SlideShare a Scribd company logo

Cyber Liability Insurance Counseling and Breach Response

Shawn Tuma
Shawn Tuma

This presentation focused on how teaching attorneys how to counsel their clients on cyber insurance and guide them through the data breach incident response process. Cybersecurity and data privacy attorney Shawn Tuma presented this continuing legal education session on March 10, 2017. It was delivered live at the TexasBarCLE presents the 8th Annual Course Essentials of Business Law:Four Modules for a Robust Practice Cosponsored by the Business Law Section of the State Bar of Texas.

Law
1 of 36
Download to read offline
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Cyber Liability Insurance Counseling and Breach Response Elizabeth Rogers Greenberg Traurig, LLP rogersel@gtlaw.com @Lonestar_Lawyer Shawn Tuma Scheef & Stone, LLP Shawn.tuma@solidcounsel.com @shawnetuma
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Breach! Immediate Priorities • Leadership! • Assess the situation • Be a counselor • Instill confidence • Bring peace • Facilitate rational thought & rational behavior
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Data Breach Foundations Is the cyber event an incident or a breach? ▪ Event: any occurrence. ▪ Incident: an event that actually or potentially jeopardizes the confidentiality, integrity, or availability of the system, data, policies, or practices. ▪ Breach: actual loss of control, compromise, unauthorized disclosure, acquisition or access of data. ▪ Ransomware? Encryption safe harbor?
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Data Breach Foundations Is the cyber event caused by criminal or negligent actions? ▪ Hacker stealing IP from network. ▪ Employee misplaces unencrypted USB drive with PII. ▪ Focus on the action – why was it done? ▪ Report criminal events to law enforcement, not usually with negligent.
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Data Breach Foundations The difference between reporting, disclosing, notifying? ▪ Used interchangeably, not official – just used for clarity. ▪ Reporting: to report a crime to law enforcement. ▪ Disclosing: to disclose (notify) to a state or federal regulator of a data breach. ▪ Notification: to notify the data subjects of a data breach.
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Disclosure to Government Regulators ▪ Remember our fiction: reporting / notifying / disclosing ▪ What type of data was breached? (PII, PHI, Fin. Data, PCI) ▪ Which laws apply? ▪ Regulated industry? (HHS, SEC, FDIC, FINRA) ▪ i.e., Health → HHS, then ≥ 500 = 60 days to report < 500 = annual report ▪ State jurisdictions?
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Data Breach Response The difference between reporting, disclosing, notifying? ▪ Used interchangeably, not official – just used for clarity. ▪ Reporting: to report a crime to law enforcement. OPTIONAL, MAYBE. ▪ Disclosing: to disclose (notify) to a state or federal regulator of a data breach. NOT OPTIONAL. ▪ Notification: to notify the data subjects of a data breach. NOT OPTIONAL.
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Disclosure to Government Regulators Breach Notification Laws ▪ No national breach notification law ▪ 47 States w/ laws + DC, PR, VI (≠ AL, NM, SD) ▪ Data subjects’ residence determines + state doing bus. ▪ Some consistency but some not (e.g., MA & CA) ▪ Review each time – constantly changing.
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Disclosure to Government Regulators ▪ Is it a triggering “breach” under each relevant states’ laws? ▪ Which states’ laws require disclosure to their AG? ▪ Most, under certain circumstances (not TX). ▪ Which require pre-notice of a breach notification? ▪ CA, CT, NH, NJ, NY, NC, PR, WA ▪ When must disclosures be made? (w/ notif. 30/45/reas.) ▪ How must disclosure be made? (template / portal)
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Texas Breach Notification Law Notification Required Following Breach of Security of Computerized Data, Tex. Bus. Comm. Code § 521.053 ▪ “A person who conducts business in this state and owns or licenses computerized data that includes sensitive personal information shall disclose any breach of system security, after discovering or receiving notification of the breach, to any individual whose sensitive personal information was, or is reasonably believed to have been, acquired by an unauthorized person.” (See Appendix B)
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Texas Breach Notification Law ▪ Breach of System Security: “unauthorized acquisition ... compromises the security, confidentiality, or integrity of” SPI.  Employee leaving with customer data? ▪ Applies to anyone doing business in Texas. ▪ Notify any individual whose SPI “was, or is reasonably believed to have been, acquired by an unauthorized person.” ▪ When: “as quickly as possible” but allows for LE delay ▪ Penalty: $100 per individual per day for delayed time, not to exceed $250,000 for a single breach (AG / no civil remedy)
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE first name or first initial last name SSN DLN or GovtID data breach first name or first initial last name Acct or Card # Access or Security Code data breach Info that IDs Individ. Health- care, provided, or pay data breach Duty to notify when “unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of sensitive personal information …” Tx. Bus. Comm. Code § 521.053 CIVIL PENALTY $100.00 per individual per day for notification delay, not to exceed $250,000 for single breach § 521.151
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Reporting to Law Enforcement ▪ Role of law enforcement. ▪ When to report to law enforcement? ▪ Federal, state, or local law enforcement? ▪ When will law enforcement not get involved (usually)?
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Reporting to Law Enforcement ▪ Is it mandatory to report to law enforcement? ▪ State breach notification presume reporting. ▪ DOJ, NIST, FTC (“we’d view that company more favorably than a company that hasn’t”) ▪ US Senate (Yahoo) – when did you report to law enforcement or other government authorities? ▪ Credibility – the “state sponsored” “unprecedented” game.
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Reporting to Law Enforcement Benefits of reporting to law enforcement. ▪ Agencies can compel info from 3rd parties. ▪ Can work with foreign counterparts. ▪ Viewed favorably by regulators, shareholders, public. ▪ Can request delay of reporting. ▪ Result in successful prosecution. ▪ Resources, expertise, institutional knowledge, your $$$
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Reporting to Law Enforcement Dispelling myths of reporting to law enforcement. ▪ Reporting to law enforcement is not same as disclosing to regulators. ▪ Doesn’t “take over” your operations, not like regulatory enforcement action. ▪ Law enforcement uses discretion, doesn’t tattle on you. ▪ Company is still viewed as the victim. ▪ Use hypotheticals, if needed.
Cyber Insurance
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Cyber Insurance – Key Questions • Even know if you have it? • What period does the policy cover? • Are Officers & Directors Covered? • Cover 3rd Party Caused Events? • Social Engineering coverage? • Cover insiders intentional acts (vs. negligent) • Contractual liability? • What is the triggering event? • What types of data are covered? • What kind of incidents are covered? • Acts of war? • Required carrier list for attorneys & experts? • Other similar risks?
10 Key Issues in Cybersecurity Insurance Policies
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE 1.What period does the policy cover?
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE 2.Will Officers & Directors fall into the gap?
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE 3. Does policy exclude liability for injuries arising from breach of contract?
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE 4. Does policy cover actions caused by your vendors and contractors?
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE 5. Does policy provide excess coverage with a drop-down provision?
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE 6. Does policy provide coverage for insiders’ intentional acts – as opposed to negligent acts?
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE 7.What is the triggering event for coverage?
Data Sources Company Data Workforce Data Customer / Client Data Other Parties’ Data 3rd Party Business Associates’ Data Outsiders’ Data 8.What types of data are covered?
Threat Vectors Network Website Email BYOD USBGSM Internet Surfing Business Associates People 9.What kinds of breach events are covered?
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE 10. How are exclusions for “cyber acts of war” and “cyber terrorism” treated?
Additional Cybersecurity Insurance Considerations
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Contracts • 3rd party liability • Healthcare (BA) • Software license audit • Permissible access & use in policies, BYOD • EULA / TOS Marketing • FTC Act § 5 • SPAM laws • NLRB rules • CDA § 230 • Website audits • IP issues • Acct ownership Privacy • Privacy policies • Privacy & data practices • Destruction policies • Monitoring workforce • Business intelligence Industry Regulation • PCI (Payment Card Industry) • FFIEC (Federal Financial Institution Examination Council) • FINRA (Financial Industry Regulatory Authority) • SIFMA (Securities Industry and Financial Markets Association) What other cyber risks events are covered?
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE What coverage do you need, and how much?
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Should you agree to using the carrier’s list of attorneys and experts?
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE QUESTIONS?
@Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Shawn Tuma Scheef & Stone, LLP Frisco, Texas 214.472.2135 shawn.tuma@solidcounsel.com www.solidcounsel.com www.shawnetuma.com (blog) @shawnetuma Elizabeth Rogers Greenberg Traurig, LLP Austin, Texas 512.320.7256 rogersel@gtlaw.com www.gtlaw.com @Lonestar_Lawyer

