Data Breach and Cyber Risk Update November 17, 2011
|
|
- Melina Curtis
- 6 years ago
- Views:
Transcription
1 Data Breach and Cyber Risk Update November 17, 2011 Mark E. Schreiber Chair, Privacy & Data Protection Group Edwards Wildman Palmer LLP 111 Huntington Avenue Boston, MA Tel: Theodore P. Augustinos Co-Chair, Privacy & Data Protection Group Edwards Wildman Palmer LLP 20 Church Street Hartford, CT Tel: Thomas J. Smedinghoff Privacy & Data Protection Group Edwards Wildman Palmer LLP 225 West Wacker Drive, Suite 3000 Chicago, IL Tel: Edwards Wildman Palmer LLP & Edwards Wildman Palmer UK LLP Doc No
2 Agenda I. SEC Data Breach and Security Risk Disclosure Guidance II. Data Breach Legislation and Management III. Data Breach Litigation and Class Actions 2
3 I. SEC Data Breach and Security Risk Disclosure Guidance What Are We Talking About? SEC CF Disclosure Guidance: Topic No. 2 October 13, 2011 Division of Corporation Finance s views regarding disclosure obligations relating to Cybersecurity risks Cyber incidents Applies to public companies Not a rule, regulation, or statement of the SEC, but... 3
4 Consider Two Perspectives How does this SEC Guidance fit into the cybersecurity legal landscape? What does this guidance require public companies to do? 4
5 Impact of Cybersecurity Incidents Impact on stakeholders Employees/customers/prospects re breach of personal data Investors re breach of any corporate data e.g., BofA WikiLeaks incident Unrelated third parties re breach of personal data e.g., merchants, banks, credit card issuers Impact on company -- Costs noted in the SEC Guidance include Remediation costs (incld. Liability for stolen assets) Increased security costs Lost revenues Litigation Reputational damages 5
6 The Legal Response to Cybersecurity Risk Laws and regulations to protect stakeholders by Imposing a legal duty to implement data security State data security laws all sectors Federal data security laws financial and healthcare sectors Imposing a legal duty to warn affected stakeholders Of security breaches State breach notification laws Federal breach notification regulations financial and healthcare sectors, SEC Guidance Of security risks SEC Guidance re disclose security risks Proposed legislation 6
7 The SEC Guidance and Existing SEC Policy SEC regulations have long required that public companies report material events to their shareholders Material events are developments or events which a reasonable investor would consider important to an investment decision The new Guidance seeks to clarify this reporting requirement with respect to cybersecurity Two aspects Disclosure of cybersecurity risks Disclosure of specific cybersecurity incidents 7
8 Determining Whether to Disclose Cybersecurity Risks and Cyber Incidents Registrants should disclose the risk of cyber incidents if these issues are among the most significant factors that make an investment in the company speculative or risky This requires a risk assessment We expect registrants to evaluate their cybersecurity risks 8
9 Conducting a Risk Assessment Requires a Company to -- Identify all reasonably foreseeable internal and external threats Identify its vulnerabilities Assess likelihood that each threat with the ability to exploit vulnerabilities will actually do so Assess impact of such an event i.e., evaluate the potential damage that will result Consider the adequacy of existing security measures Risk-based cybersecurity is also the Law FTC, GLB, HIPAA, MA regs, OR statute, NJ draft regs, etc. Deploying seemingly strong security isn t enough Security must respond to the risks 9
10 Nature of the Disclosure (1) The cybersecurity risk disclosure -- Must adequately describe the nature of the material risks and specify how each risk affects the registrant. Must be tailored to their particular circumstances. Companies should not present risks that could apply to any issuer or any offering and should avoid generic risk factor disclosure 10
11 Nature of the Disclosure (2) Appropriate disclosures may include: Discussion of aspects of the registrant s business or operations that give rise to material cybersecurity risks and the potential costs and consequences; To the extent the registrant outsources functions that have material cybersecurity risks, description of those functions and how the registrant addresses those risks; Description of known or threatened cyber incidents experienced by the registrant that are individually, or in the aggregate, material, including a description of the costs and other consequences; Risks related to cyber incidents that may remain undetected for an extended period; and Description of relevant insurance coverage. 11
12 Points of Note Disclosures are not limited to PII risks or incidents All corporate data is covered The federal securities laws do not require disclosure that itself would compromise a registrant s cybersecurity. Instead, registrants should provide sufficient disclosure to allow investors to appreciate the nature of the risks faced by the particular registrant in a manner that would not have that consequence Failure to address disclosed risks might be a violation of applicable state or federal data security law Decisions not to disclose should be documented and justified on the basis of the risk assessment 12
13 Where Disclosures May Be Required Management s Discussion and Analysis of Financial Condition and Results of Operations if the costs or other consequences associated with one or more known incidents or the risk of potential incidents represent a material event, trend, or uncertainty that is reasonably likely to have a material effect on the registrant s results of operations, liquidity, or financial condition or would cause reported financial information not to be necessarily indicative of future operating results or financial condition Description of Business If one or more cyber incidents materially affect a registrant s products, services, relationships with customers or suppliers, or competitive conditions Legal Proceedings disclosure If a material pending legal proceeding to which a registrant or any of its subsidiaries is a party involves a cyber incident Financial Statement disclosures Cybersecurity risks and cyber incidents may have a broad impact on a registrant s financial statements, depending on the nature and severity of the potential or actual incident 13
