data privacy Archives

Mitigating Operational Cyber Risk: As Business Technology Changes, So Does Your Risk Profile

December 6th, 2018|Categories: Corporate Compliance, HB Risk Notes, Technology Law|Tags: Artificial Intelligence (AI), cybersecurity, data analytics, data breach, data privacy|

By Tom Hagy The various risks of doing business in our digitally connected world continue to evolve. So must the approach organizations take in confronting those risks, for failing to do so in the current risk landscape can be far more dangerous than in prior years. I spoke with Nick Galletto, Global Cyber Risk Leader at Deloitte, who traced the evolution of the dangers of doing business in a digitally connected world. Early on, our focus in the cyber risk management space was on how to protect websites from being defaced, he explained. Organizations had to make sure websites were functioning properly, that data was secure, and the integrity was maintained. Galletto went on to say that we’ve moved from an era of compliance and risk management to an era of complexity. From an organization’s perspective, their focus was on making sure the company was compliant with new and evolving regulations, and risk management meant having policies, procedures and effective controls in place. “While compliance is a necessity, it is not the silver bullet that’s going to protect us from any potential breaches," Galletto said. "So organizations must look at conducting their business in this connected world not merely from a compliance perspective but from a risk perspective. A clear example of this is the number of PCI-compliant companies that were still getting breached." “Now as organizations move into an era of complexity, they need to be proactive in detecting anomalies and suspicious behavior and be prepared so their teams have [...]

Aon SVP Belfiore on Corporate Cyber Risk

November 1st, 2018|Categories: HB Risk Notes, Insurance, Technology Law|Tags: Business Interruption, cybersecurity, data breach, data privacy, Directors & Officers|

Cyber Risk of Paramount Concern to Corporate Boards Lack of History Remains a Challenge "Cyber security is the most polarizing issue on the corporate board agenda these days," says Anthony Belfiore, SVP and Chief Information Security Officer at Aon. "It has the most potential impact and the most regulatory pressure among all risks companies face. Nothing is more top of mind right now." "You just have to look at the amount of media coverage and the actual realized impacts companies are experiencing. Hundreds of thousands of businesses from big to small are being affected. The entire healthcare system in the UK went down. The impact is tangible. It’s affecting day-to-day operations," he says. “And no one is immune. Board members come from a diverse set of industries, and all are impacted." Why is cyber risk such a hot button for companies versus other types of risks? "The risk has become more urgent as it has shifted to actual business interruption," Belfiore says. "Historically companies were concerned with data leakage and loss, or regulatory fines, but now the actual operation itself can come to a halt. When a company goes down for three days that hits the media. Analysts notice. You can trace a specific event to a drop in stock values." Aren't fines still a concern? "Yes. We are operating in [...]

Protecting Intangible Assets: Risk Transfer Market Yet to Catch Up

October 12th, 2018|Categories: HB Risk Notes, Insurance, Technology Law|Tags: cybersecurity, data analytics, data breach, data privacy, intellectual property|

Intrinsically Intangible. by Giles Harlow, Senior Vice President, Aon (Bermuda) Ltd. In the early 1980's, tangible assets made up around 80% of the value of the S&P 500. Fast forward to today and nearly 85% of the value of the S&P 500 is attributable to intangible assets. However, the risk transfer market has not caught up. According to the Aon/Ponemon report of last year, whilst around 60% of tangible assets (property, plant and equipment) are currently being insured, only 12% of informational assets are. So what gives? If the vast majority of companies' values in 2018 are attributable to intangibles, why are they not transferring those risks? Is it a lack of education on the client side? A lack of innovation in the brokerage community? A lack of understanding or willingness to accept these new risks on the carrier end? Or is it that whilst the marine and property markets have had centuries to evolve, the newer intangible insurance markets are just gearing up to size as they collate the data they need to properly price and model these risks? Likely, it is some combination of all of these factors. We have seen great strides in the cyber market, with double-digit premium growth over the last four-to-five years. The market has evolved from being focused on large data holders, to providing [...]

Financial Services Cyber Risk Information Sharing

September 26th, 2018|Categories: HB Risk Notes, Insurance, Technology Law|Tags: cybersecurity, data breach, data privacy, insurance claims recovery, Risk Management|

Why We Need to be More Like Apes, Less Like Seagulls By Tom Hagy Featuring Craigg Ballance, Director of Canadian Member Services, FS-ISAC Even before we can walk we are encouraged to share. We’re told to share our things even when we barely have any. Even some wild animals share food and resources – even when those resources are scarce. Some creatures are better at it than others, of course. Apes and lions? Absolutely. Seagulls? All you have to do next time you’re on the beach is toss what’s left of your ham sandwich into the air and see how generous gulls are. People fall into sharing -- and not-fond-of-sharing -- groups, too. Sharing is particularly critical in the financial sector where, while privacy and security regulations command a tight lid on data, global financial institutions are successfully sharing data about cyber risk, says Craigg Ballance, Director of Canadian Member Services for FS-ISAC in Toronto. But, he says, sharing has to take place across a broad landscape. “Information analysis sharing has to cut across the various subsets of the financial sector,” says Ballance. “While banks share local data, they are trying more and more to share globally, but,” he says, “banks need to share with other institutions, like insurers, investment funds, pension funds, and other types of financial institutions, for this [...]

