Bring Your Own Device BYOD
|
|
- Gyles Clark
- 6 years ago
- Views:
Transcription
1 Bring Your Own Device BYOD Elizabeth L. Lewis Randy V. Sabett Shane McGee October 25, :30 2:00 p.m attorney advertisement Copyright Cooley LLP, 3175 Hanover Street, Palo Alto, CA The content of this packet is an introduction to Cooley LLP s capabilities and is not intended, by itself, to provide legal advice or create an attorney-client relationship. Prior results do not guarantee future outcome.
2 Presenters Elizabeth Lewis Partner Cooley LLP Randy Sabett Special Counsel Cooley LLP Shane McGee Former Chief Privacy Officer FireEye
3 Overview
4 BYOD Why Are We Here? BYOD is increasingly common at work It is popular with employees and reduces employer expense But it raises security, loss or spoliation of data, compliance and intellectual property concerns
5 BYOD Today s Agenda This program concerns BYOD and the proactive strategies you can implement to address them including: policy development firewalls and security software monitoring employees documentation of work e-discovery and litigation holds
6 BYOD Why Allow It? Very popular with employees, particularly younger workers May improve efficiency and productivity Employee is carrying and checking one device, not two Employee more likely to review and respond
7 BYOD What Are the Risks? Loss or misuse of company data, confidential information and trade secrets Potential use and integration of intellectual property of a former employer Data breach Exposure to viruses and malware Failure to maintain information subject to a litigation hold or a discovery request Limited ability to monitor employee activity
8 BYOD Policy and Management
9 BYOD How to Manage? Policy Development Begin by understanding that employers do not have unfettered freedom to monitor employees in their at-home work environment Particularly when the employees are using their own personal computer and telephone equipment These devices may also contain personal information and be used for personal business
10 BYOD How to Manage? Policy Development Be sure employees have reasonable methods of getting work done without the use of personal devices Develop and distribute a written monitoring policy to both office-based employees and telecommuters that clearly establishes the right to monitor without notice and under what conditions Limit monitoring to business-related materials and phone calls Obtain employee s written acknowledgement of the employer s monitoring practice
11 BYOD How to Manage? Employee Access to and Other Databases From Their Own Personal Device Begin with understanding that privacy concerns are heightened with personally owned devices Have appropriate security precautions been put into place? Can the device be monitored? Wiped? If wiped, total device or sandboxed portion? Do you have a policy that addresses this issue?
12 BYOD How to Manage? Employee Access to and Other Databases From Their Own Personal Device Do you need to consider industry-specific issues? (e.g., health, financial, government contractor) Address concerns by type of information (e.g., personnel file information, customer bank account information) How do you deal with these devices if a legal hold is put in place? Explain what to do if device is lost or stolen (who gets notified and how) Address downloading of company documents
13 BYOD How to Manage? External (USB) Devices Problem: external data, viruses and malware imported into the company s systems by use of a device that has been used before Possible solutions: Best practice is to issue and require use of a new, clean company device each time Record each company device by serial number and scrub after each use If the employee brings a non-company device require that it be produced and scanned before connected to your system Inform employees that the company monitors USB device usage
14 BYOD How to Manage? Cloud and Web Storage Require employees to identify any webmail or cloud storage accounts (e.g., Dropbox, icloud) that might contain either company information or former employer information Prohibit further use if necessary If you allow, understand the ownership agreement and date limitations on storage that are associated with these storage solutions Remove or copy company data to a secure location as soon as possible; frequently if you allow ongoing use
15 BYOD How to Manage? Documenting Development Status Regularly document current state of technology to establish a baseline for comparison Regularly document current customer/potential customer information Require employees to regularly document their development efforts
16 BYOD case study: at the border
17 Border Cases As far as searches of computers are concerned, borders are different than interstate travel Why do you think this is?
18 Border Cases (cont d) Border searches, from before the Fourth Amendment, have been considered to be 'reasonable' by the single fact that the person or item in question had entered into our country from outside. U.S. v. Ramsay, 431 U.S. 606 (1977). According to the Supreme Court: routine border searches are unlike most other searches of homes, persons, things or vehicles (regardless of whether of persons or property) routine border searches require no probable cause, reasonable suspicion, or warrant reasonable expectation of privacy is diminished at the border U.S. v. Montoya de Hernandez, 478 U.S. 531 (1985) Authority derives from the nation's sovereign and inherent authority to protect, and [its] paramount interest in protecting, its territorial authority. U.S. v. Flores-Montano, 541 U.S. 149 (2004).