Recommended

Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsCyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Shawn Tuma
 
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionCybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Shawn Tuma
 
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsCybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
Shawn Tuma
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Shawn Tuma
 
Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to Know
Shawn Tuma
 
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
Shawn Tuma
 
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
Shawn Tuma
 
Government Notification of Data Breach
Government Notification of Data BreachGovernment Notification of Data Breach
Government Notification of Data Breach
Shawn Tuma
 

Recommended

Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsCyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Shawn Tuma
 
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionCybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Shawn Tuma
 
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsCybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
Shawn Tuma
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Shawn Tuma
 
Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to Know
Shawn Tuma
 
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
Shawn Tuma
 
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
Shawn Tuma
 
Government Notification of Data Breach
Government Notification of Data BreachGovernment Notification of Data Breach
Government Notification of Data Breach
Shawn Tuma
 
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Shawn Tuma
 
Cybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The ConvergenceCybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The Convergence
Shawn Tuma
 
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the RiskPrivacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
duffeeandeitzen
 
Working with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security StrategiesWorking with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security Strategies
Meg Weber
 
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Shawn Tuma
 
Working with law enforcement
Working with law enforcementWorking with law enforcement
Working with law enforcementMeg Weber
 
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
Shawn Tuma
 
Cybersecurity & Data Protection: What the GC & CEO Need to Know
Cybersecurity & Data Protection: What the GC & CEO Need to KnowCybersecurity & Data Protection: What the GC & CEO Need to Know
Cybersecurity & Data Protection: What the GC & CEO Need to Know
Shawn Tuma
 
Cybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowCybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to Know
Shawn Tuma
 
Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016
Dan Michaluk
 
What to do after a data breach
What to do after a data breachWhat to do after a data breach
What to do after a data breach
Oregon Law Practice Management
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Financial Poise
 
Cas cyber prez
Cas cyber prezCas cyber prez
Cas cyber prez
Dan Michaluk
 
Data Privacy Micc Presentation
Data Privacy Micc PresentationData Privacy Micc Presentation
Data Privacy Micc Presentationashishjoshi
 
