SlideShare a Scribd company logo
GOOD. SMART.BUSINESS. PROFIT.
TM
Cybersecurity: Managing Risk Around New Data
Threats
January 8, 2014
www.paulhastings.com ©2013 Paul Hastings LLP
Chelsie Chmela
Events Manager
Chelsie.Chmela@ethisphere.com
703.960.2360
We encourage you to engage during the Q&A portion of today’s webcast by
using the “Submit Question” button located within your viewing experience.
HOST
QUESTIONS
MATERIALS Included in your registration:
• Event recording and deck: West LegalEdcenter provides on-demand event
access for 180 days or until the end of your subscription, if sooner
The opinions expressed in this presentation are those of the panelist and do not reflect the
opinions, practices or policies of the panelists' respective employers, nor do they constitute
legal advice.
3
Edward R. McNicholas
Co-Chair, Privacy, Data Security, and Information Law
practice, Sidley Austin LLP
Leslie Thornton
Vice President & General Counsel, WGL Holdings, Inc.
& Washington Gas Light Company
Jeffrey C. Sharer
Partner, Sidley Austin LLP
SPEAKING TODAY
Speaker: Edward R. McNicholas
EDWARD R. MCNICHOLAS is a global coordinator of Sidley’s Privacy, Data Security, and Information
Law practice. His practice focused on clients facing complex information technology, constitutional and
privacy issues in civil and white-collar criminal matters. Ed has significant experience with a wide-range
of complex Internet and information law matters involving privacy and data protection, electronic
surveillance, cybersecurity, cloud computing, trade secrets, online advertising, “big data” and national
security. Examples of his matters include:
– a constitutional challenge to portions of the HIPAA final rules (Adheris v. Sebelius, (D.D.C.
2013)),
– a consumer class action challenging Internet advertising cookie techniques (In re: Google Inc.
Cookie Placement Consumer Privacy Litigation, MDL No. 2358 (D. Del. 2012-13)),
– defense of a telecommunications carrier against alleged participation in NSA surveillance (In
re National Security Agency Telecommunications Records Litigation, MDL 1791 (N.D.Cal. and
9th Cir. 2006-12)), and
– briefing in more than a dozen cases before the U.S. Supreme Court.
His practice has been recognized by numerous rankings including Chambers USA (since 2008),
Chambers Global (since 2011), and the US Legal 500.
Prior to joining Sidley, Mr. McNicholas served as an Associate Counsel to President Clinton. In that
capacity, he advised senior White House staff regarding various Independent Counsel, congressional
and grand jury investigations. Mr. McNicholas received his J.D. (cum laude) from Harvard Law School,
where he was an editor of the Harvard Law Review. He received his A.B. (summa cum laude) from
Princeton University, and served as a clerk for the Honorable Paul Niemeyer on the U.S. Court of
Appeals for the Fourth Circuit.
5
Speaker: Leslie Thornton
Leslie Thornton has been Vice President and General Counsel of WGL Holdings, Inc. and
Washington Gas Light Company since January 1, 2012, having joined the company as
Counsel to the Chairman in November 2011. Prior to joining the company, Ms. Thornton
served as a partner with prominent Washington D.C. law firms.
Ms. Thornton also served as Chief of Staff to U.S. Secretary of Education Richard W.
Riley, after starting her service in 1992 as Deputy Chief of Staff and Counselor. During
her nearly eight years with the Clinton Administration, Ms. Thornton advised the
Secretary on all administration and agency matters serving as the liaison between the
Secretary and the White House on policy, political, ethics, personnel and other issues.
Holding a top secret clearance, Ms. Thornton served as her agency's representative in the
Continuity of Operations of Government program. In 1995, Ms. Thornton was selected
by the White House in 1995 to serve on the President's White House Budget Working
Group, and in 1996 was selected to serve in a senior role on President Clinton's
Presidential Debate Team.
Ms. Thornton is a member of numerous associations and boards
in the Washington, D.C. community, and has been widely published
in legal and other newspapers including the Legal Times,
The Wall Street Journal, and the Boson Globe. She holds a
Bachelor of Arts from the University of Pennsylvania and
a law degree from Georgetown University.
6
Speaker: Jeffrey C. Sharer
JEFFREY SHARER is a partner in Sidley currently very cold Chicago office. He
concentrates his practice in litigation and regulatory enforcement matters as
well as in matters related to electronic discovery, computer forensics, and
information governance. Jeffrey frequently advises and advocates on behalf
of clients in matters related to the governance, preservation, and discovery
of electronically stored information. In litigation, Jeffrey has handled matters
at all stages of the Electronic Discovery Reference Model, with particular
emphasis on the development and implementation of best practices and on
the use of artificial intelligence, statistical sampling, and related tools and
techniques to reduce costs and burdens and increase quality of results and
defensibility of process throughout the discovery lifecycle. Jeffrey also
advises in the areas of records retention, data privacy, and information
governance, including defensible deletion of data stores.
Jeffrey is a member of Sidley’s Electronic Discovery Task Force; a longtime
member of The Sedona Conference, the nation’s leading nonpartisan law and
policy think tank in the area of electronic discovery. He holds degrees from
the University of Chicago Law School, and the University of Michigan.
7
Opening Comments of
Edward McNicholas
8
Where are we on cybersecurity?
• Congressional action remains pending
• Focus on implementation of President Obama’s
Executive Order 13636 (February 2013)
– Development of NIST “Cybersecurity Framework” and
programs to encourage voluntary adoption of the
framework
– DHS designation of CI companies (with right of
reconsideration)
– Establishment of regulatory standards by agencies with
statutory authority
– Increased threat information sharing to CI operators
9
NIST Framework
• Implements Feb. 2, 2013 Executive Order
• Final framework due in February 2014
• Discussion Framework:
– Provide common language for expressing,
understanding, and managing cybersecurity risk
internally and externally
– Develop consistent approach: Identify, Protect, Detect,
Respond, Recover
– Prioritize actions for reducing cybersecurity risk
– Create tools to align policy, business, and technological
approaches to managing risk
10
Incentives Recommended to President
• Cybersecurity Insurance — build underwriting
practices that promote the adoption of cyber risk-
reducing measures and risk-based pricing and foster
a competitive cyber insurance market.
• Grants — leverage federal grant programs.
• Process Preference — consider expediting and
prioritizing existing government service delivery;
technical assistance to critical infrastructure; incident
response situations.
• Liability Limitation — reduced tort liability, limited
indemnity, higher burdens of proof, or the creation of
a federal legal privilege that preempts State
disclosure requirements.
11
Incentives – cont’d
• Streamline Regulations — make compliance easier;
eliminate overlaps among existing laws and
regulation; enable equivalent adoption across
regulatory structures; reduce audit burdens.
• Public Recognition — optional public recognition.
• Rate Recovery for Price Regulated Industries —
dialogue with federal, state, and local regulators and
sector specific agencies on whether the regulatory
agencies that set utility rates should consider allowing
utilities recovery for cybersecurity investments.
• Cybersecurity Research — emphasize research and
development to meet the most pressing cybersecurity
challenges where commercial solutions are not
currently available.
12
Opening Comments of
Leslie Thornton,
General Counsel of
Washington Gas
13
Opening Comments of
Jeffrey Sharer
14
Cybersecurity and Information Governance
• Increasing threats of data breach and other cyberincidents,
along with other risks and costs associated with electronic
information systems (such as electronic discovery in legal
and regulatory proceedings), are driving greater focus on
governance of data across organization
• Cyberthreats, in particular, increase both risk and severity
of potential loss associated with over-retention of customer
PII and other sensitive information
• Loss of protected or sensitive information in data breach
can result in notification obligations, regulatory or civil
exposure, damage to reputation, and other harm to
company
• Risks are only growing with passage of time, especially as
concepts such as purpose limitations and the so-called
“right to be forgotten” gain legislative traction
15
Information Governance At 30,000 Feet
• For most organizations, mitigation of cyberrisk
through effective information governance requires
cross-functional approach
• Stakeholders at most organizations include (at least)
legal and compliance; IT; RIM; privacy; security; and
business
• People, process, and technology
