Emerging legal and regulatory risks
|
|
- Laura West
- 5 years ago
- Views:
Transcription
1 Emerging legal and regulatory risks Presentation for AusCERT2016 Matthew Pokarier and Ben Di Marco
2 Structure Regulatory risks Third-party liability Actions by affected individuals Actions by banks and other financial institutions Actions by shareholders What you can do? 1
3 ASIC as a cyber risk regulator November 2014 Boards should also be alive to the risk of a cyber-attack. - ASIC Chairman, Greg Medcraft March 2015 Release of report 429 Cyber Resilience: Health Check. August 2015 ASIC s Corporate Plan emphasis on cyber resilience and gatekeepers. March 2016 Assessment report on the cyber resilience of ASX and Chi- X companies. 2
4 ASIC s good practices from Report 468 Board engagement Conduct periodic reviews of cyber strategy and educate board members about cyber resilience Third-party risk management Develop risk-based assessment methods to ensure third-party providers comply with security standards Cyber awareness and training Board driven cultural focus on cyber, including the development of organisation-wide training programs and conducting random staff testing Implementing the Australian Signal Directorate s top four strategies These include application whitelisting, patch applications, patch operating system vulnerabilities, and restricting admin privileges 3
5 Office of the Australian Information Commissioner (OAIC) OAIC generally enforces the Privacy Act 1988 (Cth) Regulates how personal information is handled by government and private sector organisations OAIC has investigated a number of breaches, and issued guidelines to assist organisations in responding to a breach Also has the power to: Commence own motion investigations into breaches of the Act Conduct a privacy performance assessment Direct an agency to give the OAIC a privacy impact assessment Handle privacy related disputes and complaints Recent increase in the number of determinations made by the OAIC 4
6 The Privacy Act 1988 and the Australian Privacy Principles (APP) APP 6.1 An APP entity holding personal information about an individual can only use or disclose the information for the particular purpose for which it was collected. APP 11.1 An APP entity must take reasonable steps to protect personal information: a) from misuse, interference and loss; and b) from unauthorised access, modification or disclosure. APP 11.2 An APP entity must take reasonable steps to destroy personal information or ensure it is identified if it no longer needs the information for any purpose for which it may be used or disclosed under the APPs. 5
7 Scope of the APP and the Privacy Act Applies to APP entities, being most entities with more than $3 million in annual turnover and some smaller businesses What is personal information? Section 6 : personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable: (a) whether the information or opinion is true or not; and (b) whether the information or opinion is recorded in a material form or rggsdllnot. Under section 5B the Privacy Act s jurisdiction extends to an act done or practice engaged in which has an Australian link HW and Freelancer International Pty Ltd [2015] AICmr 86 6
8 Applying the APP When is personal information disclosed in breach of APP 6.1? First State Super Trustee Corporation Own Motion Investigation Third party intrusion is not a disclosure Telstra Corporation Ltd Own Motion Investigation (2012) Making information accessible can be a disclosure What are reasonable steps under APP 11.1 and 11.2? What is reasonable depends upon (amongst other things) the resources available to that organisation, and the type information they hold Cupid Media Pty Ltd Own Motion Investigation Adobe Systems Software Ireland Ltd Own Motion Investigation 7
9 Penalties for breaching the Privacy Act The Office of the Privacy Commissioner can: 1. Order the respondent to take specified steps within a specified period to ensure that such conduct is not repeated or continued 2. Make a determination requiring the payment of compensation for damages or other remedies 3. Accept an enforceable undertaking 4. Seek civil penalties of up to (or apply for civil penalty orders of up to) $340,000 for individuals and $1.7m for companies 5. Seek an injunction regarding conduct that would contravene the Privacy Act 8
10 Mandatory data breach notification in Australia Federal Government has released an exposure draft to introduce a mandatory data breach notification regime Proposing to pass the legislation by the end of 2016, election cycle may impact on this timing Over 40 industry submissions have now been received Draft legislation applies to APP entities, all credit reporting bodies, credit providers and organisations that utilise tax file information 9
11 When must you notify? When there are reasonable grounds to believe that there has been a data breach that will result in a real risk of harm Notification must be made as soon as practicable Investigations must be completed within 30 days of when the breach should have been identified The penalty provisions under the Privacy Act apply for breaches of the notification regime Maximum penalty is $340,000 for individuals and $1.7m for companies 10
12 How does an APP entity provide notification? Requires notification to both individuals and the regulator Notification should include: A description of the breach Information about the type of personal information involved Steps the company has taken Recommendations for individuals to mitigate any loss Contact details for information and assistance 11
13 APRA and ASX APRA has published guides relating to cyber issues, however they are limited mainly to outsourcing and the use of cloud providers APRA recently indicated they would be conducting a thematic review of superannuation funds cyber security Debate as to whether a cyber event would enliven the continuous disclosure obligations under the ASX listing rules 12
14 Breach at Home Depot litigation case study Home Depot compromised from April to September 2014 Approx 56 million unique payment card records and 53 million addresses stolen Intruders used a vendor s username and password to enter Home Depot s network and deploy custom malware on self-checkout systems In September 2015 Home Depot recorded US $63,000,000 in expenses related to the data breach 13