19 Customs Actual Authority Defined by CBP Directive No (8/20/09) and ICE Directive No (8/18/09)
20 4 th Amendment Law The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. Case law has developed around whether various searches were constitutional or not Early cases involved things like autos, phone booths, hotel rooms, pen registers, etc.
21 Cases involving laptops U.S. circuit courts U.S. v. Arnold and U.S. v. Ickes have held that searches involving laptops: do not require reasonable suspicion or probable cause are similar to warrantless, suspicionless searches of property allowed by the Supreme Court (e.g., searches of travelers suitcases, briefcases, pockets, papers and films)
22 Cases involving laptops (cont d) Arguments rejected that laptop searches are different, whether because of the massive amount of data they hold, the First Amendment implications of searching expressive material or the purported invasiveness of the searches In Arnold: amount of storage capacity would not make an otherwise routine search particularly offensive rejected analogy between a laptop and a home, humorously(?) commenting that one cannot live in a laptop.
23 Current procedures Definition of electronic media : Policy:
24 Current procedures (cont d) Detention for further review:
25 Current procedures (cont d) and almost an entire page on what constitutes reasonable time for review:
26 Current procedures (cont d) Oh, by the way, here s the rest
27 Wrap up
28 BYOD Takeaways Firm-Provided Devices & Plans Can reduce risk of monitoring issues via a comprehensive firm-owned mobile device program Can reduce but does not eliminate BYOD may not reduce costs when carrier contracts are properly negotiated Device availability and lag can cause employee satisfaction issues May increase accounting burden
29 BYOD Takeaways (cont d) If BYOD not yet implemented, consider sticking to a firm-provided plan When not possible and BYOD is a reality, then ensure that technology controls are in-line with legal restrictions Increase frequency of AUP awareness/sign-off
30 BYOD QUESTIONS?
31 Bios Elizabeth Lewis Elizabeth "Betsy" Lewis' practice focuses on labor and employment law, civil rights law and litigation. In her employment practice, she works with clients to find cost-effective business solutions to employment problems. She works on a broad spectrum of employment issues, including advising clients on compliance with employment laws (including FLSA, Title VII, ADEA, ADA, FMLA, WARN, OSHA, NLRA, FCRA), managing difficult employees, developing and implementing personnel practices and procedures, due diligence for IPOs, mergers and acquisitions, structuring executive and incentive compensation, drafting employment and noncompete agreements, handling discrimination complaints before administrative agencies, preparing affirmative action plans and handling OFCCP and other DOL audits, including glass ceiling audits. Randy Sabett, JD, CISSP Randy V. Sabett, JD, CISSP, is vice chair of Cooley s privacy & data protection (PDP) practice group. He counsels clients on a wide range of cutting-edge cybersecurity, privacy, IT licensing and intellectual property issues. Randy helps clients develop strategies to protect their information, including advising companies on developing and maintaining appropriate internal controls to meet privacy and cybersecurity requirements. He also drafts and negotiates a wide variety of technology transaction agreements. Having previously served as an in-house counsel to a Silicon Valley startup, Randy employs a pragmatic approach when structuring and negotiating such agreements. He has also counseled numerous clients on a variety of data breach scenarios, including running incident response for major commercial retailers, large financial institutions, on-line service providers, and health care organizations. Shane McGee, JD, CISSP Until recently, Shane was Chief Privacy Officer and VP of Policy at FireEye where he built a worldwide privacy program to ensure appropriate use of customer data and engaged with policymakers around the world to promote policy change in an effort to protect against cyber-criminals and state-sponsored attackers. Shane was Mandiant s General Counsel prior to FireEye s acquisition of Mandiant in late 2013, and before that co-chaired the Privacy and Security group at SNR Denton with Randy Sabett. Shane will be starting at PhishMe late this month as their new General Counsel.
BYOD (Bring Your Own Device): Employee-owned Technology in the Workplace
BYOD (Bring Your Own Device): Employee-owned Technology in the Workplace MCHRMA Spring Conference April 4, 2014 PRESENTED BY: Sonya Guggemos MCIT Staff Counsel for Risk Control sguggemos@mcit.org The information
More informationSample BYOD Policy. Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited.
