Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss. This is a keynote speech delivered by Shawn Tuma to the Paralegal Division of the State Bar of Texas on June 17, 2016.
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossShawn Tuma
Shawn Tuma is a cybersecurity lawyer with expertise in data privacy law. He is a partner at Scheef & Stone LLP, a commercial law firm in Texas. Tuma has extensive experience advising businesses on cybersecurity issues and data breaches. He serves on several boards and committees related to cybersecurity law and policy. The document provides an overview of Tuma's background and experience in cybersecurity law.
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsShawn Tuma
This document profiles Shawn Tuma, a cybersecurity lawyer and partner at Scheef & Stone, LLP. It lists his extensive experience in cybersecurity law, data privacy law, and information governance. The document also provides an overview of key issues at the intersection of law and cybersecurity, including unauthorized access laws, data breach notification laws, cybersecurity best practices, breach response processes, officer and director liability, cyber insurance, and developing a cybersecurity risk management program.
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...Shawn Tuma
This presentation was delivered by Shawn E. Tuma, Cybersecurity and Data Privacy Attorney, to SecureWorld Expo Dallas on September 27, 2016.
This presentation was significantly updated from past presentations and included a discussion of the groundbreaking New York Department of Financial Services (NYDFS) Cybersecurity Requirements for Financial Services Companies.
The main points of this presentation are:
(1) Cybersecurity events create a crisis situation and should be treated as such;
(2) Cybersecurity incidents are as much legal events as they are IT or Business / Public Relations events;
(3) Companies must have a cybersecurity breach response plan in place and tested, in advance;
(4) While consumer class action data breach litigation is a significant threat to companies and their leadership, it is not as great of a threat as regulatory enforcement by agencies such as the FTC and SEC, or the shareholder derivative claims for officer and director liability; and
(5) The odds are that all company will be breached, but preparation and diligence can help minimize the likelihood that such a breach from being a catastrophic event.
This presentation addresses the role of attorneys as the first responders in leading their clients through cybersecurity and data loss crisis events. The discussion begins by looking at the risk business have of being the victim of a cybersecurity or data loss incident and examining the nature of such incidents and the crisis environment they create. Then, because of this crisis environment, the need for leadership in helping keep the parties calm, rational, and making deliberate, calculated decisions.
The discussion then explains why cybersecurity events are legal events and legal counsel is the natural leader that should fulfill this role and how they can do so. It will then discuss the process legal counsel will take, including assembling the key players in such an event, both internally and externally. It discusses the obligations for responding to such an event, the steps that must be taken, those that must be considered, and certain factors that go into the decision-making process. It briefly addresses the costs of such an incident and the liability issues that can arise from such an incident and failing to properly respond to the incident. This section includes a discussion of the cybersecurity lawsuit landscape, cybersecurity regulatory landscape, and the issue of cybersecurity-related officer and director liability stemming from shareholder derivative lawsuits based on cybersecurity incidents.
It concludes with a discussion of the steps that companies can take to prepare for and be in a better position to respond to and mitigate the negative repercussions of such an incident.
Cybersecurity Legal Issues: What You Really Need to KnowShawn Tuma
Presentation delivered at the Cybersecurity for the Board & C-Suite "What You Need to Know" Cyber Security Summit Sponsored by the Tarleton State University School of Criminology, Criminal Justice, and Strategic Studies' Institute for Homeland Security, Cybercrime and International Criminal Justice. Shawn Tuma, Cybersecurity & Data Privacy lawyer at Scheef & Stone, LLP in Frisco and Dallas, Texas.
The presentation date was September 13, 2016.
As a cybersecurity and privacy attorney, Shawn Tuma spends much of his time assisting clients proactively prepare for the legal aspects of cybersecurity incidents and respond to incidents when they occur. His work with management, legal, as well as the technology departments, and focus on the legal aspects of cybersecurity, gives him unique insight into how the non-technical areas of companies understand and evaluate cybersecurity.
In his presentation, Tuma will explain how, in his experience, the traditional fear, uncertainty, and doubt – the fear -- that has been used to “sell” cybersecurity has now gone too far and has created a feeling of hopelessness in many companies that has led many to simply quit trying. Instead of always focusing on the fear, he will explain how cybersecurity professionals should help empower companies to do what they can, even if they can’t do everything, so that they can at least improve their cybersecurity posture even if they can’t become “secure.”
Tuma will explain how recent legal and regulatory compliance developments encourage companies to take this approach by doing what is reasonable and provide specific action items that virtually all companies can implement to better themselves in this regard – especially if they find themselves in an incident response situation.
After completing this session, you will:
• Understand why cybersecurity is as much a legal issue as it is a business or technology issue.
• Understand how most legal and regulatory compliance actions support a “take reasonable measures” approach instead of a “strict liability” approach to companies’ pre-breach activities.
• Understand the need to, and how to, focus on the basics of risk and preparation for mitigating such risk.
• Understand the 2 primary legal and regulatory compliance areas that pose the most risk to companies and key action items that can help mitigate that risk.
• Know the 3 pre-breach must-haves for every company to have in place.
• Understand the importance of cybersecurity and privacy focused contractual agreements have on companies and how such agreements can be negotiated.
• Understand why selling the FUD impedes all of these objectives and harms companies’ cybersecurity posture more than it helps.
Cybersecurity & Computer Fraud - The ConvergenceShawn Tuma
This document discusses cybersecurity threats facing businesses. It notes that the majority of cyber attacks target small and medium-sized businesses. Many large companies experienced data breaches in 2014, exposing millions of customer records. The document outlines the legal obligations around data privacy and security for businesses under international, federal, and state laws. It also examines trends in litigation, regulatory actions, and potential officer and director liability related to data breaches. Key computer fraud and cybercrime laws are also summarized.
Cyber Liability Insurance Counseling and Breach ResponseShawn Tuma
This presentation focused on how teaching attorneys how to counsel their clients on cyber insurance and guide them through the data breach incident response process. Cybersecurity and data privacy attorney Shawn Tuma presented this continuing legal education session on March 10, 2017. It was delivered live at the TexasBarCLE presents the 8th Annual Course
Essentials of Business Law:Four Modules for a Robust Practice Cosponsored by the Business Law Section of the State Bar of Texas.
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsShawn Tuma
This presentation focused on cyber security protections for businesses and other law firm clients. Cybersecurity and data privacy attorney Shawn Tuma presented this continuing legal education session on March 10, 2017. It was delivered live at the TexasBarCLE presents the 8th Annual Course
Essentials of Business Law:Four Modules for a Robust Practice Cosponsored by the Business Law Section of the State Bar of Texas.
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)Shawn Tuma
Cybersecurity is a growing challenge as the odds of a company being hacked are very high. The document discusses cybersecurity best practices companies can implement to protect themselves, including having basic IT security, policies around data security, and assessing risks. It also covers responding to data breaches by notifying relevant parties, investigating the breach, and managing public relations impacts. The overall message is that while all companies will likely experience a breach, following basic security practices and having an incident response plan can help reduce liability and costs.
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossShawn Tuma
Shawn Tuma is a cybersecurity lawyer with expertise in data privacy law. He is a partner at Scheef & Stone LLP, a commercial law firm in Texas. Tuma has extensive experience advising businesses on cybersecurity issues and data breaches. He serves on several boards and committees related to cybersecurity law and policy. The document provides an overview of Tuma's background and experience in cybersecurity law.
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsShawn Tuma
This document profiles Shawn Tuma, a cybersecurity lawyer and partner at Scheef & Stone, LLP. It lists his extensive experience in cybersecurity law, data privacy law, and information governance. The document also provides an overview of key issues at the intersection of law and cybersecurity, including unauthorized access laws, data breach notification laws, cybersecurity best practices, breach response processes, officer and director liability, cyber insurance, and developing a cybersecurity risk management program.
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...Shawn Tuma
This presentation was delivered by Shawn E. Tuma, Cybersecurity and Data Privacy Attorney, to SecureWorld Expo Dallas on September 27, 2016.
This presentation was significantly updated from past presentations and included a discussion of the groundbreaking New York Department of Financial Services (NYDFS) Cybersecurity Requirements for Financial Services Companies.