• Surging emphasis on remediation – often referred to
as “defensible disposition” – of data that does not
have ongoing business value and is not subject to
legal or regulatory retention requirements (including
litigation holds)
16
Mitigating Risk Through Defensible Disposition
• As a general rule, if data has no business value and is
not subject to legal or regulatory retention
requirements, it can (and usually should) be deleted
in the normal course of business
• Organizations have wide latitude: Legal standards
are reasonableness, proportionality, and good faith
• Recent benchmarking of Global 1000 companies
estimated that for corporate information at any given
time, 1% is on legal hold, 5% is subject to regulatory
retention requirements, and 25% has current
business value—this means that approximately 70%
of data that organizations are managing and storing,
and that is at risk of loss through data breach or
other security incident, is unnecessary
17
Discussion
18
Questions about Simulation Lessons
• On November 13-14, 2013, the so-called GridEx II exercise tested
governmental and industry crisis response plans, and included both
cybersecurity and physical security components.
– Are these sorts of exercises helpful? If so, what did you take away from it?
– How do you manage both the low probability / enormous risks of
cybersecurity issues, and the more mundane but significant risks of
activist or less-sophisticated hackers?
• The report on the first GridEx exercise, noted that “Significant horizontal
communication occurs across industry, but vertical information sharing to
NERC and government agencies is limited due to concerns about
compliance implications.” That nicely sums up one of the key information
sharing issues that inhibit cybersecurity preparation.
– Has the information sharing gotten more or less risky for companies?
– Have the Snowden revelations altered the wisdom of sharing cybersecurity
information with the government?
19
Managing Risk Questions
• Does cybersecurity governance need to fit into an overall
information governance strategy? How are they integrated?
• Businesses must adapt to a rapidly evolving technology
environment, but the legal restrictions are developing
slowly. How do you manage this tension?
• How significant a role does insurance play in your management of
the cybersecurity threat?
• The SAFETY Act (www.SafetyAct.Gov) was designed to support
development and deployment of effective anti-terrorism
technologies by designating and certifying Qualified Anti-
Terrorism Technologies (“QATTs”) that receive important legal
liability protections against claims arising out of an act of
terrorism. Is that an effective piece of cybersecurity risk
management strategies?
20
Legal Standards Questions
• We continue to have a regime of multiple state data breach laws
with slightly different tests. Are these statutes helpful? Would a
preemptive federal test be better?
• Is it better to have multiple, voluntary cybersecurity standards
and widespread variation or would standardization be better?
• The Massachusetts information security regulations take the
unique tact of specifying ISO-based minimum measures. Is this
helpful because it is definite or an overly-simplistic check-box
approach? Which should companies follow?
• Payment card security is almost entirely self- regulatory via the
PCI-DSS. Would this approach work for cybsecurity?
• Have the SEC guidance requiring disclosure of material incidents
helped to increase the level of cybersecurity?
21
Future Developments Questions
• Have you altered your approach to privacy / security
in light of the coming Internet of Things, such as
smart electrical meters? How?
• How should companies factor in these complex
cybsecurity issues in moving to the cloud? What do
you think are the biggest concerns with cloud
computing? Has it made you less likely to move to
the cloud?
• What is the top item on your cybsecurity agenda for
2014?
22
Questions for General Counsels to Ask
and a Cybersecurity To-Do List
23
Cybersecurity Questions GCs Should Ask
• Are we “critical infrastructure” operators?
• Do we have IP assets, trade secrets, account records,
consumer data that could be subject to cyber-attack?
Could our facilities be misused as part of an attack?
• What past incidents have we experienced? Are our
incident response procedures effective and well
understood throughout the organization?
• Do we have an up-to-date cybersecurity risk
assessment in hand?
• Who is responsible and accountable for cybersecurity,
and does he/she have sufficient resources?
• Is the Board of Directors adequately focused on
cybersecurity; has it established satisfactory internal
controls and governance structures?
24
More Cybersecurity Questions
• Do we know what existing and prospective laws apply
to cybersecurity?
• Are we subject to specific cybersecurity regulation?
• Do we know what our contracts say about
cybersecurity; do our existing customer / vendor
contracts protect us on cybersecurity? Obligate us?
• Do we have relevant government contracts?
• Do we know the necessary government points of
contact? Do we have appropriately cleared persons?
• Who is monitoring NIST developments and best
industry practices?
• What do we need to include in our SEC filings on
cybersecurity?
25
More Cybersecurity Questions
• Do we have special international exposure and/or
obligations?
• Are we going to participate in the voluntary White
House and NIST cybersecurity framework?
• Could the White House cybersecurity “incentives”
benefit us? Hurt us?
• Do we have good cybersecurity awareness and
personal responsibility throughout our company?
• Do we understand what our legal exposure and
potential liability is?
• Have we considered cyber-insurance?
• Are we at risk for FTC “failure to secure”
enforcement?
26
More Cybersecurity Questions
• Do we have an effective information governance
function and are the right stakeholders involved?
• Do our information governance systems effectively
mitigate risk of loss from data breach or other
incident?
• Have we considered and addressed defensible
disposition of legacy data stores and other sources
that have outlived business value and legal and
regulatory requirements?
27
Lawyer To-Do List For Cybersecurity
 Ensuring legal risks are considered in cybersecurity risk
assessments
 Oversight and readiness for incident response
 Have you vetted and tested your response ability?
 Are you mitigating risk in the ordinary course through effective
information governance?
 Analyzing and explaining the complex legal environment
 Coordination of relationships with government
 Development of standards and internal policies
 Managing protections and obligations in contracts,
customer and vendor relationships
 Addressing “Hack Back” options
 Managing legal/reputational issues
 Required disclosures and reporting
 Risks and rewards of cooperation with government
 Privilege and selective waivers
 Securities issues
28
Sidley Austin LLP, a Delaware limited liability partnership which operates at the firm’s offices other than Chicago, New York, Los Angeles, San Francisco, Palo Alto, Dallas,
London, Hong Kong, Houston, Singapore and Sydney, is affiliated with other partnerships, including Sidley Austin LLP, an Illinois limited liability partnership (Chicago); Sidley
Austin (NY) LLP, a Delaware limited liability partnership (New York); Sidley Austin (CA) LLP, a Delaware limited liability partnership (Los Angeles, San Francisco, Palo Alto);
Sidley Austin (TX) LLP, a Delaware limited liability partnership (Dallas, Houston); Sidley Austin LLP, a separate Delaware limited liability partnership (London); Sidley Austin
LLP, a separate Delaware limited liability partnership (Singapore); Sidley Austin, a New York general partnership (Hong Kong); Sidley Austin, a Delaware general partnership
of registered foreign lawyers restricted to practicing foreign law (Sydney); and Sidley Austin Nishikawa Foreign Law Joint Enterprise (Tokyo). The affiliated partnerships are
referred to herein collectively as Sidley Austin, Sidley, or the firm.
For purposes of compliance with New York State Bar rules, Sidley Austin LLP’s headquarters are 787 Seventh Avenue, New York, NY 10019, 212.839.5300 and One South
Dearborn, Chicago, IL 60603, 312.853.7000.
Questions?
Edward McNicholas: 202.736.8010 eMcNicholas@sidley.com
Jeffrey C. Sharer: 312.853.7028 jcSharer@sidley.com
www.Sidley.com/InfoLaw
This presentation has been prepared by Sidley Austin LLP as of January 2014 for educational and informational
purposes only. It does not constitute legal advice. This information is not intended to create, and receipt of it does
not constitute, a lawyer-client relationship. Readers should not act upon this without seeking personalized advice
from professional advisers.
BEIJING BOSTON BRUSSELS CHICAGO DALLAS FRANKFURT GENEVA HONG KONG HOUSTON LONDON LOS ANGELES NEW YORK PALO ALTO SAN FRANCISCO SHANGHAI SINGAPORE SYDNEY TOKYO WASHINGTON, D.C.
January 17, 2014
Information Lifecycle Governance –
Minimize Risks & Improve Readiness
All upcoming Ethisphere events can be found
at:
http://ethisphere.com/events/
PLEASE JOIN US FOR
THANK YOU

