SlideShare a Scribd company logo

Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and Management, SecureWorld – Dallas Expo (10/28/15)

Shawn Tuma
Shawn Tuma

Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and Management, SecureWorld – Dallas Expo (10/28/15)

1 of 31
Download to read offline
Shawn E. Tuma Cybersecurity Legal Trends Partner, Scheef & Stone, L.L.P.
@shawnetuma #SWDAL15
“There are only two types of companies: those that have been hacked, and those that will be.” –Robert Mueller Odds: Security @100% / Hacker @ 1TargetHome DepotNeiman MarcusMichaelsSpecsTJ MaxeBaySally BeautyPF Chang’sUPSDairy QueenJimmy John’sJP Morgan ChaseKmartStaplesSonyAshley Madison
www.solidcounsel.com Cost of a Data Breach – US 2013 Cost  $188.00 per record  $5.4 million = total average cost paid by organizations 2014 Cost  $201 per record  $5.9 million = total average cost paid by organizations 2015 Cost  $217 per record  $6.5 million = total average cost paid by organizations (Ponemon Institute Cost of Data Breach Studies)
Legal Issues Responding Litigation Regulatory & Administrative Officer & Director Liability
www.solidcounsel.com Responding: Execute Response Plan  Contact attorney (privilege)  Assemble your Response Team  Review insurance & notify carrier  Notify Card Processor  Contact forensics  Contact notification vendor  Investigate breach  Remediate responsible vulnerabilities  Reporting & notification
www.solidcounsel.com Responding: Reporting & Notification  Law Enforcement  State Laws  47 states (Ala, NM, SD)  State Attorneys General  VT (pre-notice w/in 14 days)  MD (pre-notice)  NJ (pre-notice to state police)  Consumers  Fla (w/in 30 days)  OH & VT (45 days)  Federal Agencies  FTC, SEC, HHS, etc.  Industry Groups  PCI, FINRA, etc.  Credit Bureaus  Business Associates  Vendors & Suppliers
Litigation
www.solidcounsel.com Litigation: Business / Real Harm Standing has not been an issue in cases where the harm is readily ascertainable: “Target does not challenge Plaintiffs’ allegations with respect to the elements of causation and damages.” In re Target Corp. Customer Data Sec. Breach Litigation, 64 F.Supp.3d 1304, 1310 (D. Minn. 2014) (Financial Institutions Litigation).
www.solidcounsel.com Litigation: The Good Old Days Fear from the heightened risk of future identity theft or fraud from a data breach does not give legal standing to sue by a party whose data may have been compromised.  “Allegations of future harm can establish Article III standing if that harm is “certainly impending,” but “allegations of possible future injury are not sufficient.” Clapper v. Amnesty Int’l USA, 133 S.Ct. 1138, 1147 (2013).  “[A]llegation of future injury may suffice if the threatened injury is ‘certainly impending’ or there is a ‘substantial risk’ that the harm will occur.” Susan B. Anthony List v. Driehaus, 134 S.Ct. 2334, 2341 (2014).  “Peters has not made the requisite demonstration of injury, traceability and redressability for her alleged injuries.” Peters v. St. Joseph Services, 74 F.Supp.3d 847 (S.D. Tex. Feb. 11, 2015).
www.solidcounsel.com Litigation: Sensing Change? Target’s Proposed Consumer Litigation Settlement (March 19, 2015)  Target pay $10 million to interest-bearing escrow account.  Consumers eligible for up to $10,000, if  Show proof of losses from the data breach (prioritized).  Remaining funds will be disbursed later.
www.solidcounsel.com Litigation: The Tectonic Shift Remijas v. Neiman Marcus Group, LLC, 794 F.3d 688, 693 (7th Cir. 2015).  “The plaintiffs allege that the hackers deliberately targeted Neiman Marcus in order to obtain their credit-card information. . . . [t]here is ‘no need to speculate as to whether [the Neiman Marcus customers’] information has been stolen and what information was taken. . . . there is an ‘objectively reasonable likelihood’ that such an injury will occur.”  “At this stage in the litigation, it is plausible to infer that the plaintiffs have shown a substantial risk of harm from the Neiman Marcus data breach. Why else would hackers break into a store’s database and steal consumers private information? Presumably, the purpose of the hack is, sooner or later, to make fraudulent charges or assume those consumers’ identities.”
www.solidcounsel.com Litigation: The Trends?  Standing  Theft of data v. negligent loss of data?  Target Fin. / Sony / Ashley Madison – the harm?  Overall Litigation Trend  Incrementalism  Who’s gonna get it?  Who has best opportunity to control?
Regulatory & Administrative
www.solidcounsel.com Regulatory Response – SEC January 2014: SEC indicates companies need Policies & Procedures for: 1. Prevention, detection, and response to cyber attacks and data breaches, 2. IT training focused on security, and 3. Third party access to company systems and vendor third party due diligence.
www.solidcounsel.com Regulatory Response – SEC April 2014: Office of Compliance Inspections and Examinations (OCIE) Cybersecurity Initiative  Examine 50 registered broker-dealers and registered investment advisors.  7 page sample cybersecurity doc request.  Detailed cybersecurity questions.  Extensive 3rd party provider questions.