Cybersecurity White Paper 05_2016
Cybersecurity White Paper 05_2016Cybersecurity White Paper 05_2016
Cybersecurity White Paper 05_2016Jennifer Sharf Adler
 
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Shawn Tuma
 
Cyber legal update oct 7 2015
Cyber legal update oct 7 2015Cyber legal update oct 7 2015
Cyber legal update oct 7 2015
Dan Michaluk
 
Data & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyData & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny Leroy
Thoughtworks
 
Cybersecurity and Data Privacy Whistleblower Protections
Cybersecurity and Data Privacy Whistleblower ProtectionsCybersecurity and Data Privacy Whistleblower Protections
Cybersecurity and Data Privacy Whistleblower Protections
Zuckerman Law Whistleblower Protection Law Firm
 
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Shawn Tuma
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Shawn Tuma
 
Specific role of excipients in tablet production
Specific role of excipients in tablet productionSpecific role of excipients in tablet production
Specific role of excipients in tablet production
ANURAG GROUP OF INSTITUTIONS
 

More Related Content

What's hot

Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Shawn Tuma
 
Cybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The ConvergenceCybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The Convergence
Shawn Tuma
 
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the RiskPrivacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
duffeeandeitzen
 
Working with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security StrategiesWorking with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security Strategies
Meg Weber
 
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Shawn Tuma
 
Working with law enforcement
Working with law enforcementWorking with law enforcement
Working with law enforcementMeg Weber
 
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
Shawn Tuma
 
Cybersecurity & Data Protection: What the GC & CEO Need to Know
Cybersecurity & Data Protection: What the GC & CEO Need to KnowCybersecurity & Data Protection: What the GC & CEO Need to Know
Cybersecurity & Data Protection: What the GC & CEO Need to Know
Shawn Tuma
 
Cybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowCybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to Know
Shawn Tuma
 
Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016
Dan Michaluk
 
What to do after a data breach
What to do after a data breachWhat to do after a data breach
What to do after a data breach
Oregon Law Practice Management
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Financial Poise
 
Cas cyber prez
Cas cyber prezCas cyber prez
Cas cyber prez
Dan Michaluk
 
Data Privacy Micc Presentation
Data Privacy Micc PresentationData Privacy Micc Presentation
Data Privacy Micc Presentationashishjoshi
 
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Shawn Tuma
 
Cyber legal update oct 7 2015
Cyber legal update oct 7 2015Cyber legal update oct 7 2015
Cyber legal update oct 7 2015
Dan Michaluk
 
Data & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyData & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny Leroy
Thoughtworks
 
Cybersecurity and Data Privacy Whistleblower Protections
Cybersecurity and Data Privacy Whistleblower ProtectionsCybersecurity and Data Privacy Whistleblower Protections
Cybersecurity and Data Privacy Whistleblower Protections
Zuckerman Law Whistleblower Protection Law Firm
 
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Shawn Tuma
 

What's hot (20)

Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
 
Cybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The ConvergenceCybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The Convergence
 
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the RiskPrivacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
 
Working with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security StrategiesWorking with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security Strategies
 
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
 
Working with law enforcement
Working with law enforcementWorking with law enforcement
Working with law enforcement
 
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
 
Cybersecurity & Data Protection: What the GC & CEO Need to Know
Cybersecurity & Data Protection: What the GC & CEO Need to KnowCybersecurity & Data Protection: What the GC & CEO Need to Know
Cybersecurity & Data Protection: What the GC & CEO Need to Know
 
Cybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowCybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to Know
 
Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016
 
What to do after a data breach
What to do after a data breachWhat to do after a data breach
What to do after a data breach
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
 
Cas cyber prez
Cas cyber prezCas cyber prez
Cas cyber prez
 
Data Privacy Micc Presentation
Data Privacy Micc PresentationData Privacy Micc Presentation
Data Privacy Micc Presentation
 
Cybersecurity White Paper 05_2016
Cybersecurity White Paper 05_2016Cybersecurity White Paper 05_2016
Cybersecurity White Paper 05_2016
 
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
 
Cyber legal update oct 7 2015
Cyber legal update oct 7 2015Cyber legal update oct 7 2015
Cyber legal update oct 7 2015
 
Data & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyData & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny Leroy
 
Cybersecurity and Data Privacy Whistleblower Protections
Cybersecurity and Data Privacy Whistleblower ProtectionsCybersecurity and Data Privacy Whistleblower Protections
Cybersecurity and Data Privacy Whistleblower Protections
 
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
 

Viewers also liked

Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Shawn Tuma
 
Specific role of excipients in tablet production
Specific role of excipients in tablet productionSpecific role of excipients in tablet production
Specific role of excipients in tablet production
ANURAG GROUP OF INSTITUTIONS
 
Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal Toolkit
Kevin Duffey
 
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Shawn Tuma
 
CEOs leading Recovery from Cyber Attack
CEOs leading Recovery from Cyber AttackCEOs leading Recovery from Cyber Attack
CEOs leading Recovery from Cyber Attack
Kevin Duffey
 
Data Security Breach – knowing the risks and protecting your business
Data Security Breach – knowing the risks and protecting your businessData Security Breach – knowing the risks and protecting your business
Data Security Breach – knowing the risks and protecting your business
Eversheds Sutherland
 
Cyber Security Expect the Unexpected
Cyber Security Expect the UnexpectedCyber Security Expect the Unexpected
Cyber Security Expect the Unexpected
isc2-hellenic
 