14 Going Forward, Public Companies Should... Conduct regular and rigorous cybersecurity risk assessments Address the risks that are identified by Developing and implementing a responsive comprehensive data security program Making appropriate disclosures to SEC of material risks Developing an appropriate incident response plan Document and justify any decisions not to disclose risks where appropriate Work with both data security counsel and securities counsel to coordinate foregoing and make decisions regarding SEC disclosure filings 14
15 II. Data Breach Legislation and Management Legislative and Regulatory Developments US Federal data breach bills including White House proposal. Would purportedly standardize breach notification in the U.S. Override the current patchwork of notification requirements Apply to electronic data. Not paper. Define sensitive personally identifiable information differently. Most include but extend beyond most state law definitions. Some require security policies to protect PII. Some would preempt state notice requirements, except State specific contact information Agency notification Some include private rights of action; others do not. 15
16 Legislative and Regulatory Developments (cont.) States 4 remaining states without breach notification requirements, after MS adopted legislation in No action on the horizon among the 4. Only 6 states include data in paper form, and those may not apply depending on numbers affected and other factors. 16
17 Legislative and Regulatory Developments (cont.) Abroad EU requirements are coming. Breach Notification Consultation closed September EU Data Protection Directive Amendment or regulation expected Feb Amendment would take years to implement; regulation would be effective immediately. Currently, notification to individuals and/or government agencies is required in some EU/EEA, but US leads the way in notice to affected individuals. 17
18 Developments in Enforcement Federal FTC 34 enforcement actions since Two cases summer of 2011 imposed, among other actions, 20 years of mandated biennial third party data security audits. OCR Over past 5 years, data security cases were 2d highest category of investigations closed with corrective actions State HIPPA/HITECH enforcement. See, IN AG in Wellpoint. PCI-DSS. Massachusetts application of PCI-DSS as standard under general consumer protection statute. Briar Group. California interpretation of prohibition against collecting addresses under Song-Beverly to include ZIP code alone, with name. EU Expected increase after breach notification requirements. 18
19 Breach Management Developments Discrimination among affected individuals a Coming Attraction? Treating similarly affected individuals differently based on differences in state requirements was almost unthinkable until only a short time ago. Valid sensitivity to over notification has driven legitimate discussion as to whether to differentiate based on legal requirements. Jurisdiction specific differentiation is expensive. Legal and other response costs are higher in a state by state approach. 19
20 Breach Preparedness 2.0 Seasoned Teams assembled Dry-run exercises Heightened awareness, better training and increased budgets Involvement of Insurance Brokers in development of policies specific to cyber risk Development of vendor panels by insurers of cyber risk Increased attention to vendor management Contractual provisions Audits Physical vulnerabilities and exposures Shortened timeframes 20
21 III. Data Breach Litigation and Class Actions U.S. Class Action Litigation Status Most data breach class actions are defeated On motions to dismiss and/or class not certified Go nowhere, but are costly to defend Even more expensive to settle Small amount of individual damages multiplied by millions in large cases Plaintiffs attorneys need financial incentive of class action In order to pursue data breach action Individual losses will generally be too small Not likely to be worth it for plaintiffs to proceed without class 21
22 U.S. Class Action Litigation Status- Article III Standing Required Data breach class actions Tend to be in federal court due to Class Action Fairness Act. 28 U.S.C. 1332(d) If in state court, may be removable Federal lawsuits must satisfy Article III standing requirement Requires a case or controversy Case or controversy requires an injury in fact that is actual or imminent, not conjectural or hypothetical. Friends of the Earth, Inc. v. Laidlaw Envtl. Servs., Inc., 528 U.S. 167, (2000) 22
23 U.S. Class Action Litigation Status- Article III Standing Required (cont.) Numerous lower federal courts Found that increased risk of identity theft as result of data breach not an injury in fact Randolph v. ING Life Ins. & Annuity Co., 486 F.Supp.2d 1 (D.D.C. 2009); Key v. DSW Inc., 454 F.Supp.2d 684 (S.D. Ohio 2006) Two federal appellate courts found Increased risk of identity theft satisfies injury in fact requirement Pisciotta v. Old National Bancorp., 499 F.3d 629 (7th Cir. 2007) Krottner v. Starbucks Corp., No (9th Cir., Dec. 14, 2010) Sixth Circuit suggested Increased risk of identity theft too conjectural to be injury in fact Did not decide issue Lambert v. Hartman, 517 F.3d 433, 437 (6th Cir. 2008) 23
24 Cognizable Injury Also Required If standing requirements satisfied Plaintiffs still need to allege injury for which state law provides remedy Injuries not cognizable (generally) under state common law: Increased risk of identity theft Time and effort spent closing accounts/protecting credit ratings Without more than allegations of increased risk of future identity theft, the plaintiffs have not suffered a harm that the law is prepared to remedy. Pisciotta v. Old National Bancorp., 499 F.3d 629 (7th Cir.2007) 24
25 Cognizable Injury Also Required (cont.) Recent example: Anderson v. Hannaford Bros. Co., (1st Cir. CA, 10/20/11) Mitigation damages cognizable under Maine law in data breach class action if reasonably foreseeable and reasonable are for actual financial losses rather than just time or effort expended in negligence and breach of implied contract claims Includes, under the circumstances: cost of credit monitoring/identity theft insurance fees for replacement of credit and debit cards Excludes: loss of accumulated miles reward points inability to earn reward points emotional distress time and effort spent dealing with the situation 25