www.solidcounsel.com Regulatory Response – SEC S.E.C. v. R.T. Jones Capital Equities Management, Consent Order (Sept. 22, 2015).  “Firms must adopt written policies to protect their clients’ private information”  “they need to anticipate potential cybersecurity events and  have clear procedures in place rather than waiting to react once a breach occurs.”  violated this “safeguards rule  100,000 records (no reports of harm)  $75,000 penalty
www.solidcounsel.com Regulatory Response – FTC In re GMR Transcription Svcs, Inc., 2014 WL 4252393 (Aug. 14, 2014). FTC’s Order requires business to follow 3 steps when contracting with third party service providers: 1. Investigate before hiring data service providers. 2. Obligate their data service providers to adhere to the appropriate level of data security protections. 3. Verify that the data service providers are complying with obligations (contracts).
www.solidcounsel.com Regulatory & Administrative F.T.C. v. Wyndham Worldwide Corp., 799 F.3d 236 (3rd Cir. Aug. 24, 2015).  The FTC has authority to regulate cybersecurity under the unfairness prong of § 45(a) of the Federal Trade Commission Act.  Companies have fair notice that their specific cybersecurity practices could fall short of that provision.  3 breaches / 619,000 records / $10.6 million in fraud  Rudimentary practices v. 2007 guidebook  Website Privacy Policy misrepresentations
Officer & Director Liability
www.solidcounsel.com Officer & Director Liability “[B]oards that choose to ignore, or minimize, the importance of cybersecurity oversight responsibility, do so at their own peril.” SEC Commissioner Luis A. Aguilar, June 10, 2014.  Derivative Litigation  the wave of the future.  Trend of holding responsible those perceived to be in position of control vis- à-vis those perceived as being the victim.  Heartland Payment Systems, TJ Maxx, Target, Home Depot, Wyndham  Derivative claims are premised on the harm to the company that stem from the data breach, a much different standard than the harm / standing issues that plaintiffs face in consumer data breach litigation.  Derivative plaintiffs rely on Caremark claims that are premised on the officers and directors’ lack of oversight which is a breach of the duty of loyalty and good faith. Companies cannot insulate the officers and directors for a breach of this duty.  Caremark standard: (1) “utterly failed” to implement reporting system or controls; or (2) consciously failed to monitor or oversee system.
www.solidcounsel.com Officer & Director Liability Palkon v. Holmes, 2014 WL 5341880, *5-6 (D. NJ Oct. 20, 2014).  Palkon, a Wyndham shareholder, brought a derivative action against its officers and directors for failing to ensure that Wyndham implemented adequate security policies and procedures.  Included Caremark Claim: “Defendants failed to ensure that the Company and its subsidiaries implemented adequate information security policies and procedures . . . .” (Pl’s Complaint ¶ 4)  Court granted Motion to Dismiss, finding the board satisfied the business judgement rule by staying reasonably informed of the cybersecurity risks and exercising appropriate oversight in the face of the known risks.  The well-documented history of diligence and compliance showed the board had discussed cybersecurity risks, company security policies and proposed security enhancements in 14 quarterly meetings and had implemented some of those cybersecurity measures.
Standard of Care
You will be breached.Will you be liable? It’s not the breach; it’s your diligence that matters most. Companies have a duty to be reasonably informed of and take reasonable measures to protect against cybersecurity risks.
Cyber Risk Assessment Strategic Planning Deploy Defense Assets Develop, Implement &Train on P&P Tabletop Testing Reassess & Refine
Parting Thought
ShawnTuma Partner, Scheef & Stone, L.L.P. 214.472.2135 shawn.tuma@solidcounsel.com @shawnetuma blog: shawnetuma.com web: solidcounsel.com This information provided is for educational purposes only, does not constitute legal advice, and no attorney-client relationship is created by this presentation. ShawnTuma is a cyber lawyer business leaders trust to help solve problems with cutting-edge issues involving cybersecurity, data privacy, computer fraud, intellectual property, and social media law. He is a partner at Scheef & Stone, LLP, a full service commercial law firm inTexas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.  Texas SuperLawyers 2015  Best Lawyers in Dallas 2014 & 2015, D Magazine (Digital Information Law)  Council,Computer &Technology Section, State Bar ofTexas  Chair, Civil Litigation & Appellate Section,CollinCounty BarAssociation  College of the State Bar ofTexas  Privacy and Data Security Committee, Litigation, Intellectual Property Law, and BusinessSections of the State Bar ofTexas  Information SecurityCommittee of the Section on Science &Technology Committee of theAmerican BarAssociation  NorthTexasCrime Commission,Cybercrime Committee  Infragard (FBI)  InternationalAssociation of Privacy Professionals (IAPP)  Information Systems SecurityAssociation (ISSA)  Board of Advisors,Optiv Security  Contributor, Norse DarkMatters Security Blog  Editor, BusinessCyber Risk Law Blog

