breach notification and data privacy in america · australia 100,000+ smb’s are current users....
TRANSCRIPT
Breach Notification and Data Privacy in America
Presented by Steve GreenV.P. of Sales & Marketing CSR Privacy Solutions
p a g e . 2
CSR’s Current Footprint
Established in 1999
80+ Global Resellers
Singularly focused on regulatory complianceas it relates to data privacy and security
Providing right sized solutions for SMB’s to meet regulatory compliance requirements in a cost
sensitive environment
North Amer ica
Western Europe
Austra l ia
100,000+ SMB’s are current users
p a g e . 3
“There are 2.5 quintillion bytes of data created each day at our current pace, but that pace is only accelerating with the growth of the Internet of Things (IoT). Over the last two years alone 90 percent of the data in the world was generated” Forbes Article , May 2018
Did You Know
CYBERSECURITY
DATA SECURITY/PRIVACY
p a g e . 4
Types Of Data Breaches
MALICIOUS 7% ACCIDENTAL 91%
NEFARIOUS 2%
"The email asked me to
enter my password, so I
did."
"I quit, and I’m taking the files
with me."
"Oops. I didn’t mean to send that
email."
p a g e . 5
• California S.B. 1386• California law regulating the privacy of personal information. The first of many U.S. and international security breach notification laws,
• Introduced February 12, 2002
• Became operative July 1, 2003
In The Beginning…….
p a g e . 6
TODAY ‐ EVERYONE MUST COMPLY
MANDATORY: All businesses must report a breach & have a plan in place to protect against PII being breached
MANDATORY: All businesses must report a breach, have a plan in place to protect against PII being breached and must perform a risk assessment
MANDATORY: All businesses must report a breach
p a g e . 7
• California Started Making Data Breaches Notifications That Affected Their Residents Public Around 2009
• www.oag.ca.gov/ecrime/databreach/list
In The Beginning…….
p a g e . 8
Today – 14 States
California Link Delaware Link Hawaii Link Indiana Link Iowa Link Maine Link Maryland Link
Massachusetts Link Montana Link New Hampshire Link Oregon Link Vermont Link Washington Link Wisconsin Link
p a g e . 99
Examples of PII
• Name• Address• Zip Code• Phone number• Email address
• Financial- Financial records- Account numbers- Credit/Debit cards
• Signature• Date of Birth
• Employment history• Employer HR records
• Education history• Education records
• Family names (ex. Mother’s maiden name)
• Origin, place of birth
• Religion
• Sexual orientation
• Ethnicity
• Medical information• Physical description
• Biometrics (DNA, fingerprint, iris scan, voice recognition files)
• Insurance information (any - auto, health, etc.)
• Pins & passwords• Security questions• Access codes
• Personal ID Numbers: - Social Security - Tribal Identification- Driver’s license- State issued ID card- Passport- Tax Identification
Personally Identifiable Information
9
p a g e . 1 0
Enforcement Organizations
p a g e . 1 1
Annual Fines Generated From Data Breaches
$0
$50,000,000
$100,000,000
$150,000,000
$200,000,000
$250,000,000
$4,925,780
$240,351,618
$205,060,776
p a g e . 1 2
• Iowa AG List of Data Breaches
• Click on a data breach listed
• Data Breach Notification
p a g e . 1 3
• California AG List of Data Breaches
• Click on a data breach listed
• Data Breach Notificatio
p a g e . 1 4
R e s o u r c e s
R e g u l a t o r s
August 1 2017, Class Action Lawsuit
Federal Circuit Court, Washington D.C.
Attias v. CareFirst, Inc
BR EA C H E S
L a w y e r s
L a w s u i t s
R e g u l a t o r s
P o p u l a t i o n
B R E A C H E S
Consumers may sue companies ‐ by class action or individualif they fail to safeguard personal data.
Companies must be able to demonstrate documented efforts to identify, prioritize, and remediate gaps in their DLCM (data life cycle management).
Establishes legal standing for data owners to bring an action for a data breach at any business or institutionwithout the necessity of alleging an actual loss or damage.‐ EX: identify theft
TheResult?
p a g e . 1 5
• Lincare Settles Lawsuit for Data Breach– Former Employees
– $ 875,000 settlement
– $ 240,000 fine from HHS/OCR
• Manatee School District Settles Lawsuit for Data Breach
– Former employees
– $ 300,000
• Tampa General Hospital Settles Lawsuit for Data Breach
– $10,000 to plantiffs
Lawsuits
p a g e . 1 6
“There are 2.5 quintillion bytes of data created each day at our current pace, but that pace is only accelerating with the growth of the Internet of Things (IoT). Over the last two years alone 90 percent of the data in the world was generated” Forbes Article , May 2018
Did You Know
ARE YOU PREPARED?
Thank you!
Questions?