More Related Content

What's hot

Charity Regulation Conference | NCVO
Charity Regulation Conference | NCVOCharity Regulation Conference | NCVO
Charity Regulation Conference | NCVO
NCVO - National Council for Voluntary Organisations
 
Get you and your business GDPR ready
Get you and your business GDPR readyGet you and your business GDPR ready
Get you and your business GDPR ready
Harrison Clark Rickerbys
 
GDPR and EA Commissioning a web site part 2 - Legal Environment
GDPR and EA Commissioning a web site part 2 - Legal EnvironmentGDPR and EA Commissioning a web site part 2 - Legal Environment
GDPR and EA Commissioning a web site part 2 - Legal Environment
Allen Woods
 
How to get started with being GDPR compliant
How to get started with being GDPR compliantHow to get started with being GDPR compliant
How to get started with being GDPR compliant
Siddharth Ram Dinesh
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Financial Poise
 
2008 12 08 2008 Privacy
2008 12 08 2008 Privacy2008 12 08 2008 Privacy
2008 12 08 2008 Privacy
Lance Hoffman
 
Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert Proposed EU Data Protection Regulation-20120214Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and Avoidance
Amy Purcell
 
GDPR Demystified
GDPR Demystified GDPR Demystified
The 5 Things All In-House Counsel Need to Know about Privacy + Data Security
The 5 Things All In-House Counsel Need to Know about Privacy + Data SecurityThe 5 Things All In-House Counsel Need to Know about Privacy + Data Security
The 5 Things All In-House Counsel Need to Know about Privacy + Data Security
Kegler Brown Hill + Ritter
 
Cybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law FirmCybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law Firm
Next Dimension Inc.
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability Presentation
Sean Graham
 
GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.
Matthias Dobbelaere-Welvaert
 
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
Kenneth Riley
 
Privacy and Data Protection CLE Presentation for Touro Law Center
Privacy and Data Protection CLE Presentation for Touro Law CenterPrivacy and Data Protection CLE Presentation for Touro Law Center
Privacy and Data Protection CLE Presentation for Touro Law Center
Jonathan Ezor
 
Binding corporate rules
Binding corporate rulesBinding corporate rules
Binding corporate rules
LYNX advokatfirma DA
 
Personal Data Privacy and Information Security
Personal Data Privacy and Information SecurityPersonal Data Privacy and Information Security
Personal Data Privacy and Information Security
Charles Mok
 
Hot Topics in Data Breach Litigation
Hot Topics in Data Breach LitigationHot Topics in Data Breach Litigation
Hot Topics in Data Breach Litigation
Bradley Arant Boult Cummings LLP
 
Cloud primer
Cloud primerCloud primer
Cloud primer
Zeno Idzerda
 
Data Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident SimulationData Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident Simulation
Bradley Arant Boult Cummings LLP
 

What's hot (20)

Charity Regulation Conference | NCVO
Charity Regulation Conference | NCVOCharity Regulation Conference | NCVO
Charity Regulation Conference | NCVO
 
Get you and your business GDPR ready
Get you and your business GDPR readyGet you and your business GDPR ready
Get you and your business GDPR ready
 
GDPR and EA Commissioning a web site part 2 - Legal Environment
GDPR and EA Commissioning a web site part 2 - Legal EnvironmentGDPR and EA Commissioning a web site part 2 - Legal Environment
GDPR and EA Commissioning a web site part 2 - Legal Environment
 
How to get started with being GDPR compliant
How to get started with being GDPR compliantHow to get started with being GDPR compliant
How to get started with being GDPR compliant
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
 
2008 12 08 2008 Privacy
2008 12 08 2008 Privacy2008 12 08 2008 Privacy
2008 12 08 2008 Privacy
 
Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert Proposed EU Data Protection Regulation-20120214Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert Proposed EU Data Protection Regulation-20120214
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and Avoidance
 
GDPR Demystified
GDPR Demystified GDPR Demystified
GDPR Demystified
 
The 5 Things All In-House Counsel Need to Know about Privacy + Data Security
The 5 Things All In-House Counsel Need to Know about Privacy + Data SecurityThe 5 Things All In-House Counsel Need to Know about Privacy + Data Security
The 5 Things All In-House Counsel Need to Know about Privacy + Data Security
 
Cybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law FirmCybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law Firm
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability Presentation
 
GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.
 
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
 
Privacy and Data Protection CLE Presentation for Touro Law Center
Privacy and Data Protection CLE Presentation for Touro Law CenterPrivacy and Data Protection CLE Presentation for Touro Law Center
Privacy and Data Protection CLE Presentation for Touro Law Center
 
Binding corporate rules
Binding corporate rulesBinding corporate rules
Binding corporate rules
 
Personal Data Privacy and Information Security
Personal Data Privacy and Information SecurityPersonal Data Privacy and Information Security
Personal Data Privacy and Information Security
 
Hot Topics in Data Breach Litigation
Hot Topics in Data Breach LitigationHot Topics in Data Breach Litigation
Hot Topics in Data Breach Litigation
 
Cloud primer
Cloud primerCloud primer
Cloud primer
 
Data Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident SimulationData Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident Simulation
 

Similar to Cybersecurity: Managing Risk Around New Data Threats

Data Breaches: The Cost of Being Unprepared
Data Breaches: The Cost of Being UnpreparedData Breaches: The Cost of Being Unprepared
Data Breaches: The Cost of Being Unprepared
haynormania
 
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
Eric Vanderburg
 
Matt Blaine, Dennis Garcia, Ann Gorr, & Donald Knight - #InfoGov17 - Navigati...
Matt Blaine, Dennis Garcia, Ann Gorr, & Donald Knight - #InfoGov17 - Navigati...Matt Blaine, Dennis Garcia, Ann Gorr, & Donald Knight - #InfoGov17 - Navigati...
Matt Blaine, Dennis Garcia, Ann Gorr, & Donald Knight - #InfoGov17 - Navigati...
ARMA International
 
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Shawn Tuma
 
Cybersecurity & Data Protection: Thinking About Risk & Compliance
Cybersecurity & Data Protection: Thinking About Risk & ComplianceCybersecurity & Data Protection: Thinking About Risk & Compliance
Cybersecurity & Data Protection: Thinking About Risk & Compliance
Shawn Tuma
 
Data Privacy Compliance
Data Privacy ComplianceData Privacy Compliance
Data Privacy Compliance
Financial Poise
 
Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...
Data Security And Privacy Risks In Cloud Computing  William A Tanenbaum Sourc...Data Security And Privacy Risks In Cloud Computing  William A Tanenbaum Sourc...
Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...
William Tanenbaum
 
Whitepaper: The Enlightened Legal Hold 2014
Whitepaper: The Enlightened Legal Hold 2014Whitepaper: The Enlightened Legal Hold 2014
Whitepaper: The Enlightened Legal Hold 2014
Zapproved
 
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
Shawn Tuma
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Financial Poise
 
LAC15032_WBINQ_Legal_Tech_Toronto
LAC15032_WBINQ_Legal_Tech_TorontoLAC15032_WBINQ_Legal_Tech_Toronto
LAC15032_WBINQ_Legal_Tech_Toronto
Patrick Crummey
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Shawn Tuma
 
Ruble resume (10276)
Ruble resume (10276)Ruble resume (10276)
Ruble resume (10276)
Joe Ruble
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data Breach
Jim Brashear
 
EVERFI/Jackson Lewis: How to Comply with GDPR Requirements: What every U.S. C...
EVERFI/Jackson Lewis: How to Comply with GDPR Requirements: What every U.S. C...EVERFI/Jackson Lewis: How to Comply with GDPR Requirements: What every U.S. C...
EVERFI/Jackson Lewis: How to Comply with GDPR Requirements: What every U.S. C...
Michele Collu
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Eric Vanderburg
 
DAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of  Personal (PII) DataDAMA Webinar: The Data Governance of  Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) Data
DATAVERSITY
 
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Shawn Tuma
 
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the RiskPrivacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
duffeeandeitzen
 
Preservation and Proportionality: Lowering the Burden of Preserving Data in C...
Preservation and Proportionality: Lowering the Burden of Preserving Data in C...Preservation and Proportionality: Lowering the Burden of Preserving Data in C...
Preservation and Proportionality: Lowering the Burden of Preserving Data in C...
Zapproved
 

Similar to Cybersecurity: Managing Risk Around New Data Threats (20)

Data Breaches: The Cost of Being Unprepared
Data Breaches: The Cost of Being UnpreparedData Breaches: The Cost of Being Unprepared
Data Breaches: The Cost of Being Unprepared
 
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
 
Matt Blaine, Dennis Garcia, Ann Gorr, & Donald Knight - #InfoGov17 - Navigati...
Matt Blaine, Dennis Garcia, Ann Gorr, & Donald Knight - #InfoGov17 - Navigati...Matt Blaine, Dennis Garcia, Ann Gorr, & Donald Knight - #InfoGov17 - Navigati...
Matt Blaine, Dennis Garcia, Ann Gorr, & Donald Knight - #InfoGov17 - Navigati...
 
