Data Breaches: What You Risk and What You Can Do About It

Target, Home Depot, eBay, JP Morgan Chase, Staples, K-Mart, Dairy Queen. We've seen the headlines this year. Clients are increasingly forced to grapple with the loss (or potential loss) of data and what to do about it. It’s not just a blue chip company or client problem either. Though less publicized, American Soccer Inc., Cyberswim.com, Provo City School District, Beef O'Brady's, Milpitas Knights PAL Youth Football, Imhoff & Associates, PC, Recreational Equipment Inc. (REI), Butler University and numerous other entities have reported data security incidents in the past six months. And many others have had incidents that were not reported during that same time frame. This CLE seminar provides a crash course on the causes of data security incidents, their legal ramifications, the measures you and your clients can take to reduce the risk of having an incident, and how and to what extent you and your clients may be able to defray the costs of such incidents via an evolving insurance market.

Schedule:

7:30-8:00 a.m.
Breakfast & Registration

8:00-8:30 a.m.
Cyber-Security – The Next Frontier
Jonathan Adams, Salix Data?

This presentation will cover current headlines in cyber security and the Sony PlayStation case study, an explanation of the network security of a typical company and the profile of hackers and how they do it. Levels of security, security tools and keys to preparing your organization will also be discussed.

8:30-9:00 a.m.
Legal Ramifications of Data Breaches
Beth A. Bryan, Taft Stettinius & Hollister LLP

This presentation will focus on the legal ramifications flowing from data breaches, including the possibility of class action law suits, state attorney general and Federal Trade Commission enforcement actions, shareholder derivative suits and the risks to your organization that are associated with each of those possible actions.

9:00-9:10 a.m.
Break

9:10-9:40 a.m.
How to Prevent a Major Data Breach (in Just Ten Easy Steps)
Matthew D. Lawless, Taft Stettinius & Hollister LLP

This presentation will focus on what you can do to prevent data breaches, especially the ones that really matter. It will start by identifying the type of data we are concerned about in breaches, which is generally “personal information” of one sort or another. It will then discuss how the definition of “personal information” varies from law to law and has evolved over time and how personal information of different sorts presents different risks to your company. Finally, it will outline a number of best practices for the management of personal information, including a discussion of the physical, administrative and technological safeguards that every company with personal information should employ. Those safeguards will reduce your risk of a major data breach.

9:40-10:10 a.m.
Insurance Coverage for Privacy and Data Breaches – Hot Topics and Critical Issues
William C. Wagner, Taft Stettinius & Hollister LLP

This presentation will focus on hot topics and critical issues regarding insurance coverage for privacy and data breaches. It will begin with a basic introduction into the costs and consequences resulting from privacy and data breaches and a general discussion of the parties and types of claims being asserted. It will examine the types of claims policy holders have asserted under CGL policies, including under Coverage A for bodily injury and property damage and Coverage B for personal and advertising injury, and defenses asserted by insurers, and how the claims are being resolved in the courts. It will also examine the new Insurance Services Office, Inc. privacy and data liability exclusions (a brief overview). It will then discuss the new cyber risk policies and issues related to what they say they cover and the types of defenses asserted by insurers to deny coverage. Finally, it will discuss critical issues when negotiating to purchase insurance coverage to cover the types of risks and claims previously discussed.

10:10-10:15 a.m.
Q & A