THE CLOUD Risks and Benefits from the Business, Legal and Technology Perspective September 11, 2013...
-
Upload
cynthia-margaretmargaret-bridges -
Category
Documents
-
view
216 -
download
0
Transcript of THE CLOUD Risks and Benefits from the Business, Legal and Technology Perspective September 11, 2013...
![Page 1: THE CLOUD Risks and Benefits from the Business, Legal and Technology Perspective September 11, 2013 KEVIN M. LEVY, ESQ. (klevy@gunster.com) GUNSTER YOAKLEY.](https://reader036.fdocuments.in/reader036/viewer/2022062806/56649e5c5503460f94b545f7/html5/thumbnails/1.jpg)
THE CLOUDRisks and Benefits from the
Business, Legal and Technology Perspective
September 11, 2013
KEVIN M. LEVY, ESQ. ([email protected])
GUNSTER YOAKLEY & STEWART, P.A.
![Page 2: THE CLOUD Risks and Benefits from the Business, Legal and Technology Perspective September 11, 2013 KEVIN M. LEVY, ESQ. (klevy@gunster.com) GUNSTER YOAKLEY.](https://reader036.fdocuments.in/reader036/viewer/2022062806/56649e5c5503460f94b545f7/html5/thumbnails/2.jpg)
Benefits Identify and Evaluate RiskMitigate Risk:
▪ Policies and Procedures▪ Due Diligence▪ Contracting:▪ Negotiation▪ Monitoring
▪ Breach Preparation and Response
ROAD MAP
![Page 3: THE CLOUD Risks and Benefits from the Business, Legal and Technology Perspective September 11, 2013 KEVIN M. LEVY, ESQ. (klevy@gunster.com) GUNSTER YOAKLEY.](https://reader036.fdocuments.in/reader036/viewer/2022062806/56649e5c5503460f94b545f7/html5/thumbnails/3.jpg)
DATA Control:
▪ Where is the data?▪ What jurisdictional law(s) control(s)?
Privacy, Security and Segregation Integrity Ownership Breach Destruction Back-up / Recovery:
▪ Whose responsibility?
NETWORK Access:
▪ Internet down or facility offline▪ Law enforcement investigation (i.e., Megaupload)
Continuity Redundancy and Back-up Security
![Page 4: THE CLOUD Risks and Benefits from the Business, Legal and Technology Perspective September 11, 2013 KEVIN M. LEVY, ESQ. (klevy@gunster.com) GUNSTER YOAKLEY.](https://reader036.fdocuments.in/reader036/viewer/2022062806/56649e5c5503460f94b545f7/html5/thumbnails/4.jpg)
REGULATORY COMPLIANCE Financial Institutions:
▪ Gramm-Leach-Bliley Act (GLBA)▪ Privacy Act and Regulation P▪ Fair Credit Reporting Act (FCRA)▪ Fair and Accurate Credit Transactions Act (FACTA)▪ Bank Secrecy Act▪ State Laws-FL St. Section 655.059
Healthcare (applies to Business Associates):▪ HIPAA▪ HiTECH Act
State Laws:▪ Massachusetts – MA 201 CMR 17.00▪ California – various
![Page 5: THE CLOUD Risks and Benefits from the Business, Legal and Technology Perspective September 11, 2013 KEVIN M. LEVY, ESQ. (klevy@gunster.com) GUNSTER YOAKLEY.](https://reader036.fdocuments.in/reader036/viewer/2022062806/56649e5c5503460f94b545f7/html5/thumbnails/5.jpg)
OTHER RISKS: Audits Bankruptcy Litigation:▪ e-discovery
Loss of leverage Non-Negotiable Contracts Tax Implications
![Page 6: THE CLOUD Risks and Benefits from the Business, Legal and Technology Perspective September 11, 2013 KEVIN M. LEVY, ESQ. (klevy@gunster.com) GUNSTER YOAKLEY.](https://reader036.fdocuments.in/reader036/viewer/2022062806/56649e5c5503460f94b545f7/html5/thumbnails/6.jpg)
Policies and Procedures:▪ Clear and Up-To-Date ▪ Contingency Plan(s)
Thorough Due Diligence
Detailed Contract▪ Address “hidden” issues
Insurance:▪ Request specific plan for storage and transmission
of electronic data and information security (“Cyber Policy”)
Breach Preparation and Response
![Page 7: THE CLOUD Risks and Benefits from the Business, Legal and Technology Perspective September 11, 2013 KEVIN M. LEVY, ESQ. (klevy@gunster.com) GUNSTER YOAKLEY.](https://reader036.fdocuments.in/reader036/viewer/2022062806/56649e5c5503460f94b545f7/html5/thumbnails/7.jpg)
Research, adopt (adapt) and develop applicable policies and procedures
Appoint team and train: IT, accounting, business, legal and PR
PRACTICE, PRACTICE, PRACTICE
Review and Update: Learn from circumstances Periodic audits
Contingency Plans: Business Continuity Plan (BCP) Disaster Recovery “Exit Strategy”
![Page 8: THE CLOUD Risks and Benefits from the Business, Legal and Technology Perspective September 11, 2013 KEVIN M. LEVY, ESQ. (klevy@gunster.com) GUNSTER YOAKLEY.](https://reader036.fdocuments.in/reader036/viewer/2022062806/56649e5c5503460f94b545f7/html5/thumbnails/8.jpg)
