Moderated byPaul M SchwartzBerkeley Law SchoolFourth Annual BCLT Privacy ForumMarch 13 2015Roadmap Introduction Data SecurityTop Three Data Security Issues or Trendsof the Next 18 MonthsPragmatic Data ID: 858088
Download Pdf The PPT/PDF document "Data Security Issues" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
1 Data Security Issues Moderated by:Paul M
Data Security Issues Moderated by:Paul M. SchwartzBerkeley Law SchoolFourth Annual BCLT Privacy ForumMarch 13, 2015 Roadmap Introduction: Data Se
2 curityTop Three Data Security Issues or
curityTop Three Data Security Issues or Trendsof the Next 18 MonthsPragmatic Data Security AdviceQuestions and Answers roblem withcomputer security i
3 s that most of the advice we are given i
s that most of the advice we are given is absurd. The CyberSummit(Feb. 13) Mr. Obama...made clear that his six years in the presidency ha
4 d given him a new appreciation of how th
d given him a new appreciation of how the government will be called upon to protect citizens against the most severe [cyber] attacks... Sourc
5 e (text and image): N.Y. Times; http://w
e (text and image): N.Y. Times; http://www.nytimes.com/2015/02/14/business/obamaurgestechcompaniescooperateinternetsecurity.html?_r=0 The White Hou
6 se, CyberSummit(Feb. 13) [O]ur con
se, CyberSummit(Feb. 13) [O]ur connectivity brings extraordinary benefits to our daily lives, but also brings risks. The White Hous
7 e CyberSummit(Feb. 13)People
e CyberSummit(Feb. 13)People have entrusted us with their most personal and precious information . . . We owe them nothing less than the
8 best protections that we can possibly pr
best protections that we can possibly provide. Source: http://www.nytimes.com/2015/02/14/business/obamaurgestechcompaniescooperateinternetsecur
9 ity.html?_r=0 Verizon Data Breach Repor
ity.html?_r=0 Verizon Data Breach Report (2014)://www.verizonenterprise.com/DBIR/2014/ New York Attorney Generals Data Breach Report://www.ag.
10 ny.gov/pdfs/data_breach_report071414.pdf
ny.gov/pdfs/data_breach_report071414.pdf California Attorney Generals Data Breach Reporthttps://oag.ca.gov/sites/all/files/agweb/pdfs/privacy/2
11 014data_breach_rpt.pdf Target Data Breac
014data_breach_rpt.pdf Target Data Breach Costs Source: http://www.law360.com/privacy/articles/625014?nl_pk=eb8638788a06aeef03a5c4a3 Sony Data Hack S
12 ony Data Hack Jan. 23, 2015 Data Securit
ony Data Hack Jan. 23, 2015 Data Security: Looking into the Future Ruby Zefo, Intel Corp.Vice President of Law andPolicy Group, Chief Privacy & Secur
13 ity Counsel Ruby Zefo| Top Three Data Se
ity Counsel Ruby Zefo| Top Three Data Security Trends | Trend 3Big Data. And Cloud Security. Ruby Zefo| Top Three Data Security Trends | Trend Data b
14 reach preparedness and management:Standa
reach preparedness and management:Standards and enforcement against unreasonable security measures (NIST, FTC, class ctions, etc.). Ruby
15 Zefo| Top Three Data Security Trends | T
Zefo| Top Three Data Security Trends | Trend Internet of Things ecosystem security not just consumer devices Disclaimer from Moderatorhotographs of c
16 elebrities used solely for educational p
elebrities used solely for educational purposesndorsement of celebrities notimplied Right of publicity fair use safeguarded by the Califo
17 rnia Supreme Court Winter v. DC Comics,
rnia Supreme Court Winter v. DC Comics, 30 Cal. 4th881(2003Comedy III Productions, Inc. v. Gary SaderupInc25 Cal. 4th387 (2001 Travis LeBlanc, FCCChi
18 ef of the Bureau ofEnforcement Travis Le
ef of the Bureau ofEnforcement Travis Leblanc | Top Three Data Security Trends | Trend 3Calls for increased security for connected devices as the Int
19 ernet of Things gains popularity. Travis
ernet of Things gains popularity. Travis Leblanc | Top Three Data Security Trends | Trend More sharing of information as regards data security threat
20 s (whether with the government or betwee
s (whether with the government or between companies). Travis Leblanc | Top Three Data Security Trends | Trend 3 More nation state attacks on U.S. b
21 usinesses. Randy Sabett, PartnerCooley L
usinesses. Randy Sabett, PartnerCooley LLPVice Chair of thePrivacy and Data SecurityPractice Group Randy Sabett| Top Three Data Security Trends | Tre
22 nd 3Increased adoption ofbut some confus
nd 3Increased adoption ofbut some confusion overthe NIST framework as a common data protection mechanism. Randy Sabett| Top Three Data Security Trend
23 s | Trend The sensorization
s | Trend The sensorization of humanity and the difficulties of finding the right balance between privacy and security. Some emerging
24 business models are vigilant about priva
business models are vigilant about privacy and securityothers, not so much. Randy Sabett| Top Three Data Security Trends | Trend A more restrictive f
25 ederal approach plus sectorbased (as opp
ederal approach plus sectorbased (as opposed to broad national) data security mandates. Michelle VisserPartner, Ropes and Gray Michelle Visser| Top
26 Three Data Security Trends | Trend 3Will
Three Data Security Trends | Trend 3Will we see greater clarity, or perhaps more of a split, regarding what Clappermeans for consumers trying to esta
27 blish standing in data security actions?