15 Litigation against Home Depot Financial Institution Claims Following the breach Home Depot faced: 22 financial institution class actions; Consumer Claims 35 consumer class actions; 7 US regulatory inquiries; and Regulatory Action 1 shareholder derivative action. 14
16 Home Depot litigation consumer claims Financial Institution Claims Consumer Claims Regulatory Action Class action seeking damages for fraud, mitigation costs, personal injury damages, aggravated damages, costs and equitable remedies Alleged Home Depot relied on outdated security measures, failed to notify customers, violated Federal and State laws and engaged in unfair business practices Home Depot paid US $19.5 M to settle the litigation 15
17 Home Depot litigation financial institution claims Regulatory Action Financial Institution Claims Brought by over 50 banks and credit unions Alleges negligence, failure to adopt adequate security standards and breaches of the PCI DSS Total damage estimated to be over US $250 M Consumer Claims 16
18 Home Depot litigation regulatory action Consumer Claims Regulatory Action Subject to investigations by the US House and Senate, the New York State Attorney General and a multistate group of Attorneys General Speculation US FTC will also investigate Financial Institution Claims 17
19 US data breach litigation by the numbers 2/230 Plaintiff wins in court 3x Decrease in likelihood of litigation if credit monitoring was provided 3.7% Proportion of data breaches litigated 6 times Increase in likelihood of litigation if financial information was compromised 52% Percentage of litigation settled 5.3 mil Average number of records compromised Adapted from analysis by Romanosky, Hoffman and Acquisti (2014) of 1,772 US data breaches. 18
20 Claims by individuals in Australia Aspects of Australia s negligence law is more favourable to plaintiffs Wider acceptance of when organisations owe a duty to protect third parties against pure economic loss Australian class action procedure is easier to satisfy as there only needs to be one substantial common issue between the plaintiffs Some challenges for plaintiffs however Proving negligence what reasonable steps should an organisation take? Proving causation what events lead to the identity fraud? Litigation is more likely where there is evidence of widespread fraud, or some physical harm resulting from a breach Mandatory data notification laws will increase the likelihood of claims 19
21 Claims by financial institutions in Australia FIs in Australia will incur the same losses as their US counter parts and will be motivated to pursue recovery Claims are likely to succeed where contractual remedies are available More unclear where negligence actions could succeed Are losses suffered by FIs too remote? Does public policy support a duty of care extending to FIs? Moderate risk of these claims in Australia 20
22 Shareholder actions in Australia Shareholder actions are more likely to succeed in Australia Growing signs Australia will accept fraud on the market Strong regulatory focus by ASIC highlighting directors role in cyber security Reasoning in cases like Centro support duties extending to cyber security Some risks however: It is not settled whether data breaches affect share prices Plaintiffs will have difficulty obtaining leave for derivative actions under section 236 of the Corporations Act 2001 We expect to see cautious development of these claims 21
23 Indemnification litigation Growing focus on the potential for actions against third parties to recover financial losses associated with a breach Limited case law but see Cotton Patch Cafe, Inc. v. Micros Sys where a server containing malicious software was installed and allowed hackers to access credit card data Future cases are likely to be against: Technology suppliers Service providers Interconnected venders 22
24 Response strategies - privilege Plaintiffs have demanded disclosure of forensic and internal documents prepared after data breaches (Target and Genesco) The test to establish privilege is Australia is the Dominant Purpose Test difficult to satisfy as during investigation there will be competing priorities, and purposes for why documents are created For organisations a privilege strategy should also be developed with solicitors to manage both third parties and internal documents that are generated 23
25 Response strategies - insurance Specialist Cyber Insurance Products and market developing in Australia to manage the losses caused by data breaches Traditional policies such as Property Damages, Crime, General Liability, Professional Indemnity and D&O may also respond to a breach Key insurance issues to consider: Sub-limits Retroactive dates Employee conduct exclusions Losses caused by third parties Disclosure provided on the company s information security 24
26 Conclusion International trends demonstrate growing legal risk for organisations that suffer data breaches particularly where financial and sensitive information is compromised Australia law is developing and there are signs litigation is likely to arise in the coming years Companies best protection is to ensure they are aware of current regulatory obligations and put in place good risk management and incident response systems 25
27 Contacts Matthew Pokarier Partner T: +61 (7) E: Benjamin Di Marco Senior Associate T: +61 (7) E: Matthew acts for Australian and international clients involved with the insurance, construction and financial services industries. He has extensive experience before the Supreme Court of Queensland and the Federal Court of Australia. He has also advised directors, corporations and insurers involved in commissions of inquiry and investigations by regulatory bodies. Ben Di Marco specialises in dispute resolution and acts in complex litigation on behalf of insurers, financial service providers, healthcare institutions and technology companies. Ben regularly presents on topics including cyber liability, insurance coverage and consumer law. 26
28 27
Cyber breaches: are you prepared?