KYV / KYP - Research and get to know your vendors (service providers)
Require applicable SSAE 16 SOC report
Gather internal/external team of knowledgeable professionals to conduct internal discussions to assess vulnerabilities, risks and needs (IT, accounting, business and legal)
Confirm qualifications
Ask questions of vendor until clearly understand
Run performance and security tests
Evaluate privacy and confidentiality concerns
![Page 9: THE CLOUD Risks and Benefits from the Business, Legal and Technology Perspective September 11, 2013 KEVIN M. LEVY, ESQ. (klevy@gunster.com) GUNSTER YOAKLEY.](https://reader036.fdocuments.in/reader036/viewer/2022062806/56649e5c5503460f94b545f7/html5/thumbnails/9.jpg)
Negotiate and Document “clear”: Terms and Conditions Notice and transition periods Scope of services Service levels (SLAs) Flexibility to add services and service levels Requirement of service provider to provide annual audit Requirement of service provider to provide additional / updated audit if services
added to engagement Confidentiality Privacy and Security Encryption Data breach notification protocol Limitation on use of subcontractors Clear and complete force majeure clauses Representations and Warranties Indemnification Insurance requirements Termination provisions Remedy for breach
![Page 10: THE CLOUD Risks and Benefits from the Business, Legal and Technology Perspective September 11, 2013 KEVIN M. LEVY, ESQ. (klevy@gunster.com) GUNSTER YOAKLEY.](https://reader036.fdocuments.in/reader036/viewer/2022062806/56649e5c5503460f94b545f7/html5/thumbnails/10.jpg)
Monitor: Relationship with service providers Audits Services provided Service levels
Amendments: When applicable, timely add clear
description of additional services and service levels
![Page 11: THE CLOUD Risks and Benefits from the Business, Legal and Technology Perspective September 11, 2013 KEVIN M. LEVY, ESQ. (klevy@gunster.com) GUNSTER YOAKLEY.](https://reader036.fdocuments.in/reader036/viewer/2022062806/56649e5c5503460f94b545f7/html5/thumbnails/11.jpg)
Security Breach Notification protocols:▪ 46 of 50 states▪ Fl. St. Section 817.5681
Breach notification process:▪ Gather Team▪ Investigate▪ Evaluate▪ Decide▪ Proceed▪ Provide notice and/or document files▪ Report to regulators as applicable
![Page 12: THE CLOUD Risks and Benefits from the Business, Legal and Technology Perspective September 11, 2013 KEVIN M. LEVY, ESQ. (klevy@gunster.com) GUNSTER YOAKLEY.](https://reader036.fdocuments.in/reader036/viewer/2022062806/56649e5c5503460f94b545f7/html5/thumbnails/12.jpg)
Failure to comply can lead to: Marketing issues and loss or market share
Regulatory issues:▪ Warning notices and sanctions▪ SEC data breach disclosure requirements
Professional liability claims
Added compliance costs
Reduced shareholder value
“DO NOT BE PENNY-WISE AND POUND FOOLISH.”
![Page 13: THE CLOUD Risks and Benefits from the Business, Legal and Technology Perspective September 11, 2013 KEVIN M. LEVY, ESQ. (klevy@gunster.com) GUNSTER YOAKLEY.](https://reader036.fdocuments.in/reader036/viewer/2022062806/56649e5c5503460f94b545f7/html5/thumbnails/13.jpg)
How to avoid a breach or failure to comply?
Implement, enhance and maintain a meaningful Vendor Management Program
Get knowledgeable counsel involved early
![Page 14: THE CLOUD Risks and Benefits from the Business, Legal and Technology Perspective September 11, 2013 KEVIN M. LEVY, ESQ. (klevy@gunster.com) GUNSTER YOAKLEY.](https://reader036.fdocuments.in/reader036/viewer/2022062806/56649e5c5503460f94b545f7/html5/thumbnails/14.jpg)
Kevin M. Levy, Esq. [email protected]
GUNSTER – FLORIDA’S LAW FIRM FOR BUSINESS
Banking & Financial Services
Business Litigation
Corporate
Environmental & Land Use
Immigration
International
Labor & Employment
Leisure & Resorts
Real Estate
Private Wealth Services
Probate, Trust & Guardianship Litigation
Securities
Tax
Technology & Entrepreneurial Companies
GUNSTER.COM | (305) 376-6094FORT LAUDERDALE | JACKSONVILLE | MIAMI | OCEAN REEF | PALM BEACH | STUART | TALLAHASSEE | TAMPA | VERO BEACH | WEST PALM BEACH
4109726.1