The main points of this presentation are:
(1) Cybersecurity events create a crisis situation and should be treated as such;
(2) Cybersecurity incidents are as much legal events as they are IT or Business / Public Relations events;
(3) Companies must have a cybersecurity breach response plan in place and tested, in advance;
(4) While consumer class action data breach litigation is a significant threat to companies and their leadership, it is not as great of a threat as regulatory enforcement by agencies such as the FTC and SEC, or the shareholder derivative claims for officer and director liability; and
(5) The odds are that all company will be breached, but preparation and diligence can help minimize the likelihood that such a breach from being a catastrophic event.
This presentation addresses the role of attorneys as the first responders in leading their clients through cybersecurity and data loss crisis events. The discussion begins by looking at the risk business have of being the victim of a cybersecurity or data loss incident and examining the nature of such incidents and the crisis environment they create. Then, because of this crisis environment, the need for leadership in helping keep the parties calm, rational, and making deliberate, calculated decisions.
The discussion then explains why cybersecurity events are legal events and legal counsel is the natural leader that should fulfill this role and how they can do so. It will then discuss the process legal counsel will take, including assembling the key players in such an event, both internally and externally. It discusses the obligations for responding to such an event, the steps that must be taken, those that must be considered, and certain factors that go into the decision-making process. It briefly addresses the costs of such an incident and the liability issues that can arise from such an incident and failing to properly respond to the incident. This section includes a discussion of the cybersecurity lawsuit landscape, cybersecurity regulatory landscape, and the issue of cybersecurity-related officer and director liability stemming from shareholder derivative lawsuits based on cybersecurity incidents.
It concludes with a discussion of the steps that companies can take to prepare for and be in a better position to respond to and mitigate the negative repercussions of such an incident.
Cybersecurity Legal Issues: What You Really Need to KnowShawn Tuma
Presentation delivered at the Cybersecurity for the Board & C-Suite "What You Need to Know" Cyber Security Summit Sponsored by the Tarleton State University School of Criminology, Criminal Justice, and Strategic Studies' Institute for Homeland Security, Cybercrime and International Criminal Justice. Shawn Tuma, Cybersecurity & Data Privacy lawyer at Scheef & Stone, LLP in Frisco and Dallas, Texas.
The presentation date was September 13, 2016.
As a cybersecurity and privacy attorney, Shawn Tuma spends much of his time assisting clients proactively prepare for the legal aspects of cybersecurity incidents and respond to incidents when they occur. His work with management, legal, as well as the technology departments, and focus on the legal aspects of cybersecurity, gives him unique insight into how the non-technical areas of companies understand and evaluate cybersecurity.
In his presentation, Tuma will explain how, in his experience, the traditional fear, uncertainty, and doubt – the fear -- that has been used to “sell” cybersecurity has now gone too far and has created a feeling of hopelessness in many companies that has led many to simply quit trying. Instead of always focusing on the fear, he will explain how cybersecurity professionals should help empower companies to do what they can, even if they can’t do everything, so that they can at least improve their cybersecurity posture even if they can’t become “secure.”
Tuma will explain how recent legal and regulatory compliance developments encourage companies to take this approach by doing what is reasonable and provide specific action items that virtually all companies can implement to better themselves in this regard – especially if they find themselves in an incident response situation.
After completing this session, you will:
• Understand why cybersecurity is as much a legal issue as it is a business or technology issue.
• Understand how most legal and regulatory compliance actions support a “take reasonable measures” approach instead of a “strict liability” approach to companies’ pre-breach activities.
• Understand the need to, and how to, focus on the basics of risk and preparation for mitigating such risk.
• Understand the 2 primary legal and regulatory compliance areas that pose the most risk to companies and key action items that can help mitigate that risk.
• Know the 3 pre-breach must-haves for every company to have in place.
• Understand the importance of cybersecurity and privacy focused contractual agreements have on companies and how such agreements can be negotiated.
• Understand why selling the FUD impedes all of these objectives and harms companies’ cybersecurity posture more than it helps.
Cybersecurity & Computer Fraud - The ConvergenceShawn Tuma
This document discusses cybersecurity threats facing businesses. It notes that the majority of cyber attacks target small and medium-sized businesses. Many large companies experienced data breaches in 2014, exposing millions of customer records. The document outlines the legal obligations around data privacy and security for businesses under international, federal, and state laws. It also examines trends in litigation, regulatory actions, and potential officer and director liability related to data breaches. Key computer fraud and cybercrime laws are also summarized.
Cyber Liability Insurance Counseling and Breach ResponseShawn Tuma
This presentation focused on how teaching attorneys how to counsel their clients on cyber insurance and guide them through the data breach incident response process. Cybersecurity and data privacy attorney Shawn Tuma presented this continuing legal education session on March 10, 2017. It was delivered live at the TexasBarCLE presents the 8th Annual Course
Essentials of Business Law:Four Modules for a Robust Practice Cosponsored by the Business Law Section of the State Bar of Texas.
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsShawn Tuma
This presentation focused on cyber security protections for businesses and other law firm clients. Cybersecurity and data privacy attorney Shawn Tuma presented this continuing legal education session on March 10, 2017. It was delivered live at the TexasBarCLE presents the 8th Annual Course
Essentials of Business Law:Four Modules for a Robust Practice Cosponsored by the Business Law Section of the State Bar of Texas.
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)Shawn Tuma
Cybersecurity is a growing challenge as the odds of a company being hacked are very high. The document discusses cybersecurity best practices companies can implement to protect themselves, including having basic IT security, policies around data security, and assessing risks. It also covers responding to data breaches by notifying relevant parties, investigating the breach, and managing public relations impacts. The overall message is that while all companies will likely experience a breach, following basic security practices and having an incident response plan can help reduce liability and costs.
Cybersecurity for Your Law Firm: Data Security and Data EncryptionShawn Tuma
This presentation focused on cybersecurity protections for law firms and attorneys' ethical obligation to protect client information. Cybersecurity and data privacy attorney Shawn Tuma presented this continuing legal education session on March 10, 2017. It was delivered live at the TexasBarCLE presents the 8th Annual Course
Essentials of Business Law:Four Modules for a Robust Practice Cosponsored by the Business Law Section of the State Bar of Texas.
This document discusses cybersecurity risks and legal obligations related to data breaches. It notes that the cost of data breaches has risen each year, with the average total cost reaching $6.5 million in 2015. Companies face a variety of international, federal, and state laws regarding data privacy and breach notification. The document provides an overview of considerations for determining if an event qualifies as a data breach, when to report breaches to law enforcement or regulators, and penalties for noncompliance with state breach notification laws.
Digital Information Law & Your Business - The Alternative BoardShawn Tuma
A discussion for business owners of digital information law issues of social media law, data security and data breach law, and trade secrets and corporate espionage issues.
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...Shawn Tuma
Presentation to the Collin County Bench Bar Foundation's 2015 Bench Bar Conference. Focused on the latest cybersecurity trends and strategies for mitigation of cyber risk and compliance.
Cyber Security For Law Firms - February 2015 -Westchester County Bar Associat...dmenken60
Law firms are increasingly becoming targets of hackers who realize that lawyers, while mostly good at being lawyers, are often terrible at securing their data. This article provides specific suggestions on how law firms can become more cyber safe.
This document summarizes a presentation on whistleblowing and ethics in human resources management. It discusses when managers can blow the whistle on their employer's unlawful or unethical practices and still be protected. It examines two New Jersey court cases on this issue. The first case found that copying confidential documents could be protected activity if done to advance a discrimination lawsuit. The second case found employees may have a reasonable expectation of privacy in some personal emails, depending on the clarity of the company's email policy. The presentation advises employers to have clear policies on technology and whistleblowing, and to seek expert legal advice when retaliation claims arise.
Preservation and Proportionality: Lowering the Burden of Preserving Data in C...Zapproved
The spotlight has turned to the issue of proportionality as it may be applied to the preservation of potentially relevant information. The postPension Committee world has moved beyond asking “if” litigants need to preserve information to a focus on “how.”
One need look no further than the testimony before the Dallas mini-conference in September and followed shortly thereafter by the debate stirred by the Pippins v. KPMG opinion.