Recommended

Cybersecurity & Data Protection: What the GC & CEO Need to Know
Cybersecurity & Data Protection: What the GC & CEO Need to KnowCybersecurity & Data Protection: What the GC & CEO Need to Know
Cybersecurity & Data Protection: What the GC & CEO Need to Know
Shawn Tuma
 
Cybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The ConvergenceCybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The Convergence
Shawn Tuma
 
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Shawn Tuma
 
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Shawn Tuma
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Shawn Tuma
 
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsCybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
Shawn Tuma
 
Government Notification of Data Breach
Government Notification of Data BreachGovernment Notification of Data Breach
Government Notification of Data Breach
Shawn Tuma
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Shawn Tuma
 

Recommended

Cybersecurity & Data Protection: What the GC & CEO Need to Know
Cybersecurity & Data Protection: What the GC & CEO Need to KnowCybersecurity & Data Protection: What the GC & CEO Need to Know
Cybersecurity & Data Protection: What the GC & CEO Need to Know
Shawn Tuma
 
Cybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The ConvergenceCybersecurity & Computer Fraud - The Convergence
Cybersecurity & Computer Fraud - The Convergence
Shawn Tuma
 
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Shawn Tuma
 
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Shawn Tuma
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Shawn Tuma
 
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsCybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
Shawn Tuma
 
Government Notification of Data Breach
Government Notification of Data BreachGovernment Notification of Data Breach
Government Notification of Data Breach
Shawn Tuma
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Shawn Tuma
 
The Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityThe Changing Landscape of Cyber Liability
The Changing Landscape of Cyber Liability
Rachel Hamilton
 
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
Shawn Tuma
 
Hot Topics in Data Breach Litigation
Hot Topics in Data Breach LitigationHot Topics in Data Breach Litigation
Hot Topics in Data Breach Litigation
Bradley Arant Boult Cummings LLP
 
Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to Know
Shawn Tuma
 
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
Robert Craig
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity EssayMichael Solomon
 
Data Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident SimulationData Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident Simulation
Bradley Arant Boult Cummings LLP
 
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Wendy Knox Everette
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
spencerharry
 
BEA Presentation
BEA PresentationBEA Presentation
BEA PresentationGlenn E. Davis
 
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Shawn Tuma
 
Cloud Security Law Issues--an Overview
Cloud Security Law Issues--an OverviewCloud Security Law Issues--an Overview
Cloud Security Law Issues--an Overview
Michael C. Keeling, Esq.
 
MA Privacy Law
MA Privacy LawMA Privacy Law
MA Privacy Lawtravismd
 
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousEthan S. Burger
 
Digital Information Law & Your Business - The Alternative Board
Digital Information Law & Your Business - The Alternative BoardDigital Information Law & Your Business - The Alternative Board
Digital Information Law & Your Business - The Alternative Board
Shawn Tuma
 
Cyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach ResponseCyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach Response
Shawn Tuma
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber Insurance
HB Litigation Conferences
 
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Shawn Tuma
 
employee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityemployee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityPaul Ferrillo
 
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Shawn Tuma
 
Cybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowCybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to Know
Shawn Tuma
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
Todd Ruback
 

More Related Content

What's hot

The Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityThe Changing Landscape of Cyber Liability
The Changing Landscape of Cyber Liability
Rachel Hamilton
 
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
Shawn Tuma
 
Hot Topics in Data Breach Litigation
Hot Topics in Data Breach LitigationHot Topics in Data Breach Litigation
Hot Topics in Data Breach Litigation
Bradley Arant Boult Cummings LLP
 
Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to Know
Shawn Tuma
 
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
Robert Craig
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity EssayMichael Solomon
 
Data Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident SimulationData Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident Simulation
Bradley Arant Boult Cummings LLP
 
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Wendy Knox Everette
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
spencerharry
 
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Shawn Tuma
 
Cloud Security Law Issues--an Overview
Cloud Security Law Issues--an OverviewCloud Security Law Issues--an Overview
Cloud Security Law Issues--an Overview
Michael C. Keeling, Esq.
 
MA Privacy Law
MA Privacy LawMA Privacy Law
MA Privacy Lawtravismd
 
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousEthan S. Burger
 
Digital Information Law & Your Business - The Alternative Board
Digital Information Law & Your Business - The Alternative BoardDigital Information Law & Your Business - The Alternative Board
Digital Information Law & Your Business - The Alternative Board
Shawn Tuma
 
Cyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach ResponseCyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach Response
Shawn Tuma
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber Insurance
HB Litigation Conferences
 
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Shawn Tuma
 
employee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityemployee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityPaul Ferrillo
 
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Shawn Tuma
 

What's hot (20)

The Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityThe Changing Landscape of Cyber Liability
The Changing Landscape of Cyber Liability
 
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
 
Hot Topics in Data Breach Litigation
Hot Topics in Data Breach LitigationHot Topics in Data Breach Litigation
Hot Topics in Data Breach Litigation
 
Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to Know
 
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity Essay
 
Data Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident SimulationData Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident Simulation
 
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
 
BEA Presentation
BEA PresentationBEA Presentation
BEA Presentation
 
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
 
Cloud Security Law Issues--an Overview
Cloud Security Law Issues--an OverviewCloud Security Law Issues--an Overview
Cloud Security Law Issues--an Overview
 
MA Privacy Law
MA Privacy LawMA Privacy Law
MA Privacy Law
 
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
 
Digital Information Law & Your Business - The Alternative Board
Digital Information Law & Your Business - The Alternative BoardDigital Information Law & Your Business - The Alternative Board
Digital Information Law & Your Business - The Alternative Board
 
Cyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach ResponseCyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach Response
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber Insurance
 
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
 
employee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityemployee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurity
 
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
 

Similar to Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and Management, SecureWorld – Dallas Expo (10/28/15)

Cybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowCybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to Know
Shawn Tuma
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
Todd Ruback
 
Data Security and Privacy by Contract: Hacking Us All Into Business Associate...
Data Security and Privacy by Contract: Hacking Us All Into Business Associate...Data Security and Privacy by Contract: Hacking Us All Into Business Associate...
Data Security and Privacy by Contract: Hacking Us All Into Business Associate...
Shawn Tuma
 
Legal Issues Impacting Data Center Owners, Operators & Users
Legal Issues Impacting Data Center Owners, Operators & UsersLegal Issues Impacting Data Center Owners, Operators & Users
Legal Issues Impacting Data Center Owners, Operators & Users
jyates
 
