Date post: | 25-Dec-2015 |
Category: |
Documents |
Upload: | darren-preston |
View: | 217 times |
Download: | 3 times |
In the Belly of the Breach: What Every In-House Counsel Needs to Know about Data Breach Response
ACC International Legal Affairs CommitteeLegal Quick Hit: May 8, 2014
Presented by:Colin ZickFoley Hoag LLP
Gant RedmonGeneral CounselCo3 Systems, Inc.
“In the Belly of the Breach” | 2© 2014 Foley Hoag LLP. All Rights Reserved.
• Common Breach Scenarios
• Anatomy of a Common Type of Data Breach
• Legal Frameworks for Breach Response
• Preparing for and Responding to the Breach
• Incident Response and Investigation
• Breach Notification and Resolution
• Preparing for Related Litigation and Government Investigations
• Breach Insurance
• Getting Ahead of the Game: Industry Collaboration
Key Issues We Will Address
2
“In the Belly of the Breach” | 3© 2014 Foley Hoag LLP. All Rights Reserved.
• Accidental Breaches
• Faithless Employee/Ex-Employee
• Hackers & Thieves / Organized Crime
• Competitive Espionage
Common Data Breach Scenarios
3
“In the Belly of the Breach” | 4© 2014 Foley Hoag LLP. All Rights Reserved.
Anatomy of a Common Type of Data Breach
4
“In the Belly of the Breach” | 5© 2014 Foley Hoag LLP. All Rights Reserved.
Customer Privacy Laws Federal and state identity theft laws and regulations
- Requiring customer notice- Requiring information security programs
HIPAA / Medical information regulation Gramm Leach Bliley / Financial information regulation Regulations for specific industries (e.g., FCC CPNI Regulations) Laws governing specific information (e.g., Social Security number statutes) Negligence / Consumer protection laws Authorized Use Statutes Computer Fraud & Abuse Act (CFAA) Electronic Communications Privacy Act (ECPA) Stored Communications Act (SCA) Surveillance / Information Security Law Federal & State Wiretapping Statutes Invasion of Privacy Property Law Larceny / Conversion Trade Secrets Copyright / Digital Millennium Copyright Act (DMCA)
Legal Framework for Breach Response
5
“In the Belly of the Breach” | 6© 2014 Foley Hoag LLP. All Rights Reserved.
• Compliance / developing information security programs
• Incident response and investigation
• Breach notification and resolution
• Anticipate government investigations and possible litigation, as well as consumer litigation
• Press/public relations strategy
Preparing for and Responding to a Breach
6
“In the Belly of the Breach” | 7© 2014 Foley Hoag LLP. All Rights Reserved.
What is in-house counsel’s role in responding to a breach? Notice:
To federal/state agencies; To those impacted by the breach as both a matter of state law and risk management
MitigationThe role of notice and credit monitoring In post-breach public statements, what key points should be included to minimize
litigation risk?To what extent can a company be liable for lost data?How much can a typical breach cost a company both in time, brand equity and
internal distraction?What kind of insurance, if any, can a company use to offset costs? Does it really help cover the costs?The role of outside counsel
Incident Response and Investigation
7
“In the Belly of the Breach” | 8© 2014 Foley Hoag LLP. All Rights Reserved.
Quantify the Risk (But I Really Don’t Want to Disclose)
8
“In the Belly of the Breach” | 9© 2014 Foley Hoag LLP. All Rights Reserved.
Headline
Text
Develop an Incident Response Plan
9
“In the Belly of the Breach” | 10© 2014 Foley Hoag LLP. All Rights Reserved.
Headline
Text
Track the Plan
10
“In the Belly of the Breach” | 11© 2014 Foley Hoag LLP. All Rights Reserved.
• Still a developing area
• Limited history of evaluating risk, so premiums can vary widely
• Scope of coverage can vary widely
• Limits vary and can range from $25,000 to $25 million depending on the nature of the policy and business.
• What can be covered?– Crisis management services
– Notification of breached parties
– Credit/public records/fraud monitoring
– Fraud remediation services
Breach Insurance
11
“In the Belly of the Breach” | 12© 2014 Foley Hoag LLP. All Rights Reserved.
Questions
12
“In the Belly of the Breach” | 13© 2014 Foley Hoag LLP. All Rights Reserved.
Colin J. Zick, Esq.Foley Hoag LLP
[email protected](617) 832-1275
Gant Redmon, Esq.Vice President, Business Development, and General Counsel
Co3 Systems, [email protected]
(617) 300-8136
Contact Information
13