Cyber breaches: are you prepared? Presented by Michael Gapes, Partner Overview What is cyber crime? What are the risks and impacts to your business if you are a target? What are your responsibilities do
More informationGuide to compliance with the Australian Privacy Principles. APP 1 Open and transparent management of personal information
Guide to compliance with the Australian Privacy Principles This guide provides a summary of each of the Australian Privacy Principles (APPs) prescribed under the Privacy Act 1988 (Cth), together with some
More informationAon Cyber Risk and Directors & Officers Forum CRM011
Aon Cyber Risk and Directors & Officers Forum CRM011 Speakers: Leslie Lamb, Director, Global Risk & Resiliency Management, Cisco Systems Timothy Fletcher, Senior Vice President and Team Leader, Aon Risk
More informationPRIVACY STATEMENT. For further details on PCB s privacy policy contact:
PRIVACY STATEMENT The Perth Convention Bureau (PCB) is a not for profit organisation with the primary role of marketing Western Australia as a destination for meetings, incentive travel, conventions and
More informationData Breach Financial Protection Program Terms and Conditions
Data Breach Financial Protection Program Terms and Conditions The Data Breach Financial Protection Program (the Program ) is a comprehensive expense reimbursement program, provided with some Netsurion
More informationAustralia's new mandatory data breach notification laws
Australia's new mandatory data breach notification laws 1 Background It has taken some time for Australia to finally introduce a breach notification law. After a series of false starts in 2013 and 2014,
More informationGallagher Benefit Services Pty Ltd - Privacy Policy
Gallagher Benefit Services Pty Ltd - Privacy Policy Who does this Privacy Statement apply to? This Privacy Statement applies to the following entities: Gallagher Benefit Services Pty Ltd, any Corporate
More informationWestpac Banking Corporation Level 16, 275 Kent St Sydney NSW th January Mandatory Data Breach Notification
Westpac Banking Corporation Level 16, 275 Kent St Sydney NSW 2000 29 th January 2018 Mandatory Data Breach Notification As you may be aware, on 13 February 2017 the Federal Parliament enacted the Privacy
More informationClaims Made Basis. Underwritten by Underwriters at Lloyd s, London
APPLICATION for: NetGuard Plus Claims Made Basis. Underwritten by Underwriters at Lloyd s, London tice: The Policy for which this Application is made applies only to Claims made against any of the Insureds
More informationCYBER LIABILITY: TRENDS AND DEVELOPMENTS: WHERE WE ARE AND WHERE WE ARE GOING
CYBER LIABILITY: TRENDS AND DEVELOPMENTS: WHERE WE ARE AND WHERE WE ARE GOING 2015 Verizon Data Breach Report 79,790 security incidents 2,122 confirmed data breaches Top industries affected: Public, Information,
More informationChubb Cyber Enterprise Risk Management
Chubb Cyber Enterprise Risk Management Fact Sheet Financial Lines Chubb Cyber Enterprise Risk Management When it comes to a data security breach or privacy loss, it isn t a matter of if it will happen
More informationAUSTRALIAN FINANCIAL SERVICES LICENSEE PRIVACY STATEMENT VERSION 3.0.0
AUSTRALIAN FINANCIAL SERVICES LICENSEE 225216 PRIVACY STATEMENT VERSION 3.0.0 RETI REMENT PL ANNI NG SUPERANNU AT ION PE RSO NAL & GE NERAL I NSU RANCE INVE STME NT FI N A NCE Who are we? We, us and our
More informationProfessional indemnity for chartered accountants Policy wording
The General terms and conditions and the following terms and conditions all apply to this section. Cover under this section is given on an each and every claim or loss basis unless otherwise specified.
More informationSTEPPING INTO THE A GUIDE TO CYBER AND DATA INSURANCE BREACH
STEPPING INTO THE A GUIDE TO CYBER AND DATA INSURANCE BREACH 2 THE CYBER AND DATA RISK TO YOUR BUSINESS This digital guide will help you find out more about the potential cyber and data risks to your business,
More informationCyber & Privacy Liability and Technology E&0
Cyber & Privacy Liability and Technology E&0 Risks and Coverage Geoff Kinsella Partner http://map.norsecorp.com http://www.youtube.com/watch?v=f7pyhn9ic9i Presentation Overview 1. The Cyber Evolution 2.
More informationPrivacy Policy. Who we are. Definitions
Privacy Policy Your privacy is important to us and we are committed to being open and transparent about how we manage personal information. This helps build community trust and confidence in our organisation.
More informationSynergy Accountants are tax agents registered under the Tax Agent Services Act 2009 and are subject to the Taxation Administration Act 1953.