Litigants are struggling to balance the increasing demands of preservation being driven by the exponential increase in electronically stored information (ESI) and the perceived rise in sanctions for spoliation. In order to control the increasing cost and “monumental inefficiency” that can result from traditional approaches to data preservation, the stakeholders in the U.S. legal system are searching for a solution founded on the principles of both reasonableness and proportionality as embodied in the Federal Rules of Civil Procedure.
The goal of this paper is to explore options for providing more objective “guideposts” for litigants facing the uncertainty of future discovery demands.
Privacy and Technology in Your Practice: Why it Matters & Where is the Riskduffeeandeitzen
This document summarizes a presentation on privacy and technology issues for law firms. It discusses why data breaches are a risk for law firms, as they hold valuable corporate and client data. Several types of attacks that could lead to breaches are described, such as insider threats, vendor threats, phishing, and ransomware. Compliance with breach notification laws, privacy laws, and professional responsibility rules is also discussed. The costs of breaches and implications for a law firm's practice are reviewed. Initial takeaways from a recent major data breach are provided. Questions from attendees are answered relating to privacy, cybersecurity, legal technology, cloud computing contracts, and maintaining competence regarding technology.
This document discusses law firms enhancing cybersecurity in response to recent high-profile data breaches. It notes that corporate clients now expect strong cybersecurity from outside law firms. Some law firms are hiring cybersecurity experts to reassure clients and address this issue. While cooperation between law firms and clients is important, perfect security is impossible against truly motivated hackers.
Non-competition and Non-solicitation ProvisionsKevin Learned
In this seminar we analyzed non-competition and non-solicitation provisions in the contexts of M&A transactions, employee/consultant relationships and subcontracting agreements. We addressed issues that arise in the drafting and negotiation of these provisions, as well as issues related to enforcement and litigation, with a particular emphasis on issues impacting federal service contractors who operate in the DC/MD/VA region.
Whitepaper: The Enlightened Legal Hold 2014Zapproved
Three years after the Pension Committee opinion, Judge Shira Scheindlin's message is still loud and clear: The courts do not want to waste time and squander resources on motion practice, depositions and reams of submissions growing out of inexcusable failures to properly preserve relevant ESI.
Now is the time for enlightened legal holds, an age when counsel have the judgment to distinguish what must be preserved, the knowledge to negotiate and lucidly communicate the scope, and the skills and tools to select and instruct on reasonable and effective methods of preservation.
Download the white paper to discover:
How to avoid the 5 Deadly Sins of Legal Holds
Why a legal hold is an organic, bespoke process
How to know if you are 'over-preserving'
9 key elements of a sound legal hold
When to expect higher standards, raised stakes, and new vulnerabilities
The Enlightened Legal Hold serves as a guide for organizations of any size in tackling the task of preservation that at times can seem overwhelming. The 2014 version includes updated citations and other improvements to guide you on your path to Preservation Nirvana.
Federal Computer Fraud and Abuse Act & Texas Computer Hacking StatutesShawn Tuma
Federal Computer Fraud and Abuse Act & Texas Computer Hacking Statutes is a presentation that Shawn Tuma delivered to the Intellectual Property Section Track at the State Bar of Texas Annual Meeting in Fort Worth, Texas on June 17, 2016. This presentation focused on the practical "how to" for practitioners to use the Computer Fraud and Abuse Act (CFAA) and the Texas Breach of Computer Security (BCS) and Harmful Access by Computers Act (HACA) statutes to combat privileged-user / insider misuse as well as outsider threats.
The document discusses the benefits of exercise for both physical and mental health. It notes that regular exercise can reduce the risk of diseases like heart disease and diabetes, improve mood, and reduce feelings of stress and anxiety. The document recommends that adults get at least 150 minutes of moderate exercise or 75 minutes of vigorous exercise per week to gain these benefits.
The document discusses the benefits of exercise for both physical and mental health. Regular exercise can improve cardiovascular health, reduce symptoms of depression and anxiety, enhance mood, and boost brain health. Staying physically active for at least 30 minutes each day is recommended for significant health improvements.
Este documento describe cómo crear una cuenta en YouTube y subir videos. Explica que al crear una cuenta se puede subir videos propios a la plataforma. Luego detalla los pasos para crear una cuenta, que incluyen llenar un formulario y confirmar la dirección de correo electrónico. Finalmente, indica el proceso para subir un video, el cual requiere proporcionar información como el título, descripción y palabras clave, seleccionar la clasificación y el idioma, elegir el archivo de video y publicarlo.
The document is about Jorge Martorell Flores' area of EPT (presumably education or teaching) for secondary level students in 2015. It contains repeated text stating his name, area and year without any other details.
This document discusses opportunities for laboratory research work such as centrifuging blood samples. It also mentions pop stars that frequented the student union in the past like S-club 3 and N-Dubz. Various student societies at Leeds University are described ranging from rowing to wine tasting, with encouragement to join a pub crawl in fancy dress.
This document provides an overview of tools and resources for health care auditing and monitoring of compliance programs. It includes sections on planning and conducting audits, general compliance program audit tools and worksheets, evaluating effectiveness, responding to OIG work plans, billing and coding, HIPAA, evaluation and management, additional specialized review procedures and tools, outcomes, and job descriptions. Appendices provide additional guidance on performing risk assessments, developing compliance work plans, using computer-assisted audit techniques, and other topics.
Este documento explica los 4 pasos para crear una cuenta en YouTube. Primero, se necesita una cuenta de Gmail. Luego, ingresar a YouTube.com, hacer clic en "iniciar sesión" y "registrarse", e ingresar la información requerida como nombre, apellidos y correo electrónico. Finalmente, la cuenta estará lista para usar y disfrutar de los beneficios de YouTube.
This document provides a tour of sights to see in the city of Bath, UK. It mentions landmarks like Pulteney Bridge, the Royal Crescent, the Assembly Rooms, the Roman Baths, and the Abbey. The tour also notes transportation options like the City Sightseeing bus and locations for entertainment and markets in the historic city.
Cybersecurity for Your Law Firm: Data Security and Data EncryptionShawn Tuma
This presentation focused on cybersecurity protections for law firms and attorneys' ethical obligation to protect client information. Cybersecurity and data privacy attorney Shawn Tuma presented this continuing legal education session on March 10, 2017. It was delivered live at the TexasBarCLE presents the 8th Annual Course
Essentials of Business Law:Four Modules for a Robust Practice Cosponsored by the Business Law Section of the State Bar of Texas.
This document discusses cybersecurity risks and legal obligations related to data breaches. It notes that the cost of data breaches has risen each year, with the average total cost reaching $6.5 million in 2015. Companies face a variety of international, federal, and state laws regarding data privacy and breach notification. The document provides an overview of considerations for determining if an event qualifies as a data breach, when to report breaches to law enforcement or regulators, and penalties for noncompliance with state breach notification laws.
Digital Information Law & Your Business - The Alternative BoardShawn Tuma
A discussion for business owners of digital information law issues of social media law, data security and data breach law, and trade secrets and corporate espionage issues.
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Str...Shawn Tuma
Presentation to the Collin County Bench Bar Foundation's 2015 Bench Bar Conference. Focused on the latest cybersecurity trends and strategies for mitigation of cyber risk and compliance.
Cyber Security For Law Firms - February 2015 -Westchester County Bar Associat...dmenken60
Law firms are increasingly becoming targets of hackers who realize that lawyers, while mostly good at being lawyers, are often terrible at securing their data. This article provides specific suggestions on how law firms can become more cyber safe.
This document summarizes a presentation on whistleblowing and ethics in human resources management. It discusses when managers can blow the whistle on their employer's unlawful or unethical practices and still be protected. It examines two New Jersey court cases on this issue. The first case found that copying confidential documents could be protected activity if done to advance a discrimination lawsuit. The second case found employees may have a reasonable expectation of privacy in some personal emails, depending on the clarity of the company's email policy. The presentation advises employers to have clear policies on technology and whistleblowing, and to seek expert legal advice when retaliation claims arise.