26 Cognizable Injury Also Required (cont.) History: 4.2 million credit and debit card numbers hacked/stolen with expiration dates and security codes, but not customer names 1,800 reports of fraudulent credit and debit card activity Maine highest court answered certified questions on time and effort, in the negative, 2010 ME 93 (2010) Foreseeable, on these facts, customers replace cards to mitigate against unauthorized charges/other misuse reasonably purchase insurance to protect against further misuse. Boundary on recovery of costs by claimants if no fraudulent charges monitoring services may be unreasonable and not recoverable 26
27 Cognizable Injury Also Required (cont.) Claims dismissed/dismissal upheld for breach of fiduciary duty, breach of implied warranty, strict liability failure to notify customers of the data breach ME Consumer Protection Statute In re Hannaford Bros., Co., Customer Data Security Breach Litigation, 613 F. Supp.2d 108 (D. ME. 2009) Implications elsewhere? Damages for other state law claims in other class actions? Does forseeability depend on no. of fraudulent changes? Notice letter language? 27
28 Class Certification Doubtful Court may not certify class Stollenwerk v. TriWest Healthcare Alliance, No (D.Ariz., June 10, 2008) Adequacy test - if plaintiffs attorneys locate individual who has suffered identity theft, or other injury, to satisfy standing and cognizable injury requirements That individual may not be appropriate class representative for others who merely suffer increased risks Test of predominance - due to highly individualized proof required for causation of identity theft Common questions of fact and law might not predominate 28
29 Cases That May Survive Motion To Dismiss? New theories of injury: Customers of social media application provider lost value when usernames, passwords stolen Claridge v. RockYou, C PJH (N.D. Ca., April 11, 2011) Court did not dismiss, but skeptical about claim surviving summary judgment Court finds cognizable injury in statutory claim Doe 1 v. AOL LLC, 719 F.Supp.2d 1102 (N.D. Ca. 2010) Claim under California Consumers Legal Remedy Act Statute says consumer suffering any damage may bring a claim 29
30 Cases That May Survive Motion To Dismiss? (cont.) Defendant exposed highly sensitive personal information of plaintiffs Sufficient allegation of injury under statute Behavioral advertising cases Super cookie litigation, Do Not Track Other statutes, i.e., ECPA, CFAA, etc. Are these breaches? Possible UK/EU cookie implications 30
31 Contact Information Mark E. Schreiber, Chair, Privacy & Data Protection Group Edwards Wildman Palmer LLP 111 Huntington Avenue Boston, MA Theodore P. Augustinos, Co-Chair, Privacy & Data Protection Group Edwards Wildman Palmer LLP 20 Church Street Hartford, CT Thomas J. Smedinghoff Privacy & Data Protection Group Edwards Wildman Palmer LLP 225 West Wacker Drive, Suite 3000 Chicago, IL
CYBER LIABILITY: TRENDS AND DEVELOPMENTS: WHERE WE ARE AND WHERE WE ARE GOING
CYBER LIABILITY: TRENDS AND DEVELOPMENTS: WHERE WE ARE AND WHERE WE ARE GOING 2015 Verizon Data Breach Report 79,790 security incidents 2,122 confirmed data breaches Top industries affected: Public, Information,
More informationWe re Under Cyberattack Now What?! John Mullen, Partner/Co-founder, Mullen Coughlin Jason Bucher, Senior Underwriting Manager, Schinnerer Cyber
We re Under Cyberattack Now What?! John Mullen, Partner/Co-founder, Mullen Coughlin Jason Bucher, Senior Underwriting Manager, Schinnerer Cyber Protection Data Creates Duties What data do you access, and
More informationHEALTHCARE BREACH TRIAGE
IAPP Privacy Academy September 30 October 2, 2013 HEALTHCARE BREACH TRIAGE Theodore P. Augustinos EDWARDS WILDMAN PALMER LLP Kenneth P. Mortensen CVS/CAREMARK 2013 Edwards Wildman Palmer LLP & Edwards
More informationDefending Litigation After a Data Breach
Defending Litigation After a Data Breach November 9, 2016 Stewart Baker Steptoe & Johnson LLP Defending Litigation After a Data Breach Class Action Suits Commonly Filed By: Consumers Financial Institutions
More informationEmerging legal and regulatory risks
Emerging legal and regulatory risks Presentation for AusCERT2016 Matthew Pokarier and Ben Di Marco Structure Regulatory risks Third-party liability Actions by affected individuals Actions by banks and
More informationPaul Jones, Jones & Co. Kathleen Rice, Faegre Baker Daniels, LLP
HOW TO NAVIGATE THE LANDSCAPE OF GLOBAL PRIVACY AND DATA PROTECTION Paul Jones, Jones & Co. Kathleen Rice, Faegre Baker Daniels, LLP Topics to Cover General Concepts Increased U.S. enforcement activity
More informationCredit Card Data Breaches: Protecting Your Company from the Hidden Surprises
Credit Card Data Breaches: Protecting Your Company from the Hidden Surprises By David Zetoony Partner, Bryan Cave LLP Courtney Stout Counsel, Davis Wright Tremaine LLP With Contributions By Suzanne Gladle,
More informationCritical Issues in Cybersecurity:
Critical Issues in Cybersecurity: Are you prepared and in compliance? July 27, 2017 Robert Barbarowicz Scott Lyon JillAllison Opell 1 What Types of Information do We Collect? PII v. PHI v. NPI v. sensitive/confidential
More informationCompliance With the Red Flags Rules
For Audio Participation, Please Call 1.866.281.4322, *1382742* Attorney Advertising Prior results do not guarantee a similar outcome Models used are not clients but may be representative of clients 321
More informationCyber Insurance 2017:
Cyber Insurance 2017: Ensuring Your Coverage is Sound Thursday, March 23, 2017 Attorney Advertising Prior results do not guarantee a similar outcome 777 East Wisconsin Avenue, Milwaukee, WI 53202 414.271.2400
More informationCase 2:15-cv Document 1 Filed 12/08/15 Page 1 of 15 UNITED STATES DISTRICT COURT FOR THE WESTERN DISTRICT OF WASHINGTON AT SEATTLE JUDGMENT
Case :-cv-0 Document Filed /0/ Page of UNITED STATES DISTRICT COURT FOR THE WESTERN DISTRICT OF WASHINGTON AT SEATTLE ATLANTIC SPECIALTY INSURANCE COMPANY, vs. Plaintiff, NO. JUDGMENT Clerk s Action Required
More informationFINANCIER DATA PROTECTION & PRIVACY LAWS ANNUAL REVIEW ONLINE CONTENT DECEMBER 2016 R E P R I N T F I N A N C I E R W O R L D W I D E.