Synergy Accountants Privacy Policy Synergy Accountants & Business Advisers Pty Ltd t/as Synergy Accountants ACN 609 806 804 and any affiliated organisations (collectively referred to in this policy as
More informationpersonal information AML information
Privacy Policy Who are we? We, us and our or SMSF refer to MyPlanner Australia AFSL 345905 (ACN 140 520 225) as a licensee authorised to carry on a financial services business and our related body corporates.
More informationPrivacy policy June 2014
Privacy policy June 2014 The Quadrant First Pty Ltd privacy policy must be read in conjunction with your super fund privacy policy as it contains vital information about how information about you is stored.
More informationLink Fund Solutions Pty Limited PRIVACY POLICY
Link Fund Solutions Pty Limited PRIVACY POLICY June 2017 Content 1 Background and Purpose 2 2 Revisions to this Privacy Policy 2 3 What personal information does LFS collect 2 4 How does LFS collect personal
More informationPrivacy Policy. NESS Super is committed to respecting your right to privacy and protecting your personal information.
February 2018 Privacy Policy Our privacy commitment to you NESS Super is committed to respecting your right to privacy and protecting your personal information. We are bound by the provisions of the Privacy
More informationPrivacy and Data Breach Protection Modular application form
Instructions The Hiscox Technology, Privacy and Cyber Portfolio Policy may be purchased on an a-la-carte basis. Some organizations may require coverage for their technology errors and omissions, while
More informationARE YOU HIP WITH HIPAA?
ARE YOU HIP WITH HIPAA? Scott C. Thompson 214.651.5075 scott.thompson@haynesboone.com February 11, 2016 HIPAA SECURITY WHY SHOULD I CARE? Health plan fined $1.2 million for HIPAA breach. Health plan fined
More informationCyber ERM Proposal Form
Cyber ERM Proposal Form This document allows Chubb to gather the needed information to assess the risks related to the information systems of the prospective insured. Please note that completing this proposal
More informationAPPLICATION for: TechGuard Liability Insurance Claims Made Basis. Underwritten by Underwriters at Lloyd s, London
APPLICATION for: TechGuard Liability Insurance Claims Made Basis. Underwritten by Underwriters at Lloyd s, London SECTION I. GENERAL INFORMATION 1. Name of Applicant: Physical Address: (as it should appear
More informationCredit Reporting Policy
Credit Reporting Policy This Credit Reporting Policy applies to information relating to your credit worthiness ( credit information ) collected by 255 Finance Pty Ltd (ABN 23 168 112 507) (255 Finance)
More informationCyber, Data Risk and Media Insurance Application form
Instructions The Hiscox Technology, Privacy and Cyber Portfolio Policy may be purchased on an a-la-carte basis. Some organizations may require coverage for their technology errors and omissions, while
More informationTerms of Conditions and Use
Boardingware Terms of Conditions and Use EFFECTIVE: 17th May, 2018 1. The Website, App and Service 1.1 These terms and conditions (Terms) apply to the provision and use of Boardingware International Limited
More informationGROUP POLICY - PRIVACY
Perpetual Limited GROUP POLICY - PRIVACY 13 February 2018 Perpetual Limited ABN 86 000 431 827 PURPOSE Perpetual is committed to protecting your privacy and safeguarding your personal information. This
More informationLegal Compliance Education and Awareness. Privacy Act (Commonwealth)
Legal Compliance Education and Awareness Privacy Act 1988 (Commonwealth) Background The Privacy Act 1988 (Cth) applies to some private sector organisations and Commonwealth government agencies State government
More informationCREDIT REPORTING POLICY
CREDIT REPORTING POLICY Scope of Policy and Source of Obligation Covenant College, as a supplier of goods and services on credit or payment terms, is a credit provider under the Privacy Act 1988 (Cth)
More informationCyber Risks & Insurance
Cyber Risks & Insurance Bob Klobe Asst. Vice President & Cyber Security Subject Matter Expert Chubb Specialty Insurance Legal Disclaimer The views, information and content expressed herein are those of
More informationPRIVACY AND CYBER SECURITY
PRIVACY AND CYBER SECURITY Presented by: Joe Marra, Senior Account Executive/Producer Stoya Corcoran, Assistant Vice President Presented to: CIFFA Members September 20, 2017 1 Disclaimer The information
More informationING Privacy Policy. Issued June 2017
ING Privacy Policy Issued June 2017 1. Privacy Policy This Privacy Policy applies to ING Bank (Australia) Limited (ABN 24 000 893 292) and ING Bank N.V. Sydney Branch. The terms "we", "us" or "our" used
More informationCYBERINSURANCE TRENDS AND DEVELOPMENTS
CYBERINSURANCE TRENDS AND DEVELOPMENTS What cyber risks can be covered Emerging products Recent cases, pending legislation and regulation Claims case studies INTRODUCTION TO CYBERINSURANCE Gartner defines
More informationLargest Risk for Public Pension Plans (Other Than Funding) Cybersecurity
Largest Risk for Public Pension Plans (Other Than Funding) Cybersecurity 2017 Public Safety Employees Pension & Benefits Conference Ronald A. King (517) 318-3015 rking@ I am convinced that there are only
More informationPrivacy Policy. IS Industry Fund Pty Ltd ATF Intrust Super. Revision History. The table below sets out the history of this document.