Preservation and Proportionality: Lowering the Burden of Preserving Data in C...Zapproved
The spotlight has turned to the issue of proportionality as it may be applied to the preservation of potentially relevant information. The postPension Committee world has moved beyond asking “if” litigants need to preserve information to a focus on “how.”
One need look no further than the testimony before the Dallas mini-conference in September and followed shortly thereafter by the debate stirred by the Pippins v. KPMG opinion.
Litigants are struggling to balance the increasing demands of preservation being driven by the exponential increase in electronically stored information (ESI) and the perceived rise in sanctions for spoliation. In order to control the increasing cost and “monumental inefficiency” that can result from traditional approaches to data preservation, the stakeholders in the U.S. legal system are searching for a solution founded on the principles of both reasonableness and proportionality as embodied in the Federal Rules of Civil Procedure.
The goal of this paper is to explore options for providing more objective “guideposts” for litigants facing the uncertainty of future discovery demands.
Privacy and Technology in Your Practice: Why it Matters & Where is the Riskduffeeandeitzen
This document summarizes a presentation on privacy and technology issues for law firms. It discusses why data breaches are a risk for law firms, as they hold valuable corporate and client data. Several types of attacks that could lead to breaches are described, such as insider threats, vendor threats, phishing, and ransomware. Compliance with breach notification laws, privacy laws, and professional responsibility rules is also discussed. The costs of breaches and implications for a law firm's practice are reviewed. Initial takeaways from a recent major data breach are provided. Questions from attendees are answered relating to privacy, cybersecurity, legal technology, cloud computing contracts, and maintaining competence regarding technology.
This document discusses law firms enhancing cybersecurity in response to recent high-profile data breaches. It notes that corporate clients now expect strong cybersecurity from outside law firms. Some law firms are hiring cybersecurity experts to reassure clients and address this issue. While cooperation between law firms and clients is important, perfect security is impossible against truly motivated hackers.
Non-competition and Non-solicitation ProvisionsKevin Learned
In this seminar we analyzed non-competition and non-solicitation provisions in the contexts of M&A transactions, employee/consultant relationships and subcontracting agreements. We addressed issues that arise in the drafting and negotiation of these provisions, as well as issues related to enforcement and litigation, with a particular emphasis on issues impacting federal service contractors who operate in the DC/MD/VA region.
Whitepaper: The Enlightened Legal Hold 2014Zapproved
Three years after the Pension Committee opinion, Judge Shira Scheindlin's message is still loud and clear: The courts do not want to waste time and squander resources on motion practice, depositions and reams of submissions growing out of inexcusable failures to properly preserve relevant ESI.
Now is the time for enlightened legal holds, an age when counsel have the judgment to distinguish what must be preserved, the knowledge to negotiate and lucidly communicate the scope, and the skills and tools to select and instruct on reasonable and effective methods of preservation.
Download the white paper to discover:
How to avoid the 5 Deadly Sins of Legal Holds
Why a legal hold is an organic, bespoke process
How to know if you are 'over-preserving'
9 key elements of a sound legal hold
When to expect higher standards, raised stakes, and new vulnerabilities
The Enlightened Legal Hold serves as a guide for organizations of any size in tackling the task of preservation that at times can seem overwhelming. The 2014 version includes updated citations and other improvements to guide you on your path to Preservation Nirvana.
Federal Computer Fraud and Abuse Act & Texas Computer Hacking StatutesShawn Tuma
Federal Computer Fraud and Abuse Act & Texas Computer Hacking Statutes is a presentation that Shawn Tuma delivered to the Intellectual Property Section Track at the State Bar of Texas Annual Meeting in Fort Worth, Texas on June 17, 2016. This presentation focused on the practical "how to" for practitioners to use the Computer Fraud and Abuse Act (CFAA) and the Texas Breach of Computer Security (BCS) and Harmful Access by Computers Act (HACA) statutes to combat privileged-user / insider misuse as well as outsider threats.
The document discusses the benefits of exercise for both physical and mental health. It notes that regular exercise can reduce the risk of diseases like heart disease and diabetes, improve mood, and reduce feelings of stress and anxiety. The document recommends that adults get at least 150 minutes of moderate exercise or 75 minutes of vigorous exercise per week to gain these benefits.
The document discusses the benefits of exercise for both physical and mental health. Regular exercise can improve cardiovascular health, reduce symptoms of depression and anxiety, enhance mood, and boost brain health. Staying physically active for at least 30 minutes each day is recommended for significant health improvements.
Este documento describe cómo crear una cuenta en YouTube y subir videos. Explica que al crear una cuenta se puede subir videos propios a la plataforma. Luego detalla los pasos para crear una cuenta, que incluyen llenar un formulario y confirmar la dirección de correo electrónico. Finalmente, indica el proceso para subir un video, el cual requiere proporcionar información como el título, descripción y palabras clave, seleccionar la clasificación y el idioma, elegir el archivo de video y publicarlo.
The document is about Jorge Martorell Flores' area of EPT (presumably education or teaching) for secondary level students in 2015. It contains repeated text stating his name, area and year without any other details.
This document discusses opportunities for laboratory research work such as centrifuging blood samples. It also mentions pop stars that frequented the student union in the past like S-club 3 and N-Dubz. Various student societies at Leeds University are described ranging from rowing to wine tasting, with encouragement to join a pub crawl in fancy dress.
This document provides an overview of tools and resources for health care auditing and monitoring of compliance programs. It includes sections on planning and conducting audits, general compliance program audit tools and worksheets, evaluating effectiveness, responding to OIG work plans, billing and coding, HIPAA, evaluation and management, additional specialized review procedures and tools, outcomes, and job descriptions. Appendices provide additional guidance on performing risk assessments, developing compliance work plans, using computer-assisted audit techniques, and other topics.
Este documento explica los 4 pasos para crear una cuenta en YouTube. Primero, se necesita una cuenta de Gmail. Luego, ingresar a YouTube.com, hacer clic en "iniciar sesión" y "registrarse", e ingresar la información requerida como nombre, apellidos y correo electrónico. Finalmente, la cuenta estará lista para usar y disfrutar de los beneficios de YouTube.
This document provides a tour of sights to see in the city of Bath, UK. It mentions landmarks like Pulteney Bridge, the Royal Crescent, the Assembly Rooms, the Roman Baths, and the Abbey. The tour also notes transportation options like the City Sightseeing bus and locations for entertainment and markets in the historic city.
Factories of the Future - and What They Mean for Your BusinessSanderson Group
Manufacturing is constantly changing, adopting new processes and technologies to maximise efficiencies and increase productivity. Now, this drive for improvement is taking manufacturing across new frontiers, into the world of Industry 4.0. This is more than a mere buzzword though, Industry 4.0 is already starting to take shape as robots grow ever more intelligent and interconnected, 3D printing gets closer to realising its potential and the depth of detail in analytics continues to expand. This infographic takes a look at these, and other manufacturing trends of the near future and the business benefits they might bring when they reach SMEs.
Dokumen tersebut membahas tentang Material Design untuk Android, yang merupakan panduan komprehensif untuk antarmuka pengguna dan pengalaman pengguna dari Google. Material Design dirancang untuk konsistensi di berbagai platform dan perangkat, serta mendefinisikan identitas desain untuk Android dan produk Google lainnya. Dokumen tersebut juga menjelaskan komponen pendukung Material Design seperti RecyclerView, CardView, NavigationView, serta dependency yang dibutuhkan.
Cybersecurity: What the GC and CEO Need to KnowShawn Tuma
Shawn Tuma, Cybersecurity & Data Protection Partner at Scheef & Stone, L.L.P., presented to the Dallas Bar Association's Corporate Counsel Section on May 3, 2016. The title was Cybersecurity: What the GC and CEO Need to Know.
A hands-on cybersecurity presentation: preparing an action plan before you are attacked, contracting tips and available insurance coverage.
Cybersecurity & Data Protection: What the GC & CEO Need to KnowShawn Tuma
The main points of this presentation are:
(1) Cybersecurity events create a crisis situation and should be treated as such;
(2) Cybersecurity incidents are as much legal events as they are IT or Business / Public Relations events;
(3) Companies must have a cybersecurity breach response plan in place and tested, in advance;
(4) While consumer class action data breach litigation is a significant threat to companies and their leadership, it is not as great of a threat as regulatory enforcement by agencies such as the FTC and SEC, or the shareholder derivative claims for officer and director liability; and
(5) The odds are that all company will be breached, but preparation and diligence can help minimize the likelihood that such a breach from being a catastrophic event.