Sample BYOD Policy Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited. SAMPLE BRING YOUR OWN DEVICE POLICY TERMS OF USE This Sample Bring
More informationAnatomy of a Data Breach: A Practical Guide for Small Law Departments
Anatomy of a Data Breach: A Practical Guide for Small Law Departments Judy Branzelle is the Chief Legal Officer and General Counsel for Goodwill Industries International, Inc. where she has been employed
More informationPEDs in the Workplace: It s a Mad, Mad BYOD World
PEDs in the Workplace: It s a Mad, Mad BYOD World Technology in the Workplace Technology in the workplace has transformed over the years from this The World s First Computer (1946) 2015 Snell & Wilmer
More informationHacking and Cyber Espionage
Hacking and Cyber Espionage September 19, 2013 Prophylactic and Post-Breach Concerns for In-House Counsel Raymond O. Aghaian, McKenna Long & Aldridge LLP Elizabeth (Beth) Ferrell, McKenna Long & Aldridge
More informationIntegrating Information Security Protections In Supplier Agreements: Guidance for Business and Technology Counsel
Presenting a live 90-minute webinar with interactive Q&A Integrating Information Security Protections In Supplier Agreements: Guidance for Business and Technology Counsel Evaluating Data Security Risks
More informationInvestigating Insider Threats
Investigating Insider Threats February 9, 2016 Jonathan Gannon, AT&T Brenda Morris, Booz Allen Hamilton Benjamin Powell, WilmerHale 1 Panelist Biographies Jonathan Gannon, AT&T, Executive Director & Senior
More informationVIACOM INC. PRIVACY SHIELD PRIVACY POLICY
VIACOM INC. PRIVACY SHIELD PRIVACY POLICY Last Modified and Effective as of October 23, 2017 Viacom respects individuals privacy, and strives to collect, use and disclose personal information in a manner
More informationA Privacy and Cybersecurity Primer for Nonprofits Nonprofits in the Digital Age March 9, 2016
A Privacy and Cybersecurity Primer for Nonprofits Nonprofits in the Digital Age March 9, 2016 Panelists Beverly J. Jones, Esq. Senior Vice President and Chief Legal Officer ASPCA Christin S. McMeley, CIPP-US
More informationDeveloping Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite?
Developing Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite? Minnesota RIMS 39 th Annual Seminar Risk 2011-2012: Can You Hack
More informationPRC Cyber Security Law --- How does it affect a UK business? Xun Yang Of Counsel, Commercial IP and Technology
PRC Cyber Security Law --- How does it affect a UK business? Xun Yang Of Counsel, Commercial IP and Technology 24 October 2017 Content Overview of Cyber Security Law Observations on Implementation of Cyber
More informationLegal, Ethical, and Professional Issues in Information Security
Legal, Ethical, and Professional Issues in Information Security Downloaded from http://www.utc.edu/center-information-securityassurance/course-listing/cpsc3600.php Minor Changes from Dr. Enis KARAARSLAN
More informationA Checklist for Cybersecurity and Data Privacy Diligence in TMT Transactions
May 2018 TMT INSIGHTS From the Debevoise Technology, Media & Telecommunications Practice A Checklist for Cybersecurity and Data Privacy Diligence in TMT Transactions Companies in the technology, media
More informationSteps to Take Now to be Ready if Your Organization is Breached Thursday, February 22 2:30 p.m. 3:30 p.m.
Steps to Take Now to be Ready if Your Organization is Breached Thursday, February 22 2:30 p.m. 3:30 p.m. The cyber threats are no longer a question of if, but when, a breach will occur. It is important
More informationAIRMIC ENTERPRISE RISK MANAGEMENT FORUM
AIRMIC ENTERPRISE RISK MANAGEMENT FORUM Date 10 November 2016 Name Nick Gibbons Position, PARTNER BLM T: 0207 457 3567 E: Nick.Gibbons@blmlaw.com SUMMARY Cyber crime is now a daily reality Every business
More informationencrypted, and that all portable devices (laptops, phones, thumb drives, etc.) be encrypted while in use and while at rest?