IS Industry Fund Pty Ltd ATF Intrust Super Revision History The table below sets out the history of this document. Version Reasons for amendment Prepared by Date approved 1 Complete redrafting of the Privacy
More informationPaul Jones, Jones & Co. Kathleen Rice, Faegre Baker Daniels, LLP
HOW TO NAVIGATE THE LANDSCAPE OF GLOBAL PRIVACY AND DATA PROTECTION Paul Jones, Jones & Co. Kathleen Rice, Faegre Baker Daniels, LLP Topics to Cover General Concepts Increased U.S. enforcement activity
More informationEQUAL ACCESS FUNDING PTY LTD PRIVACY POLICY
1. INTRODUCTION EQUAL ACCESS FUNDING PTY LTD PRIVACY POLICY This Policy applies to Equal Access Funding Pty Ltd ABN 23 156 554 255 (referred to as EAF, we, our, us ) and covers all of its operations and
More informationA PDF version of this policy is also published on the Ballarat Clarendon College website.
Ballarat Clarendon College, as a supplier of goods and services on credit or payment terms, is a credit provider under the Privacy Act 1988 (Cth) (Privacy Act). Ballarat Clarendon College offers payment
More informationPRIVACY AND CREDIT REPORTING POLICY
PRIVACY AND CREDIT REPORTING POLICY October 2018 CONTENTS What is personal information?... 3 Information we may collect, use and disclose about you... 4 Collection of sensitive information... 6 How personal
More informationIMPORTANT INFORMATION
KARTING AUSTRALIA NATIONAL INSURANCE PROGRAM 31 st March 2017-31 st March 2018 IMPORTANT INFORMATION IMPORTANT INFORMATION Duty of Disclosure Before you enter into a contract of general insurance with
More informationRe: Consultation on Information security management: A new cross-industry prudential standard
File Name: 2018/17 15 June 2018 General Manager, Policy Development Policy and Advice Division Australian Prudential Regulation Authority GPO Box 9836 SYDNEY NSW 2001 via e-mail to: PolicyDevelopment@apra.gov.au
More informationNATIONAL RECOVERY AGENCY COMPLIANCE INFORMATION GRAMM-LEACH-BLILEY SAFEGUARD RULE
NATIONAL RECOVERY AGENCY COMPLIANCE INFORMATION GRAMM-LEACH-BLILEY SAFEGUARD RULE As many of you know, Gramm-Leach-Bliley requires "financial institutions" to establish and implement a Safeguard Rule Compliance
More informationVenture Capital Private Equity
Quick Reference Guide Zurich Asset Investment Managers Insurance Venture Capital Private Equity Zurich Insurance Solution (Venture Capital - Private Equity) has been updated and given a new name Zurich
More informationMEDIATECH INSURANCE APPLICATION THIS APPLICATION IS FOR A CLAIMS MADE POLICY PLEASE INDICATE WHICH COVERAGES ARE REQUIRED Technology and Professional
THIS APPLICATION IS FOR A CLAIMS MADE POLICY PLEASE INDICATE WHICH COVERAGES ARE REQUIRED Technology and Professional Services: $100,000 $250,000 $500,000 $1,000,000 $2,000,000 Other:$ Technology Product
More informationMANITOBA OMBUDSMAN PRACTICE NOTE
MANITOBA OMBUDSMAN PRACTICE NOTE Practice notes are prepared by Manitoba Ombudsman to assist persons using the legislation. They are intended as advice only and are not a substitute for the legislation.
More informationWhat types of personal information is collected and why? Our privacy commitment to you. Personal information. What is personal information?