Get the Basics Right
Get the Basics RightGet the Basics Right
Get the Basics Right
Rahul Neel Mani
 
Automation lec3
Automation lec3Automation lec3
Automation lec3
Mahmoud Hussein
 
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ..."Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
Health IT Conference – iHT2
 
Sumit dhar
Sumit dharSumit dhar
Sumit dhar
Rahul Neel Mani
 
Is Cyber Security the Elephant in the Boardroom?
Is Cyber Security the Elephant in the Boardroom? Is Cyber Security the Elephant in the Boardroom?
Is Cyber Security the Elephant in the Boardroom?
Rahul Neel Mani
 
The evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISOThe evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISO
isc2-hellenic
 
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
Amazon Web Services
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
Cyber Agency
 
The Business Case for Corporate Performance Management
The Business Case for Corporate Performance ManagementThe Business Case for Corporate Performance Management
The Business Case for Corporate Performance Management
Charles Bedard
 
2011-2012 Slumber Parties Catalog
2011-2012 Slumber Parties Catalog2011-2012 Slumber Parties Catalog
2011-2012 Slumber Parties Catalog
SlumberPartiesByConnieM
 

Viewers also liked (17)

Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
 
Specific role of excipients in tablet production
Specific role of excipients in tablet productionSpecific role of excipients in tablet production
Specific role of excipients in tablet production
 
Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal Toolkit
 
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
 
CEOs leading Recovery from Cyber Attack
CEOs leading Recovery from Cyber AttackCEOs leading Recovery from Cyber Attack
CEOs leading Recovery from Cyber Attack
 
Data Security Breach – knowing the risks and protecting your business
Data Security Breach – knowing the risks and protecting your businessData Security Breach – knowing the risks and protecting your business
Data Security Breach – knowing the risks and protecting your business
 
Cyber Security Expect the Unexpected
Cyber Security Expect the UnexpectedCyber Security Expect the Unexpected
Cyber Security Expect the Unexpected
 
Get the Basics Right
Get the Basics RightGet the Basics Right
Get the Basics Right
 
Automation lec3
Automation lec3Automation lec3
Automation lec3
 
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ..."Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
 
Sumit dhar
Sumit dharSumit dhar
Sumit dhar
 
Is Cyber Security the Elephant in the Boardroom?
Is Cyber Security the Elephant in the Boardroom? Is Cyber Security the Elephant in the Boardroom?
Is Cyber Security the Elephant in the Boardroom?
 
The evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISOThe evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISO
 
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
The Business Case for Corporate Performance Management
The Business Case for Corporate Performance ManagementThe Business Case for Corporate Performance Management
The Business Case for Corporate Performance Management
 
2011-2012 Slumber Parties Catalog
2011-2012 Slumber Parties Catalog2011-2012 Slumber Parties Catalog
2011-2012 Slumber Parties Catalog
 

Similar to Cyber Liability Insurance Counseling and Breach Response

Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11
pdewitte
 
Affirmative Defense Reponse System
Affirmative Defense Reponse SystemAffirmative Defense Reponse System
Affirmative Defense Reponse System
oldshaman
 
CCPA: What You Need to Know
CCPA: What You Need to KnowCCPA: What You Need to Know
CCPA: What You Need to Know
IronCore Labs
 
Gagnier's Portion of TechWeek Chicago Presentation
Gagnier's Portion of TechWeek Chicago PresentationGagnier's Portion of TechWeek Chicago Presentation
Gagnier's Portion of TechWeek Chicago Presentation
Christina Gagnier
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Shawn Tuma
 
Data Breach Response: A Guide for Business
Data Breach Response: A Guide for BusinessData Breach Response: A Guide for Business
Data Breach Response: A Guide for Business
- Mark - Fullbright
 
Texas Privacy Laws - Tough New Changes
Texas Privacy Laws - Tough New ChangesTexas Privacy Laws - Tough New Changes
Texas Privacy Laws - Tough New Changes
Jim Brashear
 
Fulcrum Rotary Club- Identity Theft
Fulcrum Rotary Club- Identity TheftFulcrum Rotary Club- Identity Theft
Fulcrum Rotary Club- Identity Theft
Steve Meek
 
Privacy PPT by Axel Kloth_March 18 2021
Privacy PPT by Axel Kloth_March 18 2021Privacy PPT by Axel Kloth_March 18 2021
Privacy PPT by Axel Kloth_March 18 2021
Nicole Fucile-Borsian
 
IST Presentation
IST PresentationIST Presentation
IST Presentation
guest1d1ed5
 
Privacy Presentation for SOCAP-3
Privacy Presentation for SOCAP-3Privacy Presentation for SOCAP-3
Privacy Presentation for SOCAP-3Gary Kazmer
 
Recovering from a Cyber Attack
Recovering from a Cyber AttackRecovering from a Cyber Attack
Recovering from a Cyber Attack
Shawn Tuma
 
Cyber Security For Law Firms - February 2015 -Westchester County Bar Associat...
Cyber Security For Law Firms - February 2015 -Westchester County Bar Associat...Cyber Security For Law Firms - February 2015 -Westchester County Bar Associat...
Cyber Security For Law Firms - February 2015 -Westchester County Bar Associat...
dmenken60
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Financial Poise
 