This presentation addresses the role of attorneys as the first responders in leading their clients through cybersecurity and data loss crisis events. The discussion begins by looking at the risk business have of being the victim of a cybersecurity or data loss incident and examining the nature of such incidents and the crisis environment they create. Then, because of this crisis environment, the need for leadership in helping keep the parties calm, rational, and making deliberate, calculated decisions.
The discussion then explains why cybersecurity events are legal events and legal counsel is the natural leader that should fulfill this role and how they can do so. It will then discuss the process legal counsel will take, including assembling the key players in such an event, both internally and externally. It discusses the obligations for responding to such an event, the steps that must be taken, those that must be considered, and certain factors that go into the decision-making process. It briefly addresses the costs of such an incident and the liability issues that can arise from such an incident and failing to properly respond to the incident. This section includes a discussion of the cybersecurity lawsuit landscape, cybersecurity regulatory landscape, and the issue of cybersecurity-related officer and director liability stemming from shareholder derivative lawsuits based on cybersecurity incidents.
It concludes with a discussion of the steps that companies can take to prepare for and be in a better position to respond to and mitigate the negative repercussions of such an incident.
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...Shawn Tuma
This presentation was delivered by Shawn E. Tuma, Cybersecurity and Data Privacy Attorney, to ISSA North Texas on October 8, 2016.
This presentation was significantly updated from past presentations and included a discussion of the groundbreaking New York Department of Financial Services (NYDFS) Cybersecurity Requirements for Financial Services Companies.
The main points of this presentation are:
(1) Cybersecurity events create a crisis situation and should be treated as such;
(2) Cybersecurity incidents are as much legal events as they are IT or Business / Public Relations events;
(3) Companies must have a cybersecurity breach response plan in place and tested, in advance;
(4) While consumer class action data breach litigation is a significant threat to companies and their leadership, it is not as great of a threat as regulatory enforcement by agencies such as the FTC and SEC, or the shareholder derivative claims for officer and director liability; and
(5) The odds are that all company will be breached, but preparation and diligence can help minimize the likelihood that such a breach from being a catastrophic event.
This presentation addresses the role of attorneys as the first responders in leading their clients through cybersecurity and data loss crisis events. The discussion begins by looking at the risk business have of being the victim of a cybersecurity or data loss incident and examining the nature of such incidents and the crisis environment they create. Then, because of this crisis environment, the need for leadership in helping keep the parties calm, rational, and making deliberate, calculated decisions.
The discussion then explains why cybersecurity events are legal events and legal counsel is the natural leader that should fulfill this role and how they can do so. It will then discuss the process legal counsel will take, including assembling the key players in such an event, both internally and externally. It discusses the obligations for responding to such an event, the steps that must be taken, those that must be considered, and certain factors that go into the decision-making process. It briefly addresses the costs of such an incident and the liability issues that can arise from such an incident and failing to properly respond to the incident. This section includes a discussion of the cybersecurity lawsuit landscape, cybersecurity regulatory landscape, and the issue of cybersecurity-related officer and director liability stemming from shareholder derivative lawsuits based on cybersecurity incidents.
It concludes with a discussion of the steps that companies can take to prepare for and be in a better position to respond to and mitigate the negative repercussions of such an incident.
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...Shawn Tuma
Presentation addresses issues in cybersecurity law of the evolving standards for data breach liability for companies as well as officers and directors. The event was sponsored by Above Security and the title of the event was Above Compliance – Navigating the Cybersecurity Landscape in Financial Services.
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Shawn Tuma
This document provides information about Shawn Tuma, a cybersecurity partner at Scheef & Stone, L.L.P. It includes his contact information, areas of expertise, industry affiliations, and qualifications. The document highlights that Tuma serves on several boards and committees related to cybersecurity, data privacy, and technology law. It also lists some of the awards and recognitions he has received for his work in these fields.
Cybersecurity & Data Protection: Thinking About Risk & ComplianceShawn Tuma
Cybersecurity & Data Protection: Thinking About Risk & Compliance is a presentation that Frisco business lawyer Shawn Tuma delivered to the Corporate Counsel Section of the Collin County Bar Association. The presentation date was May 29, 2015.
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Shawn Tuma
This presentation was delivered by Shawn E. Tuma, Cybersecurity and Data Privacy Attorney, to the Joint Meeting of ISACA and IIA North Texas on January 12, 2017.
This presentation was significantly updated from past presentations and included a discussion of the groundbreaking New York Department of Financial Services (NYDFS) Cybersecurity Requirements for Financial Services Companies.
The main points of this presentation are:
(1) Cybersecurity events create a crisis situation and should be treated as such;
(2) Cybersecurity incidents are as much legal events as they are IT or Business / Public Relations events;
(3) Companies must have a cybersecurity breach response plan in place and tested, in advance;
(4) While consumer class action data breach litigation is a significant threat to companies and their leadership, it is not as great of a threat as regulatory enforcement by agencies such as the FTC and SEC, or the shareholder derivative claims for officer and director liability; and
(5) The odds are that all company will be breached, but preparation and diligence can help minimize the likelihood that such a breach from being a catastrophic event.
This presentation addresses the role of attorneys as the first responders in leading their clients through cybersecurity and data loss crisis events. The discussion begins by looking at the risk business have of being the victim of a cybersecurity or data loss incident and examining the nature of such incidents and the crisis environment they create. Then, because of this crisis environment, the need for leadership in helping keep the parties calm, rational, and making deliberate, calculated decisions.
The discussion then explains why cybersecurity events are legal events and legal counsel is the natural leader that should fulfill this role and how they can do so. It will then discuss the process legal counsel will take, including assembling the key players in such an event, both internally and externally. It discusses the obligations for responding to such an event, the steps that must be taken, those that must be considered, and certain factors that go into the decision-making process. It briefly addresses the costs of such an incident and the liability issues that can arise from such an incident and failing to properly respond to the incident. This section includes a discussion of the cybersecurity lawsuit landscape, cybersecurity regulatory landscape, and the issue of cybersecurity-related officer and director liability stemming from shareholder derivative lawsuits based on cybersecurity incidents.
It concludes with a discussion of the steps that companies can take to prepare for and be in a better position to respond to and mitigate the negative repercussions of such an incident.
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Shawn Tuma
This presentation was delivered by Shawn E. Tuma, Cybersecurity and Data Privacy Attorney, to the meeting of Women's In-House Network - DFW on April 27, 2017.
This presentation included a discussion of the groundbreaking New York Department of Financial Services (NYDFS) Cybersecurity Requirements for Financial Services Companies and the EU's General Data Protection Regulation (GDPR).
The main points of this presentation are:
(1) Cybersecurity events create a crisis situation and should be treated as such;
(2) Cybersecurity incidents are as much legal events as they are IT or Business / Public Relations events;
(3) Companies must have a cybersecurity breach response plan in place and tested, in advance;
(4) While consumer class action data breach litigation is a significant threat to companies and their leadership, it is not as great of a threat as regulatory enforcement by agencies such as the FTC and SEC, or the shareholder derivative claims for officer and director liability; and
(5) The odds are that all company will be breached, but preparation and diligence can help minimize the likelihood that such a breach from being a catastrophic event.
This presentation addresses the role of attorneys as the first responders in leading their clients through cybersecurity and data loss crisis events. The discussion begins by looking at the risk business have of being the victim of a cybersecurity or data loss incident and examining the nature of such incidents and the crisis environment they create. Then, because of this crisis environment, the need for leadership in helping keep the parties calm, rational, and making deliberate, calculated decisions.
The discussion then explains why cybersecurity events are legal events and legal counsel is the natural leader that should fulfill this role and how they can do so. It will then discuss the process legal counsel will take, including assembling the key players in such an event, both internally and externally. It discusses the obligations for responding to such an event, the steps that must be taken, those that must be considered, and certain factors that go into the decision-making process. It briefly addresses the costs of such an incident and the liability issues that can arise from such an incident and failing to properly respond to the incident. This section includes a discussion of the cybersecurity lawsuit landscape, cybersecurity regulatory landscape, and the issue of cybersecurity-related officer and director liability stemming from shareholder derivative lawsuits based on cybersecurity incidents.
