Data Security and Breach Notification Legislative Update: What You Need to Know (SESSION CODE CRM001)
|
|
|
- Cecilia West
- 5 years ago
- Views:
Transcription
1 Data Security and Breach Notification Legislative Update: What You Need to Know (SESSION CODE CRM001) Speakers: James T. McIntyre Partner McIntyre & Lemon, PLLC Janice Ochenkowski International Director JLL
2 Learning Objectives At the end of this session, you will: Be familiar with the Cybersecurity Information Sharing Act (CISA) Know what cybersecurity information may be shared with the federal government and non-federal entities Understand the distinction between sharable cybersecurity information and protected personal and identifying information Know when CISA provides liability protection for sharing cybersecurity information Distinguish between CISA and other cybersecurity bills
3 Summary of CISA Enacted on Dec. 18, 2015 Federal agencies and non-federal entities may: Monitor their networks Operate defensive measures Share cyber threat indicators and defensive measures ( information ) Provides liability protection Some privacy requirements
4 Summary of CISA Federal government sharing Non-federal entity sharing Procedures for sharing with the federal government Protection from liability Issues with earlier versions Comparison with other bills
5 Sharing by the Federal Government Develop procedures for sharing of: Classified and declassified information Unclassified information Information to prevent a cybersecurity threat Real time sharing Personal or identifying information removed
6 Sharing by Non-Federal Entities Authority to: Monitor and operate defensive measures Share and receive cyber threat indicators and defensive measures
7 Sharing by Non-Federal Entities Must remove personal or identifying information No violation of anti-trust law Must implement security controls
8 Sharing by Non-Federal Entities Shared information with the government cannot be used to regulate an entity s lawful activities Shared information may be used to develop regulations relating to information systems
9 Sharing by Non-Federal Entities Sharing with the federal government: Does not waive privilege Does not waive trade secret protection Sharing with the federal, state, or local government: Exempt from FOIA disclosure
10 Sharing by Non-Federal Entities Use or disclosure of information by federal government allowed for: Protecting an information system Identifying a cybersecurity threat Responding to or preventing a serious threat or fraud
11 Sharing by Non-Federal Entities Use of information by state and local governments allowed for: Protecting an information system Identifying a cybersecurity threat Responding to or preventing a serious threat or fraud Prior consent not required to use information
12 Sharing by Non-Federal Entities Sharing of cyber threat indicators and defensive measures is authorized No duty to share information No duty to warn or act based on receipt of information
13 Sharing with the Federal Government Develop procedures for sharing of information with the federal government Real time sharing Audit capability and sanctions for unauthorized activities by federal officers
14 Sharing with the Federal Government DHS, DOJ to develop guidance that identifies: Cyber threat indicators Information protected under privacy laws Develop guidelines governing the receipt and use of information by federal agencies
15 Sharing with the Federal Government DHS will develop a portal to accept shared information President may designate another agency to accept shared information
16 Liability Protection A non-federal entity has liability protection when: Sharing or receiving information with non-federal entities Receiving information from the federal government Sharing information with the federal government using the DHS portal
17 Liability Protection No CISA liability protection for use of defensive measures CISA silent about liability protection if sharing information with the federal government using a non-dhs portal
18 Issues with Earlier Versions of CISA Section 407 of S. 754 Strategy to Protect Critical Infrastructure at Greatest Risk Required DHS to develop standards and strategies For entities that held critical infrastructure To avoid catastrophic effects in the event of a cyber attack Controversial; deleted from final CISA
19 Preemption Supersedes state or local law regarding the sharing of information authorized by CISA Does not supersede laws concerning law enforcement Does not supersede laws requiring disclosure of information for criminal prosecution