Cybersecurity & Data Protection: Thinking About Risk & Compliance
Cybersecurity & Data Protection: Thinking About Risk & ComplianceCybersecurity & Data Protection: Thinking About Risk & Compliance
Cybersecurity & Data Protection: Thinking About Risk & Compliance
Shawn Tuma
 
Information Compromise and the Risk of Identity Theft Guidance for your Business
Information Compromise and the Risk of Identity Theft Guidance for your BusinessInformation Compromise and the Risk of Identity Theft Guidance for your Business
Information Compromise and the Risk of Identity Theft Guidance for your Business
- Mark - Fullbright
 
Social Media Law: It is Real, and, Yes, It Really Can Impact Your Business - ...
Social Media Law: It is Real, and, Yes, It Really Can Impact Your Business - ...Social Media Law: It is Real, and, Yes, It Really Can Impact Your Business - ...
Social Media Law: It is Real, and, Yes, It Really Can Impact Your Business - ...
Shawn Tuma
 
PBPATL - Privacy Seminar 2011
PBPATL - Privacy Seminar 2011PBPATL - Privacy Seminar 2011
PBPATL - Privacy Seminar 2011Kimberly Verska
 
Security Basics for Law Firms
Security Basics for Law FirmsSecurity Basics for Law Firms
Security Basics for Law Firms
Clio - Cloud-Based Legal Technology
 
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...
Steve Werby
 

Similar to Cyber Liability Insurance Counseling and Breach Response (20)

Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11
 
Affirmative Defense Reponse System
Affirmative Defense Reponse SystemAffirmative Defense Reponse System
Affirmative Defense Reponse System
 
CCPA: What You Need to Know
CCPA: What You Need to KnowCCPA: What You Need to Know
CCPA: What You Need to Know
 
Gagnier's Portion of TechWeek Chicago Presentation
Gagnier's Portion of TechWeek Chicago PresentationGagnier's Portion of TechWeek Chicago Presentation
Gagnier's Portion of TechWeek Chicago Presentation
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
 
Data Breach Response: A Guide for Business
Data Breach Response: A Guide for BusinessData Breach Response: A Guide for Business
Data Breach Response: A Guide for Business
 
Texas Privacy Laws - Tough New Changes
Texas Privacy Laws - Tough New ChangesTexas Privacy Laws - Tough New Changes
Texas Privacy Laws - Tough New Changes
 
Fulcrum Rotary Club- Identity Theft
Fulcrum Rotary Club- Identity TheftFulcrum Rotary Club- Identity Theft
Fulcrum Rotary Club- Identity Theft
 
Privacy PPT by Axel Kloth_March 18 2021
Privacy PPT by Axel Kloth_March 18 2021Privacy PPT by Axel Kloth_March 18 2021
Privacy PPT by Axel Kloth_March 18 2021
 
IST Presentation
IST PresentationIST Presentation
IST Presentation
 
Privacy Presentation for SOCAP-3
Privacy Presentation for SOCAP-3Privacy Presentation for SOCAP-3
Privacy Presentation for SOCAP-3
 
Recovering from a Cyber Attack
Recovering from a Cyber AttackRecovering from a Cyber Attack
Recovering from a Cyber Attack
 
Cyber Security For Law Firms - February 2015 -Westchester County Bar Associat...
Cyber Security For Law Firms - February 2015 -Westchester County Bar Associat...Cyber Security For Law Firms - February 2015 -Westchester County Bar Associat...
Cyber Security For Law Firms - February 2015 -Westchester County Bar Associat...
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
 
Cybersecurity & Data Protection: Thinking About Risk & Compliance
Cybersecurity & Data Protection: Thinking About Risk & ComplianceCybersecurity & Data Protection: Thinking About Risk & Compliance
Cybersecurity & Data Protection: Thinking About Risk & Compliance
 
Information Compromise and the Risk of Identity Theft Guidance for your Business
Information Compromise and the Risk of Identity Theft Guidance for your BusinessInformation Compromise and the Risk of Identity Theft Guidance for your Business
Information Compromise and the Risk of Identity Theft Guidance for your Business
 
Social Media Law: It is Real, and, Yes, It Really Can Impact Your Business - ...
Social Media Law: It is Real, and, Yes, It Really Can Impact Your Business - ...Social Media Law: It is Real, and, Yes, It Really Can Impact Your Business - ...
Social Media Law: It is Real, and, Yes, It Really Can Impact Your Business - ...
 
PBPATL - Privacy Seminar 2011
PBPATL - Privacy Seminar 2011PBPATL - Privacy Seminar 2011
PBPATL - Privacy Seminar 2011
 
Security Basics for Law Firms
Security Basics for Law FirmsSecurity Basics for Law Firms
Security Basics for Law Firms
 
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...
 

More from Shawn Tuma

Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Shawn Tuma
 
The Dark Side of Digital Engagement
The Dark Side of Digital EngagementThe Dark Side of Digital Engagement
The Dark Side of Digital Engagement
Shawn Tuma
 
Incident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware AttackIncident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware Attack
Shawn Tuma
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Shawn Tuma
 
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Shawn Tuma
 
The Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data BreachThe Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data Breach
Shawn Tuma
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Shawn Tuma
 
Lawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for CybersecurityLawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for Cybersecurity
Shawn Tuma
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Shawn Tuma
 
Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.
Shawn Tuma
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should Include
Shawn Tuma
 
Cyber Hygiene Checklist
Cyber Hygiene ChecklistCyber Hygiene Checklist
Cyber Hygiene Checklist
Shawn Tuma
 