Legal Issues Impacting Data Center Owners, Operators and Users
Legal Issues Impacting Data Center Owners, Operators and UsersLegal Issues Impacting Data Center Owners, Operators and Users
Legal Issues Impacting Data Center Owners, Operators and UsersMMMTechLaw
 
Cybersecurity: What Defense Lawyers Need to Know about Cyberliability, Cyberc...
Cybersecurity: What Defense Lawyers Need to Know about Cyberliability, Cyberc...Cybersecurity: What Defense Lawyers Need to Know about Cyberliability, Cyberc...
Cybersecurity: What Defense Lawyers Need to Know about Cyberliability, Cyberc...
Shawn Tuma
 
Legal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the BreachLegal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the Breach
Dawn Yankeelov
 
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsCyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Shawn Tuma
 
Protecting Consumer Information: Can a Breach be Prevented?
Protecting Consumer Information: Can a Breach be Prevented?Protecting Consumer Information: Can a Breach be Prevented?
Protecting Consumer Information: Can a Breach be Prevented?
- Mark - Fullbright
 
Cyber Claims Insight
Cyber Claims InsightCyber Claims Insight
Cyber Claims Insight
Graeme Cross
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1
Michael C. Keeling, Esq.
 
2015 LOMA Conference - Third party risk management - Session 20
2015 LOMA Conference - Third party risk management - Session 202015 LOMA Conference - Third party risk management - Session 20
2015 LOMA Conference - Third party risk management - Session 20
Marc S. Sokol
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006
JNicholson
 
George Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarGeorge Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarDon Grauel
 
Legal issues of domain names & trademarks
Legal issues of domain names & trademarksLegal issues of domain names & trademarks
Legal issues of domain names & trademarks
Matt Siltala
 
Cyber Claims Brief Summer 2016
Cyber Claims Brief Summer 2016Cyber Claims Brief Summer 2016
Cyber Claims Brief Summer 2016Anthony Rapa
 
Responding to a Company-Wide PII Data Breach
Responding to a Company-Wide PII Data BreachResponding to a Company-Wide PII Data Breach
Responding to a Company-Wide PII Data Breach
CBIZ, Inc.
 
Cyber security legal and regulatory environment - Executive Discussion
Cyber security legal and regulatory environment - Executive DiscussionCyber security legal and regulatory environment - Executive Discussion
Cyber security legal and regulatory environment - Executive Discussion
Joe Nathans
 

Similar to Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and Management, SecureWorld – Dallas Expo (10/28/15) (20)

Cybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowCybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to Know
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
 
Data Security and Privacy by Contract: Hacking Us All Into Business Associate...
Data Security and Privacy by Contract: Hacking Us All Into Business Associate...Data Security and Privacy by Contract: Hacking Us All Into Business Associate...
Data Security and Privacy by Contract: Hacking Us All Into Business Associate...
 
Legal Issues Impacting Data Center Owners, Operators & Users
Legal Issues Impacting Data Center Owners, Operators & UsersLegal Issues Impacting Data Center Owners, Operators & Users
Legal Issues Impacting Data Center Owners, Operators & Users
 
Legal Issues Impacting Data Center Owners, Operators and Users
Legal Issues Impacting Data Center Owners, Operators and UsersLegal Issues Impacting Data Center Owners, Operators and Users
Legal Issues Impacting Data Center Owners, Operators and Users
 
Cybersecurity: What Defense Lawyers Need to Know about Cyberliability, Cyberc...
Cybersecurity: What Defense Lawyers Need to Know about Cyberliability, Cyberc...Cybersecurity: What Defense Lawyers Need to Know about Cyberliability, Cyberc...
Cybersecurity: What Defense Lawyers Need to Know about Cyberliability, Cyberc...
 
Legal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the BreachLegal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the Breach
 
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsCyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
 
Protecting Consumer Information: Can a Breach be Prevented?
Protecting Consumer Information: Can a Breach be Prevented?Protecting Consumer Information: Can a Breach be Prevented?
Protecting Consumer Information: Can a Breach be Prevented?
 
Cyber Claims Insight
Cyber Claims InsightCyber Claims Insight
Cyber Claims Insight
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1
 
2015 LOMA Conference - Third party risk management - Session 20
2015 LOMA Conference - Third party risk management - Session 202015 LOMA Conference - Third party risk management - Session 20
2015 LOMA Conference - Third party risk management - Session 20
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006
 
Data breaches at home and abroad
Data breaches at home and abroad Data breaches at home and abroad
Data breaches at home and abroad
 
George Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarGeorge Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler Seminar
 
Legal issues of domain names & trademarks
Legal issues of domain names & trademarksLegal issues of domain names & trademarks
Legal issues of domain names & trademarks
 
Cyber Claims Brief Summer 2016
Cyber Claims Brief Summer 2016Cyber Claims Brief Summer 2016
Cyber Claims Brief Summer 2016
 
Responding to a Company-Wide PII Data Breach
Responding to a Company-Wide PII Data BreachResponding to a Company-Wide PII Data Breach
Responding to a Company-Wide PII Data Breach
 
Cyber security legal and regulatory environment - Executive Discussion
Cyber security legal and regulatory environment - Executive DiscussionCyber security legal and regulatory environment - Executive Discussion
Cyber security legal and regulatory environment - Executive Discussion
 
Insurance Fraud Whitepaper
Insurance Fraud WhitepaperInsurance Fraud Whitepaper
Insurance Fraud Whitepaper
 

More from Shawn Tuma

Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Shawn Tuma
 
The Dark Side of Digital Engagement
The Dark Side of Digital EngagementThe Dark Side of Digital Engagement
The Dark Side of Digital Engagement
Shawn Tuma
 