Our privacy commitment to you CSF Pty Limited (ABN 30 006 169 286, AFSL 246664) (the Trustee), the trustee of the MyLifeMyMoney Superannuation Fund (ABN 50 237 896 957) (the Fund) is committed to respecting
More informationPrivacy Policy and. Credit Reporting Policy
Privacy Policy and Credit Reporting Policy Delta Panels takes privacy seriously and is committed to complying with Australian Privacy Laws. This policy sets out how Delta Panels Pty. Ltd. and its related
More informationClaim Form Claim Number (office use only)
Property Claim Form Claim Number (office use only) How to Get Quick Action on Your Claim Catholic Church Insurance Limited will act on your claim as soon as we receive this form. You can help us to act
More informationRISK MANAGEMENT FRAMEWORK
RISK MANAGEMENT FRAMEWORK 1. INTRODUCTION (Company) acknowledges that risk is inherent in its business. The Company faces a broad range of risks as a listed entertainment organisation. The Company s risk
More informationCase 3:13-cv Document 49 Filed 07/18/13 Page 1 of 39 PageID #: 959
Case 3:13-cv-00202 Document 49 Filed 07/18/13 Page 1 of 39 PageID #: 959 Case 3:13-cv-00202 Document 49 Filed 07/18/13 Page 2 of 39 PageID #: 960 Case 3:13-cv-00202 Document 49 Filed 07/18/13 Page 3 of
More informationLyndon Parnell. 30 th April Copyright Lyndon Parnell - Finrisk Pty Ltd - April
Lyndon Parnell 30 th April 2014 Copyright Lyndon Parnell - Finrisk Pty Ltd - April 2014 1 GOVERNANCE TRANSPARENCY ACCOUNTABILITY This presentation contains information which is copyright to Lyndon Parnell
More informationCyber Security Insurance Proposal Form
Cyber Security Insurance Proposal Form This proposal must be completed and signed by a Principal, Partner or Director of the Proposer. The person completing and signing the form should be authorised by
More informationYour defence toolkit. How to combat the cyber threat
Your defence toolkit How to combat the cyber threat Contents The threat of cyber crime 4 How UK businesses are targeted 6 Case studies 8 Why cyber security is so important to manufacturers now 10 The
More informationChicagoLand RIMS Cyber Insurance Coverage Pitfalls and How to Avoid Them
ChicagoLand RIMS Cyber Insurance Coverage Pitfalls and How to Avoid Them PROVIDED BY HUB INTERNATIONAL October 25th, 2016 W W W. C H I C A G O L A N D R I S K F O R U M. O R G AGENDA 1. The evolution of
More information* Unless otherwise indicated, this policy will still apply beyond the review date.
Name of Policy Description of Policy Privacy Policy This policy sets out how ACU manages privacy obligations and reflects the 13 Australian Privacy Principles (APPs) from Schedule 1 of the Privacy Amendment
More informationOur privacy commitment to you. What types of personal information is collected and why? About us. Personal information. What is personal information?
Our privacy commitment to you CSF Pty Limited (ABN 30 006 169 286, AFSL 246664) (the Trustee), the trustee of the MyLifeMyMoney Superannuation Fund (ABN 50 237 896 957) (the Fund) is committed to respecting
More informationINFORMATION AND CYBER SECURITY POLICY V1.1
Future Generali 1 INFORMATION AND CYBER SECURITY V1.1 Future Generali 2 Revision History Revision / Version No. 1.0 1.1 Rollout Date Location of change 14-07- 2017 Mumbai 25.04.20 18 Thane Changed by Original
More informationH 7789 S T A T E O F R H O D E I S L A N D
======== LC001 ======== 01 -- H S T A T E O F R H O D E I S L A N D IN GENERAL ASSEMBLY JANUARY SESSION, A.D. 01 A N A C T RELATING TO INSURANCE - INSURANCE DATA SECURITY ACT Introduced By: Representatives
More informationRIMS Cyber Presentation
RIMS Cyber Presentation Forrest Pace Cyber & Strategic Risk Leader South Zone AIG Property Casualty Forrest.Pace@aig.com 1 Bio Forrest Pace is the Cyber and Strategic Risk Leader for the South Zone, coordinating
More informationPay RIGHT AWAY Terms and Conditions
Pay RIGHT AWAY Terms and Conditions Pay RIGHT AWAY ( PRA ) is a mobile payments solution built, provisioned and managed by ingogo Limited ( ingogo ). PRA aims to improve businesses cash flow, streamline
More informationHEALTHCARE BREACH TRIAGE
IAPP Privacy Academy September 30 October 2, 2013 HEALTHCARE BREACH TRIAGE Theodore P. Augustinos EDWARDS WILDMAN PALMER LLP Kenneth P. Mortensen CVS/CAREMARK 2013 Edwards Wildman Palmer LLP & Edwards
More informationWhere our documents ask for personal information, we will normally state the general purposes for its use and to whom it may be disclosed.