Data Privacy According to statistics provided by the Data Breach Level Index, hackers and thieves are stealing more than 227,000 personal records per hour as of 2017, generally targeting customer information
More informationWhy you MUST protect your customer data
Why you MUST protect your customer data If you think you re exempt from compliance with customer data security and privacy laws because you re a small business, think again. Businesses of all sizes are
More informationAcceptable Use Policy
Acceptable Use Policy Jackson Energy Authority 731.422.7500 INTRODUCTION Jackson Energy Authority ( JEA ) has formulated this Acceptable Use Policy ( AUP ), in order to set forth terms regarding the responsible
More informationIs the Best Defense a Good Offense? Christopher T. Pierson, CIPP/US, CIPP/G James T. Shreve, CIPP/US, CIPP/IT
Is the Best Defense a Good Offense? Christopher T. Pierson, CIPP/US, CIPP/G James T. Shreve, CIPP/US, CIPP/IT Agenda & Disclaimer 1. Scenarios 2. Issues - Status of Cybersecurity and Hacking 3. Capabilities
More informationLCU Privacy Breach Response Plan
LCU Privacy Breach Response Plan Sept 2018 Prevention Communication & Notification Evaluation of Risks Breach Containment & Preliminary Assessment Introduction The Credit Union makes every effort to safeguard
More informationNORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers
Identify Protect Detect Respond Recover Identify: Risk Assessments & Management 1. Risk assessments are conducted frequently (e.g. annually, quarterly). 2. Cybersecurity is included in the risk assessment.
More informationGetting Your Privacy House in Order
Getting Your Privacy House in Order Lisa J. Sotto Ewa Abrams Victoria King Partner Associate General Counsel Global Privacy Officer Hunton & Williams LLP Tiffany & Co. UPS (212) 309-1223 (212) 230-5351
More informationData Privacy and Cybersecurity
Data Privacy and Cybersecurity Key Contacts Timothy C. Blank Boston +1 617 728 7154 Dr. Olaf Fasshauer National Munich +49 89 21 21 63 28 Joshua H. Rawson New York +1 212 698 3862 Translate Page In an
More informationHow Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner
How Cybersecurity Initiatives May Impact Operators Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495 Agenda Rise in Data Breaches Effects of Increase in Cybersecurity Threats Cybersecurity Framework
More informationGM Information Security Controls
: Table of Contents 2... 2-1 2.1 Responsibility to Maintain... 2-2 2.2 GM s Right to Monitor... 2-2 2.3 Personal Privacy... 2-3 2.4 Comply with Applicable Laws and Site Specific Restrictions... 2-3 2.5
More informationThe Apple Store, Coombe Lodge, Blagdon BS40 7RG,
1 The General Data Protection Regulation ( GDPR ) is the new legal framework that will come into effect on the 25th of May 2018 in the European Union ( EU ) and will be directly applicable in all EU Member
More informationFIRESOFT CONSULTING Privacy Policy
FIRESOFT CONSULTING Privacy Policy FIRESOFT CONSULTING abides by the Australian Privacy Principles ( APPs ), which provides relative information to businesses in relation to the collection, disclosure,
More informationHOT TOPICS IN DATA PRIVACY REGULATION IN RUSSIA
HOT TOPICS IN DATA PRIVACY REGULATION IN RUSSIA Ksenia Andreeva Anastasia Dergacheva Vasilisa Strizh November 27, 2018 2018 Morgan, Lewis & Bockius 2017 Morgan, Lewis & Bockius Contents News from the Russian
More informationCellular Site Simulator Usage and Privacy
Policy 609 Cellular Site Simulator Usage and Privacy 609.1 PURPOSE AND SCOPE The purpose of this policy is to set guidelines and requirements pertaining to cellular site simulator technology usage and
More informationA Global Look at IT Audit Best Practices
A Global Look at IT Audit Best Practices 2015 IT Audit Benchmarking Survey March 2015 Speakers Kevin McCreary is a Senior Manager in Protiviti s IT Risk practice. He has extensive IT audit and regulatory
More informationHPE DATA PRIVACY AND SECURITY
ARUBA, a Hewlett Packard Enterprise company, product services ( Services ) This Data Privacy and Security Agreement ("DPSA") Schedule governs the privacy and security of Personal Data by HPE in connection
More informationMotorola Mobility Binding Corporate Rules (BCRs)
Motorola Mobility Binding Corporate Rules (BCRs) Introduction These Binding Privacy Rules ( Rules ) explain how the Motorola Mobility group ( Motorola Mobility ) respects the privacy rights of its customers,
More informationShaw Privacy Policy. 1- Our commitment to you
Privacy Policy last revised on: Sept 16, 2016 Shaw Privacy Policy If you have any questions regarding Shaw s Privacy Policy please contact: privacy@shaw.ca or use the contact information shown on any of
More informationFinancial Regulations, Enforcement & Cybersecurity
Financial Regulations, Enforcement & Cybersecurity Elizabeth P. Gray May 16, 2017 Copyright 2017 by Willkie Farr & Gallagher LLP. All Rights Reserved. These course materials may not be reproduced or disseminated
More informationSEC Key Considerations for Public Companies for Mitigating and Disclosing Cybersecurity Risks