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...
 
Cybersecurity & Data Protection: Thinking About Risk & Compliance
Cybersecurity & Data Protection: Thinking About Risk & ComplianceCybersecurity & Data Protection: Thinking About Risk & Compliance
Cybersecurity & Data Protection: Thinking About Risk & Compliance
 
Data Privacy Compliance
Data Privacy ComplianceData Privacy Compliance
Data Privacy Compliance
 
Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...
Data Security And Privacy Risks In Cloud Computing  William A Tanenbaum Sourc...Data Security And Privacy Risks In Cloud Computing  William A Tanenbaum Sourc...
Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...
 
Whitepaper: The Enlightened Legal Hold 2014
Whitepaper: The Enlightened Legal Hold 2014Whitepaper: The Enlightened Legal Hold 2014
Whitepaper: The Enlightened Legal Hold 2014
 
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
 
LAC15032_WBINQ_Legal_Tech_Toronto
LAC15032_WBINQ_Legal_Tech_TorontoLAC15032_WBINQ_Legal_Tech_Toronto
LAC15032_WBINQ_Legal_Tech_Toronto
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
 
Ruble resume (10276)
Ruble resume (10276)Ruble resume (10276)
Ruble resume (10276)
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data Breach
 
EVERFI/Jackson Lewis: How to Comply with GDPR Requirements: What every U.S. C...
EVERFI/Jackson Lewis: How to Comply with GDPR Requirements: What every U.S. C...EVERFI/Jackson Lewis: How to Comply with GDPR Requirements: What every U.S. C...
EVERFI/Jackson Lewis: How to Comply with GDPR Requirements: What every U.S. C...
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
 
DAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of  Personal (PII) DataDAMA Webinar: The Data Governance of  Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) Data
 
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cy...
 
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the RiskPrivacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
 
Preservation and Proportionality: Lowering the Burden of Preserving Data in C...
Preservation and Proportionality: Lowering the Burden of Preserving Data in C...Preservation and Proportionality: Lowering the Burden of Preserving Data in C...
Preservation and Proportionality: Lowering the Burden of Preserving Data in C...
 

More from Ethisphere

Compliance Strategy and Performance
Compliance Strategy and PerformanceCompliance Strategy and Performance
Compliance Strategy and Performance
Ethisphere
 
Safe Harbor Webinar
Safe Harbor WebinarSafe Harbor Webinar
Safe Harbor Webinar
Ethisphere
 
Corruption In China: Recovery-Led Investigations
Corruption In China: Recovery-Led InvestigationsCorruption In China: Recovery-Led Investigations
Corruption In China: Recovery-Led Investigations
Ethisphere
 
Key Steps to Creating a Strong Compliance Culture Through Effective Leadership
Key Steps to Creating a Strong Compliance Culture Through Effective LeadershipKey Steps to Creating a Strong Compliance Culture Through Effective Leadership
Key Steps to Creating a Strong Compliance Culture Through Effective Leadership
Ethisphere
 
Building on the Foundation of Ethics and Compliance to Achieve Sustainability
Building on the Foundation of Ethics and Compliance to Achieve SustainabilityBuilding on the Foundation of Ethics and Compliance to Achieve Sustainability
Building on the Foundation of Ethics and Compliance to Achieve Sustainability
Ethisphere
 
Special Challenges of Doing Business in Russia
Special Challenges of Doing Business in RussiaSpecial Challenges of Doing Business in Russia
Special Challenges of Doing Business in Russia
Ethisphere
 
Russian Sanctions: What the U.S. and OFAC Directives Mean for Global Companies
Russian Sanctions: What the U.S. and OFAC Directives Mean for Global CompaniesRussian Sanctions: What the U.S. and OFAC Directives Mean for Global Companies
Russian Sanctions: What the U.S. and OFAC Directives Mean for Global Companies
Ethisphere
 
Risk Containment: Tailoring Contract Provisions with Third Parties to Minimiz...
Risk Containment: Tailoring Contract Provisions with Third Parties to Minimiz...Risk Containment: Tailoring Contract Provisions with Third Parties to Minimiz...
Risk Containment: Tailoring Contract Provisions with Third Parties to Minimiz...
Ethisphere
 
Reputation Risk: Why Companies Need to Care
Reputation Risk: Why Companies Need to CareReputation Risk: Why Companies Need to Care
Reputation Risk: Why Companies Need to Care
Ethisphere
 
Doing Business in Mexico: Compliance Implications of the Pact for Mexico
Doing Business in Mexico: Compliance Implications of the Pact for MexicoDoing Business in Mexico: Compliance Implications of the Pact for Mexico
Doing Business in Mexico: Compliance Implications of the Pact for Mexico
Ethisphere
 
Optimizing Compliance Programs in Organizations: A Top Down Approach
Optimizing Compliance Programs in Organizations: A Top Down ApproachOptimizing Compliance Programs in Organizations: A Top Down Approach
Optimizing Compliance Programs in Organizations: A Top Down Approach
Ethisphere
 
Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...
Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...
Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...
Ethisphere
 
Anti-Corruption Update: Naughty or Nice? When Giving Gifts Will Get You a Lum...
Anti-Corruption Update: Naughty or Nice? When Giving Gifts Will Get You a Lum...Anti-Corruption Update: Naughty or Nice? When Giving Gifts Will Get You a Lum...
Anti-Corruption Update: Naughty or Nice? When Giving Gifts Will Get You a Lum...
Ethisphere
 
Whistleblower Best Practices: What Do Compliance and Business Leaders Need to...
Whistleblower Best Practices: What Do Compliance and Business Leaders Need to...Whistleblower Best Practices: What Do Compliance and Business Leaders Need to...
Whistleblower Best Practices: What Do Compliance and Business Leaders Need to...
Ethisphere
 
Best Practices in Anti-Corruption Diligence on M&A Targets, Joint Venture Par...
Best Practices in Anti-Corruption Diligence on M&A Targets, Joint Venture Par...Best Practices in Anti-Corruption Diligence on M&A Targets, Joint Venture Par...
Best Practices in Anti-Corruption Diligence on M&A Targets, Joint Venture Par...
Ethisphere
 
Essential Elements of Global Compliance Programs
Essential Elements of Global Compliance ProgramsEssential Elements of Global Compliance Programs
Essential Elements of Global Compliance Programs
Ethisphere
 
Anti-Corruption and Third Parties: Mitigating the Risks
Anti-Corruption and Third Parties: Mitigating the RisksAnti-Corruption and Third Parties: Mitigating the Risks
Anti-Corruption and Third Parties: Mitigating the Risks
Ethisphere
 
Corporate Cyber Attacks: Managing Risk to Avoid Reputation Harm
Corporate Cyber Attacks: Managing Risk to Avoid Reputation HarmCorporate Cyber Attacks: Managing Risk to Avoid Reputation Harm
Corporate Cyber Attacks: Managing Risk to Avoid Reputation Harm
Ethisphere
 
Conflict Minerals: The First Year and What's to Come
Conflict Minerals: The First Year and What's to ComeConflict Minerals: The First Year and What's to Come
Conflict Minerals: The First Year and What's to Come
Ethisphere
 
Conflict Minerals Update: Making Sense of the Appellate Court Decision and SE...
Conflict Minerals Update: Making Sense of the Appellate Court Decision and SE...Conflict Minerals Update: Making Sense of the Appellate Court Decision and SE...
Conflict Minerals Update: Making Sense of the Appellate Court Decision and SE...
Ethisphere
 