Incident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware AttackIncident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware Attack
Shawn Tuma
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Shawn Tuma
 
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Shawn Tuma
 
The Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data BreachThe Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data Breach
Shawn Tuma
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Shawn Tuma
 
Lawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for CybersecurityLawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for Cybersecurity
Shawn Tuma
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Shawn Tuma
 
Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.
Shawn Tuma
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should Include
Shawn Tuma
 
Cyber Hygiene Checklist
Cyber Hygiene ChecklistCyber Hygiene Checklist
Cyber Hygiene Checklist
Shawn Tuma
 
Cyber Incident Response Checklist
Cyber Incident Response ChecklistCyber Incident Response Checklist
Cyber Incident Response Checklist
Shawn Tuma
 
Cybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and ClientsCybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and Clients
Shawn Tuma
 
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Shawn Tuma
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Shawn Tuma
 
Something is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid ThemSomething is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid Them
Shawn Tuma
 
Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)
Shawn Tuma
 
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
Shawn Tuma
 
Cybersecurity Update
Cybersecurity UpdateCybersecurity Update
Cybersecurity Update
Shawn Tuma
 

More from Shawn Tuma (20)

Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
 
The Dark Side of Digital Engagement
The Dark Side of Digital EngagementThe Dark Side of Digital Engagement
The Dark Side of Digital Engagement
 
Incident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware AttackIncident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware Attack
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
 
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
 
The Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data BreachThe Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data Breach
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
 
Lawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for CybersecurityLawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for Cybersecurity
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
 
Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should Include
 
Cyber Hygiene Checklist
Cyber Hygiene ChecklistCyber Hygiene Checklist
Cyber Hygiene Checklist
 
Cyber Incident Response Checklist
Cyber Incident Response ChecklistCyber Incident Response Checklist
Cyber Incident Response Checklist
 
Cybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and ClientsCybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and Clients
 
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
 
Something is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid ThemSomething is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid Them
 
Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)
 
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
 
Cybersecurity Update
Cybersecurity UpdateCybersecurity Update
Cybersecurity Update
 

Recently uploaded

ALL EYES ON RAFAH BUT WHY Explain more.pdf
ALL EYES ON RAFAH BUT WHY Explain more.pdfALL EYES ON RAFAH BUT WHY Explain more.pdf
ALL EYES ON RAFAH BUT WHY Explain more.pdf
46adnanshahzad
 
new victimology of indonesian law. Pptx.
new victimology of indonesian law. Pptx.new victimology of indonesian law. Pptx.
new victimology of indonesian law. Pptx.
niputusriwidiasih
 
VIETNAM - DIRECT POWER PURCHASE AGREEMENTS (DPPA) - Latest development - What...
VIETNAM - DIRECT POWER PURCHASE AGREEMENTS (DPPA) - Latest development - What...VIETNAM - DIRECT POWER PURCHASE AGREEMENTS (DPPA) - Latest development - What...
VIETNAM - DIRECT POWER PURCHASE AGREEMENTS (DPPA) - Latest development - What...
Dr. Oliver Massmann
 
VAWA - Violence Against Women Act Presentation
VAWA - Violence Against Women Act PresentationVAWA - Violence Against Women Act Presentation
VAWA - Violence Against Women Act Presentation
FernandoSimesBlanco1
 
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
9ib5wiwt
 
Roles of a Bankruptcy Lawyer John Cavitt
Roles of a Bankruptcy Lawyer John CavittRoles of a Bankruptcy Lawyer John Cavitt
Roles of a Bankruptcy Lawyer John Cavitt
johncavitthouston
 
1比1制作(swansea毕业证书)英国斯旺西大学毕业证学位证书托业成绩单原版一模一样
1比1制作(swansea毕业证书)英国斯旺西大学毕业证学位证书托业成绩单原版一模一样1比1制作(swansea毕业证书)英国斯旺西大学毕业证学位证书托业成绩单原版一模一样
1比1制作(swansea毕业证书)英国斯旺西大学毕业证学位证书托业成绩单原版一模一样
9ib5wiwt
 
Abdul Hakim Shabazz Deposition Hearing in Federal Court
Abdul Hakim Shabazz Deposition Hearing in Federal CourtAbdul Hakim Shabazz Deposition Hearing in Federal Court
Abdul Hakim Shabazz Deposition Hearing in Federal Court
Gabe Whitley
 
Bharatiya Nagarik Suraksha Sanhita power.pptx
Bharatiya Nagarik Suraksha Sanhita power.pptxBharatiya Nagarik Suraksha Sanhita power.pptx
Bharatiya Nagarik Suraksha Sanhita power.pptx
ShivkumarIyer18
 
EMPLOYMENT LAW AN OVERVIEW in Malawi.pptx
EMPLOYMENT LAW AN OVERVIEW in Malawi.pptxEMPLOYMENT LAW AN OVERVIEW in Malawi.pptx
EMPLOYMENT LAW AN OVERVIEW in Malawi.pptx
MwaiMapemba
 
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdfXYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
bhavenpr
 
The Reserve Bank of India Act, 1934.pptx
The Reserve Bank of India Act, 1934.pptxThe Reserve Bank of India Act, 1934.pptx
The Reserve Bank of India Act, 1934.pptx
nehatalele22st
 
Rokita Releases Soccer Stadium Legal Opinion
Rokita Releases Soccer Stadium Legal OpinionRokita Releases Soccer Stadium Legal Opinion
Rokita Releases Soccer Stadium Legal Opinion
Abdul-Hakim Shabazz
 