AMP Privacy Policy AMP Privacy Policy Your privacy is important to AMP This document outlines AMP's policy on how we manage personal information we hold about our customers and shareholders. It is AMP
More informationSixth Annual Benchmark Study on Privacy & Security of Healthcare Data
Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data Sponsored by ID Experts Independently conducted by Ponemon Institute LLC Publication Date: May 2016 Ponemon Institute Research Report
More informationTerm Investment Accounts Terms & Conditions and Fees & Charges
Term Investment Accounts Terms & Conditions and Fees & Charges Effective 26 October 2017 Contains the Terms & Conditions and Fees & Charges for our Term Investment Accounts. This document must be read
More informationWe re Under Cyberattack Now What?! John Mullen, Partner/Co-founder, Mullen Coughlin Jason Bucher, Senior Underwriting Manager, Schinnerer Cyber
We re Under Cyberattack Now What?! John Mullen, Partner/Co-founder, Mullen Coughlin Jason Bucher, Senior Underwriting Manager, Schinnerer Cyber Protection Data Creates Duties What data do you access, and
More informationCase 2:15-cv Document 1 Filed 12/08/15 Page 1 of 15 UNITED STATES DISTRICT COURT FOR THE WESTERN DISTRICT OF WASHINGTON AT SEATTLE JUDGMENT
Case :-cv-0 Document Filed /0/ Page of UNITED STATES DISTRICT COURT FOR THE WESTERN DISTRICT OF WASHINGTON AT SEATTLE ATLANTIC SPECIALTY INSURANCE COMPANY, vs. Plaintiff, NO. JUDGMENT Clerk s Action Required
More informationLinemac Toyota s APP Privacy Policy
Linemac Toyota s APP Privacy Policy Introduction 1. This APP Privacy Policy of Linemac Motors Pty Ltd ACN 079 361 274 trading as Linemac Toyota ( Linemac Toyota ) is Linemac Toyota s official privacy policy
More informationCredit Card Data Breaches: Protecting Your Company from the Hidden Surprises
Credit Card Data Breaches: Protecting Your Company from the Hidden Surprises By David Zetoony Partner, Bryan Cave LLP Courtney Stout Counsel, Davis Wright Tremaine LLP With Contributions By Suzanne Gladle,
More informationPRIVACY POLICY. Lifespan Financial Planning Pty Ltd POLICY DOCUMENT. Date produced: 4/4/2016. Lifespan Financial Planning Pty Ltd ABN
Lifespan Financial Planning Pty Ltd POLICY DOCUMENT PRIVACY POLICY Date produced: 4/4/2016 Lifespan Financial Planning Pty Ltd ABN 23 065 921 735 Australian Financial Services Licence Number 229892 Financial
More informationAMIST Super. Privacy Policy
AMIST Super Privacy Policy Our privacy commitment to you AMIST Super is committed to respecting your right to privacy and protecting your personal information. We are bound by the provisions of the Privacy
More informationDefending Litigation After a Data Breach
Defending Litigation After a Data Breach November 9, 2016 Stewart Baker Steptoe & Johnson LLP Defending Litigation After a Data Breach Class Action Suits Commonly Filed By: Consumers Financial Institutions
More informationA GUIDE TO CYBER RISKS COVER
A GUIDE TO CYBER RISKS COVER Cyber risk the daily business threat to SMEs Cyber risks and data security breaches are a daily threat to everyday business. Less than 10% of UK companies have cyber insurance
More informationDISCLOSURE STATEMENT to clients of Interactive Brokers Australia Pty Ltd ACN AFSL No [453554] (Broker)
DISCLOSURE STATEMENT to clients of Interactive Brokers Australia Pty Ltd ACN 166 929 568 AFSL No [453554] (Broker) TERMS OF YOUR AGREEMENT WITH ABN 87 149 440 291 AFSL No 402467 () 1. Your clearing arrangements
More informationManagement liability choice summary of cover
Management liability choice summary of cover January 2018 Why choose AXA s Management liability choice for companies insurance Management Liability Choice insurance is available to any UK registered private
More informationDEATH, TAXES AND DATA BREACH: THE LEGAL LESSONS
DEATH, TAXES AND DATA BREACH: THE LEGAL LESSONS NAPAVALLEYVINTNERS AUGUST 27, 2015 CHRIS PASSARELLI SENIOR COUNSEL, I.P. DICKENSON, PEATMAN & FOGARTY T: 707.261.7070 CP@DPF LAW.COM AGENDA Overview Legal
More informationWholesale Supplier Terms and Conditions
1. Scope of Agreement 1.1. Parties to the Agreement Wholesale Supplier Terms and Conditions This agreement, including where applicable Schedule 1 Wholesale Rates Contract and any other schedules is entered
More informationSTEPPING INTO THE BREACH A GUIDE TO CYBER AND DATA INSURANCE
STEPPING INTO THE BREACH A GUIDE TO CYBER AND DATA INSURANCE 1 A GUIDE TO CYBER AND DATA INSURANCE Cyber and data insurance helps to support and protect your business in the event of an attack. This practical
More informationFinancial Services Guide
Financial Services Guide A guide to our conversations and advice 10 October 2016 Authorised for distribution by Westpac Banking Corporation ABN 33 007 457 141 Australian Financial Services Licence (AFSL)
More informationAPPLICATION FOR DATA BREACH AND PRIVACY LIABILITY, DATA BREACH LOSS TO INSURED AND ELECTRONIC MEDIA LIABILITY INSURANCE
Deerfield Insurance Company Evanston Insurance Company Essex Insurance Company Markel American Insurance Company Markel Insurance Company Associated International Insurance Company DataBreach SM APPLICATION
More informationFINANCIER DATA PROTECTION & PRIVACY LAWS ANNUAL REVIEW ONLINE CONTENT DECEMBER 2016 R E P R I N T F I N A N C I E R W O R L D W I D E.