blish standing in data security actions? Michelle Visser| Top Three Data Security Trends | Trend How will the FTCs efforts to regulate the
28 7;Internet of Things impact the en
7;Internet of Things impact the enforcement and litigation landscape? Michelle Visser| Top Three Data Security Trends | Trend 1 Will regulato
29 rs and plaintiffs continue to try and ex
rs and plaintiffs continue to try and expand the categories of consumer information that are considered sensitive? Kurt Wimmer, PartnerCo
30 vington and Burling LLPChair, Privacy an
vington and Burling LLPChair, Privacy and DataSecurity Practice Group Kurt Wimmer| Top Three Data Security Trends | Trend 3 International: Will th
31 e EU pass the Regulation? Will more coun
e EU pass the Regulation? Will more countries decide not to wait and enact their own breach notification requirements? Kurt Wimmer| Top Three Data S
32 ecurity Trends | Trend Legislation: Will
ecurity Trends | Trend Legislation: Will the parties in Congress be able to work together? Will they preempt the states? Kurt Wimmer| Top Three Data
33 Security Trends | Trend Insurance covera
Security Trends | Trend Insurance coverage for breach costs will become even more contentious. Pragmatic Advice Ruby Zefo, Intel Corp.Vice President
34 of Law andPolicy Group, Chief Privacy &
of Law andPolicy Group, Chief Privacy & Security Counsel Ruby ZefoPragmatic Advice3. Not enough to have an untesteddata breach preparedness plan Ruby
35 ZefoPragmatic Advice2. Document r
ZefoPragmatic Advice2. Document reasonable security measures1. Communicate clearlyfrom the top downwhat your brand is going to mean rega
36 rding data privacy and security. Be con
rding data privacy and security. Be consistent across the company and all of its products. Randy Sabett, PartnerCooley LLPVice Chair of thePrivacy
37 and Data SecurityPractice Group Randy Sa
and Data SecurityPractice Group Randy SabettPragmatic Advice3. If you dont have a tiger team, form one. If you have a team, talk to them. If yo
38 u talk to them, act on what you talk abo
u talk to them, act on what you talk about. Wash, rinse, repeat. Randy SabettPragmatic Advice2. Buy Framoil filters. Framad campaign: You can p
39 ay me now or you can pay me later.
ay me now or you can pay me later. 100,000 investment today could save millions later on.1. Consider cyber insurance...but vet your agent care
40 fully and read your policy closely. Ther
fully and read your policy closely. There are many misaligned policies out there, with people thinking that they are covered when they are not. Kurt
41 Wimmer, PartnerCovington and Burling LLP
Wimmer, PartnerCovington and Burling LLPChair, Privacy and DataSecurity Practice Group Kurt WimmerPragmatic Advice 3. Have an incident response plan
42 in place beforean incident. Create lin
in place beforean incident. Create lines of authority so that privilege is preserved. Line up advisors, particularly technical experts for remediat
43 ion. Negotiate a master services agreeme
ion. Negotiate a master services agreement so you can hit the ground running. Kurt WimmerPragmatic Advice2. Review your insurance policies. Insure
44 rs are increasingly likely to deny cover
rs are increasingly likely to deny coverage under general policiesassess whether you ought to have cyberinsurance policies.1. Train, train, train. So
45 many breaches are clever phishing attac
many breaches are clever phishing attacks, social hacks and human error. Secure your human resourcesby raising the education level among the user po
46 pulation of your organization. Michelle
pulation of your organization. Michelle VisserPartner, Ropes and Gray Michelle VisserPragmatic Advice3. Ensure that your incident response plan is dr
47 afted with an eye towards litigation and
afted with an eye towards litigation and/or governmental inquiries, and test it. Understand the facts before you disclose an incident Michelle Visser
48 Pragmatic Advice2. Do risk assessments r
Pragmatic Advice2. Do risk assessments regularly, and ensure that resulting action items are addressed. Consider the value of using an outside assess
49 or, working with legal counsel.Know wher
or, working with legal counsel.Know where your data is(Yes, this is still an issue) Travis LeBlanc, FCCChief of the Bureau ofEnforcement Travis LeBla
50 nc | Pragmatic Advice3. For companies, r
nc | Pragmatic Advice3. For companies, require data security standards for any contractor or agent who has access to, or possession of, personal data
51 that your company collects from custome
that your company collects from customers.2. For outside counsel, review your firms data security practices. If you dont have a CIO, hir
52 e one. If you do, begin to work on a pla
e one. If you do, begin to work on a plan for how you can simultaneously accommodate the differing data security concerns and requirements of multipl
53 e clients Travis LeBlanc | Pragmatic Adv
e clients Travis LeBlanc | Pragmatic Advice1. For companies, develop a breach response plan nowDont wait until a breach occurs. Assume it will
54 Question and Answers Why so many data
Question and Answers Why so many data breaches in 2014? Source: http://www.csoonline.com/article/2847269/businesscontinuity/nearlybillionrecordswer
55 ecompromised2014.html What did some of
ecompromised2014.html What did some of 2014s data security breaches look like? Source: http://hackmageddon.com/2014/11/25/fortunecyberattackst