Blockchain: Power to the People

August 28th, 2018|Categories: Corporate Compliance, HB Risk Notes, Technology Law|Tags: blockchain, cybersecurity, data privacy, Legal Tech, Privacy|

Dan Solove, co-founder of the Privacy+Security Forum and professor at GW Law School, just posted an interview with Steve Shillingford, Founder and CEO of Anonyome Labs, a consumer privacy software company. Below is part of just one exchange in the interview. SOLOVE: The Internet has made so many things possible that we couldn’t do in an analog world. Yet, in some ways, the online world seems to lack the capabilities of the offline world. In the offline world, it is much easier to have anonymous transactions. This becomes much more challenging online. How can the online world be made more like the offline world in this regard? SHILLINGFORD: Blockchain technology shifts the balance of power back to people—to individuals—and away from tech giants, governments and data miners. It allows you to transact on your terms, just as you do offline. And it’s not just limited to financial transactions. Put anything on the blockchain you want. The blockchain gives a person the ability to publish only the information THEY decide to divulge. Nothing more, nothing less. And no more hidden agendas, no selling personal data without your consent, no worries about privacy. Just like the analogue world, you decide the context, the content, and duration of the information you provide…not the big guys. It can really be that easy. Read the complete interview. See the latest faculty and agenda updates for the Privacy+Security [...]

Oracle Health Sciences on Pharmacovigilance and Artificial Intelligence

August 22nd, 2018|Categories: Complex Business Litigation, HB Risk Notes, HB Tort Notes, Technology Law|Tags: Artificial Intelligence (AI), biotechnology, data analytics, data privacy, Life Sciences|

"The potential to use artificial intelligence methods increasingly for the analysis of the increasing amounts of pharmacovigilance data is well understood and many companies are moving (or planning to move) there, and we can predict that routine tasks in pharmacovigilance will in the future be increasingly automated. It will be crucial, however, for regulatory authorities to very clearly provide a position about the use of AI as well as the acceptable level of quality from AI applications. But in parallel with the shaping of those definitions, given the massive increase in their AE case workloads that most companies are currently experiencing, the industry will out of necessity proceed swiftly with the adoption of AI and cloud technologies to reduce their costs and increase their efficiencies. "Like other industries, the pharmaceutical business and in particular the pharmacovigilance field will see a massive change in their processes in the near future, away from tedious, repetitive manual tasks towards a better utilization of scarce resources, in particular medical and scientific knowledge, for value-adding tasks. It is imperative for all stakeholders – industry, service providers and regulators – to provide an environment in which such a transformation can take place without ever compromising public health or the safety of the individual patient, and ideally providing additional benefit for patients." A quote from Addressing the Data [...]

Francoise Gilbert on Colorado’s New Privacy Law: Are You Ready?

August 1st, 2018|Categories: Corporate Compliance, HB Risk Notes, Technology Law|Tags: compliance, cybersecurity, data breach, data privacy, Privacy|

Effective Sept. 1, 2018, Colorado will require all entities that process or store certain personal information of Colorado residents, regardless of whether the entity is located within or outside of Colorado, to have formal data security and data disposal programs. This is the result of the adoption of Bill 18-1128 “Concerning Strengthening Provisions for Consumer Data Privacy,” signed into law at the end of May 2018, to amend and supplement existing law .... Previously, the definition of “personal identifying information” under the Colorado law was limited to a resident’s first name or initial and last name in combination with the individual’s Social Security, driver’s license, or identification card number, or a credit or debit card or bank account number, combined with a password or access code. The new definition includes additional forms of identification, such as student, military, passport, and health insurance identification number, as well as other types of information, such as medical information or biometric data. It also includes username or e-email address in combination with a password or security question answers that would permit access to an online account .... Organizations that collect personal identifying information of Colorado residents and that do not yet have the written programs necessary to formalize their data protection practices urgently need to focus on compliance. -- Francoise Gilbert, Greenberg Traurig Francoise Gilbert, a partner [...]