20 Other Bills H.R Data Security and Breach Notification Act Sponsored by Marsha Blackburn (R-TN) Covers entities that collect or use unencrypted nonpublic personal information Following a security breach: Requires entities to restore security Notify affected individuals, the FTC, the Secret Service, the FBI, and consumer reporting agencies
21 Other Bills H.R Data Security and Breach Notification Act (cont.) FTC and states have enforcement authority Preempts state information security and notification laws Does not provide liability protection under common law
22 Other Bills H.R Data Security Act Sponsored by Randy Neugebauer (R-TX) Covers entities that collect or use unencrypted nonpublic personal information Entities must implement an information security program Entities must require their 3 rd party service providers to implement a security program
23 Other Bills H.R Data Security Act (cont.) Following a security breach: Requires entities to restore security Notify affected individuals, federal law enforcement, appropriate administrative agencies, payment card networks, and consumer reporting agencies
24 Other Bills H.R Data Security Act (cont.) Allows alternative compliance procedures for entities governed by the: Gramm-Leach-Bliley Act Health Insurance Portability and Accountability Act
25 Other Bills H.R Data Security Act (cont.) Enforced by the FTC, federal financial institution regulators, SEC, CFTC, and state insurance regulators Prohibits state laws from being imposed for information security and breach notification purposes
26 QUESTIONS Speakers: James T. McIntyre Partner McIntyre & Lemon, PLLC Janice Ochenkowski International Director JLL
-Eight types of cyber data, (Sec. 708(7))
WHAT INFORMATION MAY BE SHARED H.R. 624, the Cyber Intelligence sharing and Protection Act of 2013 (CISPA) (Rogers- -Notwithstanding any provision of law, S. 3414, the Cybersecurity Act of 2012 (Lieberman-Collins-
Building Privacy into Cyber Threat Information Sharing Cyber Security Symposium Securing the Public Trust
Building Privacy into Cyber Threat Information Sharing Cyber Security Symposium Securing the Public Trust Jamie Danker Director, Senior Privacy Officer National Protection and Programs Directorate, U.S.
Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston
Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston Cybersecurity Landscape Major Data Breaches (e.g., OPM, IRS) Data Breach Notification Laws Directors Derivative Suits Federal Legislation
- Cyber threat information: information directly pertaining to,
WHAT INFORMATION MAY BE SHARED H.R. 3674, the PRECISE Act of 2011, as reported from HHSC Subcmte on Cybersecurity (Lungren) law, H.R. 3523, the Cyber Intelligence sharing and Protection Act of 2011, as
Cybersecurity and Data Privacy
DECEMBER 2015 NO. 2 Cybersecurity and Data Privacy Landmark Cybersecurity Legislation Included in Omnibus Package Action Item: Congress included the Cybersecurity Act of 2015 (the Act ) in the Consolidated
Summary Comparison of Current Data Security and Breach Notification Bills
Topic S. 117 (Nelson) S. (Carper/Blunt) H.R. (Blackburn/Welch) Comments Data Security Standards The FTC shall promulgate regulations requiring information security practices that are appropriate to the
Cyber Risks in the Boardroom Conference
Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks
Online Privacy & Security for the Mortgage Industry
1 Online Privacy & Security for the Mortgage Industry Ronald M. Jacobs (202) 216-8215 rmjacobs@venable venable.com 2 Online Privacy & Security Overview Gramm-Leach-Bliley Act (GLB) Privacy Regulations:
Data Breach Preparation and Response. April 21, 2017
Data Breach Preparation and Response April 21, 2017 King & Spalding Data, Privacy & Security King & Spalding s 60 plus lawyer Data, Privacy & Security ( DPS ) Practice is best known for: Experienced crisis
ANATOMY OF A DATA BREACH: DEVELOPMENTS IN DATA SECURITY AND CLOUD COMPUTING LAW
ANATOMY OF A DATA BREACH: DEVELOPMENTS IN DATA SECURITY AND CLOUD COMPUTING LAW Janis Kestenbaum (Federal Trade Commission) John O Tuel (GlaxoSmithKline) Alfred Saikali (Shook Hardy & Bacon) Christopher
Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016
Cybersecurity Conference Presentation North Bay Business Journal September 27, 2016 1 PRESENTER Francis Tam, CPA, CISM, CISA, CITP, CRISC, PCI QSA Partner Information Security and Infrastructure Practice
NYDFS Cybersecurity Regulations: What do they mean? What is their impact?