办理(waikato毕业证书)新西兰怀卡托大学毕业证双学位证书原版一模一样
办理(waikato毕业证书)新西兰怀卡托大学毕业证双学位证书原版一模一样办理(waikato毕业证书)新西兰怀卡托大学毕业证双学位证书原版一模一样
办理(waikato毕业证书)新西兰怀卡托大学毕业证双学位证书原版一模一样
9ib5wiwt
 
Highlights_of_Bhartiya_Nyaya_Sanhita.pptx
Highlights_of_Bhartiya_Nyaya_Sanhita.pptxHighlights_of_Bhartiya_Nyaya_Sanhita.pptx
Highlights_of_Bhartiya_Nyaya_Sanhita.pptx
anjalidixit21
 
Agrarian Reform Policies in the Philippines: a quiz
Agrarian Reform Policies in the Philippines: a quizAgrarian Reform Policies in the Philippines: a quiz
Agrarian Reform Policies in the Philippines: a quiz
gaelcabigunda
 
Military Commissions details LtCol Thomas Jasper as Detailed Defense Counsel
Military Commissions details LtCol Thomas Jasper as Detailed Defense CounselMilitary Commissions details LtCol Thomas Jasper as Detailed Defense Counsel
Military Commissions details LtCol Thomas Jasper as Detailed Defense Counsel
Thomas (Tom) Jasper
 
Daftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdf
Daftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdfDaftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdf
Daftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdf
akbarrasyid3
 
Business and Corporate Case Update (2024)
Business and Corporate Case Update (2024)Business and Corporate Case Update (2024)
Business and Corporate Case Update (2024)
Wendy Couture
 
WINDING UP of COMPANY, Modes of Dissolution
WINDING UP of COMPANY, Modes of DissolutionWINDING UP of COMPANY, Modes of Dissolution
WINDING UP of COMPANY, Modes of Dissolution
KHURRAMWALI
 

Recently uploaded (20)

ALL EYES ON RAFAH BUT WHY Explain more.pdf
ALL EYES ON RAFAH BUT WHY Explain more.pdfALL EYES ON RAFAH BUT WHY Explain more.pdf
ALL EYES ON RAFAH BUT WHY Explain more.pdf
 
new victimology of indonesian law. Pptx.
new victimology of indonesian law. Pptx.new victimology of indonesian law. Pptx.
new victimology of indonesian law. Pptx.
 
VIETNAM - DIRECT POWER PURCHASE AGREEMENTS (DPPA) - Latest development - What...
VIETNAM - DIRECT POWER PURCHASE AGREEMENTS (DPPA) - Latest development - What...VIETNAM - DIRECT POWER PURCHASE AGREEMENTS (DPPA) - Latest development - What...
VIETNAM - DIRECT POWER PURCHASE AGREEMENTS (DPPA) - Latest development - What...
 
VAWA - Violence Against Women Act Presentation
VAWA - Violence Against Women Act PresentationVAWA - Violence Against Women Act Presentation
VAWA - Violence Against Women Act Presentation
 
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
 
Roles of a Bankruptcy Lawyer John Cavitt
Roles of a Bankruptcy Lawyer John CavittRoles of a Bankruptcy Lawyer John Cavitt
Roles of a Bankruptcy Lawyer John Cavitt
 
1比1制作(swansea毕业证书)英国斯旺西大学毕业证学位证书托业成绩单原版一模一样
1比1制作(swansea毕业证书)英国斯旺西大学毕业证学位证书托业成绩单原版一模一样1比1制作(swansea毕业证书)英国斯旺西大学毕业证学位证书托业成绩单原版一模一样
1比1制作(swansea毕业证书)英国斯旺西大学毕业证学位证书托业成绩单原版一模一样
 
Abdul Hakim Shabazz Deposition Hearing in Federal Court
Abdul Hakim Shabazz Deposition Hearing in Federal CourtAbdul Hakim Shabazz Deposition Hearing in Federal Court
Abdul Hakim Shabazz Deposition Hearing in Federal Court
 
Bharatiya Nagarik Suraksha Sanhita power.pptx
Bharatiya Nagarik Suraksha Sanhita power.pptxBharatiya Nagarik Suraksha Sanhita power.pptx
Bharatiya Nagarik Suraksha Sanhita power.pptx
 
EMPLOYMENT LAW AN OVERVIEW in Malawi.pptx
EMPLOYMENT LAW AN OVERVIEW in Malawi.pptxEMPLOYMENT LAW AN OVERVIEW in Malawi.pptx
EMPLOYMENT LAW AN OVERVIEW in Malawi.pptx
 
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdfXYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
 
The Reserve Bank of India Act, 1934.pptx
The Reserve Bank of India Act, 1934.pptxThe Reserve Bank of India Act, 1934.pptx
The Reserve Bank of India Act, 1934.pptx
 
Rokita Releases Soccer Stadium Legal Opinion
Rokita Releases Soccer Stadium Legal OpinionRokita Releases Soccer Stadium Legal Opinion
Rokita Releases Soccer Stadium Legal Opinion
 
办理(waikato毕业证书)新西兰怀卡托大学毕业证双学位证书原版一模一样
办理(waikato毕业证书)新西兰怀卡托大学毕业证双学位证书原版一模一样办理(waikato毕业证书)新西兰怀卡托大学毕业证双学位证书原版一模一样
办理(waikato毕业证书)新西兰怀卡托大学毕业证双学位证书原版一模一样
 