R E P R I N T F I N A N C I E R W O R L D W I D E. C O M ANNUAL REVIEW DATA PROTECTION & PRIVACY LAWS REPRINTED FROM ONLINE CONTENT DECEMBER 2016 2016 Financier Worldwide Limited Permission to use this
More informationPRIVACY AND CYBERSECURITY ISSUES IN M&A TRANSACTIONS
PRIVACY AND CYBERSECURITY ISSUES IN M&A TRANSACTIONS Don Shelkey and Ezra Church May 22, 2018 2018 Morgan, Lewis & Bockius LLP Overview Introduction Why should I care? Five Key Legal Requirements Sector-Specific
More informationSecond Circuit Signals That a Bare Violation of a Disclosure Statute Will Not Confer Standing
March 28, 2017 Second Circuit Signals That a Bare Violation of a Disclosure Statute Will Not Confer Standing In a February 23, 2017 summary decision in Ross v. AXA Equitable Life Insurance Company and
More informationTarget Date Funds Platform Investment Options
Target Date Funds Platform Investment Options The Evolving Tension Between Property Rights and Union Access Rights The California Experience By: Ted Scott and Sara B. Kalis, Littler Mendelson Kim Zeldin,
More informationHIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES
HIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES The Health Information Technology for Economic and Clinical Health Act (HITECH Act), enacted as part of the American Recovery and Reinvestment
More informationAnatomy of a Data Breach
Anatomy of a Data Breach May 17, 2017 Lucie F. Huger Officer, Greensfelder, Hemker & Gale, P.C. Mary Ann Wymore Officer, Greensfelder, Hemker & Gale, P.C. Information is the New Oil! Companies are collecting
More informationTHIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY CRISIS MANAGEMENT COVERAGE The Insurer shall pay on behalf of the Insured: 1) Crisis Management Expenses that are a direct result of a Network
More informationTrends, Vendor Management, and Practical Tips For In House Counsel. ACC National Capital Region October 16, 2018
Cyberinsurance Issues Coming for 2019 Trends, Vendor Management, and Practical Tips For In House Counsel ACC National Capital Region October 16, 2018 Scott N. Godes Partner Insurance Recovery Co-Chair,
More informationChicagoLand RIMS Cyber Insurance Coverage Pitfalls and How to Avoid Them
ChicagoLand RIMS Cyber Insurance Coverage Pitfalls and How to Avoid Them PROVIDED BY HUB INTERNATIONAL October 25th, 2016 W W W. C H I C A G O L A N D R I S K F O R U M. O R G AGENDA 1. The evolution of
More informationU.S. Consumer Financial Services Regulation: What to Expect in 2016
U.S. Consumer Financial Services Regulation: What to Expect in 2016 Digital Payments Intensive April 13, 2016 Andrew J. Lorentz No. 1 RULEMAKING BY ENFORCEMENT 2 Rulemaking by enforcement New Consumer
More informationCENTURYLINK ELECTRONIC AND ONLINE PAYMENT TERMS AND CONDITIONS
CENTURYLINK ELECTRONIC AND ONLINE PAYMENT TERMS AND CONDITIONS Effective June 1, 2014 The following terms and conditions apply to electronic and online delivery and presentation of your invoices by CenturyLink
More informationDesigning Privacy Policies and Identifying Privacy Risks for Financial Institutions. June 2016
Designing Privacy Policies and Identifying Privacy Risks for Financial Institutions June 2016 Program Overview Regulatory Environment Who Needs a Privacy Program and Common Questions Components of a Comprehensive
More informationCYBERINSURANCE TRENDS AND DEVELOPMENTS
CYBERINSURANCE TRENDS AND DEVELOPMENTS What cyber risks can be covered Emerging products Recent cases, pending legislation and regulation Claims case studies INTRODUCTION TO CYBERINSURANCE Gartner defines
More informationLICENSE AGREEMENT. Security Software Solutions
LICENSE AGREEMENT Security Software Solutions VERIS ACTIVE ID SERVICES AGREEMENT between Timothy J. Rollins DBA Security Software Solutions, having an office at 5215 Sabino Canyon Road and 4340 N Camino
More informationThe General Data Protection Regulation s Impact on M&A
The General Data Protection Regulation s Impact on M&A PRACTICAL ADVICE ON HOW TO CONTINUE A SMOOTH M&A PROCESS Presented by Avi Gesser, Davis Polk partner, Litigation/Cybersecurity Pritesh P. Shah, Davis
More informationALI-ABA Course of Study ERISA Litigation. February 14-16, 2008 Scottsdale, Arizona. Litigation Against Plan Service Providers
183 ALI-ABA Course of Study ERISA Litigation February 14-16, 2008 Scottsdale, Arizona Litigation Against Plan Service Providers By Thomas S. Gigot Groom Law Group Washington, D.C. 184 2 185 Overview Since
More informationTrends in Cyber-Insurance Coverage to Meet Insureds Needs
Trends in Cyber-Insurance Coverage to Meet Insureds Needs Linda Wendell Hsu Selman Breitman LLP 33 New Montgomery Street, Sixth Floor San Francisco, CA 94105 (415) 979-0400 lhsu@selmanlaw.com William A.