Cyber Incident Response Checklist
Cyber Incident Response ChecklistCyber Incident Response Checklist
Cyber Incident Response Checklist
Shawn Tuma
 
Cybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and ClientsCybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and Clients
Shawn Tuma
 
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Shawn Tuma
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Shawn Tuma
 
Something is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid ThemSomething is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid Them
Shawn Tuma
 
Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)
Shawn Tuma
 
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
Shawn Tuma
 
Cybersecurity Update
Cybersecurity UpdateCybersecurity Update
Cybersecurity Update
Shawn Tuma
 

More from Shawn Tuma (20)

Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
 
The Dark Side of Digital Engagement
The Dark Side of Digital EngagementThe Dark Side of Digital Engagement
The Dark Side of Digital Engagement
 
Incident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware AttackIncident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware Attack
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
 
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
 
The Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data BreachThe Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data Breach
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
 
Lawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for CybersecurityLawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for Cybersecurity
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
 
Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should Include
 
Cyber Hygiene Checklist
Cyber Hygiene ChecklistCyber Hygiene Checklist
Cyber Hygiene Checklist
 
Cyber Incident Response Checklist
Cyber Incident Response ChecklistCyber Incident Response Checklist
Cyber Incident Response Checklist
 
Cybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and ClientsCybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and Clients
 
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
 
Something is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid ThemSomething is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid Them
 
Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)
 
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
 
Cybersecurity Update
Cybersecurity UpdateCybersecurity Update
Cybersecurity Update
 

Recently uploaded

XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdfXYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
bhavenpr
 
Bharatiya Nagarik Suraksha Sanhita power.pptx
Bharatiya Nagarik Suraksha Sanhita power.pptxBharatiya Nagarik Suraksha Sanhita power.pptx
Bharatiya Nagarik Suraksha Sanhita power.pptx
ShivkumarIyer18
 
Tax Law Notes on taxation law tax law for 10th sem
Tax Law Notes on taxation law tax law for 10th semTax Law Notes on taxation law tax law for 10th sem
Tax Law Notes on taxation law tax law for 10th sem
azizurrahaman17
 
Lifting the Corporate Veil. Power Point Presentation
Lifting the Corporate Veil. Power Point PresentationLifting the Corporate Veil. Power Point Presentation
Lifting the Corporate Veil. Power Point Presentation
seri bangash
 
2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf
2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf
2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf
CIkumparan
 
Patenting_Innovations_in_3D_Printing_Prosthetics.pptx
Patenting_Innovations_in_3D_Printing_Prosthetics.pptxPatenting_Innovations_in_3D_Printing_Prosthetics.pptx
Patenting_Innovations_in_3D_Printing_Prosthetics.pptx
ssuser559494
 
原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样
原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样
原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样
9ib5wiwt
 
Defending Weapons Offence Charges: Role of Mississauga Criminal Defence Lawyers
Defending Weapons Offence Charges: Role of Mississauga Criminal Defence LawyersDefending Weapons Offence Charges: Role of Mississauga Criminal Defence Lawyers
Defending Weapons Offence Charges: Role of Mississauga Criminal Defence Lawyers
HarpreetSaini48
 
Business and Corporate Case Update (2024)
Business and Corporate Case Update (2024)Business and Corporate Case Update (2024)
Business and Corporate Case Update (2024)
Wendy Couture
 
一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理
一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理
一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理
o6ov5dqmf
 
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Syed Muhammad Humza Hussain
 
Daftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdf
Daftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdfDaftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdf
Daftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdf
akbarrasyid3
 
Highlights_of_Bhartiya_Nyaya_Sanhita.pptx
Highlights_of_Bhartiya_Nyaya_Sanhita.pptxHighlights_of_Bhartiya_Nyaya_Sanhita.pptx
Highlights_of_Bhartiya_Nyaya_Sanhita.pptx
anjalidixit21
 
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
osenwakm
 
Understanding about ITR-1 and Documentation
Understanding about ITR-1 and DocumentationUnderstanding about ITR-1 and Documentation
Understanding about ITR-1 and Documentation
CAAJAYKUMAR4
 
在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样
在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样
在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样
osenwakm
 
ADR in criminal proceeding in Bangladesh with global perspective.
ADR in criminal proceeding in Bangladesh with global perspective.ADR in criminal proceeding in Bangladesh with global perspective.
ADR in criminal proceeding in Bangladesh with global perspective.
Daffodil International University
 
定制(nus毕业证书)新加坡国立大学毕业证学位证书实拍图原版一模一样
定制(nus毕业证书)新加坡国立大学毕业证学位证书实拍图原版一模一样定制(nus毕业证书)新加坡国立大学毕业证学位证书实拍图原版一模一样
定制(nus毕业证书)新加坡国立大学毕业证学位证书实拍图原版一模一样
9ib5wiwt
 
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...
Massimo Talia
 
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
9ib5wiwt
 

Recently uploaded (20)

XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdfXYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
 
Bharatiya Nagarik Suraksha Sanhita power.pptx
Bharatiya Nagarik Suraksha Sanhita power.pptxBharatiya Nagarik Suraksha Sanhita power.pptx
Bharatiya Nagarik Suraksha Sanhita power.pptx
 
Tax Law Notes on taxation law tax law for 10th sem
Tax Law Notes on taxation law tax law for 10th semTax Law Notes on taxation law tax law for 10th sem
Tax Law Notes on taxation law tax law for 10th sem
 