It concludes with a discussion of the steps that companies can take to prepare for and be in a better position to respond to and mitigate the negative repercussions of such an incident.
Recovering from a Cyber Attack was delivered on February 7, 2018, at the Texas Bar CLE Cybersecurity Workshop course by Todd Hindman, Global Director, Data Breach Response Services of ID Experts Corp. and Shawn Tuma, Cybersecurity & Data Privacy Attorney at Scheef & Stone.
Data Security and Privacy by Contract: Hacking Us All Into Business Associate...Shawn Tuma
This presentation was delivered at the Southern Methodist University Law School, Science and Technology Law Review's 2015 Cybersecurity Symposium on October 23, 2015.
Data Breach Response: Before and After the BreachFinancial Poise
You’ve received the dreaded call that your company has just suffered a data breach – what do you do next? Who do you call for help? What notification obligations do you have?
With proper preparation, you can mitigate the damage caused by this unfortunate event and put your business in a position to recover. Your company may have already implemented its information security program and identified the responsible parties, including applicable outside experts, to be contacted in the event of a breach. However, now you must call up your incident response team to investigate the extent of the breach, evaluate the possible damage to your company, and determine whether you must notify your clients, customers, or the public of the breach. This webinar will help prepare you to take action when the worst happens.
Part of the webinar series: Cybersecurity & Data Privacy 2021
See more at https://www.financialpoise.com/webinars/
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Shawn Tuma
This presentation was delivered by Shawn E. Tuma, Cybersecurity and Data Privacy Attorney, at the January 27, 2017 meeting of (ISC)² Dallas Fort Worth Chapter.
This presentation was significantly updated from past presentations and included a discussion of the groundbreaking New York Department of Financial Services (NYDFS) Cybersecurity Requirements for Financial Services Companies.
The main points of this presentation are:
(1) Cybersecurity events create a crisis situation and should be treated as such;
(2) Cybersecurity incidents are as much legal events as they are IT or Business / Public Relations events;
(3) Companies must have a cybersecurity breach response plan in place and tested, in advance;
(4) While consumer class action data breach litigation is a significant threat to companies and their leadership, it is not as great of a threat as regulatory enforcement by agencies such as the FTC and SEC, or the shareholder derivative claims for officer and director liability; and
(5) The odds are that all company will be breached, but preparation and diligence can help minimize the likelihood that such a breach from being a catastrophic event.
This presentation addresses the role of attorneys as the first responders in leading their clients through cybersecurity and data loss crisis events. The discussion begins by looking at the risk business have of being the victim of a cybersecurity or data loss incident and examining the nature of such incidents and the crisis environment they create. Then, because of this crisis environment, the need for leadership in helping keep the parties calm, rational, and making deliberate, calculated decisions.
The discussion then explains why cybersecurity events are legal events and legal counsel is the natural leader that should fulfill this role and how they can do so. It will then discuss the process legal counsel will take, including assembling the key players in such an event, both internally and externally. It discusses the obligations for responding to such an event, the steps that must be taken, those that must be considered, and certain factors that go into the decision-making process. It briefly addresses the costs of such an incident and the liability issues that can arise from such an incident and failing to properly respond to the incident. This section includes a discussion of the cybersecurity lawsuit landscape, cybersecurity regulatory landscape, and the issue of cybersecurity-related officer and director liability stemming from shareholder derivative lawsuits based on cybersecurity incidents.
It concludes with a discussion of the steps that companies can take to prepare for and be in a better position to respond to and mitigate the negative repercussions of such an incident.
The document provides an overview of the new amendments to the Federal Rules of Civil Procedure related to electronically stored information and the impact on organizations. Key points include: the amendments require organizations to manage electronic data to allow timely and complete production during legal proceedings; organizations must implement litigation holds and retention policies to avoid sanctions for failure to preserve relevant evidence; special consideration is needed for electronically stored information that may not be reasonably accessible.
The document discusses e-discovery and how businesses should prepare for litigation involving electronically stored information. It recommends that businesses first identify areas at risk for litigation, take an inventory of relevant electronic data, and evaluate their resources. It also stresses the importance of building an e-discovery response team, designing a litigation hold process, and implementing an effective records management program to help contain costs during the e-discovery process. The document cautions that inadvertent errors are inevitable and outlines how businesses can avoid sanctions by cooperating with courts and opponents during litigation.
Legal Issues Impacting Data Center Owners, Operators & Usersjyates
MMM’s goal is to work with data center owners, operators and users to identify key legal issues and their related claims, and to provide ways to minimize liability.
ACI’s lauded Cyber & Data Risk Insurance conference is the highest-level event that provides maximum opportunities to learn from and network with underwriters, brokers, claims managers and industry leaders, and helps you keep pace with the ever-changing cyber insurance market. It’s also the only conference that brings you regulatory and enforcement priorities straight from the federal and state government themselves.
This document discusses trends in data breach litigation and approaches to practical data protection. It provides an overview of data breach litigation trends, including large settlements companies have faced. It also outlines specific steps companies can take to prevent breaches, such as defining what constitutes a breach, establishing response procedures, forming an incident response team, and tracking incidents. The goal is to help companies understand litigation risks and reduce risks of financial liability from data breaches through proactive data protection measures.
The purpose of this paper is to review the topic of data breach from two perspectives: first, an overview of the trends in data breach litigation, and second, a more granular perspective of practical data protection processes that may serve as a guidepost to help reduce the risk of likelihood of data breach. Taken together the reader will understand why a measured approach to data protection can reduce the risk of financial liability from a data breach lawsuit.
DAMA Webinar: The Data Governance of Personal (PII) DataDATAVERSITY
To do effective data governance, analysts should preview the amount of data their organization is collecting and consider if it is all necessary information to run the business or just “nice to have” data. Today companies are collecting a variety of Personally identifiable information (PII), combining it with location information, and using it to both personalize their own services and to sell to advertisers for behavioral marketing. Data brokers are tracking cell phone applications and insurance companies are installing devices to monitor driving habits. At the same time, however, hackers are embedding malicious software in company computers, opening a virtual door for criminals to rifle through an organization’s valuable personal and financial information.
This presentation explores:
•What company data should be tagged as “sensitive” data?
•Who within the company has access to personal data?
•Is the company breaking any privacy laws by storing PII data?
•Is the data secure from both internal and external hackers?
•What happens if there is an external data breech?
Similar to Leadership Through the Firestorm - Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss (20)
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Shawn Tuma
Shawn Tuma, a professional "breach guide" (aka, breach quarterback, coach, privacy counsel, etc), is an attorney who has practiced in cyber law since 1999. His day job as Co-Chair of Spencer Fane LLP's Data Privacy and Cybersecurity Practice is leading companies through the cyber incident response and recovery process. In this presentation, he provides a virtual tabletop exercise explaining the lifecycle of responding to a typical ransomware attack through a detailed timeline.
The audio for this presentation, in podcast form, is here: https://www.secureworldexpo.com/resources/podcast-ransomware-attack-lifecycle
Shawn Tuma, Co-Chair of Spencer Fane LLP's Data Privacy & Cybersecurity practice, was a guest lecturer on this topic at Southern Methodist University Digital Branding Class on October 27, 2020.
Incident Response Planning - Lifecycle of Responding to a Ransomware AttackShawn Tuma
Shawn Tuma, Co-Chair of Spencer Fane LLP's Data Privacy & Cybersecurity practice, was a guest lecturer on this topic at Columbia University for the Executive Masters of Technology Management Program on November 21, 2020.
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
Shawn Tuma, Co-Chair of Spencer Fane LLP's Data Privacy & Cybersecurity practice, presented on this topic at the 2020 Northwestern State University's Fall Continuing Legal Education Conference on November 18, 2020.