More from Ethisphere (20)

Compliance Strategy and Performance
Compliance Strategy and PerformanceCompliance Strategy and Performance
Compliance Strategy and Performance
 
Safe Harbor Webinar
Safe Harbor WebinarSafe Harbor Webinar
Safe Harbor Webinar
 
Corruption In China: Recovery-Led Investigations
Corruption In China: Recovery-Led InvestigationsCorruption In China: Recovery-Led Investigations
Corruption In China: Recovery-Led Investigations
 
Key Steps to Creating a Strong Compliance Culture Through Effective Leadership
Key Steps to Creating a Strong Compliance Culture Through Effective LeadershipKey Steps to Creating a Strong Compliance Culture Through Effective Leadership
Key Steps to Creating a Strong Compliance Culture Through Effective Leadership
 
Building on the Foundation of Ethics and Compliance to Achieve Sustainability
Building on the Foundation of Ethics and Compliance to Achieve SustainabilityBuilding on the Foundation of Ethics and Compliance to Achieve Sustainability
Building on the Foundation of Ethics and Compliance to Achieve Sustainability
 
Special Challenges of Doing Business in Russia
Special Challenges of Doing Business in RussiaSpecial Challenges of Doing Business in Russia
Special Challenges of Doing Business in Russia
 
Russian Sanctions: What the U.S. and OFAC Directives Mean for Global Companies
Russian Sanctions: What the U.S. and OFAC Directives Mean for Global CompaniesRussian Sanctions: What the U.S. and OFAC Directives Mean for Global Companies
Russian Sanctions: What the U.S. and OFAC Directives Mean for Global Companies
 
Risk Containment: Tailoring Contract Provisions with Third Parties to Minimiz...
Risk Containment: Tailoring Contract Provisions with Third Parties to Minimiz...Risk Containment: Tailoring Contract Provisions with Third Parties to Minimiz...
Risk Containment: Tailoring Contract Provisions with Third Parties to Minimiz...
 
Reputation Risk: Why Companies Need to Care
Reputation Risk: Why Companies Need to CareReputation Risk: Why Companies Need to Care
Reputation Risk: Why Companies Need to Care
 
Doing Business in Mexico: Compliance Implications of the Pact for Mexico
Doing Business in Mexico: Compliance Implications of the Pact for MexicoDoing Business in Mexico: Compliance Implications of the Pact for Mexico
Doing Business in Mexico: Compliance Implications of the Pact for Mexico
 
Optimizing Compliance Programs in Organizations: A Top Down Approach
Optimizing Compliance Programs in Organizations: A Top Down ApproachOptimizing Compliance Programs in Organizations: A Top Down Approach
Optimizing Compliance Programs in Organizations: A Top Down Approach
 
Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...
Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...
Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...
 
Anti-Corruption Update: Naughty or Nice? When Giving Gifts Will Get You a Lum...
Anti-Corruption Update: Naughty or Nice? When Giving Gifts Will Get You a Lum...Anti-Corruption Update: Naughty or Nice? When Giving Gifts Will Get You a Lum...
Anti-Corruption Update: Naughty or Nice? When Giving Gifts Will Get You a Lum...
 
Whistleblower Best Practices: What Do Compliance and Business Leaders Need to...
Whistleblower Best Practices: What Do Compliance and Business Leaders Need to...Whistleblower Best Practices: What Do Compliance and Business Leaders Need to...
Whistleblower Best Practices: What Do Compliance and Business Leaders Need to...
 
Best Practices in Anti-Corruption Diligence on M&A Targets, Joint Venture Par...
Best Practices in Anti-Corruption Diligence on M&A Targets, Joint Venture Par...Best Practices in Anti-Corruption Diligence on M&A Targets, Joint Venture Par...
Best Practices in Anti-Corruption Diligence on M&A Targets, Joint Venture Par...
 
Essential Elements of Global Compliance Programs
Essential Elements of Global Compliance ProgramsEssential Elements of Global Compliance Programs
Essential Elements of Global Compliance Programs
 
Anti-Corruption and Third Parties: Mitigating the Risks
Anti-Corruption and Third Parties: Mitigating the RisksAnti-Corruption and Third Parties: Mitigating the Risks
Anti-Corruption and Third Parties: Mitigating the Risks
 
Corporate Cyber Attacks: Managing Risk to Avoid Reputation Harm
Corporate Cyber Attacks: Managing Risk to Avoid Reputation HarmCorporate Cyber Attacks: Managing Risk to Avoid Reputation Harm
Corporate Cyber Attacks: Managing Risk to Avoid Reputation Harm
 
Conflict Minerals: The First Year and What's to Come
Conflict Minerals: The First Year and What's to ComeConflict Minerals: The First Year and What's to Come
Conflict Minerals: The First Year and What's to Come
 
Conflict Minerals Update: Making Sense of the Appellate Court Decision and SE...
Conflict Minerals Update: Making Sense of the Appellate Court Decision and SE...Conflict Minerals Update: Making Sense of the Appellate Court Decision and SE...
Conflict Minerals Update: Making Sense of the Appellate Court Decision and SE...
 

Recently uploaded

Corporate Governance for South African Mining Companies
Corporate Governance for South African Mining CompaniesCorporate Governance for South African Mining Companies
Corporate Governance for South African Mining Companies
James AH Campbell
 
Satta matka guessing Kalyan result sattamatka
Satta matka guessing Kalyan result sattamatkaSatta matka guessing Kalyan result sattamatka
Satta matka guessing Kalyan result sattamatka
➑➌➋➑➒➎➑➑➊➍
 
PAWFESSIONAL ELVA MAX.pdfAAAAAAAAAAAAAAAAAAA
PAWFESSIONAL ELVA MAX.pdfAAAAAAAAAAAAAAAAAAAPAWFESSIONAL ELVA MAX.pdfAAAAAAAAAAAAAAAAAAA
PAWFESSIONAL ELVA MAX.pdfAAAAAAAAAAAAAAAAAAA
lawrenceads01
 
You Get Me! Leveraging Communication Styles in Virtual Trainingpptx
You Get Me! Leveraging Communication Styles in Virtual TrainingpptxYou Get Me! Leveraging Communication Styles in Virtual Trainingpptx
You Get Me! Leveraging Communication Styles in Virtual Trainingpptx
Cynthia Clay
 
TALENT ACQUISITION AND MANAGEMENT LECTURE 2
TALENT ACQUISITION AND MANAGEMENT LECTURE 2TALENT ACQUISITION AND MANAGEMENT LECTURE 2
TALENT ACQUISITION AND MANAGEMENT LECTURE 2
projectseasy
 
MEA Union Budget 2024-25 Final Presentation
MEA Union Budget 2024-25 Final PresentationMEA Union Budget 2024-25 Final Presentation
MEA Union Budget 2024-25 Final Presentation
PhysicsUtu
 
foodgasm restaurant and Bar pune road.docx
foodgasm restaurant and Bar pune road.docxfoodgasm restaurant and Bar pune road.docx
foodgasm restaurant and Bar pune road.docx
PraghyaBhandari
 
Girls Call Kharghar 9910780858 Provide Best And Top Girl Service And No1 in City
Girls Call Kharghar 9910780858 Provide Best And Top Girl Service And No1 in CityGirls Call Kharghar 9910780858 Provide Best And Top Girl Service And No1 in City
Girls Call Kharghar 9910780858 Provide Best And Top Girl Service And No1 in City
maigasapphire
 
A Complete Guide of Dubai Freelance Visa and Permit in 2024
A Complete Guide of Dubai Freelance Visa and Permit in 2024A Complete Guide of Dubai Freelance Visa and Permit in 2024
A Complete Guide of Dubai Freelance Visa and Permit in 2024
Dubiz
 
ConvertKit: Best Email Marketing Tool for 2024
ConvertKit: Best Email Marketing Tool for 2024ConvertKit: Best Email Marketing Tool for 2024
ConvertKit: Best Email Marketing Tool for 2024
Rakesh Jalan
 
Innovation Hub_ Spotlight on Toms River's Role as a Beacon for Entrepreneuria...
Innovation Hub_ Spotlight on Toms River's Role as a Beacon for Entrepreneuria...Innovation Hub_ Spotlight on Toms River's Role as a Beacon for Entrepreneuria...
Innovation Hub_ Spotlight on Toms River's Role as a Beacon for Entrepreneuria...
Philip M Caputo
 