More informationMedical Data Security Beyond HIPAA: Practical Solutions for Red Flags and Security Breaches. April 3, 2009
Medical Data Security Beyond HIPAA: Practical Solutions for Red Flags and Security Breaches April 3, 2009 Jon A. Neiditz Cynthia B. Hutto Ross E. Sallade Eli A. Poliakoff Nelson Mullins Healthcare Information
More informationAllocating Risk for Privacy and Data Security in Commercial Contracts and Related Insurance Implications
Allocating Risk for Privacy and Data Security in Commercial Contracts and Related Insurance Implications Presented by: Selena J. Linde George Galt Aaron Coombs June 23, 2016 Perkins Coie LLP Presenter:
More informationStakes Are High For ERISA Fiduciaries
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Stakes Are High For ERISA Fiduciaries Law360, New
More informationCYBER LIABILITY INSURANCE OVERVIEW FOR. Prepared by: Evan Taylor NFP
CYBER LIABILITY INSURANCE OVERVIEW FOR Prepared by: Evan Taylor NFP Targeted Industries Business Sector Financial Services 10% Non-Profit 11% Retail 10% Other 37% Other 18% Type of Data PII 40% Professional
More informationBuilding an Online Identity Legal Framework
The ABA Legal Task Force Building an Online Identity Legal Framework Thomas J. Smedinghoff Wildman, Harrold, Allen & Dixon, LLP Chicago Co-Chair, ABA Federated Identity Management Legal Task Force Wildman
More information2017 Copyright The Sequoia Project. All rights reserved.
Exhibit 1 Carequality Connection Terms As used herein, Organization refers to the Carequality Connection upon which these Carequality Connection Terms are binding and Sponsoring Implementer refers to the
More informationCyber Incident Response When You Didn t Have a Plan
Cyber Incident Response When You Didn t Have a Plan April F. Doss Saul Ewing LLP How serious is the cybersecurity threat? Some sobering numbers from 2015: Over half a billion personal records were stolen
More informationInformation Security and Third-Party Service Provider Agreements
The Iowa State Bar Association s ecommerce & Intellectual Property Law Sections presents 2016 Intellectual Property Law & ecommerce Seminar Information Security and Third-Party Service Provider Agreements
More informationCyber Risks & Insurance
Cyber Risks & Insurance Bob Klobe Asst. Vice President & Cyber Security Subject Matter Expert Chubb Specialty Insurance Legal Disclaimer The views, information and content expressed herein are those of
More informationUNITED STATES DISTRICT COURT DISTRICT OF OREGON PORTLAND DIVISION. Negligence
Michael Fuller, OSB No. 09357 Lead Attorney for Plaintiffs Olsen Daines PC US Bancorp Tower 111 SW 5th Ave., Suite 3150 Portland, Oregon 97204 michael@underdoglawyer.com Direct 503-201-4570 Mark Geragos,
More informationM. Gabrielle Hils Of Counsel
M. Gabrielle Hils Of Counsel gabrielle.hils@dinsmore.com Cincinnati, OH Tel: (513) 977-8175 Gabrielle's diverse experience and knowledge of complex litigation, including class action proceedings, has allowed
More informationCASE 0:14-md PAM Document Filed 07/10/15 Page 1 of 14 EXHIBIT 1
CASE 0:14-md-02522-PAM Document 483-1 Filed 07/10/15 Page 1 of 14 EXHIBIT 1 CASE 0:14-md-02522-PAM Document 483-1 Filed 07/10/15 Page 2 of 14 EXHIBIT 1 SUMMARY OF DATA BREACH SETTLEMENTS Monetary Value
More informationCybersecurity Threats: What Retirement Plan Sponsors and Fiduciaries Need to Know and Do
ARTICLE Cybersecurity Threats: What Retirement Plan Sponsors and Fiduciaries Need to Know and Do By Gene Griggs and Saad Gul This article analyzes cybersecurity issues for retirement plans. Introduction
More informationSponaugle v. First Union Mtg
2002 Decisions Opinions of the United States Court of Appeals for the Third Circuit 7-25-2002 Sponaugle v. First Union Mtg Precedential or Non-Precedential: Non-Precedential Docket No. 01-3325 Follow this
More informationBy David F. Katz, Richard D. Smith, Elizabeth K. Hinson, Jason Mark Anderman and Sarah Statz
CYBERSECURITY LAW & STRATEGY AUGUST 2017 Third-Party Cybersecurity Strategies Critical to Preparedness By David F. Katz, Richard D. Smith, Elizabeth K. Hinson, Jason Mark Anderman and Sarah Statz Understanding
More informationAon Cyber Risk and Directors & Officers Forum CRM011
Aon Cyber Risk and Directors & Officers Forum CRM011 Speakers: Leslie Lamb, Director, Global Risk & Resiliency Management, Cisco Systems Timothy Fletcher, Senior Vice President and Team Leader, Aon Risk
More informationCyberRisk: What we know and what we don't know
CyberRisk: What we know and what we don't know JOHN MULLEN, ESQ., LEWIS BRISBOIS BISGAARD & SMITH LLP ADAM COTTINI, ARTHUR J GALLAGHER MARCH 16, 2016 2014 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS
More informationDOJ Postpones Website Accessibility Proceeding: How Businesses Can Prepare in Anticipation of a Lawsuit and How to Maximize Your Insurance Once Served
DOJ Postpones Website Accessibility Proceeding: How Businesses Can Prepare in Anticipation of a Lawsuit and How to Maximize Your Insurance Once Served by Kimberly S. Reindl and Selena J. Linde The Department
More informationWhat is a privacy breach / security breach?