Lifting the Corporate Veil. Power Point Presentation
Lifting the Corporate Veil. Power Point PresentationLifting the Corporate Veil. Power Point Presentation
Lifting the Corporate Veil. Power Point Presentation
 
2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf
2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf
2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf
 
Patenting_Innovations_in_3D_Printing_Prosthetics.pptx
Patenting_Innovations_in_3D_Printing_Prosthetics.pptxPatenting_Innovations_in_3D_Printing_Prosthetics.pptx
Patenting_Innovations_in_3D_Printing_Prosthetics.pptx
 
原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样
原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样
原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样
 
Defending Weapons Offence Charges: Role of Mississauga Criminal Defence Lawyers
Defending Weapons Offence Charges: Role of Mississauga Criminal Defence LawyersDefending Weapons Offence Charges: Role of Mississauga Criminal Defence Lawyers
Defending Weapons Offence Charges: Role of Mississauga Criminal Defence Lawyers
 
Business and Corporate Case Update (2024)
Business and Corporate Case Update (2024)Business and Corporate Case Update (2024)
Business and Corporate Case Update (2024)
 
一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理
一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理
一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理
 
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
 
Daftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdf
Daftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdfDaftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdf
Daftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdf
 
Highlights_of_Bhartiya_Nyaya_Sanhita.pptx
Highlights_of_Bhartiya_Nyaya_Sanhita.pptxHighlights_of_Bhartiya_Nyaya_Sanhita.pptx
Highlights_of_Bhartiya_Nyaya_Sanhita.pptx
 
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
 
Understanding about ITR-1 and Documentation
Understanding about ITR-1 and DocumentationUnderstanding about ITR-1 and Documentation
Understanding about ITR-1 and Documentation
 
在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样
在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样
在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样
 
ADR in criminal proceeding in Bangladesh with global perspective.
ADR in criminal proceeding in Bangladesh with global perspective.ADR in criminal proceeding in Bangladesh with global perspective.
ADR in criminal proceeding in Bangladesh with global perspective.
 
定制(nus毕业证书)新加坡国立大学毕业证学位证书实拍图原版一模一样
定制(nus毕业证书)新加坡国立大学毕业证学位证书实拍图原版一模一样定制(nus毕业证书)新加坡国立大学毕业证学位证书实拍图原版一模一样
定制(nus毕业证书)新加坡国立大学毕业证学位证书实拍图原版一模一样
 
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...
 