SEC Key Considerations for Public Companies for Mitigating and Disclosing Cybersecurity Risks By Richard A. Blunk (Thermopylae Ventures, LLC) and Apprameya Iyengar (Morrison Cohen LLP) The SEC has continued
More informationAvoiding the Pitfalls of Bring Your Own Device Policies
Pitfalls of Bring Device Policies BYOD/T Represents a Constant Battle Between Compliance Objectives and Employee Usability Presenters: Constantinos Dino G. Panagopoulos, Labor and Employment Group Philip
More informationLegal Considerations and Case Studies
Cybersecurity for Small & Mid-Size Businesses Phil Schenkenberg, J.D., CIPP/US Cyrus Malek, J.D., Certification in Cybersecurity and Privacy Law Legal Considerations and Case Studies Copyright, Briggs
More informationCyber Risks in the Boardroom Conference
Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks
More informationPreparing for NIST SP January 23, 2018 For the American Council of Engineering Companies
Preparing for NIST SP 800-171 January 23, 2018 For the American Council of Engineering Companies Presented by Jon Williams, Partner jwilliams@pilieromazza.com (202) 857-1000 Kimi Murakami, Counsel kmurakami@pilieromazza.com
More informationPilieroMazza Webinar Preparing for NIST SP December 14, 2017
PilieroMazza Webinar Preparing for NIST SP 800-171 December 14, 2017 Presented by Jon Williams, Partner jwilliams@pilieromazza.com (202) 857-1000 Kimi Murakami, Counsel kmurakami@pilieromazza.com (202)
More informationGlenwood Telecommunications, Inc. Acceptable Use Policy (AUP)
Glenwood Telecommunications, Inc. Acceptable Use Policy (AUP) All customers should read this document. You are responsible for the policy written here, and your account WILL BE DISABLED WITHOUT WARNING
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationMark Your Calendars: NY Cybersecurity Regulations to Go into Effect
Mark Your Calendars: NY Cybersecurity Regulations to Go into Effect CLIENT ALERT January 25, 2017 Angelo A. Stio III stioa@pepperlaw.com Sharon R. Klein kleins@pepperlaw.com Christopher P. Soper soperc@pepperlaw.com
More informationG DATA Whitepaper. The new EU General Data Protection Regulation - What businesses need to know
G DATA Whitepaper The new EU General Data Protection Regulation - What businesses need to know G DATA Software AG September 2017 Introduction Guaranteeing the privacy of personal data requires more than
More informationThe Cost of Denial-of-Services Attacks
The Cost of Denial-of-Services Attacks Sponsored by Akamai Technologies Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute Research Report The Cost of Denial-of-Service
More informationTERMS AND CONDITIONS FOR THE USE OF THE WEBSITE AND PRIVACY POLICY
TERMS AND CONDITIONS FOR THE USE OF THE WEBSITE AND PRIVACY POLICY Trademarks-Intellectual Property Rights Xtrade BLZ (hereinafter called the Company or we or us) is the owner of the Copyright in the pages
More informationBCN Telecom, Inc. Customer Proprietary Network Information Certification Accompanying Statement
BCN Telecom, Inc. Customer Proprietary Network Information Certification Accompanying Statement BCN TELECOM, INC. ( BCN" or "Company") has established practices and procedures adequate to ensure compliance
More informationPS 176 Removable Media Policy
PS 176 Removable Media Policy December 2013 Version 2.0 Statement of legislative compliance This document has been drafted to comply with the general and specific duties in the Equality Act 2010; Data
More informationData Protection Policy
Data Protection Policy Addressing the General Data Protection Regulation (GDPR) 2018 [EU] and the Data Protection Act (DPA) 2018 [UK] For information on this Policy or to request Subject Access please
More informationEmployee Privacy in the Electronic Workplace
Employee Privacy in the Electronic Workplace Jane Shea and Michael Severini Today s Speakers Jane Hils Shea, Esq. Member & Chair of Data Privacy and Information Security Practice Group Frost Brown Todd
More informationINFORMATION TECHNOLOGY DATA MANAGEMENT PROCEDURES AND GOVERNANCE STRUCTURE BALL STATE UNIVERSITY OFFICE OF INFORMATION SECURITY SERVICES
INFORMATION TECHNOLOGY DATA MANAGEMENT PROCEDURES AND GOVERNANCE STRUCTURE BALL STATE UNIVERSITY OFFICE OF INFORMATION SECURITY SERVICES 1. INTRODUCTION If you are responsible for maintaining or using
More informationConnected & Autonomous Vehicles
Connected & Autonomous Vehicles SAFETY CYBERSECURITY & DATA PRIVACY CORPORATE/ FINANCE TECHNOLOGY TRANSACTIONS Safety. Seasoned lawyers with decades of hands-on experience in vehicle safety compliance,
More informationHow to Take Advantage of the Cloud for ediscovery
How to Take Advantage of the Cloud for ediscovery LegalTech NY 2015 Eric Crespolini HP, Moderator Alan M. Winchester Harris Beach, Panelist Robert Levy Exxon Mobil Corporation, Panelist Johnny Lee, MD
More informationCleveland State University General Policy for University Information and Technology Resources
Cleveland State University General Policy for University Information and Technology Resources 08/13/2007 1 Introduction As an institution of higher learning, Cleveland State University both uses information
More informationNYDFS Cybersecurity Regulations: What do they mean? What is their impact?
