Data Breach In The Hospitality Industry
-
Upload
clarknuber -
Category
Technology
-
view
485 -
download
0
Transcript of Data Breach In The Hospitality Industry
Program Discussion
• What is considered personal information?
• Why the hospitality industry?
• What are the federal and state data security requirements?
• How can a company prepare and protect?
• When and how should a company communicate a data breach?
Other facts
• Each personal record compromised during a data breach costs an entity approximately $201.*(avg. U.S. cost)
• 25% of victims of data breaches subsequently suffer identity theft.**
• Through 2016, 75% of CISOs who experience publicly disclosed security breaches and lack documented, tested response plans will be fired.
*Ponemon Institute 2014 report** LexisNexis “True Cost of Fraud” report
Why you should care
Sources of data security obligations-• Federal Consumer Protection Law• State data security & breach notification laws• Contractual requirements• Social responsibility
Responsibility for compliance-• Data controllers bear responsibility• Implement “appropriate” or “reasonable” data
protection measures
Breach response plan
• Preparation
• Identification and scoping
• Containment and intelligence gathering
• Eradication and remediation
• Recovery
• Lessons learned
Action Items
• Inventory personally identifiable information(PII)
• Assess the likelihood of a breach of PII
• Encrypt all laptops & other selected computers
• Have an outside security assessment performed
• Implement an Intrusion Detection System
• Purchase insurance
• Develop an after-breach plan – tech and non-tech
• Training
Insurance coverage
• What makes hospitality a difficult risk?
• Integrate coverage into breach response plan
• No standard policy but most policies include:
• Specific coverage issues
• Underwriting hot buttons
First Party• Breach Response
- Forensics- Legal- Notification
• Fines & Penalties• Cyber Extortion• Business Interruption
Third Party• Privacy Liability• Media Liability