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...Shawn Tuma
Shawn Tuma, Co-Chair of Spencer Fane LLP's Data Privacy & Cybersecurity practice, presented on this topic at the 2020 Dallas Baptist University Reimagine Technology Conference course in Dallas, Texas on November 18, 2020.
The Role of Contracts in Privacy, Cybersecurity, and Data BreachShawn Tuma
Shawn Tuma, Co-Chair of Spencer Fane LLP's Data Privacy & Cybersecurity practice, presented on this topic at the 2020 Texas Bar CLE's Making and Breaking Iron-Clad Contracts course in Austin, Texas on March 6, 2020.
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
Shawn Tuma delivered this presentation on April 9, 2019, at the Oklahoma State University 4th Annual Cyber Security Conference in Oklahoma City, Oklahoma.
In twenty years of practicing cyber law, Shawn Tuma has seen a multitude of cybersecurity and data breach cases that have helped him understand the real-world risks companies face and the practical things they can do to prioritize their resources and effectively manage cyber risk. In this presentation, he will share his experience on issues such as:
· Why cybersecurity is an overall business risk issue that must be properly managed to comply with laws and regulations
· Why strategic leadership is critical in cybersecurity
· Why teams are critical for cybersecurity and how to personalities and psychology can impact that team
· The most likely real-world risks that most companies face
· How to prioritize limited resources to effectively manage the most likely real-world risks
· What is reasonable cybersecurity
· How to develop, implement, and mature a cyber risk management program
· Why cyber insurance is a critical component of the cyber risk management process
Real World Cyber Risk. Understand it. Manage it.Shawn Tuma
Renaissance Executive Forums 2019 CEO Summit presentation by Shawn E. Tuma, Co-Chair, Data Privacy & Cybersecurity Group, Spencer Fane, LLP
March 7, 2019
Dallas, Texas
The Legal Case for Cyber Risk Management Programs and What They Should IncludeShawn Tuma
Spencer Fane LLP Cybersecurity and Data Privacy attorney Shawn Tuma delivered "The Legal Case for Cyber Risk Management Programs and What They Should Include" at the Texas Society of Certified Public Accountants' TSCPA CPE 2018 CPE Expo Conference on November 30, 2018, in Addison, Texas.
The document provides a checklist of good cyber hygiene practices for companies. It recommends starting with a risk assessment and developing written cybersecurity policies covering data protection, monitoring, privacy, access limits, passwords, and BYOD. It also stresses training employees on policies, conducting phishing tests, using multi-factor authentication, antivirus software, access controls, updating software and backups. The checklist additionally includes recommendations for encrypting sensitive data, adequate logging, an incident response plan, third-party risk management, firewalls and cyber risk insurance.
This checklist outlines the steps a company should take in response to a cyber incident. It includes determining if the incident warrants escalation, documenting decisions, mitigating any ongoing compromise, engaging legal counsel, activating an incident response plan, notifying relevant parties such as insurers and business partners, investigating the scope of data compromised, assessing legal obligations, determining if law enforcement or public notification is required, and implementing measures to prevent future breaches. The checklist emphasizes having an incident response plan in place before a breach occurs to facilitate a coordinated response.
Cybersecurity: Cyber Risk Management for Lawyers and ClientsShawn Tuma
Shawn E. Tuma, cybersecurity and data privacy attorney at Spencer Fane, LLP, delivered the presentation titled "Cybersecurity: Cyber Risk Management for Lawyers and Clients" at the Texas Bar CLE's 16th Annual Advanced Business Law Course on November 8, 2018.
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Shawn Tuma
Cybersecurity requires a strategic, team-based approach. Effective cybersecurity teams require an understanding of roles, personalities, and psychology. Strategic leadership is needed to develop both proactive security and reactive incident response teams. Tabletop exercises are important for assessing teams and allowing members to practice their roles. While cybersecurity lawyers cannot provide a "magic wand" of privilege, they can help by actively leading risk management programs and investigations to maximize potential privilege protections.
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
Everyone should now understand that no bank or financial institution is immune from cyber risk. Many are now ready to move forward with improving their cyber risk posture but do not know what to do next or how to prioritize their resources. Recognizing that cybersecurity is an overall business risk issue that must be properly managed to comply with many laws and regulations governing banks and financial institutions, this presentation will provide a strategy for how to better understand and manage such risks by:
(1) Providing an overview of the legal and regulatory framework;
(2) Examining the most likely real-world risks; and
(3) Providing strategies for how to manage such risks, including cyber insurance and the development and implementation of an appropriate cyber risk management program (which is not as difficult as it sounds).
Shawn E. Tuma, cybersecurity and data privacy attorney at Spencer Fane, LLP, delivered the presentation titled Cybersecurity: Cyber Risk Management for Banks & Financial Institutions (and Attorneys Who Represent Them) at the Southwest Association of Bank Counsel 42nd Annual Convention on September 20, 2018 (formerly, Texas Association of Bank Counsel).
Something is Phishy: Cyber Scams and How to Avoid ThemShawn Tuma
Reginald A. Hirsch and Shawn E. Tuma presented this talk at the Annual Meeting of the State Bar of Texas for the Law Practice Management Section of the State Bar of Texas. The date of the talk was June 22, 2018, and the location was Houston, Texas.
Cybersecurity Fundamentals for Legal Professionals (and every other business)Shawn Tuma
Cybersecurity & Data Privacy attorney Shawn Tuma delivered this presentation to the Mid-Year Meeting of the State Bar of Oklahoma's Intellectual Property Law Section on June 2, 2018. For more information visit www.shawnetuma.com
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500Shawn Tuma
The document summarizes New York's Department of Financial Services cybersecurity regulations. It provides an overview of key dates for covered entities to comply with various aspects of the regulations, describes which businesses are considered covered entities and subject to the rules. It also summarizes several of the main components required by covered entities, including maintaining a cybersecurity program, designating a chief information security officer, conducting risk assessments, implementing controls like multi-factor authentication, and reporting cybersecurity events.
Business law for the students of undergraduate level. The presentation contains the summary of all the chapters under the syllabus of State University, Contract Act, Sale of Goods Act, Negotiable Instrument Act, Partnership Act, Limited Liability Act, Consumer Protection Act.
सुप्रीम कोर्ट ने यह भी माना था कि मजिस्ट्रेट का यह कर्तव्य है कि वह सुनिश्चित करे कि अधिकारी पीएमएलए के तहत निर्धारित प्रक्रिया के साथ-साथ संवैधानिक सुरक्षा उपायों का भी उचित रूप से पालन करें।
This document briefly explains the June compliance calendar 2024 with income tax returns, PF, ESI, and important due dates, forms to be filled out, periods, and who should file them?.
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...Sangyun Lee
Presentation slides for a session held on June 4, 2024, at Kyoto University. This presentation is based on the presenter’s recent paper, coauthored with Hwang Lee, Professor, Korea University, with the same title, published in the Journal of Business Administration & Law, Volume 34, No. 2 (April 2024). The paper, written in Korean, is available at <https://shorturl.at/GCWcI>.
Defending Weapons Offence Charges: Role of Mississauga Criminal Defence LawyersHarpreetSaini48
Discover how Mississauga criminal defence lawyers defend clients facing weapon offence charges with expert legal guidance and courtroom representation.
To know more visit: https://www.saini-law.com/
Genocide in International Criminal Law.pptxMasoudZamani13
Excited to share insights from my recent presentation on genocide! 💡 In light of ongoing debates, it's crucial to delve into the nuances of this grave crime.
Receivership and liquidation Accounts
Being a Paper Presented at Business Recovery and Insolvency Practitioners Association of Nigeria (BRIPAN) on Friday, August 18, 2023.
Matthew Professional CV experienced Government LiaisonMattGardner52
As an experienced Government Liaison, I have demonstrated expertise in Corporate Governance. My skill set includes senior-level management in Contract Management, Legal Support, and Diplomatic Relations. I have also gained proficiency as a Corporate Liaison, utilizing my strong background in accounting, finance, and legal, with a Bachelor's degree (B.A.) from California State University. My Administrative Skills further strengthen my ability to contribute to the growth and success of any organization.
2. Shawn Tuma
Cybersecurity Partner
Scheef & Stone, L.L.P.