What is a breach? What is a privacy breach / security breach? Privacy breach Computer security breach: The theft, loss or unauthorized disclosure of personally identifiable non-public information (PII)
More informationCYBER-CRIMES: How Have Courts Dealt with the Insurance Implications of this Emerging Risk? By Alan Rutkin
CYBER-CRIMES: How Have Courts Dealt with the Insurance Implications of this Emerging Risk? By Alan Rutkin Insurance coverage law has one firm rule: when a new risk emerges, new coverage issues follow.
More informationCYBERSECURITY AND PRIVACY: REDUCING YOUR COMPANY S LEGAL RISK. By: Andrew Serwin
CYBERSECURITY AND PRIVACY: REDUCING YOUR COMPANY S LEGAL RISK By: Andrew Serwin January 19, 2018 Overview What are companies concerned about? What information are we concerned about? Cybersecurity Who
More informationInvas ion of Privacy, Hacking and Intellectual Property Claims : Are You Covered?
Invas ion of Privacy, Hacking and Intellectual Property Claims : Are You Covered? Speakers : Edward M. Joyce, Partner, Jones Day Leslie Lamb, Director Global Risk Management, Cisco Systems, Inc. The views
More informationPRIVACY AND CYBER SECURITY
PRIVACY AND CYBER SECURITY Presented by: Joe Marra, Senior Account Executive/Producer Stoya Corcoran, Assistant Vice President Presented to: CIFFA Members September 20, 2017 1 Disclaimer The information
More informationAmid Growing Liability Threats Crafting and Implementing Policies and Responding to Breaches
Presenting a live 90 minute webinar with interactive Q&A Data Privacy and Security: Legal Strategies Amid Growing Liability Threats Crafting and Implementing Policies and Responding to Breaches THURSDAY,
More informationHealthcare Data Breaches: Handle with Care.
Healthcare Data Breaches: Handle with Care November 13, 2012 ID Experts Webinar www.idexpertscorp.com The material presented in this presentation is not intended to provide legal or other expert advice
More informationTHREE ADDITIONAL AND IMPORTANT TAKEAWAYS FROM SONY
March 7, 2014 THREE ADDITIONAL AND IMPORTANT TAKEAWAYS FROM SONY In Zurich Amer. Ins. Co. v. Sony Corp., Index No. 651982/2011 (N.Y. Supr. Ct. Feb. 21, 2014), the New York trial court held that Sony Corporation
More informationPayment Card Industry Compliance Policy
PURPOSE and BACKGROUND The purpose of this policy is to ensure that Massachusetts Maritime Academy (MMA) maintains compliance with the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS is
More informationH 7789 S T A T E O F R H O D E I S L A N D
======== LC001 ======== 01 -- H S T A T E O F R H O D E I S L A N D IN GENERAL ASSEMBLY JANUARY SESSION, A.D. 01 A N A C T RELATING TO INSURANCE - INSURANCE DATA SECURITY ACT Introduced By: Representatives
More informationNOTICE OF CLASS ACTION SETTLEMENT AND FAIRNESS HEARING
UNITED STATES DISTRICT COURT MIDDLE DISTRICT OF NORTH CAROLINA Karolyn Kruger, M.D., et al., Plaintiffs, v. Novant Health Inc., et al., Defendants. Case No. 14-cv-208 Judge William Osteen, Jr. NOTICE OF
More informationManagement liability corporate legal liability Policy wording
The General terms and conditions and the following terms and conditions all apply to this section. Cover under this section is given on an aggregate basis unless otherwise specified. Special definitions
More informationData Breach Financial Protection Program Terms and Conditions
Data Breach Financial Protection Program Terms and Conditions The Data Breach Financial Protection Program (the Program ) is a comprehensive expense reimbursement program, provided with some Netsurion
More informationUNITED STATES DISTRICT COURT
Case 6:13-cv-01591-GAP-GJK Document 92 Filed 10/06/14 Page 1 of 6 PageID 3137 CATHERINE S. CADLE, UNITED STATES DISTRICT COURT Plaintiff, MIDDLE DISTRICT OF FLORIDA ORLANDO DIVISION v. Case No: 6:13-cv-1591-Orl-31GJK
More informationPrivacy and Data Breach Protection Modular application form
Instructions The Hiscox Technology, Privacy and Cyber Portfolio Policy may be purchased on an a-la-carte basis. Some organizations may require coverage for their technology errors and omissions, while
More informationIdentity Theft Prevention Program Lake Forest College Revision 1.0
Identity Theft Prevention Program Lake Forest College Revision 1.0 This document supersedes all previous identity theft prevention program documents. Approved and Adopted by: The Board of Directors Date:
More informationALBERTA OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER P2011-ND-042 PERSONALITY PROFILE SOLUTIONS INC. November 1, (Case File #P2003)
ALBERTA OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER P2011-ND-042 PERSONALITY PROFILE SOLUTIONS INC. November 1, 2011 (Case File #P2003) I. Introduction [1] On October 14, 2011, I received a report
More informationTestimony. Submitted for the Record. American Bankers Association. Financial Institutions and Consumer Credit Subcommittee
Testimony Submitted for the Record from the American Bankers Association for the Financial Institutions and Consumer Credit Subcommittee of the Committee on Financial Services United States House of Representatives
More informationBENEFITS LAW BRIEFING:
BENEFITS LAW BRIEFING: Eliminating the Company Stock Fund From Your Public Company's 401(k) Plan Navigating the Securities and ERISA Fiduciary Issues May 21, 2015 Jan Jacobson Senior Counsel, Retirement
