Privacy & Data Protection for: Nonprofit Organizations Presentation for:
-
Upload
aubrey-harrison -
Category
Documents
-
view
213 -
download
0
Transcript of Privacy & Data Protection for: Nonprofit Organizations Presentation for:
Privacy & Data Protection for: Nonprofit Organizations
Presentation for:
• 2
Team Intro
Robert SturtevantPrincipal
David WaltersRisk Advisor
HHS Practice Leader
Chris NiezerRisk Advisor
• 3
Gibson Overview
► Founded in 1933 as a Typical Small Town Insurance Agency
► Offices in South Bend, Plymouth, Indianapolis & Fort Wayne
► Top 1% of Largest Independent Agencies in the United States
► Top 5 privately held Independent Agencies in Indiana
► Awarded Best Practices Status Annually Since 1994
► 100% Employee Owned- Including ESOP Program
► Recognized as a Best Place to Work in Indiana Since 2013
► 2014 Principal 10 Best Companies for Employee Financial Security
► Inc. 5000 Fastest Growing Private Companies in 2015
• 4
“The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards.”
– Gene Spafford, Professor of Computer Sciences at Purdue University
• 5
“Two years from now, spam will be solved.”-Bill Gates, 2004
“The problem of viruses is temporary and will be solved in two years.”
- John McAfee, 1988
“Computer viruses are an urban legend.”
- Peter Norton, 1988
• 6
o Laptops, Bluetooth, Tablets
o Cell Phones, Smart Phones, PDAs
o Entertainment (satellite radio, wireless streaming, mp3s)
o Transportation (self parking cars, voice commands, GPS)
o Shopping (online, credit/debit cards)
o Medicine (equipment, medical records)
o Social Media & Cloud Computing
o Online Banking/Check Cashing
and the list goes on and on….
All Things Technology
• 7
o Personal identity theft
o Theft of personal/company banking information
o Utilization of one system to hack other systems
o Viruses erasing entire systems or altering existing files
o Hardware & software property damage
o Unwanted spyware, adware, tracking programs
A Data breach for all businesses…It’s not if, but when!
What’s the Risk?
• 8
• The culprit is often someone close to your business
• The perpetrator could live halfway around the globe
• Size doesn’t matter
• Any company can be hit
• A breach can result from a simple mistake
• Cyber risk is consistently in the top three risk exposures identified by risk managers nationwide
No one is immune
• 9
It’s not if, but when…
• 10
“A data breach is an incident that involves the unauthorized or illegal viewing, access or retrieval of
data by an individual, application or service. It is a type of security breach specifically designed to steal and/or
publish data to an unsecured or illegal location.”
• Source: www.techopedia.com
Defining a Breach
• 11
Average Number of Records Breached Per Incident:
28,765
Average Cost Per Breached Record:
$192 - $240
Varying Factors– Number of Records Breached
– Type of Breach (SS#, Credit Card Info, PHI)
– Class Action Lawsuit Filed?
• Source: Ponemon Institute / Symantec Study
Quantifying a Breach
• 12• Source: Net Dilligence Data Breach Cost Estimator
Sample Calculators
• 13
www.databreachcalculator.com
Sample Calculators
• 14
Forensic Experts
Legal Expenses
Public Relations Consulting
Notification Costs
Hotline Support
Credit Monitoring Subscriptions
Discounts for Future Products & Services
Reputation Damage / Loss of Customers
Fines & Penalties (HIPAA / PCI)
Class Action Lawsuits
Business Interruption / Income Loss
Data Breach “Costs”
• 15
Prevention Strategies► Encryption of portable devices
► Technology use manuals
► Third-party IT expertise
► HIPAA/PCI compliance audits & security scans
► Employee education/training (39% of breaches are caused by human errors)
Mitigation Strategies► Incident response plans
► Public relations consultation
Transfer Strategies► Review contract (indemnification) language with attorney
Finance Strategies► Insurance protection (1st & 3rd party coverage available)
Risk Management Strategies
• 16
First Party Coverages
Privacy Notification Expenses & Monitoring
Crisis Management and Reward Expenses
Business Interruption
Electronic Vandalism
Privacy Liability Defense
Regulatory Defense (including fines & penalties)
Third Party Liability
Disclosure Injury
Content Injury
Reputational Injury
Conduit Injury
Impaired-access Injury
Class actions suits
Insurance Protection
• 17
State data platforms do not create immunity at the local level
Indications are easy to obtain
No two policies are created equally
Be sure to thoroughly compare coverage options available in the marketplace
Cheaper is not always better
Assess tools and resources available by the insurance companies offering coverage
Quantify impact of a breach and assess limits accordingly
Some protection is better than no protection
Insurance Tips
Thank You!www.gibsonins.com