214.472.2135
shawn.tuma@solidcounsel.com
@shawnetuma
blog: www.shawnetuma.com
web: www.solidcounsel.com
This information provided is
for educational purposes only,
does not constitute legal
advice, and no attorney-client
relationship is created by this
presentation.
ShawnTuma is a business lawyer with an internationally recognized
reputation in cybersecurity, computer fraud and data privacy law. He is a
Cybersecurity & Data Protection Partner at Scheef & Stone, LLP, a full-
service commercial law firm inTexas that represents businesses of all
sizes throughout the United States and around the world.
Board of Directors, NorthTexas Cyber Forensics Lab
Board of Directors & General Counsel, Cyber Future Foundation
Texas SuperLawyers 2015-16 (IP Litigation)
Best Lawyers in Dallas 2014-16, D Magazine (Digital Information Law)
Council, Computer &Technology Section, State Bar ofTexas
Chair, Civil Litigation & Appellate Section, Collin County Bar
Association
College of the State Bar ofTexas
Privacy and Data Security Committee, Litigation, Intellectual
Property Law, and Business Sections of the State Bar ofTexas
Information Security Committee of the Section on Science &
Technology Committee of the American Bar Association
NorthTexas Crime Commission,Cybercrime Committee
Infragard (FBI)
International Association of Privacy Professionals (IAPP)
Information Systems Security Association (ISSA)
Board of Advisors, Optiv Security
Editor, Business Cybersecurity Business Law Blog
3. “There are only two types of companies: those that have
been hacked, and those that will be.” –Robert Mueller
4. “It’s not a matter of if, but a matter of when”
14. Immediate Priorities
• Assess the situation
• Be a counselor
• Instill confidence
• Bring peace
• Facilitate rational
thought & behavior
15. www.solidcounsel.com
Who are targets?
Key Point: We are all targets
Your clients’ businesses
Your law firms
Big firms (give examples)
James Shelton Example
Rural Texas solo practitioner
Employee left, didn’t change password or disable acct
Hackers accessed, spoofed email, sent “pleadings” all over,
including other countries
16. www.solidcounsel.com
Privilege / Work Product
KEY POINT: Attorney’s may have privilege
“Target has demonstrated . . . that the work of the
Data Breach Task Force was focused not on
remediation of the breach . . . but on informing
Target’s in-house and outside counsel about the
breach so that Target’s attorneys could provide
the company with legal advice and prepare to
defend the company in litigation that was already
pending and was reasonably expected to follow.”
In re Target Corp. Customer Data Breach
Litigation
17. www.solidcounsel.com
ACC Study (Sept ‘15)
What concerns keep
Chief Legal Officers
awake at night?
#2 = Data Breaches
82% consider as
somewhat, very, or
extremely important
18. www.solidcounsel.com
Cost of a Data Breach – US
2013 Cost
• $188.00 per record
• $5.4 million = total average cost paid by organizations
2014 Cost
• $201 per record
• $5.9 million = total average cost paid by organizations
2015 Cost
• $217 per record
• $6.5 million = total average cost paid by organizations
(Ponemon Institute Cost of Data Breach Studies)
19. www.solidcounsel.com
Legal Obligations
International Laws
Safe Harbor
Privacy Shield
Federal Laws & Regs
HIPAA, GLBA, FERPA
FTC, FCC, SEC
State Laws
47 states (Ala, NM, SD)
Fla (w/in 30 days)
OH & VT (45 days)
Industry Groups
PCI, FINRA, etc.
Contracts
Vendors & Suppliers
Business Partners
Data Security Addendum
20. www.solidcounsel.com
Ancient Cybersecurity
Wisdom
Water shapes its course
according to the nature of the
ground over which it flows;
the soldier works out his
victory in relation to the foe
whom he is facing.”
“In all fighting the direct
method may be used for
joining battle, but indirect
methods will be needed to
secure victory.”
21. “An ounce of prevention is cheaper than
the first day of litigation.”
25. www.solidcounsel.com
Regulatory & Administrative - FTC
KEY POINT: You must have basic IT security
F.T.C. v. Wyndham Worldwide Corp., 799 F.3d 236 (3rd Cir. Aug. 24,
2015).
The FTC has authority to regulate cybersecurity under the
unfairness prong of § 45(a) of the Federal Trade Commission
Act.
Companies have fair notice that their specific cybersecurity
practices could fall short of that provision.
3 breaches / 619,000 records / $10.6 million in fraud
Rudimentary practices v. 2007 guidebook
Website Privacy Policy misrepresentations
Jurisdiction v. set standard?
27. www.solidcounsel.com
The Basics
Best Practices
Documented
Basic IT Security
Basic Physical Security
Security Focused P&P
Company
Workforce
Network
Website / Privacy / TOS
Business Associates
Social Engineering
Implementation
Training
28. www.solidcounsel.com
Regulatory & Administrative – FTC
KEY POINT: You must evaluate business partners’ security
In re GMR Transcription Svcs, Inc., 2014 WL 4252393 (Aug. 14,
2014). FTC’s Order requires business to follow 3 steps when
contracting with third party service providers:
1. Investigate before hiring data service providers.
2. Obligate their data service providers to adhere to the
appropriate level of data security protections.
3. Verify that the data service providers are complying with
obligations (contracts).
29. www.solidcounsel.com
Addendum to Business Contracts
KEY POINT: Know your contractual obligations
Common names for the Addendum:
Data Security & Privacy; Data Privacy; Cybersecurity; Privacy;
Information Security.
Common features
Defines subject “Data” being protected in categories.
Describes acceptable and prohibited uses for Data.
Describes standards for protecting Data.
Describes requirements for deleting Data.
Describes obligations if a breach of Data.
Allocates responsibility if a breach of Data.
Requires binding third parties to similar provisions.
30. www.solidcounsel.com
Regulatory & Administrative – SEC
KEY POINT: You must have written (1) Policies &
Procedures and (2) Incident Response Plan
S.E.C. v. R.T. Jones Capital Equities Management, Consent
Order (Sept. 22, 2015).
“Firms must adopt written policies to protect their clients’
private information”
“they need to anticipate potential cybersecurity events
and
have clear procedures in place rather than waiting to
react once a breach occurs.”
violated this “safeguards rule
100,000 records (no reports of harm)
$75,000 penalty
34. www.solidcounsel.com
Officer & Director Liability
KEY POINT: “boards that choose to ignore, or minimize,
the importance of cybersecurity oversight responsibility,
do so at their own peril.” SEC Commissioner Luis A. Aguilar, June
10, 2014.
Heartland Payment Systems, TJ Maxx, Target, Home Depot, Wyndham
Derivative claims premised on the harm to the company from data breach.
Caremark Claims:
Premised on lack of oversight = breach of the duty of loyalty and good faith
Cannot insulate the officers and directors = PERSONAL LIABILITY!
Standard:
(1) “utterly failed” to implement reporting system or controls; or
(2) “consciously failed” to monitor or oversee system.
35. www.solidcounsel.com
Officer & Director Liability
Palkon v. Holmes, 2014 WL 5341880, *5-6 (D. NJ Oct. 20,
2014).
Derivative action for failing to ensure Wyndham implemented
adequate security policies and procedures.
Order Dismissing: The board satisfied the business judgement rule
by staying reasonably informed of the cybersecurity risks and
exercising appropriate oversight in the face of the known risks.
Well-documented history of diligence showed Board
Discussed cybersecurity risks, company security policies and
proposed enhancements in 14 quarterly meetings; and
Implemented some of those cybersecurity measures.
37. www.solidcounsel.com
Cyber Insurance – Key Questions
Even know if you have it?
What period does the
policy cover?
Are Officers & Directors
Covered?
Cover 3rd Party Caused
Events?
Social Engineering
coverage?
Cover insiders intentional
acts (vs. negligent)
Contractual liability?
What is the triggering
event?
What types of data are
covered?
What kind of incidents are
covered?
Acts of war?
Required carrier list for
attorneys & experts?
Other similar risks?
38. Virtually all companies will be
breached.Will they be liable?
It’s not the breach; it’s their diligence
and response that matter most.
Companies have a duty to be
reasonably informed of and take
reasonable measures to protect
against cybersecurity risks.