June 13, 2017 NYDFS Cybersecurity Regulations: What do they mean? What is their impact? Gus Coldebella Principal, Boston Caroline Simons Principal, Boston Agenda 1) Overview of the new regulations 2) Assessing
Security Breaches: How to Prepare and Respond
Security Breaches: How to Prepare and Respond BIOS SARAH A. SARGENT Sarah is a CIPP/US- and CIPP/E-certified attorney at Godfrey & Kahn S.C. in Milwaukee, Wisconsin. She specializes in cybersecurity and
Cybersecurity in Higher Ed
Cybersecurity in Higher Ed 1 Overview Universities are a treasure trove of information. With cyber threats constantly changing, there is a need to be vigilant in protecting information related to students,
The Impact of Cybersecurity, Data Privacy and Social Media
Doing Business in a Connected World The Impact of Cybersecurity, Data Privacy and Social Media Security Incident tprevention and Response: Customizing i a Formula for Results Joseph hm. Ah Asher Marcus
Data Compromise Notice Procedure Summary and Guide
Data Compromise Notice Procedure Summary and Guide Various federal and state laws require notification of the breach of security or compromise of personally identifiable data. No single federal law or
Cybersecurity: Federalism as Defense-in-Depth
SESSION ID: Law-W08 Cybersecurity: Federalism as Defense-in-Depth MODERATOR: Gregory von Lehmen Special Assistant to the President, Cybersecurity University of Maryland University College (UMUC) PANELISTS:
Cybersecurity Information Sharing Legislation
Government entities and private-sector organizations in the United States now have a common framework that encourages the sharing of cybersecurity threat information among each other, thanks to new federal
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities
IT Audit Process Prof. Liang Yao Week Two IT Audit Function
Week Two IT Audit Function Why we need IT audit A Case Study What You Can Learn about Risk Management from Societe Generale? https://www.cio.com/article/2436790/security0/what-you-can-learn-about-risk-management-fromsociete-generale.html
NYDFS Cybersecurity Regulations
SPEAKERS NYDFS Cybersecurity Regulations Lisa J. Sotto Hunton & Williams LLP (212) 309-1223 lsotto@hunton.com www.huntonprivacyblog.com March 9, 2017 The Privacy Team at Hunton & Williams Over 30 privacy
Overview Bank IT examination perspective Background information Elements of a sound plan Customer notifications
Gramm-Leach Bliley Act Section 501(b) and Customer Notification Roger Pittman Director of Operations Risk Federal Reserve Bank of Atlanta Overview Bank IT examination perspective Background information
STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE
STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby
Demonstrating Compliance in the Financial Services Industry with Veriato
Demonstrating Compliance in the Financial Services Industry with Veriato Demonstrating Compliance in the Financial Services Industry With Veriato The biggest challenge in ensuring data security is people.
HIPAA Privacy & Security Training. Privacy and Security of Protected Health Information
HIPAA Privacy & Security Training Privacy and Security of Protected Health Information Course Competencies: This training module addresses the essential elements of maintaining the HIPAA Privacy and Security
Developing Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite?