Discover who your target audience is and reach them
Discover who your target audience is and reach themDiscover who your target audience is and reach them
Discover who your target audience is and reach them
Quibble
 
DEKISH ELEVATOR INDIA PVT LTD Brochure.pdf
DEKISH ELEVATOR INDIA PVT LTD Brochure.pdfDEKISH ELEVATOR INDIA PVT LTD Brochure.pdf
DEKISH ELEVATOR INDIA PVT LTD Brochure.pdf
unosafeads
 
Anton Grutzmache- Ominisient: The Data Revolution in Banking: From Scoring Cr...
Anton Grutzmache- Ominisient: The Data Revolution in Banking: From Scoring Cr...Anton Grutzmache- Ominisient: The Data Revolution in Banking: From Scoring Cr...
Anton Grutzmache- Ominisient: The Data Revolution in Banking: From Scoring Cr...
itnewsafrica
 
Christmas Decorations_ A Guide to Small Christmas Trees, Candle Centerpieces,...
Christmas Decorations_ A Guide to Small Christmas Trees, Candle Centerpieces,...Christmas Decorations_ A Guide to Small Christmas Trees, Candle Centerpieces,...
Christmas Decorations_ A Guide to Small Christmas Trees, Candle Centerpieces,...
Lynch Creek Farm
 
Pricing sophistication - auto insurance telematics
Pricing sophistication - auto insurance telematicsPricing sophistication - auto insurance telematics
Pricing sophistication - auto insurance telematics
Matteo Carbone
 
NewBase 05 July 2024 Energy News issue - 1736 by Khaled Al Awadi_compresse...
NewBase   05 July 2024  Energy News issue - 1736 by Khaled Al Awadi_compresse...NewBase   05 July 2024  Energy News issue - 1736 by Khaled Al Awadi_compresse...
NewBase 05 July 2024 Energy News issue - 1736 by Khaled Al Awadi_compresse...
Khaled Al Awadi
 
Cryptocurrency KYC Policies: Comparing Binance KYC Bypass with Rivals
Cryptocurrency KYC Policies: Comparing Binance KYC Bypass with RivalsCryptocurrency KYC Policies: Comparing Binance KYC Bypass with Rivals
Cryptocurrency KYC Policies: Comparing Binance KYC Bypass with Rivals
Any kyc Account
 
TALENT ACQUISITION AND MANAGEMENT LECTURE 5
TALENT ACQUISITION AND MANAGEMENT LECTURE 5TALENT ACQUISITION AND MANAGEMENT LECTURE 5
TALENT ACQUISITION AND MANAGEMENT LECTURE 5
projectseasy
 
Family/Indoor Entertainment Centers Market: Regulation and Compliance Updates
Family/Indoor Entertainment Centers Market: Regulation and Compliance UpdatesFamily/Indoor Entertainment Centers Market: Regulation and Compliance Updates
Family/Indoor Entertainment Centers Market: Regulation and Compliance Updates
AishwaryaDoiphode3
 

Recently uploaded (20)

Corporate Governance for South African Mining Companies
Corporate Governance for South African Mining CompaniesCorporate Governance for South African Mining Companies
Corporate Governance for South African Mining Companies
 
Satta matka guessing Kalyan result sattamatka
Satta matka guessing Kalyan result sattamatkaSatta matka guessing Kalyan result sattamatka
Satta matka guessing Kalyan result sattamatka
 
PAWFESSIONAL ELVA MAX.pdfAAAAAAAAAAAAAAAAAAA
PAWFESSIONAL ELVA MAX.pdfAAAAAAAAAAAAAAAAAAAPAWFESSIONAL ELVA MAX.pdfAAAAAAAAAAAAAAAAAAA
PAWFESSIONAL ELVA MAX.pdfAAAAAAAAAAAAAAAAAAA
 
You Get Me! Leveraging Communication Styles in Virtual Trainingpptx
You Get Me! Leveraging Communication Styles in Virtual TrainingpptxYou Get Me! Leveraging Communication Styles in Virtual Trainingpptx
You Get Me! Leveraging Communication Styles in Virtual Trainingpptx
 
TALENT ACQUISITION AND MANAGEMENT LECTURE 2
TALENT ACQUISITION AND MANAGEMENT LECTURE 2TALENT ACQUISITION AND MANAGEMENT LECTURE 2
TALENT ACQUISITION AND MANAGEMENT LECTURE 2
 
MEA Union Budget 2024-25 Final Presentation
MEA Union Budget 2024-25 Final PresentationMEA Union Budget 2024-25 Final Presentation
MEA Union Budget 2024-25 Final Presentation
 
foodgasm restaurant and Bar pune road.docx
foodgasm restaurant and Bar pune road.docxfoodgasm restaurant and Bar pune road.docx
foodgasm restaurant and Bar pune road.docx
 
Girls Call Kharghar 9910780858 Provide Best And Top Girl Service And No1 in City
Girls Call Kharghar 9910780858 Provide Best And Top Girl Service And No1 in CityGirls Call Kharghar 9910780858 Provide Best And Top Girl Service And No1 in City
Girls Call Kharghar 9910780858 Provide Best And Top Girl Service And No1 in City
 
A Complete Guide of Dubai Freelance Visa and Permit in 2024
A Complete Guide of Dubai Freelance Visa and Permit in 2024A Complete Guide of Dubai Freelance Visa and Permit in 2024
A Complete Guide of Dubai Freelance Visa and Permit in 2024
 
ConvertKit: Best Email Marketing Tool for 2024
ConvertKit: Best Email Marketing Tool for 2024ConvertKit: Best Email Marketing Tool for 2024
ConvertKit: Best Email Marketing Tool for 2024
 
Innovation Hub_ Spotlight on Toms River's Role as a Beacon for Entrepreneuria...
Innovation Hub_ Spotlight on Toms River's Role as a Beacon for Entrepreneuria...Innovation Hub_ Spotlight on Toms River's Role as a Beacon for Entrepreneuria...
Innovation Hub_ Spotlight on Toms River's Role as a Beacon for Entrepreneuria...
 
Discover who your target audience is and reach them
Discover who your target audience is and reach themDiscover who your target audience is and reach them
Discover who your target audience is and reach them
 
DEKISH ELEVATOR INDIA PVT LTD Brochure.pdf
DEKISH ELEVATOR INDIA PVT LTD Brochure.pdfDEKISH ELEVATOR INDIA PVT LTD Brochure.pdf
DEKISH ELEVATOR INDIA PVT LTD Brochure.pdf
 
Anton Grutzmache- Ominisient: The Data Revolution in Banking: From Scoring Cr...
Anton Grutzmache- Ominisient: The Data Revolution in Banking: From Scoring Cr...Anton Grutzmache- Ominisient: The Data Revolution in Banking: From Scoring Cr...
Anton Grutzmache- Ominisient: The Data Revolution in Banking: From Scoring Cr...
 
Christmas Decorations_ A Guide to Small Christmas Trees, Candle Centerpieces,...
Christmas Decorations_ A Guide to Small Christmas Trees, Candle Centerpieces,...Christmas Decorations_ A Guide to Small Christmas Trees, Candle Centerpieces,...
Christmas Decorations_ A Guide to Small Christmas Trees, Candle Centerpieces,...
 
Pricing sophistication - auto insurance telematics
Pricing sophistication - auto insurance telematicsPricing sophistication - auto insurance telematics
Pricing sophistication - auto insurance telematics
 
NewBase 05 July 2024 Energy News issue - 1736 by Khaled Al Awadi_compresse...
NewBase   05 July 2024  Energy News issue - 1736 by Khaled Al Awadi_compresse...NewBase   05 July 2024  Energy News issue - 1736 by Khaled Al Awadi_compresse...
NewBase 05 July 2024 Energy News issue - 1736 by Khaled Al Awadi_compresse...
 
