privacy & data security for inhouse counsel
DESCRIPTION
TRANSCRIPT
![Page 1: Privacy & Data Security for InHouse Counsel](https://reader033.vdocuments.site/reader033/viewer/2022051816/5473363fb4af9fb90a8b529a/html5/thumbnails/1.jpg)
WARNING TRACKWARNING TRACKWARNING TRACKWARNING TRACKPrivacy & Data Security Issues
for In-House Counsel
Presented by Anthony MartinMay 7, 2009
Copyright 2009, Husch Blackwell Sanders LLP
![Page 2: Privacy & Data Security for InHouse Counsel](https://reader033.vdocuments.site/reader033/viewer/2022051816/5473363fb4af9fb90a8b529a/html5/thumbnails/2.jpg)
![Page 3: Privacy & Data Security for InHouse Counsel](https://reader033.vdocuments.site/reader033/viewer/2022051816/5473363fb4af9fb90a8b529a/html5/thumbnails/3.jpg)
![Page 4: Privacy & Data Security for InHouse Counsel](https://reader033.vdocuments.site/reader033/viewer/2022051816/5473363fb4af9fb90a8b529a/html5/thumbnails/4.jpg)
Cell Phones Stolen from Verizon StoresCell Phones Stolen from Verizon StoresCell Phones Stolen from Verizon StoresCell Phones Stolen from Verizon Stores
ST. LOUIS POSTST. LOUIS POSTST. LOUIS POSTST. LOUIS POST----DISPATCHDISPATCHDISPATCHDISPATCHTuesday, May 5, 2009
Burglars broke into three area Verizon Wireless stores overnight, stealing about 100 cell phones and two computerstwo computerstwo computerstwo computersworth at least $42,000, police said.
![Page 5: Privacy & Data Security for InHouse Counsel](https://reader033.vdocuments.site/reader033/viewer/2022051816/5473363fb4af9fb90a8b529a/html5/thumbnails/5.jpg)
• State & Local Police
• US Attorneys Office
• FBI
• FTC
• Public Relations
• IT Department
• Risk Management
• Insurance Agents
• Legal Team
• Privacy Policies
• Data Breach Report
• Service Provider Contracts
• PCI-DSS
• Banks & CC
• Customer Lists
• State Breach Laws
• Pick up the kids.Pick up the kids.Pick up the kids.Pick up the kids.
![Page 6: Privacy & Data Security for InHouse Counsel](https://reader033.vdocuments.site/reader033/viewer/2022051816/5473363fb4af9fb90a8b529a/html5/thumbnails/6.jpg)
10,000 Customer Records
$200 Per Record
![Page 7: Privacy & Data Security for InHouse Counsel](https://reader033.vdocuments.site/reader033/viewer/2022051816/5473363fb4af9fb90a8b529a/html5/thumbnails/7.jpg)
$2,000,000 Problem
![Page 8: Privacy & Data Security for InHouse Counsel](https://reader033.vdocuments.site/reader033/viewer/2022051816/5473363fb4af9fb90a8b529a/html5/thumbnails/8.jpg)
WARNING TRACKWARNING TRACKWARNING TRACKWARNING TRACKPrivacy & Data Security Issues
for In-House Counsel
![Page 9: Privacy & Data Security for InHouse Counsel](https://reader033.vdocuments.site/reader033/viewer/2022051816/5473363fb4af9fb90a8b529a/html5/thumbnails/9.jpg)
Information Privacy:Information Privacy:Information Privacy:Information Privacy: how we collect and use the “personal information” of others that we are authorized to have.
Data Security:Data Security:Data Security:Data Security: how we keep that personal information safe from unauthorized access or use.