Developing Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite? Minnesota RIMS 39 th Annual Seminar Risk 2011-2012: Can You Hack
PTLGateway Data Breach Policy
1 PTLGateway Data Breach Policy Last Updated Date: 02 March 2018 Data Breach Policy This page informs you of our policy which is to establish the goals and the vision for the breach response process. This
Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security
1 Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security 2 Government Services 3 Business Education Social CYBERSPACE
Regulation P & GLBA Training
Regulation P & GLBA Training Overview Regulation P governs the treatment of nonpublic personal information about consumers by the financial institution. (Gramm-Leach-Bliley Act of 1999) The GLBA is composed
An Overview of the Gramm-Leach-Bliley (GLB) Act and the Safeguards Rule
An Overview of the Gramm-Leach-Bliley (GLB) Act and the Safeguards Rule Legal Disclaimer: This overview is not intended as legal advice and should not be taken as such. We recommend that you consult legal
GLBA, information security and incident response a compliance perspective
GLBA, information security and incident response a compliance perspective Introductions How many have experience with IT? How many have responsibilities involving IT? How many have responsibilities involving
Putting It All Together:
Putting It All Together: The Interplay of Privacy & Security Regina Verde, MS, MBA, CHC Chief Corporate Compliance & Privacy Officer University of Virginia Health System 2017 ISPRO Conference October 24,
SAC PA Security Frameworks - FISMA and NIST
SAC PA Security Frameworks - FISMA and NIST 800-171 June 23, 2017 SECURITY FRAMEWORKS Chris Seiders, CISSP Scott Weinman, CISSP, CISA Agenda Compliance standards FISMA NIST SP 800-171 Importance of Compliance
Laws and Regulations & Data Governance
Executive Development Course: Digital Government for Transformation Towards Sustainable and Resilient Societies the Singapore Experience Laws and Regulations & Data Governance 2-6 April 2018 UNDP Global
STATEMENT SECURITIES INDUSTRY AND FINANCIAL MARKETS ASSOCIATION ( SIFMA ) BEFORE THE
STATEMENT OF SECURITIES INDUSTRY AND FINANCIAL MARKETS ASSOCIATION ( SIFMA ) BEFORE THE UNITED STATES SENATE COMMITTEE ON BANKING, HOUSING, AND URBAN AFFAIRS CYBERSECURITY AND DATA PROTECTION IN THE FINANCIAL
Cyber Attacks and Data Breaches: A Legal and Business Survival Guide
Cyber Attacks and Data Breaches: A Legal and Business Survival Guide August 21, 2012 Max Bodoin, Vince Farhat, Shannon Salimone Copyright 2012 Holland & Knight LLP. All Rights Reserved What this Program
Gramm Leach Bliley Act 15 U.S.C GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev.
Gramm Leach Bliley Act 15 U.S.C. 6801-6809 GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev. 11/30/2016 1 Objectives for GLBA Training GLBA Overview Safeguards Rule
What to do if your business is the victim of a data or security breach?
What to do if your business is the victim of a data or security breach? Introduction The following information is intended to help you decide how to start preparing for and some of the steps you will want
CRIMINAL NETWORK INTRUSION AND DATA THEFT: Today s Security Landscape and What to Do If You ve Been Compromised
CRIMINAL NETWORK INTRUSION AND DATA THEFT: Today s Security Landscape and What to Do If You ve Been Compromised TUESDAY, MAY 24, 2011 Alston & Bird LLP PricewaterhouseCoopers Silverpop www.pwc.com Data
INFORMATION TECHNOLOGY DATA MANAGEMENT PROCEDURES AND GOVERNANCE STRUCTURE BALL STATE UNIVERSITY OFFICE OF INFORMATION SECURITY SERVICES
INFORMATION TECHNOLOGY DATA MANAGEMENT PROCEDURES AND GOVERNANCE STRUCTURE BALL STATE UNIVERSITY OFFICE OF INFORMATION SECURITY SERVICES 1. INTRODUCTION If you are responsible for maintaining or using
How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner
How Cybersecurity Initiatives May Impact Operators Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495 Agenda Rise in Data Breaches Effects of Increase in Cybersecurity Threats Cybersecurity Framework
This Webcast Will Begin Shortly
This Webcast Will Begin Shortly If you have any technical problems with the Webcast or the streaming audio, please contact us via email at: webcast@acc.com Thank You! 1 Cybersecurity Changing Landscape
Document Title: Electronic Data Protection and Encryption Policy. Revision Date Authors Description of Changes
Effective Date: 01/01/2014 Page 1 of 7 REVISION HISTORY Revision No. Revision Date Authors Description of Changes 1.0 11/04/2013 CISO Populate Into Standard Template APPROVED BY This Policy is established
Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld
Balancing Compliance and Operational Security Demands Nov 2015 Steve Winterfeld What is more important? Compliance with laws / regulations Following industry best practices Developing a operational practice
Keeping It Under Wraps: Personally Identifiable Information (PII)
Keeping It Under Wraps: Personally Identifiable Information (PII) Will Robinson Assistant Vice President Information Security Officer & Data Privacy Officer Federal Reserve Bank of Richmond March 14, 2018
Enterprise SM VOLUME 1, SECTION 5.7: SECURE MANAGED SERVICE
VOLUME 1, SECTION 5.7: SECURE MANAGED EMAIL SERVICE 5.7 SECURE MANAGED EMAIL SERVICE (SMES) [C.2.10.8] The Level 3 Team s (SMES) will meet or exceed the Government s requirements for SMES, as defined in
Post-Secondary Institution Data-Security Overview and Requirements
Post-Secondary Institution Data-Security Overview and Tiina K.O. Rodrigue, EdDc, CISSP, CISM, PMP, CSM, CEA, ITIL, ISC2 Compliance Mapper, A+ Senior Advisor Cybersecurity - 2017 Agenda Who needs to worry
TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE
TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE Association of Corporate Counsel NYC Chapter 11/1 NYC BDO USA, LLP, a Delaware limited liability partnership,
Core Elements of HIPAA The Privacy Rule establishes individuals privacy rights and addresses the use and disclosure of protected health information ( PHI ) by covered entities and business associates The
How to Navigate International Privacy and Data Security Developments Beyond the US and the EU, Namely Canada January 30, 2019
How to Navigate International Privacy and Data Security Developments Beyond the US and the EU, Namely Canada January 30, 2019 Melissa Krasnow, VLP Law Group LLP, Minneapolis, Email: mkrasnow@vlplawgroup.com
Oracle Database Vault
An Oracle White Paper July 2009 Oracle Database Vault Introduction... 3 Oracle Database Vault... 3 Oracle Database Vault and Regulations... 4 Oracle Database Vault Realms... 5 Oracle Database Vault Command
Robert Bond. Respecting Privacy, Securing Data and Enabling Trust a view from Europe
Respecting Privacy, Securing Data and Enabling Trust a view from Europe Robert Bond, Partner & Notary Public Robert Bond Robert Bond has nearly 40 years' experience in advising national and international
Financial Regulations, Enforcement & Cybersecurity
Financial Regulations, Enforcement & Cybersecurity Elizabeth P. Gray May 16, 2017 Copyright 2017 by Willkie Farr & Gallagher LLP. All Rights Reserved. These course materials may not be reproduced or disseminated
Protecting Your Business: Best Practices for Implementing a Legally Compliant Cybersecurity Program Trivalent Solutions Expo June 19, 2014
Protecting Your Business: Best Practices for Implementing a Legally Compliant Cybersecurity Program Trivalent Solutions Expo June 19, 2014 2014, Mika Meyers Beckett & Jones PLC All Rights Reserved Presented
THE WHITE HOUSE. Office of the Press Secretary EXECUTIVE ORDER
THE WHITE HOUSE Office of the Press Secretary FOR IMMEDIATE RELEASE May 11, 2017 EXECUTIVE ORDER - - - - - - - STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE By the authority
2017 Cyber Incident & Breach Readiness Webinar Will Start Shortly
2017 Cyber Incident & Breach Readiness Webinar Will Start Shortly please download the guide at https://otalliance.org/incident 2017 Cyber Incident & Breach Readiness Webinar Craig Spiezle Executive Director
International Legal Regulation of Cybersecurity U.S.-German Standards Panel 2018
International Legal Regulation of Cybersecurity U.S.-German Standards Panel 2018 Dr. Dennis-Kenji Kipker University of Bremen Washington DC, 10.04.2018 Gefördert vom FKZ: 16KIS0213 bis 16KIS0216 Slide
THE WHITE HOUSE Office of the Press Secretary EXECUTIVE ORDER
FOR IMMEDIATE RELEASE May 11, 2017 THE WHITE HOUSE Office of the Press Secretary EXECUTIVE ORDER - - - - - - - STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE By the authority
Department of Veterans Affairs VA DIRECTIVE April 17, 2006 WEB PAGE PRIVACY POLICY
Department of Veterans Affairs VA DIRECTIVE 6502.3 Washington, DC 20420 Transmittal Sheet WEB PAGE PRIVACY POLICY 1. REASON FOR ISSUE: To establish policy for the Department of Veterans Affairs (VA) for
Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure
Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure EXECUTIVE ORDER [13800] - - - - - - - STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS
H. R To reduce unsolicited commercial electronic mail and to protect children from sexually oriented advertisements.
I 0TH CONGRESS ST SESSION H. R. To reduce unsolicited commercial electronic mail and to protect children from sexually oriented advertisements. IN THE HOUSE OF REPRESENTATIVES MAY, 00 Ms. LOFGREN (for
Security Takes Center Stage
Security Takes Center Stage Rajesh De Partner Chair, Global Cybersecurity & Data Privacy Practice +1 202 263 3366 rde@mayerbrown.com June 7, 2016 Cyber Attacks Are Increasing in Cost and Frequency Breaches
Investigating Insider Threats
Investigating Insider Threats February 9, 2016 Jonathan Gannon, AT&T Brenda Morris, Booz Allen Hamilton Benjamin Powell, WilmerHale 1 Panelist Biographies Jonathan Gannon, AT&T, Executive Director & Senior
U.S. Private-sector Privacy Certification
1 Page 1 of 5 U.S. Private-sector Privacy Certification Outline of the Body of Knowledge for the Certified Information Privacy Professional/United States (CIPP/US ) I. Introduction to the U.S. Privacy
UPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA
UPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA ljohnson@ffalaw.com INTRODUCTION Cyber attacks increasing Liability/actions resulting
Cybersecurity and Nonprofit
Cybersecurity and Nonprofit 2 2 Agenda Cybersecurity and Non Profits Scenario #1 Scenario #2 What Makes a Difference Cyber Insurance and How it Helps Question and Answer 3 3 Cybersecurity and Nonprofit
International Compliance
International Compliance for Higher Ed Martin Biegelman, Deloitte Financial Advisory Services LLP Carolyn Marks, Yale University June 6, 2016 SCCE 2016 Higher Education Compliance Session Objectives Discuss
Navigating Regulatory Impacts of a Financial Services Data Breach
Navigating Regulatory Impacts of a Financial Services Data Breach Stacey C. Bolton, CIPP SVP, Global Head of Privacy and Information Management The Northern Trust Company Email: scb8@ntrs.com Phone: 312-557-1558
Mapping Cyber-Protections to Regulatory Requirements for Fintech
SESSION ID: PGR-R03 Mapping Cyber-Protections to Regulatory Requirements for Fintech Jonathan Fairtlough Managing Director Kroll, Cyber Security & Investigations Paul Haswell Partner Pinsent Masons, Risk
Why you MUST protect your customer data
Why you MUST protect your customer data If you think you re exempt from compliance with customer data security and privacy laws because you re a small business, think again. Businesses of all sizes are
Is Your Compliance Strategy Putting Your Business at Risk?