June 13, 2017 NYDFS Cybersecurity Regulations: What do they mean? What is their impact? Gus Coldebella Principal, Boston Caroline Simons Principal, Boston Agenda 1) Overview of the new regulations 2) Assessing
More informationRegulation P & GLBA Training
Regulation P & GLBA Training Overview Regulation P governs the treatment of nonpublic personal information about consumers by the financial institution. (Gramm-Leach-Bliley Act of 1999) The GLBA is composed
More informationEnterprise Income Verification (EIV) System User Access Authorization Form
Enterprise Income Verification (EIV) System User Access Authorization Form Date of Request: (Please Print or Type) PART I. ACCESS AUTHORIZATION * All required information must be provided in order to be
More informationProtecting Personal Data from Cyber-Attacks
News Alert May 2017 Protecting Personal Data from Cyber-Attacks Last week the world woke up to the latest cyber-attack of 2017. Initially striking the NHS in the UK, the malicious WannaCrypt ransomware
More informationSearching Securely: Technical Issues with Warrants for Remote Search. Steven M. Bellovin June 28,
Searching Securely: Technical Issues with Warrants for Remote Search Steven M. Bellovin June 28, 2015 1 The Fourth Amendment to the U.S. Constitution The right of the people to be secure in their persons,
More informationU.S. Private-sector Privacy Certification
1 Page 1 of 5 U.S. Private-sector Privacy Certification Outline of the Body of Knowledge for the Certified Information Privacy Professional/United States (CIPP/US ) I. Introduction to the U.S. Privacy
More informationNebraska State College System Cellular Services Procedures Effective Date June 15, 2012 Updated August 13, 2015
Nebraska State College System Cellular Services Procedures Effective Date June 15, 2012 Updated August 13, 2015 Definitions Cellular Telephone Service For the purposes of this policy, cellular telephone
More informationManaging Your Affiliates and Partners in the Financial Industry
Managing Your Affiliates and Partners in the Financial Industry Daniel Morton Product Marketing Manager MarkMonitor Agenda Part 1: A Web of Financial Regulations Overview Regulations Worthy of Focus Examples
More informationUtopia Leisure Ltd. Privacy Policy Author: Utopia Leisure Ltd. Revision Date: 13/02/2018 Version: V1.4
Utopia Leisure Ltd. Privacy Policy Privacy Policy Revision Date: 13/02/2018 Version: V1.4 UTOPIA LEISURE LTD. PRIVACY POLICY Revision History Version Revision Date Revised by Section Revised Document Control
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationPTLGateway Data Breach Policy
1 PTLGateway Data Breach Policy Last Updated Date: 02 March 2018 Data Breach Policy This page informs you of our policy which is to establish the goals and the vision for the breach response process. This
More informationCyber Security Law --- Are you ready?