More information503 SURVIVING A HIPAA BREACH INVESTIGATION
503 SURVIVING A HIPAA BREACH INVESTIGATION Presented by Nicole Hughes Waid, Esq. Mark J. Swearingen, Esq. Celeste H. Davis, Esq. Regional Manager 1 Surviving a HIPAA Breach Investigation: Enforcement Presented
More informationCyber, Data Risk and Media Insurance Application form
Instructions The Hiscox Technology, Privacy and Cyber Portfolio Policy may be purchased on an a-la-carte basis. Some organizations may require coverage for their technology errors and omissions, while
More informationGovernment Plan Litigation: The Past, Present, and Future Wave of Litigation
Government Plan Litigation: The Past, Present, and Future Wave of Litigation NCPERS 2015 Annual Conference and Exhibition May 6, 2015 David N. Levine and Sarah Adams Zumwalt Overview Past Funding Issues
More informationCase 1:18-cv AMD-RLM Document 1 Filed 07/02/18 Page 1 of 10 PageID #: 1
Case 1:18-cv-03806-AMD-RLM Document 1 Filed 07/02/18 Page 1 of 10 PageID #: 1 UNITED STATES DISTRICT COURT EASTERN DISTRICT OF NEW YORK --------------------------------------------------------- ZISSY HOLCZLER
More informationJujitsu Techniques for Enforcing & Defending Contract Liability Claims
Jujitsu Techniques for Enforcing & Defending Contract Liability Claims January 19, 2017 Jeryl Bowers Sheppard Mullin Partner, Los Angeles T +310-229-3713 M +213-926-3800 jbowers@sheppardmullin.com Sheppard
More informationCYBER LIABILITY REINSURANCE SOLUTIONS
CYBER LIABILITY REINSURANCE SOLUTIONS CYBER STRONG. CYBER STRONG. State-of-the-Art Protection for Growing Cyber Risks Businesses of all sizes and in every industry are experiencing an increase in cyber
More informationCoverage Issues Relating To Claims Under The False Claims Act
Coverage Issues Relating To Claims Under The False Claims Act May 2, 2017 Stephen A. Wood Chuhak & Tecson, P.C. 30 South Wacker, Ste 2600 Chicago, IL 60606 swood@ Direct Dial: 312-201-3400 Facsimile: 312-444-9027
More informationJerman And Its Effects On the Collection Industry
Jerman And Its Effects On the Collection Industry Presented By: Alan H. Weinberg, Managing Partner U.S. Supreme Court Only two Fair Debt Collection Practices Act ( FDCPA ) Cases have been before the United
More informationNarrowing the Scope of Auditor Duties
Narrowing the Scope of Auditor Duties David Margulies, J.D. Candidate 2010 The tort of deepening insolvency refers to an action asserted by a representative of a bankruptcy estate against directors, officers,
More informationBreach Policy. Applicable Standards from the HITRUST Common Security Framework. Applicable Standards from the HIPAA Security Rule
Breach Policy To provide guidance for breach notification when impressive or unauthorized access, acquisition, use and/or disclosure of the ephi occurs. Breach notification will be carried out in compliance
More informationThe National Association of Community Health Centers, Inc. Issue Brief on. Complying with the FTC s Red Flag Rules. February, 2009
1/28/2009 The National Association of Community Health Centers, Inc. Issue Brief on Complying with the FTC s Red Flag Rules February, 2009 Prepared for NACHC by: Michael Glomb Feldesman Tucker Leifer Fidell,
More informationThe Risk-based Approach to Data Breach Response Meeting mounting expectations for effective, relevant solutions
The Risk-based Approach to Data Breach Response Meeting mounting expectations for effective, relevant solutions Our Speakers Mark Melodia is Partner and Co-Head of the Global Data Security, Privacy & Management
More informationERISA Litigation. ERISA Statute Fundamentals. What is ERISA, and where is the ERISA statute located? What is an ERISA plan?
ERISA Litigation Our expert attorneys have substantial experience representing third-party administrators, insurers, plans, plan sponsors, and employers in an array of ERISA litigation and benefits-related
More informationRISK TRACK. Privacy and Data Protection
RISK TRACK Privacy and Data Protection Presenters Marti Arvin Chief Compliance Officer UCLA Health Sciences Phone: 310-794-6763 MArvin@mednet.ucla.edu Marti Arvin is the Chief Compliance Officer for UCLA
More informationInsurer v. Insurer: The Bases of an Insurer s Right to Recover Payment From Another Insurer*
Insurer v. Insurer: The Bases of an Insurer s Right to Recover Payment From Another Insurer* By: Thomas F. Lucas McKenna, Storer, Rowe, White & Farrug Chicago A part of every insurer s loss evaluation
More informationProtecting Against the High Cost of Cyberfraud
Protecting Against the High Cost of Cyberfraud THE ROLE OF CYBER LIABILITY INSURANCE IN YOUR RISK MANAGEMENT STRATEGY Paying the Price...2 The Ransomware Scourge...3 Policy Provisions...3 Management Liability...4
More informationOF FLORIDA. ** Appellant, ** vs. CASE NO. 3D ** LOWER TRIBUNAL NO TRIPP CONSTRUCTION, INC., ** Appellee. **
NOT FINAL UNTIL TIME EXPIRES TO FILE REHEARING MOTION AND, IF FILED, DISPOSED OF. AUTO OWNERS INSURANCE COMPANY, IN THE DISTRICT COURT OF APPEAL OF FLORIDA THIRD DISTRICT JULY TERM, A.D. 2002 Appellant,
More informationIN THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF GEORGIA ATLANTA DIVISION