Is Your Compliance Strategy Putting Your Business at Risk? January 20, 2015 2015 NASDAQ-LISTED: EGHT Today s Speakers Michael McAlpen Exec. Dir. of Security & Compliance, 8x8, Inc. David Leach Business
NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE
COMPLIANCE ADVISOR NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE A PUBLICATION BY THE EXCESS LINE ASSOCIATION OF NEW YORK One Exchange Plaza 55 Broadway 29th Floor New York, New York 10006-3728 Telephone:
Legal, Ethical, and Professional Issues in Information Security
Legal, Ethical, and Professional Issues in Information Security Downloaded from http://www.utc.edu/center-information-securityassurance/course-listing/cpsc3600.php Minor Changes from Dr. Enis KARAARSLAN
PRC Cyber Security Law --- How does it affect a UK business? Xun Yang Of Counsel, Commercial IP and Technology
PRC Cyber Security Law --- How does it affect a UK business? Xun Yang Of Counsel, Commercial IP and Technology 24 October 2017 Content Overview of Cyber Security Law Observations on Implementation of Cyber
Introduction. Angela Holzworth, RHIA, CISA, GSEC. Kimberly Gray, Esq., CIPP/US. Sr. IT Infrastructure Analyst
Introduction Angela Holzworth, RHIA, CISA, GSEC Sr. IT Infrastructure Analyst Kimberly Gray, Esq., CIPP/US Chief Privacy Officer, Global, IMS Health 1 Incorporating Privacy into the CSF: Approach and Benefits
Inside the OCR Investigation/Audit Process 2018 PBI HEALTH LAW INSTITUTE TUESDAY, MARCH 13, 2017 GREGORY M. FLISZAR, J.D., PH.D.
Inside the OCR Investigation/Audit Process 2018 PBI HEALTH LAW INSTITUTE TUESDAY, MARCH 13, 2017 GREGORY M. FLISZAR, J.D., PH.D. HIPAA GENERAL RULE PHI may not be disclosed without patient authorization
Identity Theft Policies and Procedures
Identity Theft Policies and Procedures Davis & Wehrle, LLC 1104 S. Mays, Suite 105 Round Rock, TX 78664-6700 United States (512) 346-1131 Davis & Wehrle Identity Theft Policies & Procedures September 2017
MOBILE.NET PRIVACY POLICY
MOBILE.NET PRIVACY POLICY As the operator of the Mobile.net website (https://mobile.net.ltd/) (Website), ADX Labs, LLC. (Company, we or us) is committed to protecting and respecting your privacy. The data
Access to University Data Policy
UNIVERSITY OF OKLAHOMA Health Sciences Center Information Technology Security Policy Access to University Data Policy 1. Purpose This policy defines roles and responsibilities for protecting OUHSC s non-public
HIPAA Security and Privacy Policies & Procedures
Component of HIPAA Security Policy and Procedures Templates (Updated for HITECH) Total Cost: $495 Our HIPAA Security policy and procedures template suite have 71 policies and will save you at least 400
GENERAL ASSEMBLY OF NORTH CAROLINA SESSION 2007 H 1 HOUSE BILL 1699
GENERAL ASSEMBLY OF NORTH CAROLINA SESSION 0 H HOUSE BILL Short Title: Option to Stop Junk Mail. (Public) Sponsors: Representatives Fisher; Alexander, Faison, Harrison, and Samuelson. Referred to: Judiciary
I GOT ROBBED! HOW NYS AND THE US SHOULD PROTECT YOUR DATA ONLINE
I GOT ROBBED! HOW NYS AND THE US SHOULD PROTECT YOUR DATA ONLINE By Clyde Vanel, NYS Assemblyman, Chair, Subcommittee on Internet & New Technologies HELP, I GOT ROBBED! I felt like screaming that line
UCOP ITS Systemwide CISO Office Systemwide IT Policy
UCOP ITS Systemwide CISO Office Systemwide IT Policy Revision History Date: By: Contact Information: Description: 08/16/17 Robert Smith robert.smith@ucop.edu Initial version, CISO approved Classification
Southern Adventist University Information Security Policy. Version 1 Revised Apr
Southern Adventist University Information Security Policy Version 1 Revised Apr 27 2015 Summary The purpose of this policy statement is to establish the requirements necessary to prevent or minimize accidental
HIPAA & Privacy Compliance Update
HIPAA & Privacy Compliance Update Vermont Medical Society FREE Wednesday Webinar Series March 15, 2017 Anne Cramer and Shireen Hart Primmer Piper Eggleston & Cramer PC acramer@primmer.com shart@primmer.com
Overview of Key E.U. and U.S. Privacy and Cybersecurity Laws. Brett Lockwood Smith, Gambrell & Russell, LLP May 15, 2018
Overview of Key E.U. and U.S. Privacy and Cybersecurity Laws Brett Lockwood Smith, Gambrell & Russell, LLP May 15, 2018 Agenda Principal Obligations Under GDPR Key U.S. Privacy & Cybersecurity Laws E.U.