Cyber Security Law --- Are you ready? Xun Yang Of Counsel, Commercial IP and Technology 9 May 2017 1 / B_LIVE_APAC1:2207856v1 Content Overview of Cyber Security Law Legislative Development Key Issues in
More informationXpress Super may collect and hold the following personal information about you: contact details including addresses and phone numbers;
65 Gilbert Street, Adelaide SA 5000 Tel: 1300 216 890 Fax: 08 8221 6552 Australian Financial Services Licence: 430962 Privacy Policy This Privacy Policy was last updated on 27 February 2017. Our Commitment
More informationElements of a Swift (and Effective) Response to a HIPAA Security Breach
Elements of a Swift (and Effective) Response to a HIPAA Security Breach Susan E. Ziel, RN BSN MPH JD Krieg DeVault LLP Past President, The American Association of Nurse Attorneys Disclaimer The information
More informationIt applies to personal information for individuals that are external to us such as donors, clients and suppliers (you, your).
Our Privacy Policy 1 Purpose Mission Australia is required by law to comply with the Privacy Act 1988 (Cth) (the Act), including the Australian Privacy Principles (APPs). We take our privacy obligations
More informationGDPR is coming in less than 2 months Are you ready?
GDPR is coming in less than 2 months Are you ready? Charles-Albert Helleputte Partner, Brussels +32 2 551 5982 chelleputte@mayerbrown.com 30 March 2018 2 GDPR is everywhere... You were invited by UNICEO
More informationInformation Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV
Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/identify/ndcbf _ITSecPlan_IDGV2017.pdf
More informationSkybox Security Vulnerability Management Survey 2012
Skybox Security Vulnerability Management Survey 2012 Notice: This document contains a summary of the responses to a June 2012 survey of 100 medium to large enterprise organizations about their Vulnerability
More informationDEFENSIBLE DELETION TO DOWNSIZE YOUR DATA
May 18, 2016 DEFENSIBLE DELETION TO DOWNSIZE YOUR DATA A Roadmap to Better Litigation Preparedness and Records Retention Practices Anthony L. McElynn E*TRADE Chief Compliance Officer Robert Fowler, CIPP/US
More informationRed Flags/Identity Theft Prevention Policy: Purpose
Red Flags/Identity Theft Prevention Policy: 200.3 Purpose Employees and students depend on Morehouse College ( Morehouse ) to properly protect their personal non-public information, which is gathered and
More information2014 INTERNET COMMERCE CASE STUDY. The Battle Against Phishing and Fraudulent s. 100 S. Ellsworth Ave 4th Floor San Mateo, CA
2014 INTERNET COMMERCE CASE STUDY The Battle Against Phishing and Fraudulent Emails 100 S. Ellsworth Ave 4th Floor San Mateo, CA 94401 650.627.7667 ABOUT AGARI Agari analizes big data from the world s
More informationPrivacy Shield Policy
Privacy Shield Policy Catalyst Repository Systems, Inc. (Catalyst) has adopted this Privacy Shield Policy ("Policy") to establish and maintain an adequate level of Personal Data privacy protection. This
More informationIt s Not If But When: How to Build Your Cyber Incident Response Plan
CYBER SECURITY USA It s Not If But When: How to Build Your Cyber Incident Response Plan Lucie Hayward, Managing Consultant Michael Quinn, Associate Managing Director each day seems to bring news of yet
More informationNY DFS Cybersecurity Regulations August 8, 2017
NY DFS Cybersecurity Regulations August 8, 2017 23 NYCRR Part 500 Asking Questions Anti-Trust Policy As a CPCU approved education program related to The Institutes Chartered Property Casualty Underwriter
More informationAcceptable Use Policy (AUP)
Acceptable Use Policy (AUP) Questions regarding this policy and complaints of violations of this policy by PLAINS INTERNET users can be directed to support@plainsinternet.com. Introduction Plains Internet
More informationPolicies & Regulations
Policies & Regulations Email Policy Number Effective Revised Review Responsible Division/Department: Administration and Finance / Office of the CIO/ Information Technology Services (ITS) New Policy Major
More informationWhat to do if your business is the victim of a data or security breach?
What to do if your business is the victim of a data or security breach? Introduction The following information is intended to help you decide how to start preparing for and some of the steps you will want
More informationNEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE
COMPLIANCE ADVISOR NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE A PUBLICATION BY THE EXCESS LINE ASSOCIATION OF NEW YORK One Exchange Plaza 55 Broadway 29th Floor New York, New York 10006-3728 Telephone:
More informationA full list of SaltWire Network Inc. publications is available by visiting saltwire.com.