Highlights_of_Bhartiya_Nyaya_Sanhita.pptx
Highlights_of_Bhartiya_Nyaya_Sanhita.pptxHighlights_of_Bhartiya_Nyaya_Sanhita.pptx
Highlights_of_Bhartiya_Nyaya_Sanhita.pptx
 
Agrarian Reform Policies in the Philippines: a quiz
Agrarian Reform Policies in the Philippines: a quizAgrarian Reform Policies in the Philippines: a quiz
Agrarian Reform Policies in the Philippines: a quiz
 
Military Commissions details LtCol Thomas Jasper as Detailed Defense Counsel
Military Commissions details LtCol Thomas Jasper as Detailed Defense CounselMilitary Commissions details LtCol Thomas Jasper as Detailed Defense Counsel
Military Commissions details LtCol Thomas Jasper as Detailed Defense Counsel
 
Daftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdf
Daftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdfDaftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdf
Daftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdf
 
Business and Corporate Case Update (2024)
Business and Corporate Case Update (2024)Business and Corporate Case Update (2024)
Business and Corporate Case Update (2024)
 
WINDING UP of COMPANY, Modes of Dissolution
WINDING UP of COMPANY, Modes of DissolutionWINDING UP of COMPANY, Modes of Dissolution
WINDING UP of COMPANY, Modes of Dissolution
 

Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and Management, SecureWorld – Dallas Expo (10/28/15)