Reinicke Athens Inc. v. National Trust Insurance Company Doc. 21 IN THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF GEORGIA ATLANTA DIVISION REINICKE ATHENS INC., Plaintiff, v. CIVIL ACTION
More information: : PLAINTIFF, : : : : : DEFENDANT : Plaintiffs are hedge funds that invested in the Rye Select Broad Market
UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF NEW YORK ---------------------------------------------x MERIDIAN HORIZON FUND, L.P., ET AL., PLAINTIFF, v. TREMONT GROUP HOLDINGS, INC., DEFENDANT ---------------------------------------------x
More informationRIMS Cyber Presentation
RIMS Cyber Presentation Forrest Pace Cyber & Strategic Risk Leader South Zone AIG Property Casualty Forrest.Pace@aig.com 1 Bio Forrest Pace is the Cyber and Strategic Risk Leader for the South Zone, coordinating
More informationResponding to Allegations of Bad Faith
Responding to Allegations of Bad Faith Matthew M. Haar Saul Ewing LLP 2 N. Second Street, 7th Floor Harrisburg, PA 17101 (717) 257-7508 mhaar@saul.com Matthew M. Haar is a litigation attorney in Saul Ewing
More informationPreparing for a HIPAA Audit & Hot Topics in Health Care Reform
Preparing for a HIPAA Audit & Hot Topics in Health Care Reform 2013 San Francisco Mid-Sized Retirement & Healthcare Plan Management Conference March 17-20, 2013 Elizabeth Loh, Esq. Copyright Trucker Huss,
More informationCicio v. Vytra Healthcare : Another Blow to the Defense of ERISA Preemption in Utilization Review Decisions
Cicio v. Vytra Healthcare : Another Blow to the Defense of ERISA Preemption in Utilization Review Decisions Prepared for BCS Insurance Company By: Ciara Ryan Frost Jodi R. Marvet Kerns, Pitrof, Frost &
More informationObjectives: Pharmacist Liability
Objectives: Pharmacist Liability Martha Dye-Whealan R.Ph., J.D. Define negligence and tort law. Review elements of and defenses to a negligence claim and relate to pharmacy practice. Understand relevance
More informationIndemnification: Forgotten D&O Protection
Indemnification: Forgotten D&O Protection In the current post-enron environment, directors and officers increasingly realize, perhaps more than ever before, that absent strong financial protection, their
More informationHURON CONSULTING GROUP INC. INSIDER TRADING POLICY. (As amended October 20, 2016)
HURON CONSULTING GROUP INC. INSIDER TRADING POLICY (As amended October 20, 2016) The federal securities laws generally prohibit persons who receive or become aware of material nonpublic information about
More informationEmployment Practices Liability Coverage Element Declarations
Wesco Insurance Company 800 Superior Ave E., 21 st Floor Cleveland, OH 44114 Employment Practices Liability Coverage Element Declarations 1. NAMED INSURED: 2. POLICY PERIOD: Inception: Expiration: The
More informationOperationalising Trust Frameworks and Scheme Rules
Operationalising Trust Frameworks and Scheme Rules Thomas J. Smedinghoff Edwards Wildman Palmer LLP Edwards Wildman Palmer UK LLP 2013 Edwards Wildman Palmer LLP & Edwards Wildman Palmer UK LLP A Word
More informationIN THE UNITED STATES COURT OF APPEALS FOR THE ELEVENTH CIRCUIT. No D.C. Docket No. 1:14-cv WS-B. versus
Case: 15-15708 Date Filed: 07/06/2016 Page: 1 of 10 [DO NOT PUBLISH] IN THE UNITED STATES COURT OF APPEALS FOR THE ELEVENTH CIRCUIT No. 15-15708 D.C. Docket No. 1:14-cv-00057-WS-B MAHALA A. CHURCH, Plaintiff
More informationCase 3:17-cv BR Document 1 Filed 01/24/17 Page 1 of 21
Case 3:17-cv-00117-BR Document 1 Filed 01/24/17 Page 1 of 21 Michael Fuller, OSB No. 09357 Lead Trial Attorney for Estrella Rex Daines, OSB No. 952442 Of Attorneys for Estrella Olsen Daines PC US Bancorp
More informationHIPAA Breach Notification Case Studies on What to Do and When to Report
HIPAA Breach Notification Case Studies on What to Do and When to Report AHLA Physicians and Physician Organizations and Hospitals and Health Systems Law Institute February 9 and10, 2012 Colleen M. McClorey,
More informationRisky Business: Protecting the Personal Assets of Ds&Os. Steven Cohen, Marsh Inc. Jay Dubow, Pepper Hamilton LLP Bob Hickok, Pepper Hamilton LLP
Risky Business: Protecting the Personal Assets of Ds&Os Steven Cohen, Marsh Inc. Jay Dubow, Pepper Hamilton LLP Bob Hickok, Pepper Hamilton LLP Thursday, January 28, 2016 Topics Nuts and Bolts - D&O Liability,
More informationManagement liability trustees and individual liability (charity, club, association and not for profit) Policy wording
The General terms and conditions and the following terms and conditions all apply to this section. Cover under this section is given on an aggregate basis unless otherwise specified. Special definitions
More informationFANBANK MERCHANT TERMS OF SERVICE Last Updated June 12, 2018
Welcome to Fanbank! Fanbank operates a technology enabled platform that uses a variety of strategies to provide marketing, loyalty and commerce Programs to locally-owned, participating businesses ( Services
More informationSurprisingly, only 40 percent of small and medium-sized enterprises (SMEs) believe their
When It Comes to Data Breaches, Why Are Corporations Largely Uninsured? Under Attack and Unprepared: Argo Group Cyber Insurance Survey 2017 Surprisingly, only 40 percent of small and medium-sized enterprises
More information