Page 1

Keep Your Company Out of the MediaWorkshop

Rachel Verdugo

March 23, 2011

Reno, Nevada

Protect and Control Your Data

Page 2

10 Infamous Companies’ Businessmen of the Decade

Businessmen Who Splattered Their Company in the News and Responsible for Over $300 Billion Dollar Loss to the Companies/Taxpayers

Page 3

10 Infamous Companies’ Businessmen of the Decade

Businessmen Who Splattered Their Company in the News and Responsible for Over $300 Billion Dollar Loss to the Companies/Taxpayers

Page 4

Overview

Scenarios – Workshop“The Good”– Policies and procedures are in place“The Bad” – Not following policies or procedures“The Ugly” – Caught not following policies or procedures

Scenario ObjectivesExamples on “The Ugly” with real companies that were in the media

The Good, The Bad, and The Ugly

Page 5

Scenarios - Workshop

Scenarios are real examples that have occurred from various companies

Three Scenarios:1. Scenario I: Personnel Identification Information2. Scenario II: Location of Important Data3. Scenario III: Data comprise

Scenarios provide a problem solving opportunity to identifying best practices around effective records management and facilitate compliance:

Retention Policies and Procedures Index Access control and Security Disposal Audit and Accountability Training

Each group will be able to develop a solution from their own work experience and group collaboration

Real situations that can get you in the MEDIA

Page 6

Work Shop – Scenario Objectives

We will break-out into groups:Each group is given a scenario and will have 55 minutes to work on the questions and to create a go forward plan

Each group will have 25 minutes to share results of each scenario

Summarize results from the scenarios I, II, and III from each group

Workshop is to share and collaborate on lessons learned

Leverage ideas and share experiences

Page 7

Scenario I – Personnel Identification Information

Hawaii U Posted Private Info of 40,000 Students Online – October 2010Security breach occurred when a faculty member was working on a unsecure serverPII was available for nearly a year before it was discoveredUniversity notified students of the breach and warned them on identify fraud

IBM Loses Tapes with Employee Data – May 2007Tapes with employees PII fell out of vehicle when being transferred to another locationIBM notified employees of the loss of data and warned them on identify fraudIBM offered affected employees a year of credit-monitoring services

Facebook Privacy Breach – October 2010Transmitting members information PII to advertising companies and internet tracking companiesAffected over 10 million membersCompany will introduce new technology to contain the problem

Page 8

Scenario II – Location of Important Data

Massive TSA Security Breach As Agency Gives Away Its Secrets – December 2009TSA inadvertently posted online airport screening procedures manualIncluded closely guarded secrets regarding special rules for diplomats, CIA, and law enforcement officersTSA spokesperson says the document was outdated and improperly posted to the Federal Business Opportunities website; redacted material not properly protected

Sharron Watkins eMail to Enron Chairman Kenneth Lay – June 2002Five page detailed e-mail on the issues/wrong-doings at Enron E-mail released to the public

Litigation Preparedness: Can You Reach Your Data?Defendant argued e-mails archived on the company’s cumbersome old system were not reasonably accessible under the Federal RulesCourt disagreed, holding the plaintiff should not be disadvantaged since the defendant, a sophisticated company, chose not to migrate the e-mails to the now-functional archival system

Starbucks Corp V. ADT Security Services – April 2009

Page 9

Scenario III – Data Compromise

Former employee of United Way in Miami was sentenced to 18 months in jail and fined $50,000 for (December 2009):

Accessing his former employer’s network Deleting files from the servers

The statistics from Ponemon Institute – December 2009 Four in 10 employees admit to having taken sensitive data One third said they would share sensitive data with friends or family in order to help them get a new jobNearly half said they would steal data if they were dismissed tomorrow from their job

Aerospace giant fired its CFO, Mike Sears, for reportedly improper chats with a top Air Force Missile buyer - December 2003

Sears talked with a former Air Force official about future employment before the official had disqualified herself from working on matters involving the aerospace giant

Page 10

Questions?