理
一比一原版(uwlc毕业证书)美国威斯康星大学拉克罗斯分校毕业证如何办理一比一原版(uwlc毕业证书)美国威斯康星大学拉克罗斯分校毕业证如何办理
一比一原版(uwlc毕业证书)美国威斯康星大学拉克罗斯分校毕业证如何办理
 
San Remo Manual on International Law Applicable to Armed Conflict at Sea
San Remo Manual on International Law Applicable to Armed Conflict at SeaSan Remo Manual on International Law Applicable to Armed Conflict at Sea
San Remo Manual on International Law Applicable to Armed Conflict at Sea
 

Responding to Data Breaches

  • 1. Responding to Data Breaches March 25, 2015
  • 2. Better breach response – how to be good when things go bad Ian Dick Dan Michaluk
  • 3. Responding to Data Breaches March 25, 2015 Better breach response • The Rules of Professional Conduct • The basis for good breach response • Incident response planning • Notification, harm mitigation and risk management
  • 4. Responding to Data Breaches March 25, 2015 Rules of Professional Conduct • Rule 3.2-2 – shall be honest and candid (breach reporting duty?) • Rule 3.3-1 – shall hold in strict confidence • Rule 3.5-2 – shall care of a client's property as a careful and prudent owner would…
  • 5. Responding to Data Breaches March 25, 2015 Why have a formal, written plan? • Breaches are best managed as crises • This means • Time is of the essence • Organizational behaviour can be problematic • Also • Formal incident response plans are required by recognized data security standards
  • 6. Responding to Data Breaches March 25, 2015 The basis for good breach response • Good records management • Records classified in accordance with sensitivity • Records with personal information tagged • Strong logging of system activity • Security intelligence and periodical vulnerability assessments • Strong vendor contracts (notification, cooperation, control of breach response)
  • 7. Responding to Data Breaches March 25, 2015 What's in a plan? • Identification – what is an "incident" • Escalation – reporting duties and accountabilities • Role and process definition (typically featuring a multi-disciplinary "breach response team") • Assess – gather facts and triage • Contain – immediate • Investigate – five Ws • Manage – liability, public affairs
  • 8. Responding to Data Breaches March 25, 2015 What's in a plan? • Don't forget! • Communication norms • Recordkeeping • Confidentiality
  • 9. Responding to Data Breaches March 25, 2015 Identification and escalation • Internal reporting supports identification • Make clear that individuals are not to self-assess
  • 10. Responding to Data Breaches March 25, 2015 Identification and escalation • Other means of identification • Internal security analysis (network and system analysis is becoming the norm) • External reports (police, customers, credit card companies and others)
  • 11. Responding to Data Breaches March 25, 2015 The incident response team • Privacy office • Information security / corporate security • Legal • Risk management • Communications • Management from affected business (or human resources if employees are affected)
  • 12. Responding to Data Breaches March 25, 2015 Experts to retain in advance • Why? • Objectivity can wither in a crises • Bench strength may be required • Who? • IT forensics • Crises communications • Legal counsel
  • 13. Responding to Data Breaches March 25, 2015 Role of legal counsel • Control strategic direction • Identify legal risks and potential liabilities • Input into advocacy • Affected persons • The media and public • Regulators • Litigation management
  • 14. Responding to Data Breaches March 25, 2015 Practice, test, update • Annual update • Plans should, in general, be scenario-neutral • Update based on external and internal analysis • From new contact information to new procedure • Tests / fire drills • Identify flaws in detection capability • Develop tactical IT skills required for correction • Discover data gaps and other problems • Garner decision-making confidence • Can be an intervention that supports change
  • 15. Responding to Data Breaches March 25, 2015 Notification and remediation • Outside the health sector, only under Alberta legislation currently (S-4 will amend PIPEDA) • But foreign laws will often apply (and notifying half of an affected population does not work) • Notification may be required by a common law duty if harm is reasonably foreseeable • Notification may be desirable b/c people will find out and you can't tolerate the justification process
  • 16. Responding to Data Breaches March 25, 2015 Notification and remediation • What happened (with identification of personal information elements) • What you've done to contain it • Contact information • Consider • An apology • Telling people where to get help • Making a protective offer
  • 17. Better breach response – how to be good when things go bad Ian Dick Dan Michaluk
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26. Responding to Data Breaches March 25, 2015

Editor's Notes

  1. Ian Dick is my partner and my source of guidance on complex litigation. I'll let you read his bio but what you won't see on there is experience in the mop up after major crises including Walkerton and the tainted blood scandal.   With no slight to Ian I'll say that I know the reason you're all here is to see Karen Gordon of Squeaky Wheel Communications. Karen and I cut our teeth together on a 65000 person data breach in 2006. It's very important when your in crises to have legal and communications work in tandem. We had that and I can say very confidently from that file and subsequent files that Karen is an amazing crises communicator.
  2. Not making a general pitch on taking care of data security…. Our pitch is more specific It's about the need to plan ahead for the inevitable To create a written, reasonably robust incident response policy Who's got one? Spend 30 minutes – making the pitch and explaining how -one of three components here but is the key message
  3. Ian (Explain and frame presentation as supportive of Rule compliance.)
  4. You need a breach response plan because you will be in crises -Important decisions… -…about significant harms… -…under great time pressure (as soon as reasonably possible, 30 from discovery under Obama legislation) If you do not plan in advance you will be slow -poor identification and escalation -responsibility and authority won't be clear or will be dispersed -resources won't be clear Protect against bad behavior -groupthink - bone person accountable will promote best decision-making -self protection - theme/messages "when they come asking, you will answer" "we will not tolerate self-protecting behavior" -PCI-DSS --- 12.10 -ISO 27002 – requirement 16
  5. Ian
  6. -Not starting from scratch! -Look at ISO – 27002:2013 requirement 16 -Look at PCI-DSS – 12.10 -Calibrate to your culture. Tolerance. Err towards bureaucratic for this type of policy. … -core elements on this slide -policy to facilitate identification and escalation -role and process definition -who is responsible for what -at each stage of the process -what resources are available and can be drawn upon
  7. Also address critical communication and recordkeeping issues Questions to answer via policy -How will people be contacted on a 24/7 basis? -What's the back up plan? (Anticipate network failure) -What will and will not be communicated over-email? -What will and will not be said to others over e-mail? -Who keeps a record of decisions and their rationale? In what form? These things also go in policy -Commitment to training and communication -Commitment to periodic review and updating
  8. Ian -note that this one is narrow -excludes "significant threats" and "near misses"
  9. Ian
  10. -Recognition that these are complex problems that require (for due diligence) expert input -This is a typical team -Do you have a significantly different composition at your organization? -Appropriate for team or individual on team to have broad decision making authority, at least to make the type of decisions that can be readily anticipated -shut down an affected service -retain outside assistance -authorize communications to public -authorize communication to authorities -make remedial offers Consensus? One person assigned?
  11. Ian
  12. Two kinds of legal advisors Strategic advisor – explained on this slide Expert advisor – sounding board, notification opinions Note that your incident response policy may affect whether you can claim privilege over communications If the breach response process is framed as a process if getting information to counsel so counsel can advise then communications in support of that process are likely to be privileged May be more difficult when the lawyer is merely part of the team, but if you establish by policy that lawyer's only role is to provide legal advice you should be okay
  13. -annual update is the best practice -if you drill into specific risks, update the risks based on an annual risk assessment … -fire drills may be appropriate
  14. Ian (Comment on last bullet.)
  15. Ian