Introduction Effective January 1, 2004, private sector organizations must follow a code for the protection of personal information in accordance with the Personal Information Protection and Electronic
More informationPreempting Cyber Fraud: SWIFT Threat Indicator Sharing Tool. Cyber Security 3.0 Better Together August 18, 2017
Preempting Cyber Fraud: SWIFT Threat Indicator Sharing Tool Cyber Security 3.0 Better Together August 18, 2017 Research Overview Problem Statement Research Goals & Methodology Defining Insider Cashout
More informationData Breach Preparation and Response. April 21, 2017
Data Breach Preparation and Response April 21, 2017 King & Spalding Data, Privacy & Security King & Spalding s 60 plus lawyer Data, Privacy & Security ( DPS ) Practice is best known for: Experienced crisis
More information1 Privacy Statement INDEX
INDEX 1 Privacy Statement Mphasis is committed to protecting the personal information of its customers, employees, suppliers, contractors and business associates. Personal information includes data related
More informationHELPFUL TIPS: MOBILE DEVICE SECURITY
HELPFUL TIPS: MOBILE DEVICE SECURITY Privacy tips for Public Bodies/Trustees using mobile devices This document is intended to provide general advice to organizations on how to protect personal information
More informationInformation Security Management Criteria for Our Business Partners
Information Security Management Criteria for Our Business Partners Ver. 2.1 April 1, 2016 Global Procurement Company Information Security Enhancement Department Panasonic Corporation 1 Table of Contents
More informationSTOP FREAKING OUT. A short, simple guide to tackle the New York Department of Financial Services Cyber Regulations
STOP FREAKING OUT. A short, simple guide to tackle the New York Department of Financial Services Cyber Regulations MORE CYBER REGULATIONS? You re already subject to oversight from multiple authorities,
More informationAdvising the C-Suite and Boards of Directors on Cybersecurity. February 11, 2015
Advising the C-Suite and Boards of Directors on Cybersecurity February 11, 2015 Agenda Introductions / Administrative Cybersecurity risk legal landscape Cyber threats Legal risks in the aftermath of a
More informationENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010
ENISA & Cybersecurity Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010 Agenda Some Definitions Some Statistics ENISA & Cybersecurity Conclusions
More informationThe University of British Columbia Board of Governors
The University of British Columbia Board of Governors Policy No.: 118 Approval Date: February 15, 2016 Responsible Executive: University Counsel Title: Safety and Security Cameras Background and Purposes:
More informationWinnebago Industries, Inc. Privacy Policy
Winnebago Industries, Inc. Privacy Policy At Winnebago Industries, we are very sensitive to the privacy concerns of visitors to our websites. Though we do not obtain any personal information that individually
More informationCLE Alabama. Banking Law Update. Embassy Suites Hoover Hotel Birmingham, Alabama Friday, February 19, 2016
CLE Alabama Banking Law Update Embassy Suites Hoover Hotel Birmingham, Alabama Friday, February 19, 2016 Best Practices on Managing Cyber-Security Risks J.T. Malatesta III and Sarah S. Glover Maynard Cooper
More informationYou may contact The Translation Network by at You may also call The Translation Network at
The Translation Network Privacy Policy This is a privacy policy for The Translation Network Group Inc. The Translation Network has created this privacy statement in order to demonstrate its firm commitment
More informationData Loss Prevention:
Data Loss Prevention: Considerations from an IT Audit Perspective ISACA November Luncheon 11 November 2010 Agenda What is data loss prevention (DLP)? Ernst & Young point of view on DLP Data loss risk assessment
More informationProtecting Your Business: Best Practices for Implementing a Legally Compliant Cybersecurity Program Trivalent Solutions Expo June 19, 2014
Protecting Your Business: Best Practices for Implementing a Legally Compliant Cybersecurity Program Trivalent Solutions Expo June 19, 2014 2014, Mika Meyers Beckett & Jones PLC All Rights Reserved Presented
More informationOCTOSHAPE SDK AND CLIENT LICENSE AGREEMENT (SCLA)
OCTOSHAPE SDK AND CLIENT LICENSE AGREEMENT (SCLA) This is a License Agreement (the "Agreement") for certain code (the Software ) owned by Akamai Technologies, Inc. ( Akamai ) that is useful in connection
More informationLeveraging Best Practices to Determine your Cyber Insurance Needs. Sector Conference, Toronto November 2017
Leveraging Best Practices to Determine your Cyber Insurance Needs Sector Conference, Toronto November 2017 Chubb Disclaimer The views, information and content expressed herein are those of the author and
More informationRIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015
www.pwc.com RIMS Perk Session 2015 - Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015 Los Angeles RIMS Agenda Introductions What is Cybersecurity? Crown jewels The bad
More information