Cryptocurrency KYC Policies: Comparing Binance KYC Bypass with Rivals
Cryptocurrency KYC Policies: Comparing Binance KYC Bypass with RivalsCryptocurrency KYC Policies: Comparing Binance KYC Bypass with Rivals
Cryptocurrency KYC Policies: Comparing Binance KYC Bypass with Rivals
 
TALENT ACQUISITION AND MANAGEMENT LECTURE 5
TALENT ACQUISITION AND MANAGEMENT LECTURE 5TALENT ACQUISITION AND MANAGEMENT LECTURE 5
TALENT ACQUISITION AND MANAGEMENT LECTURE 5
 
Family/Indoor Entertainment Centers Market: Regulation and Compliance Updates
Family/Indoor Entertainment Centers Market: Regulation and Compliance UpdatesFamily/Indoor Entertainment Centers Market: Regulation and Compliance Updates
Family/Indoor Entertainment Centers Market: Regulation and Compliance Updates
 

Cybersecurity: Managing Risk Around New Data Threats

  • 2. Cybersecurity: Managing Risk Around New Data Threats January 8, 2014
  • 3. www.paulhastings.com ©2013 Paul Hastings LLP Chelsie Chmela Events Manager Chelsie.Chmela@ethisphere.com 703.960.2360 We encourage you to engage during the Q&A portion of today’s webcast by using the “Submit Question” button located within your viewing experience. HOST QUESTIONS MATERIALS Included in your registration: • Event recording and deck: West LegalEdcenter provides on-demand event access for 180 days or until the end of your subscription, if sooner The opinions expressed in this presentation are those of the panelist and do not reflect the opinions, practices or policies of the panelists' respective employers, nor do they constitute legal advice. 3
  • 4. Edward R. McNicholas Co-Chair, Privacy, Data Security, and Information Law practice, Sidley Austin LLP Leslie Thornton Vice President & General Counsel, WGL Holdings, Inc. & Washington Gas Light Company Jeffrey C. Sharer Partner, Sidley Austin LLP SPEAKING TODAY
  • 5. Speaker: Edward R. McNicholas EDWARD R. MCNICHOLAS is a global coordinator of Sidley’s Privacy, Data Security, and Information Law practice. His practice focused on clients facing complex information technology, constitutional and privacy issues in civil and white-collar criminal matters. Ed has significant experience with a wide-range of complex Internet and information law matters involving privacy and data protection, electronic surveillance, cybersecurity, cloud computing, trade secrets, online advertising, “big data” and national security. Examples of his matters include: – a constitutional challenge to portions of the HIPAA final rules (Adheris v. Sebelius, (D.D.C. 2013)), – a consumer class action challenging Internet advertising cookie techniques (In re: Google Inc. Cookie Placement Consumer Privacy Litigation, MDL No. 2358 (D. Del. 2012-13)), – defense of a telecommunications carrier against alleged participation in NSA surveillance (In re National Security Agency Telecommunications Records Litigation, MDL 1791 (N.D.Cal. and 9th Cir. 2006-12)), and – briefing in more than a dozen cases before the U.S. Supreme Court. His practice has been recognized by numerous rankings including Chambers USA (since 2008), Chambers Global (since 2011), and the US Legal 500. Prior to joining Sidley, Mr. McNicholas served as an Associate Counsel to President Clinton. In that capacity, he advised senior White House staff regarding various Independent Counsel, congressional and grand jury investigations. Mr. McNicholas received his J.D. (cum laude) from Harvard Law School, where he was an editor of the Harvard Law Review. He received his A.B. (summa cum laude) from Princeton University, and served as a clerk for the Honorable Paul Niemeyer on the U.S. Court of Appeals for the Fourth Circuit. 5
  • 6. Speaker: Leslie Thornton Leslie Thornton has been Vice President and General Counsel of WGL Holdings, Inc. and Washington Gas Light Company since January 1, 2012, having joined the company as Counsel to the Chairman in November 2011. Prior to joining the company, Ms. Thornton served as a partner with prominent Washington D.C. law firms. Ms. Thornton also served as Chief of Staff to U.S. Secretary of Education Richard W. Riley, after starting her service in 1992 as Deputy Chief of Staff and Counselor. During her nearly eight years with the Clinton Administration, Ms. Thornton advised the Secretary on all administration and agency matters serving as the liaison between the Secretary and the White House on policy, political, ethics, personnel and other issues. Holding a top secret clearance, Ms. Thornton served as her agency's representative in the Continuity of Operations of Government program. In 1995, Ms. Thornton was selected by the White House in 1995 to serve on the President's White House Budget Working Group, and in 1996 was selected to serve in a senior role on President Clinton's Presidential Debate Team. Ms. Thornton is a member of numerous associations and boards in the Washington, D.C. community, and has been widely published in legal and other newspapers including the Legal Times, The Wall Street Journal, and the Boson Globe. She holds a Bachelor of Arts from the University of Pennsylvania and a law degree from Georgetown University. 6
  • 7. Speaker: Jeffrey C. Sharer JEFFREY SHARER is a partner in Sidley currently very cold Chicago office. He concentrates his practice in litigation and regulatory enforcement matters as well as in matters related to electronic discovery, computer forensics, and information governance. Jeffrey frequently advises and advocates on behalf of clients in matters related to the governance, preservation, and discovery of electronically stored information. In litigation, Jeffrey has handled matters at all stages of the Electronic Discovery Reference Model, with particular emphasis on the development and implementation of best practices and on the use of artificial intelligence, statistical sampling, and related tools and techniques to reduce costs and burdens and increase quality of results and defensibility of process throughout the discovery lifecycle. Jeffrey also advises in the areas of records retention, data privacy, and information governance, including defensible deletion of data stores. Jeffrey is a member of Sidley’s Electronic Discovery Task Force; a longtime member of The Sedona Conference, the nation’s leading nonpartisan law and policy think tank in the area of electronic discovery. He holds degrees from the University of Chicago Law School, and the University of Michigan. 7
  • 9. Where are we on cybersecurity? • Congressional action remains pending • Focus on implementation of President Obama’s Executive Order 13636 (February 2013) – Development of NIST “Cybersecurity Framework” and programs to encourage voluntary adoption of the framework – DHS designation of CI companies (with right of reconsideration) – Establishment of regulatory standards by agencies with statutory authority – Increased threat information sharing to CI operators 9
  • 10. NIST Framework • Implements Feb. 2, 2013 Executive Order • Final framework due in February 2014 • Discussion Framework: – Provide common language for expressing, understanding, and managing cybersecurity risk internally and externally – Develop consistent approach: Identify, Protect, Detect, Respond, Recover – Prioritize actions for reducing cybersecurity risk – Create tools to align policy, business, and technological approaches to managing risk 10
  • 11. Incentives Recommended to President • Cybersecurity Insurance — build underwriting practices that promote the adoption of cyber risk- reducing measures and risk-based pricing and foster a competitive cyber insurance market. • Grants — leverage federal grant programs. • Process Preference — consider expediting and prioritizing existing government service delivery; technical assistance to critical infrastructure; incident response situations. • Liability Limitation — reduced tort liability, limited indemnity, higher burdens of proof, or the creation of a federal legal privilege that preempts State disclosure requirements. 11
  • 12. Incentives – cont’d • Streamline Regulations — make compliance easier; eliminate overlaps among existing laws and regulation; enable equivalent adoption across regulatory structures; reduce audit burdens. • Public Recognition — optional public recognition. • Rate Recovery for Price Regulated Industries — dialogue with federal, state, and local regulators and sector specific agencies on whether the regulatory agencies that set utility rates should consider allowing utilities recovery for cybersecurity investments. • Cybersecurity Research — emphasize research and development to meet the most pressing cybersecurity challenges where commercial solutions are not currently available. 12
  • 13. Opening Comments of Leslie Thornton, General Counsel of Washington Gas 13
  • 15. Cybersecurity and Information Governance • Increasing threats of data breach and other cyberincidents, along with other risks and costs associated with electronic information systems (such as electronic discovery in legal and regulatory proceedings), are driving greater focus on governance of data across organization • Cyberthreats, in particular, increase both risk and severity of potential loss associated with over-retention of customer PII and other sensitive information • Loss of protected or sensitive information in data breach can result in notification obligations, regulatory or civil exposure, damage to reputation, and other harm to company • Risks are only growing with passage of time, especially as concepts such as purpose limitations and the so-called “right to be forgotten” gain legislative traction 15