![Page 10: Privacy & Data Security for InHouse Counsel](https://reader033.vdocuments.site/reader033/viewer/2022051816/5473363fb4af9fb90a8b529a/html5/thumbnails/10.jpg)
Outline For Discussion
• Labor & Employment
• Litigation
• Real Estate
• Corporate Compliance
• Corporate Transactions
• Solutions
![Page 11: Privacy & Data Security for InHouse Counsel](https://reader033.vdocuments.site/reader033/viewer/2022051816/5473363fb4af9fb90a8b529a/html5/thumbnails/11.jpg)
Labor & EmploymentLabor & EmploymentLabor & EmploymentLabor & Employment
• Reasonable Expectation of Privacy.
• Access to Employee eAccess to Employee eAccess to Employee eAccess to Employee e----mail.mail.mail.mail.
• Location Awareness and Social Media.
• Employee Handbooks and Policies.
![Page 12: Privacy & Data Security for InHouse Counsel](https://reader033.vdocuments.site/reader033/viewer/2022051816/5473363fb4af9fb90a8b529a/html5/thumbnails/12.jpg)
The Stored Communications Act prohibits intentional access to an electronic communication while it is in electronic storage in such system.
18 U.S.C.A. § 2701
![Page 13: Privacy & Data Security for InHouse Counsel](https://reader033.vdocuments.site/reader033/viewer/2022051816/5473363fb4af9fb90a8b529a/html5/thumbnails/13.jpg)
LitigationLitigationLitigationLitigation
• Admissibility of Evidence.Admissibility of Evidence.Admissibility of Evidence.Admissibility of Evidence.
• Cross-Border Discovery Issues.
• Protective Orders and Appeals.
![Page 14: Privacy & Data Security for InHouse Counsel](https://reader033.vdocuments.site/reader033/viewer/2022051816/5473363fb4af9fb90a8b529a/html5/thumbnails/14.jpg)
The Member States shall provide that the transfer to a third country of personal data . . . may take place only if the third country in question ensures an adequate level of protection.
Article 25, EU Privacy DirectiveArticle 25, EU Privacy DirectiveArticle 25, EU Privacy DirectiveArticle 25, EU Privacy Directive
![Page 15: Privacy & Data Security for InHouse Counsel](https://reader033.vdocuments.site/reader033/viewer/2022051816/5473363fb4af9fb90a8b529a/html5/thumbnails/15.jpg)
![Page 16: Privacy & Data Security for InHouse Counsel](https://reader033.vdocuments.site/reader033/viewer/2022051816/5473363fb4af9fb90a8b529a/html5/thumbnails/16.jpg)
Real EstateReal EstateReal EstateReal Estate
•Mortgage Fraud and Identity Theft.
• FACT Act “Red Flags” Regulations.
![Page 17: Privacy & Data Security for InHouse Counsel](https://reader033.vdocuments.site/reader033/viewer/2022051816/5473363fb4af9fb90a8b529a/html5/thumbnails/17.jpg)
Corporate ComplianceCorporate ComplianceCorporate ComplianceCorporate Compliance
• Data Breach Incident Response Plan.Data Breach Incident Response Plan.Data Breach Incident Response Plan.Data Breach Incident Response Plan.
• Sarbanes-Oxley and SEC Disclosures.
• Increased Regulation and Oversight.
![Page 18: Privacy & Data Security for InHouse Counsel](https://reader033.vdocuments.site/reader033/viewer/2022051816/5473363fb4af9fb90a8b529a/html5/thumbnails/18.jpg)
446 reported data breaches for 2007.
656 reported data breaches for 2008.
159 reported data breaches in 2009.
![Page 19: Privacy & Data Security for InHouse Counsel](https://reader033.vdocuments.site/reader033/viewer/2022051816/5473363fb4af9fb90a8b529a/html5/thumbnails/19.jpg)
![Page 20: Privacy & Data Security for InHouse Counsel](https://reader033.vdocuments.site/reader033/viewer/2022051816/5473363fb4af9fb90a8b529a/html5/thumbnails/20.jpg)
12,000 Laptops are “lost” in airports.
![Page 21: Privacy & Data Security for InHouse Counsel](https://reader033.vdocuments.site/reader033/viewer/2022051816/5473363fb4af9fb90a8b529a/html5/thumbnails/21.jpg)
Every week.