  • 1. Shawn E. Tuma Cybersecurity Legal Trends Partner, Scheef & Stone, L.L.P.
  • 3. “There are only two types of companies: those that have been hacked, and those that will be.” –Robert Mueller Odds: Security @100% / Hacker @ 1TargetHome DepotNeiman MarcusMichaelsSpecsTJ MaxeBaySally BeautyPF Chang’sUPSDairy QueenJimmy John’sJP Morgan ChaseKmartStaplesSonyAshley Madison
  • 4.
  • 5.
  • 6. www.solidcounsel.com Cost of a Data Breach – US 2013 Cost  $188.00 per record  $5.4 million = total average cost paid by organizations 2014 Cost  $201 per record  $5.9 million = total average cost paid by organizations 2015 Cost  $217 per record  $6.5 million = total average cost paid by organizations (Ponemon Institute Cost of Data Breach Studies)
  • 8. www.solidcounsel.com Responding: Execute Response Plan  Contact attorney (privilege)  Assemble your Response Team  Review insurance & notify carrier  Notify Card Processor  Contact forensics  Contact notification vendor  Investigate breach  Remediate responsible vulnerabilities  Reporting & notification
  • 9. www.solidcounsel.com Responding: Reporting & Notification  Law Enforcement  State Laws  47 states (Ala, NM, SD)  State Attorneys General  VT (pre-notice w/in 14 days)  MD (pre-notice)  NJ (pre-notice to state police)  Consumers  Fla (w/in 30 days)  OH & VT (45 days)  Federal Agencies  FTC, SEC, HHS, etc.  Industry Groups  PCI, FINRA, etc.  Credit Bureaus  Business Associates  Vendors & Suppliers
  • 11. www.solidcounsel.com Litigation: Business / Real Harm Standing has not been an issue in cases where the harm is readily ascertainable: “Target does not challenge Plaintiffs’ allegations with respect to the elements of causation and damages.” In re Target Corp. Customer Data Sec. Breach Litigation, 64 F.Supp.3d 1304, 1310 (D. Minn. 2014) (Financial Institutions Litigation).
  • 12. www.solidcounsel.com Litigation: The Good Old Days Fear from the heightened risk of future identity theft or fraud from a data breach does not give legal standing to sue by a party whose data may have been compromised.  “Allegations of future harm can establish Article III standing if that harm is “certainly impending,” but “allegations of possible future injury are not sufficient.” Clapper v. Amnesty Int’l USA, 133 S.Ct. 1138, 1147 (2013).  “[A]llegation of future injury may suffice if the threatened injury is ‘certainly impending’ or there is a ‘substantial risk’ that the harm will occur.” Susan B. Anthony List v. Driehaus, 134 S.Ct. 2334, 2341 (2014).  “Peters has not made the requisite demonstration of injury, traceability and redressability for her alleged injuries.” Peters v. St. Joseph Services, 74 F.Supp.3d 847 (S.D. Tex. Feb. 11, 2015).
  • 13. www.solidcounsel.com Litigation: Sensing Change? Target’s Proposed Consumer Litigation Settlement (March 19, 2015)  Target pay $10 million to interest-bearing escrow account.  Consumers eligible for up to $10,000, if  Show proof of losses from the data breach (prioritized).  Remaining funds will be disbursed later.
  • 14. www.solidcounsel.com Litigation: The Tectonic Shift Remijas v. Neiman Marcus Group, LLC, 794 F.3d 688, 693 (7th Cir. 2015).  “The plaintiffs allege that the hackers deliberately targeted Neiman Marcus in order to obtain their credit-card information. . . . [t]here is ‘no need to speculate as to whether [the Neiman Marcus customers’] information has been stolen and what information was taken. . . . there is an ‘objectively reasonable likelihood’ that such an injury will occur.”  “At this stage in the litigation, it is plausible to infer that the plaintiffs have shown a substantial risk of harm from the Neiman Marcus data breach. Why else would hackers break into a store’s database and steal consumers private information? Presumably, the purpose of the hack is, sooner or later, to make fraudulent charges or assume those consumers’ identities.”
  • 15. www.solidcounsel.com Litigation: The Trends?  Standing  Theft of data v. negligent loss of data?  Target Fin. / Sony / Ashley Madison – the harm?  Overall Litigation Trend  Incrementalism  Who’s gonna get it?  Who has best opportunity to control?
  • 17.
  • 18. www.solidcounsel.com Regulatory Response – SEC January 2014: SEC indicates companies need Policies & Procedures for: 1. Prevention, detection, and response to cyber attacks and data breaches, 2. IT training focused on security, and 3. Third party access to company systems and vendor third party due diligence.
  • 19. www.solidcounsel.com Regulatory Response – SEC April 2014: Office of Compliance Inspections and Examinations (OCIE) Cybersecurity Initiative  Examine 50 registered broker-dealers and registered investment advisors.  7 page sample cybersecurity doc request.  Detailed cybersecurity questions.  Extensive 3rd party provider questions.
  • 20. www.solidcounsel.com Regulatory Response – SEC S.E.C. v. R.T. Jones Capital Equities Management, Consent Order (Sept. 22, 2015).  “Firms must adopt written policies to protect their clients’ private information”  “they need to anticipate potential cybersecurity events and  have clear procedures in place rather than waiting to react once a breach occurs.”  violated this “safeguards rule  100,000 records (no reports of harm)  $75,000 penalty
  • 21.
  • 22. www.solidcounsel.com Regulatory Response – FTC In re GMR Transcription Svcs, Inc., 2014 WL 4252393 (Aug. 14, 2014). FTC’s Order requires business to follow 3 steps when contracting with third party service providers: 1. Investigate before hiring data service providers. 2. Obligate their data service providers to adhere to the appropriate level of data security protections. 3. Verify that the data service providers are complying with obligations (contracts).
  • 23. www.solidcounsel.com Regulatory & Administrative F.T.C. v. Wyndham Worldwide Corp., 799 F.3d 236 (3rd Cir. Aug. 24, 2015).  The FTC has authority to regulate cybersecurity under the unfairness prong of § 45(a) of the Federal Trade Commission Act.  Companies have fair notice that their specific cybersecurity practices could fall short of that provision.  3 breaches / 619,000 records / $10.6 million in fraud  Rudimentary practices v. 2007 guidebook  Website Privacy Policy misrepresentations
  • 24. Officer & Director Liability
  • 25. www.solidcounsel.com Officer & Director Liability “[B]oards that choose to ignore, or minimize, the importance of cybersecurity oversight responsibility, do so at their own peril.” SEC Commissioner Luis A. Aguilar, June 10, 2014.  Derivative Litigation  the wave of the future.  Trend of holding responsible those perceived to be in position of control vis- à-vis those perceived as being the victim.  Heartland Payment Systems, TJ Maxx, Target, Home Depot, Wyndham  Derivative claims are premised on the harm to the company that stem from the data breach, a much different standard than the harm / standing issues that plaintiffs face in consumer data breach litigation.  Derivative plaintiffs rely on Caremark claims that are premised on the officers and directors’ lack of oversight which is a breach of the duty of loyalty and good faith. Companies cannot insulate the officers and directors for a breach of this duty.  Caremark standard: (1) “utterly failed” to implement reporting system or controls; or (2) consciously failed to monitor or oversee system.
  • 26. www.solidcounsel.com Officer & Director Liability Palkon v. Holmes, 2014 WL 5341880, *5-6 (D. NJ Oct. 20, 2014).  Palkon, a Wyndham shareholder, brought a derivative action against its officers and directors for failing to ensure that Wyndham implemented adequate security policies and procedures.  Included Caremark Claim: “Defendants failed to ensure that the Company and its subsidiaries implemented adequate information security policies and procedures . . . .” (Pl’s Complaint ¶ 4)  Court granted Motion to Dismiss, finding the board satisfied the business judgement rule by staying reasonably informed of the cybersecurity risks and exercising appropriate oversight in the face of the known risks.  The well-documented history of diligence and compliance showed the board had discussed cybersecurity risks, company security policies and proposed security enhancements in 14 quarterly meetings and had implemented some of those cybersecurity measures.
  • 28. You will be breached.Will you be liable? It’s not the breach; it’s your diligence that matters most. Companies have a duty to be reasonably informed of and take reasonable measures to protect against cybersecurity risks.
  • 31. ShawnTuma Partner, Scheef & Stone, L.L.P. 214.472.2135 shawn.tuma@solidcounsel.com @shawnetuma blog: shawnetuma.com web: solidcounsel.com This information provided is for educational purposes only, does not constitute legal advice, and no attorney-client relationship is created by this presentation. ShawnTuma is a cyber lawyer business leaders trust to help solve problems with cutting-edge issues involving cybersecurity, data privacy, computer fraud, intellectual property, and social media law. He is a partner at Scheef & Stone, LLP, a full service commercial law firm inTexas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.  Texas SuperLawyers 2015  Best Lawyers in Dallas 2014 & 2015, D Magazine (Digital Information Law)  Council,Computer &Technology Section, State Bar ofTexas  Chair, Civil Litigation & Appellate Section,CollinCounty BarAssociation  College of the State Bar ofTexas  Privacy and Data Security Committee, Litigation, Intellectual Property Law, and BusinessSections of the State Bar ofTexas  Information SecurityCommittee of the Section on Science &Technology Committee of theAmerican BarAssociation  NorthTexasCrime Commission,Cybercrime Committee  Infragard (FBI)  InternationalAssociation of Privacy Professionals (IAPP)  Information Systems SecurityAssociation (ISSA)  Board of Advisors,Optiv Security  Contributor, Norse DarkMatters Security Blog  Editor, BusinessCyber Risk Law Blog