R E P R I N T F I N A N C I E R W O R L D W I D E. C O M ANNUAL REVIEW DATA PROTECTION & PRIVACY LAWS REPRINTED FROM ONLINE CONTENT DECEMBER 2016 2016 Financier Worldwide Limited Permission to use this
More informationInsuring! Agreement Claim! Scenario Coverage! Response Network &! Information! Security Liability A hacker successfully obtains sensitive, personal information from the insured s computer system. As a
More informationFINANCIAL SERVICES AND CREDIT QUARTERLY UPDATE
FINANCIAL SERVICES AND CREDIT QUARTERLY UPDATE June 2015 CONSUMER CREDIT Credit card interest rates under scrutiny Recently there has been comment about the growing gap between the cash rate and credit
More information2017 Copyright The Sequoia Project. All rights reserved.
Exhibit 1 Carequality Connection Terms As used herein, Organization refers to the Carequality Connection upon which these Carequality Connection Terms are binding and Sponsoring Implementer refers to the
More informationFinancial Services Guide (FSG)
Financial Services Guide (FSG) Issued 20 March 2018 Living Super What s an FSG? Good question. An FSG is short for a Financial Services Guide. Basically, it gives you important information about a particular
More informationCLOUD COMPUTING RISKS AND HOW TO MITIGATE THEM
CLOUD COMPUTING RISKS AND HOW TO MITIGATE THEM Jeff Andrews April 20, 2017 TODAY S TOPICS Key Risks and Mitigating Contract Provisions Best Practices and Market Realities Data Safeguarding, Data Breaches
More informationTech and Cyber Claims Services
Tech and Cyber Claims Services Insurance Tech, Cyber Claims and our Breach Response Service The technology industry is a significant area of expertise for the Firm where we advise on contentious and non-contentious
More informationSECURITY POLICY 1. Security of Services. 2. Subscriber Security Administration. User Clearance User Authorization User Access Limitations
! SECURITY POLICY This Security Policy ( Policy ) applies to all Services provided by Collective Medical Technologies, Inc. ( CMT ) pursuant to a Master Subscription Agreement ( Underlying Agreement )
More informationVisa Debit Conditions of Use
Visa Debit Conditions of Use BEFORE YOU USE YOUR VISA CARD Please read these Conditions of Use. They apply to: all transactions initiated by you through an Electronic Banking Terminal (which in these Conditions
More informationBuilding a Program to Manage the Vendor Management Lifecycle
Building a Program to Manage the Vendor Management Lifecycle Libbie Canter Amelia Hukoveh Daniel Nazar October 5, 2017 Overview 1. Introduction and Background 2. Three Pillars of Third-Party Risk Management
More informationAboriginal Housing Victoria (AHV) Privacy Policy
Aboriginal Housing Victoria (AHV) Privacy Policy DOCUMENT CONTROL Policy Policy Number Privacy Policy M002 Date of Issue 4 December 2018 Last Reviewed 12 July 2018 Version 2.0 Responsible Department Human
More informationCyber Risk Proposal Form
Cyber Risk Proposal Form Company or trading name Address Postcode Country Telephone Email Website Date business established Number of employees Do you have a Chief Privacy Officer (or Chief Information
More informationPrivacy and Security Standards
Contents Privacy and Security Standards... 3 Introduction... 3 Course Objectives... 3 Privacy vs. Security... 4 Definition of Personally Identifiable Information... 4 Agent and Broker Handling of Federal
More informationArcare Aged Care APP Privacy Policy
Arcare Aged Care APP Privacy Policy Introduction The purpose of this privacy policy is to outline the practices adopted by Arcare Aged Care (Arcare) for the management of personal and health information.
More informationthat you have the necessary capacity to enter a binding legal agreement.
These terms and conditions govern the RACQ Dining Rewards Program and contain important information, including disclaimers and limitations of liability. Please see clause 13.1 for definitions of capitalised
More informationHIPAA and Lawyers: Your stakes have just been raised
HIPAA and Lawyers: Your stakes have just been raised October 16, 2013 Presented by: Harry Nelson e: hnelson@fentonnelson.com Claire Marblestone e: cmarblestone@fentonnelson.com AGENDA Statutory & Regulatory
More informationBWA Financial Group Pty Ltd Privacy Policy
BWA Financial Group Pty Ltd Privacy Policy When you trust us with your personal information, you expect us to protect it and keep it safe. We are bound by the Privacy Act 1988 (Cth) ( Privacy Act ) and
More informationWho are we? Our commitment to protect your privacy
Who are we? We, us and our refer to St James Finance Corporation Pty Ltd ACN 066 240 953, Australian Credit Licence 390610 and The Vision Home Loan Company Pty Ltd ACN 096 125 245, Australian Credit Licence
More informationTerms of Use. Australia November 2014
Terms of Use Australia November 2014 1 MYOB PayDirect Terms of Use 1. About these Terms These are the terms and conditions for our supply of MYOB PayDirect to you, including our obligations to each other
More information