Tackling Cybersecurity with Data Analytics. Identifying and combatting cyber fraud
Tackling Cybersecurity with Data Analytics Identifying and combatting cyber fraud San Antonio IIA iheartaudit Conference February 24, 2017 What We ll Cover + Current threat landscape + Common security
Checklist: Credit Union Information Security and Privacy Policies
Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC
Cybersecurity: CRS Experts
July 23, 2012 CRS Report for Congress Prepared for Members and Committees of Congress Congressional Research Service 7-5700 www.crs.gov R42619 T he following table provides names and contact information
Breach Notification Assessment Tool
Breach Notification Assessment Tool December 2006 Information and Privacy Commissioner of Ontario David Loukidelis Commissioner Ann Cavoukian, Ph.D. Commissioner This document is for general information
Preempting Cyber Fraud: SWIFT Threat Indicator Sharing Tool. Cyber Security 3.0 Better Together August 18, 2017
Preempting Cyber Fraud: SWIFT Threat Indicator Sharing Tool Cyber Security 3.0 Better Together August 18, 2017 Research Overview Problem Statement Research Goals & Methodology Defining Insider Cashout
The Evolving Threat to Corporate Cyber & Data Security
The Evolving Threat to Corporate Cyber & Data Security Presented by: Sara English, CIPP/US Sara.English@KutakRock.com 1 http://blogs.wsj.com/law/2015/12/09/employee error leading cause of data breaches
LEGISLATION UPDATE Updates on EU Data Protection Regulation, Patient Privacy and Consent 10 Things Every Bio/Pharma Need to Know Now
LEGISLATION UPDATE Updates on EU Data Protection Regulation, Patient Privacy and Consent 10 Things Every Bio/Pharma Need to Know Now CBI Global Life Science Compliance Meeting November 16, 2016 Contents
Accelerate GDPR compliance with the Microsoft Cloud
Regional Forum on Cybersecurity in the Era of Emerging Technologies & the Second Meeting of the Successful Administrative Practices -2017 Cairo, Egypt 28-29 November 2017 Accelerate GDPR compliance with
Data Breach Notification: what EU law means for your information security strategy
Data Breach Notification: what EU law means for your information security strategy Olivier Proust December 8, 2011 Hunton & Williams LLP Key points 1. Introduction 2. Overview of data breach requirements
New Data Protection Laws
Richard E. Mackey Jr. Vice President, Consulting Boston New York San Francisco Sacramento Charlotte Washington DC The deadline has been a moving target but come March 1, Massachusetts new data protection
The Department of Homeland Security The Department of Justice
The Department of Homeland Security The Department of Justice to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities under the Cybersecurity Information
DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com
DFARS Compliance SLAIT Consulting SECURITY SERVICES Mike D Arezzo Director of Security Services Introduction 18+ year career in Information Technology and Security General Electric (GE) as Software Governance
December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development
December 10, 2014 Statement of the Securities Industry and Financial Markets Association Senate Committee on Banking, Housing, and Urban Development Hearing Entitled Cybersecurity: Enhancing Coordination
79th OREGON LEGISLATIVE ASSEMBLY Regular Session. Senate Bill 90
th OREGON LEGISLATIVE ASSEMBLY-- Regular Session Senate Bill 0 Printed pursuant to Senate Interim Rule. by order of the President of the Senate in conformance with presession filing rules, indicating neither