A.I. Best Practices: Rules and Policies for Using Artificial Intelligence in Your Business

July 30th, 2018|Categories: HB Risk Notes, Insurance, Technology Law|Tags: cybersecurity, data breach, data privacy, Insurance Companies, Risk Management|

Explore how cybersecurity breaches impact insurance, risk management, and data privacy with evolving legal and compliance challenges. [one-third-first] DATE: Sept. 27, 2018 TIME: 2 p.m. EDT; 1 p.m. CDT; 12 p.m. MDT; 11 a.m. PDT PLACE: Your computer or mobile device PRICE: $197* per dial-in site *Price is good through Aug. 16. After that it's $247. GROUPS ARE GOOD: Registering qualifies you to multiple attendees at your location. CLE: 1 credit Please send CLE questions to CLE@LitigationConferences.com SPEAKER: John Frank Weaver Attorney McLane Middleton Your registration includes: • A site license to attend this webinar (invite as many people in one location as you can fit around your computer at no extra charge). • Downloadable PowerPoint presentations from our speakers. • The opportunity to connect directly with speakers during the audience Q&A session. • At least one-hour of CLE credit. Produced in collaboration with and their new Journal of Robotics, Artificial Intelligence & Law [/one-third-first] [two-thirds] Nearly every industry is adopting or preparing to adopt artificial intelligence applications into their business practices. That's exciting. However, there are almost no government regulations for their use and few resources providing best practices that anticipate ethical considerations and forthcoming legal requirements. This lack of direction poses a serious problem as A.I. applications become more widespread. Businesses are creating their own ad hoc practices without considering the [...]

Willis Towers Watson: Cyber Risk Top D&O Concern

July 22nd, 2018|Categories: Corporate Compliance, HB Risk Notes, Insurance|Tags: cybersecurity, data breach, data privacy, Directors & Officers, Insurance Companies|

Based on their survey, Willis Towers Watson says cyber risk continues to top the list of concerns for directors and officers (right up there with employee claims). As for coverage, while they care about price, things like their relationship with the carriers and how well they handle claims are critical elements. And, maybe one key reason cyber events keep happening: "Only 13% of board members feel that their organizations learn from past cyber mistakes." Read the results of the Willis Towers Watson survey.

RSA’s Zulfikar Ramzan on Blockchain

July 21st, 2018|Categories: Corporate Compliance, HB Risk Notes, Technology Law|Tags: Artificial Intelligence (AI), Crypto, cybersecurity, data privacy, Information Technology Law|

Is blockchain as impenetrable as people think? Or as necessary? It's not predicated on the same type of cryptographic security that we've seen historically, but if someone has enough money and enough motivation -- like a nation state -- couldn't they severely compromise a system? Is blockchain the only way transactional protections can become so secure, or could traditional technologies be employed and with less effort? RSA Security's Chief Technology Officer Zulfikar Ramzan, Ph.D., spoke at our Cyber Sector Risk: Blockchain Security in April 2018 in New York. Hear what he had to say about this much-heralded technology. Related content https://litigationconferences.com/www-litigationconferences-comprivacysecurity-forum-2018-2/ https://litigationconferences.com/international-cyber-risk-management-conference/ https://litigationconferences.com/video-the-urgency-of-cyber-threats-to-u-s-and-global-critical-infrastructures/

BitSight Releases eBook on Use of A.I. & Big Data in Continuous Cyber Risk Monitoring

July 18th, 2018|Categories: Corporate Compliance, HB Risk Notes, Technology Law|Tags: compliance, cybersecurity, data breach, data privacy, Risk Management|

"With every reported data breach or cyberattack, the cyber risk landscape gets a little more complex. Cyber criminals create new attack vectors, cybersecurity professionals develop new controls to protect their systems, the criminals get to work circumventing the controls, and so on.The result of this back and forth is that cyber risk professionals have a huge variety of risk factors to worry about. In response, risk managers and security specialists need to develop extremely complex cybersecurity programs to make sure all of their bases are covered. "With so many cybersecurity risks to consider, it’s inevitable that some will receive less attention than they deserve. Unfortunately, these overlooked risk factors could play a role in your next cyberattack, and if your financial services firm isn’t prepared, that could be extremely costly." Read more. We're looking forward to seeing the BitSight team in Bermuda Dec. 6-7, 2018, at the International Cyber Risk Management Conference.

California Enacts the ‘First Truly Sweeping Privacy Regime’ in Record Time

July 5th, 2018|Categories: Corporate Compliance, HB Risk Notes, Technology Law|Tags: compliance, Corporate & Securities, data privacy, Privacy, regulations|

The California legislature -- apparently not wanting to be pegged as just another slow-moving governing body -- took the California Consumer Privacy Act of 2018 from proposal to passage to signing in one week. Critics weren't sitting on their hands either. "Businesses Blast California’s New Data-Privacy Law," read one headline in the Wall Street Journal. For consumers, Californians anyway, the good news is that they can refuse to allow companies to sell their personal data. But, the WSJ reported, business across the country say the law will cause "far-reaching damage to everything from retailers’ customer-loyalty programs to data gathering by Silicon Valley tech giants." Law firms are cranking out their advisories and analyses. Sullivan & Cromwell says the CCPA establishes a new privacy framework for covered businesses by: "Creating an expanded definition of personal information for purposes of the Act; "Creating new data privacy rights for California consumers, including rights to know, access, have deleted and opt out of the sale of their personal information; "Imposing special rules for the collection of consumer data from minors; and "Creating a new and potentially severe statutory damages framework for violations of the Act and for businesses that fail to implement reasonable security procedures and practices to prevent data breaches." The firm also offered a quick comparison between the CCPA and the GDPR. "At a [...]