![Page 22: Privacy & Data Security for InHouse Counsel](https://reader033.vdocuments.site/reader033/viewer/2022051816/5473363fb4af9fb90a8b529a/html5/thumbnails/22.jpg)
Average incident costs are $6.65 million.
![Page 23: Privacy & Data Security for InHouse Counsel](https://reader033.vdocuments.site/reader033/viewer/2022051816/5473363fb4af9fb90a8b529a/html5/thumbnails/23.jpg)
The most significant cost decrease was seen in activities relating to
post-breach response.
The U.S. Cost of a Data Breach Study
Ponemon Institute
![Page 24: Privacy & Data Security for InHouse Counsel](https://reader033.vdocuments.site/reader033/viewer/2022051816/5473363fb4af9fb90a8b529a/html5/thumbnails/24.jpg)
The CEO must certify that all the information in public reports is valid and accurate.
The CEO sign off on the validity of the data without confirmation of the security of those systems and networks.
![Page 25: Privacy & Data Security for InHouse Counsel](https://reader033.vdocuments.site/reader033/viewer/2022051816/5473363fb4af9fb90a8b529a/html5/thumbnails/25.jpg)
The CEO/CFO must attest to having proper "internal controls."
These “internal controls” include controls over networked electronic systems, which can include anything that sits on the network or connects to the network.
![Page 26: Privacy & Data Security for InHouse Counsel](https://reader033.vdocuments.site/reader033/viewer/2022051816/5473363fb4af9fb90a8b529a/html5/thumbnails/26.jpg)
Corporate TransactionsCorporate TransactionsCorporate TransactionsCorporate Transactions
• Service Provider Agreements.Service Provider Agreements.Service Provider Agreements.Service Provider Agreements.
• Mergers & Acquisitions.
![Page 27: Privacy & Data Security for InHouse Counsel](https://reader033.vdocuments.site/reader033/viewer/2022051816/5473363fb4af9fb90a8b529a/html5/thumbnails/27.jpg)
Third-party organizations accounted for more than 44 percent of all breaches.
These are the most expensive form of data breaches due to additional investigation fees.
![Page 28: Privacy & Data Security for InHouse Counsel](https://reader033.vdocuments.site/reader033/viewer/2022051816/5473363fb4af9fb90a8b529a/html5/thumbnails/28.jpg)
SolutionsSolutionsSolutionsSolutions
• Risk Assessments.
• Plan with Privacy & Data Security in Mind.
• Training.
• Privacy Officer.
![Page 29: Privacy & Data Security for InHouse Counsel](https://reader033.vdocuments.site/reader033/viewer/2022051816/5473363fb4af9fb90a8b529a/html5/thumbnails/29.jpg)
““““You have zero privacy. . .You have zero privacy. . .You have zero privacy. . .You have zero privacy. . .””””
““““Get over it.Get over it.Get over it.Get over it.””””
Scott McNealy CEO Sun Microsystems
![Page 30: Privacy & Data Security for InHouse Counsel](https://reader033.vdocuments.site/reader033/viewer/2022051816/5473363fb4af9fb90a8b529a/html5/thumbnails/30.jpg)
““““Every single datum about Every single datum about Every single datum about Every single datum about
my life is private? my life is private? my life is private? my life is private?
That's silly.That's silly.That's silly.That's silly.””””
Antonin Scalia US Supreme Court
![Page 31: Privacy & Data Security for InHouse Counsel](https://reader033.vdocuments.site/reader033/viewer/2022051816/5473363fb4af9fb90a8b529a/html5/thumbnails/31.jpg)
Including:Including:Including:Including:
home address and the value of his home,
home phone number,
movies he likes,
food preferences,
wife's personal e-mail address,
and "photos of his lovely grandchildren."
15151515----Page Dossier on Scalia . . .Page Dossier on Scalia . . .Page Dossier on Scalia . . .Page Dossier on Scalia . . .