  • 16. Information Governance At 30,000 Feet • For most organizations, mitigation of cyberrisk through effective information governance requires cross-functional approach • Stakeholders at most organizations include (at least) legal and compliance; IT; RIM; privacy; security; and business • People, process, and technology • Surging emphasis on remediation – often referred to as “defensible disposition” – of data that does not have ongoing business value and is not subject to legal or regulatory retention requirements (including litigation holds) 16
  • 17. Mitigating Risk Through Defensible Disposition • As a general rule, if data has no business value and is not subject to legal or regulatory retention requirements, it can (and usually should) be deleted in the normal course of business • Organizations have wide latitude: Legal standards are reasonableness, proportionality, and good faith • Recent benchmarking of Global 1000 companies estimated that for corporate information at any given time, 1% is on legal hold, 5% is subject to regulatory retention requirements, and 25% has current business value—this means that approximately 70% of data that organizations are managing and storing, and that is at risk of loss through data breach or other security incident, is unnecessary 17
  • 19. Questions about Simulation Lessons • On November 13-14, 2013, the so-called GridEx II exercise tested governmental and industry crisis response plans, and included both cybersecurity and physical security components. – Are these sorts of exercises helpful? If so, what did you take away from it? – How do you manage both the low probability / enormous risks of cybersecurity issues, and the more mundane but significant risks of activist or less-sophisticated hackers? • The report on the first GridEx exercise, noted that “Significant horizontal communication occurs across industry, but vertical information sharing to NERC and government agencies is limited due to concerns about compliance implications.” That nicely sums up one of the key information sharing issues that inhibit cybersecurity preparation. – Has the information sharing gotten more or less risky for companies? – Have the Snowden revelations altered the wisdom of sharing cybersecurity information with the government? 19
  • 20. Managing Risk Questions • Does cybersecurity governance need to fit into an overall information governance strategy? How are they integrated? • Businesses must adapt to a rapidly evolving technology environment, but the legal restrictions are developing slowly. How do you manage this tension? • How significant a role does insurance play in your management of the cybersecurity threat? • The SAFETY Act (www.SafetyAct.Gov) was designed to support development and deployment of effective anti-terrorism technologies by designating and certifying Qualified Anti- Terrorism Technologies (“QATTs”) that receive important legal liability protections against claims arising out of an act of terrorism. Is that an effective piece of cybersecurity risk management strategies? 20
  • 21. Legal Standards Questions • We continue to have a regime of multiple state data breach laws with slightly different tests. Are these statutes helpful? Would a preemptive federal test be better? • Is it better to have multiple, voluntary cybersecurity standards and widespread variation or would standardization be better? • The Massachusetts information security regulations take the unique tact of specifying ISO-based minimum measures. Is this helpful because it is definite or an overly-simplistic check-box approach? Which should companies follow? • Payment card security is almost entirely self- regulatory via the PCI-DSS. Would this approach work for cybsecurity? • Have the SEC guidance requiring disclosure of material incidents helped to increase the level of cybersecurity? 21
  • 22. Future Developments Questions • Have you altered your approach to privacy / security in light of the coming Internet of Things, such as smart electrical meters? How? • How should companies factor in these complex cybsecurity issues in moving to the cloud? What do you think are the biggest concerns with cloud computing? Has it made you less likely to move to the cloud? • What is the top item on your cybsecurity agenda for 2014? 22
  • 23. Questions for General Counsels to Ask and a Cybersecurity To-Do List 23
  • 24. Cybersecurity Questions GCs Should Ask • Are we “critical infrastructure” operators? • Do we have IP assets, trade secrets, account records, consumer data that could be subject to cyber-attack? Could our facilities be misused as part of an attack? • What past incidents have we experienced? Are our incident response procedures effective and well understood throughout the organization? • Do we have an up-to-date cybersecurity risk assessment in hand? • Who is responsible and accountable for cybersecurity, and does he/she have sufficient resources? • Is the Board of Directors adequately focused on cybersecurity; has it established satisfactory internal controls and governance structures? 24
  • 25. More Cybersecurity Questions • Do we know what existing and prospective laws apply to cybersecurity? • Are we subject to specific cybersecurity regulation? • Do we know what our contracts say about cybersecurity; do our existing customer / vendor contracts protect us on cybersecurity? Obligate us? • Do we have relevant government contracts? • Do we know the necessary government points of contact? Do we have appropriately cleared persons? • Who is monitoring NIST developments and best industry practices? • What do we need to include in our SEC filings on cybersecurity? 25
  • 26. More Cybersecurity Questions • Do we have special international exposure and/or obligations? • Are we going to participate in the voluntary White House and NIST cybersecurity framework? • Could the White House cybersecurity “incentives” benefit us? Hurt us? • Do we have good cybersecurity awareness and personal responsibility throughout our company? • Do we understand what our legal exposure and potential liability is? • Have we considered cyber-insurance? • Are we at risk for FTC “failure to secure” enforcement? 26
  • 27. More Cybersecurity Questions • Do we have an effective information governance function and are the right stakeholders involved? • Do our information governance systems effectively mitigate risk of loss from data breach or other incident? • Have we considered and addressed defensible disposition of legacy data stores and other sources that have outlived business value and legal and regulatory requirements? 27
  • 28. Lawyer To-Do List For Cybersecurity  Ensuring legal risks are considered in cybersecurity risk assessments  Oversight and readiness for incident response  Have you vetted and tested your response ability?  Are you mitigating risk in the ordinary course through effective information governance?  Analyzing and explaining the complex legal environment  Coordination of relationships with government  Development of standards and internal policies  Managing protections and obligations in contracts, customer and vendor relationships  Addressing “Hack Back” options  Managing legal/reputational issues  Required disclosures and reporting  Risks and rewards of cooperation with government  Privilege and selective waivers  Securities issues 28
  • 29. Sidley Austin LLP, a Delaware limited liability partnership which operates at the firm’s offices other than Chicago, New York, Los Angeles, San Francisco, Palo Alto, Dallas, London, Hong Kong, Houston, Singapore and Sydney, is affiliated with other partnerships, including Sidley Austin LLP, an Illinois limited liability partnership (Chicago); Sidley Austin (NY) LLP, a Delaware limited liability partnership (New York); Sidley Austin (CA) LLP, a Delaware limited liability partnership (Los Angeles, San Francisco, Palo Alto); Sidley Austin (TX) LLP, a Delaware limited liability partnership (Dallas, Houston); Sidley Austin LLP, a separate Delaware limited liability partnership (London); Sidley Austin LLP, a separate Delaware limited liability partnership (Singapore); Sidley Austin, a New York general partnership (Hong Kong); Sidley Austin, a Delaware general partnership of registered foreign lawyers restricted to practicing foreign law (Sydney); and Sidley Austin Nishikawa Foreign Law Joint Enterprise (Tokyo). The affiliated partnerships are referred to herein collectively as Sidley Austin, Sidley, or the firm. For purposes of compliance with New York State Bar rules, Sidley Austin LLP’s headquarters are 787 Seventh Avenue, New York, NY 10019, 212.839.5300 and One South Dearborn, Chicago, IL 60603, 312.853.7000. Questions? Edward McNicholas: 202.736.8010 eMcNicholas@sidley.com Jeffrey C. Sharer: 312.853.7028 jcSharer@sidley.com www.Sidley.com/InfoLaw This presentation has been prepared by Sidley Austin LLP as of January 2014 for educational and informational purposes only. It does not constitute legal advice. This information is not intended to create, and receipt of it does not constitute, a lawyer-client relationship. Readers should not act upon this without seeking personalized advice from professional advisers. BEIJING BOSTON BRUSSELS CHICAGO DALLAS FRANKFURT GENEVA HONG KONG HOUSTON LONDON LOS ANGELES NEW YORK PALO ALTO SAN FRANCISCO SHANGHAI SINGAPORE SYDNEY TOKYO WASHINGTON, D.C.
  • 30. January 17, 2014 Information Lifecycle Governance – Minimize Risks & Improve Readiness All upcoming Ethisphere events can be found at: http://ethisphere.com/events/ PLEASE JOIN US FOR