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
 

Cyber Liability Insurance Counseling and Breach Response

  • 1. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Cyber Liability Insurance Counseling and Breach Response Elizabeth Rogers Greenberg Traurig, LLP rogersel@gtlaw.com @Lonestar_Lawyer Shawn Tuma Scheef & Stone, LLP Shawn.tuma@solidcounsel.com @shawnetuma
  • 2. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Breach! Immediate Priorities • Leadership! • Assess the situation • Be a counselor • Instill confidence • Bring peace • Facilitate rational thought & rational behavior
  • 3. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Data Breach Foundations Is the cyber event an incident or a breach? ▪ Event: any occurrence. ▪ Incident: an event that actually or potentially jeopardizes the confidentiality, integrity, or availability of the system, data, policies, or practices. ▪ Breach: actual loss of control, compromise, unauthorized disclosure, acquisition or access of data. ▪ Ransomware? Encryption safe harbor?
  • 4. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Data Breach Foundations Is the cyber event caused by criminal or negligent actions? ▪ Hacker stealing IP from network. ▪ Employee misplaces unencrypted USB drive with PII. ▪ Focus on the action – why was it done? ▪ Report criminal events to law enforcement, not usually with negligent.
  • 5. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Data Breach Foundations The difference between reporting, disclosing, notifying? ▪ Used interchangeably, not official – just used for clarity. ▪ Reporting: to report a crime to law enforcement. ▪ Disclosing: to disclose (notify) to a state or federal regulator of a data breach. ▪ Notification: to notify the data subjects of a data breach.
  • 6. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Disclosure to Government Regulators ▪ Remember our fiction: reporting / notifying / disclosing ▪ What type of data was breached? (PII, PHI, Fin. Data, PCI) ▪ Which laws apply? ▪ Regulated industry? (HHS, SEC, FDIC, FINRA) ▪ i.e., Health → HHS, then ≥ 500 = 60 days to report < 500 = annual report ▪ State jurisdictions?
  • 7. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Data Breach Response The difference between reporting, disclosing, notifying? ▪ Used interchangeably, not official – just used for clarity. ▪ Reporting: to report a crime to law enforcement. OPTIONAL, MAYBE. ▪ Disclosing: to disclose (notify) to a state or federal regulator of a data breach. NOT OPTIONAL. ▪ Notification: to notify the data subjects of a data breach. NOT OPTIONAL.
  • 8. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Disclosure to Government Regulators Breach Notification Laws ▪ No national breach notification law ▪ 47 States w/ laws + DC, PR, VI (≠ AL, NM, SD) ▪ Data subjects’ residence determines + state doing bus. ▪ Some consistency but some not (e.g., MA & CA) ▪ Review each time – constantly changing.
  • 9. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Disclosure to Government Regulators ▪ Is it a triggering “breach” under each relevant states’ laws? ▪ Which states’ laws require disclosure to their AG? ▪ Most, under certain circumstances (not TX). ▪ Which require pre-notice of a breach notification? ▪ CA, CT, NH, NJ, NY, NC, PR, WA ▪ When must disclosures be made? (w/ notif. 30/45/reas.) ▪ How must disclosure be made? (template / portal)
  • 10. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Texas Breach Notification Law Notification Required Following Breach of Security of Computerized Data, Tex. Bus. Comm. Code § 521.053 ▪ “A person who conducts business in this state and owns or licenses computerized data that includes sensitive personal information shall disclose any breach of system security, after discovering or receiving notification of the breach, to any individual whose sensitive personal information was, or is reasonably believed to have been, acquired by an unauthorized person.” (See Appendix B)
  • 11. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Texas Breach Notification Law ▪ Breach of System Security: “unauthorized acquisition ... compromises the security, confidentiality, or integrity of” SPI.  Employee leaving with customer data? ▪ Applies to anyone doing business in Texas. ▪ Notify any individual whose SPI “was, or is reasonably believed to have been, acquired by an unauthorized person.” ▪ When: “as quickly as possible” but allows for LE delay ▪ Penalty: $100 per individual per day for delayed time, not to exceed $250,000 for a single breach (AG / no civil remedy)
  • 12. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE first name or first initial last name SSN DLN or GovtID data breach first name or first initial last name Acct or Card # Access or Security Code data breach Info that IDs Individ. Health- care, provided, or pay data breach Duty to notify when “unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of sensitive personal information …” Tx. Bus. Comm. Code § 521.053 CIVIL PENALTY $100.00 per individual per day for notification delay, not to exceed $250,000 for single breach § 521.151
  • 13. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Reporting to Law Enforcement ▪ Role of law enforcement. ▪ When to report to law enforcement? ▪ Federal, state, or local law enforcement? ▪ When will law enforcement not get involved (usually)?
  • 14. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Reporting to Law Enforcement ▪ Is it mandatory to report to law enforcement? ▪ State breach notification presume reporting. ▪ DOJ, NIST, FTC (“we’d view that company more favorably than a company that hasn’t”) ▪ US Senate (Yahoo) – when did you report to law enforcement or other government authorities? ▪ Credibility – the “state sponsored” “unprecedented” game.
  • 15. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Reporting to Law Enforcement Benefits of reporting to law enforcement. ▪ Agencies can compel info from 3rd parties. ▪ Can work with foreign counterparts. ▪ Viewed favorably by regulators, shareholders, public. ▪ Can request delay of reporting. ▪ Result in successful prosecution. ▪ Resources, expertise, institutional knowledge, your $$$
  • 16. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Reporting to Law Enforcement Dispelling myths of reporting to law enforcement. ▪ Reporting to law enforcement is not same as disclosing to regulators. ▪ Doesn’t “take over” your operations, not like regulatory enforcement action. ▪ Law enforcement uses discretion, doesn’t tattle on you. ▪ Company is still viewed as the victim. ▪ Use hypotheticals, if needed.
  • 18. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Cyber Insurance – Key Questions • Even know if you have it? • What period does the policy cover? • Are Officers & Directors Covered? • Cover 3rd Party Caused Events? • Social Engineering coverage? • Cover insiders intentional acts (vs. negligent) • Contractual liability? • What is the triggering event? • What types of data are covered? • What kind of incidents are covered? • Acts of war? • Required carrier list for attorneys & experts? • Other similar risks?
  • 19.
  • 20. 10 Key Issues in Cybersecurity Insurance Policies
  • 21. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE 1.What period does the policy cover?
  • 22. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE 2.Will Officers & Directors fall into the gap?
  • 23. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE 3. Does policy exclude liability for injuries arising from breach of contract?
  • 24. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE 4. Does policy cover actions caused by your vendors and contractors?
  • 25. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE 5. Does policy provide excess coverage with a drop-down provision?
  • 26. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE 6. Does policy provide coverage for insiders’ intentional acts – as opposed to negligent acts?
  • 27. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE 7.What is the triggering event for coverage?
  • 28. Data Sources Company Data Workforce Data Customer / Client Data Other Parties’ Data 3rd Party Business Associates’ Data Outsiders’ Data 8.What types of data are covered?
  • 30. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE 10. How are exclusions for “cyber acts of war” and “cyber terrorism” treated?
  • 32. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Contracts • 3rd party liability • Healthcare (BA) • Software license audit • Permissible access & use in policies, BYOD • EULA / TOS Marketing • FTC Act § 5 • SPAM laws • NLRB rules • CDA § 230 • Website audits • IP issues • Acct ownership Privacy • Privacy policies • Privacy & data practices • Destruction policies • Monitoring workforce • Business intelligence Industry Regulation • PCI (Payment Card Industry) • FFIEC (Federal Financial Institution Examination Council) • FINRA (Financial Industry Regulatory Authority) • SIFMA (Securities Industry and Financial Markets Association) What other cyber risks events are covered?
  • 33. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE What coverage do you need, and how much?
  • 34. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Should you agree to using the carrier’s list of attorneys and experts?
  • 36. @Lonestar_Lawyer @shawnetuma @TexasBarCLE #TBCLE Shawn Tuma Scheef & Stone, LLP Frisco, Texas 214.472.2135 shawn.tuma@solidcounsel.com www.solidcounsel.com www.shawnetuma.com (blog) @shawnetuma Elizabeth Rogers Greenberg Traurig, LLP Austin, Texas 512.320.7256 rogersel@gtlaw.com www.gtlaw.com @Lonestar_Lawyer