cranfill sumner hartzog llp
play

Cranfill Sumner & Hartzog LLP F. Marshall Wall mwall@cshlaw.com - PowerPoint PPT Presentation

Mar 26, 2024 •318 likes •731 views

F. Marshall Wall Cranfill Sumner & Hartzog LLP F. Marshall Wall mwall@cshlaw.com @NCCyberLawyer [I] am convinced that there are only two types of companies: those that have been hacked and those that will be. And even they are

  1. F. Marshall Wall Cranfill Sumner & Hartzog LLP F. Marshall Wall mwall@cshlaw.com @NCCyberLawyer

  2. “[I] am convinced that there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again.” Robert S. Mueller, III, Former FBI Director F. Marshall Wall mwall@cshlaw.com @NCCyberLawyer

  3. NC Identity Theft Protection Act (N.C. Gen. Stat. §75-60, et seq.) What is a "security breach"? F. Marshall Wall mwall@cshlaw.com @NCCyberLawyer

  4. What is a security breach? • Unauthorized access to AND acquisition of • Unredacted AND unencrypted records or data • Containing personal information • Where illegal use of this data has occurred OR is reasonably likely to occur • Creating a reasonable risk of material harm to a consumer F. Marshall Wall mwall@cshlaw.com @NCCyberLawyer

  5. NOT a Breach • If only encrypted data is taken and the encryption key is not with the data, it is not a data breach • If the data was accessed but not “acquired”, it is not a data breach • If there is no risk of material harm to a customer, it is not a data breach F. Marshall Wall mwall@cshlaw.com @NCCyberLawyer

  6. NC Identity Theft Protection Act What is the legal standard for protection of personal information? F. Marshall Wall mwall@cshlaw.com @NCCyberLawyer

  7. NC Identity Theft Protection Act • The Act requires that “reasonable care” be used to protect data • No further definition is given F. Marshall Wall mwall@cshlaw.com @NCCyberLawyer

  8. Curry, et al. v. Schletter, Inc. (WDNC) • Defendant’s Motion to Dismiss denied except as to breach of fiduciary duty claim • Employees’ private information lost in “phishing” scam • Court found allegations sufficient to state claims for negligence, invasion of privacy, and violations of NCITPA F. Marshall Wall mwall@cshlaw.com @NCCyberLawyer

  9. Rogers v. Keffer, Inc., et al. (EDNC) • Defendants’ Motion to Dismiss allowed as to NCITPA claim • Plaintiff was identity theft victim • Criminal used his name, SSN and other personal information to buy two cars from defendant-dealership F. Marshall Wall mwall@cshlaw.com @NCCyberLawyer

  10. Rogers, cont. • NOT a security breach for dealership to provide SSN to credit reporting agencies and banks • Plaintiff also did not successfully allege damages under the NCITPA F. Marshall Wall mwall@cshlaw.com @NCCyberLawyer

  11. What is “personal information”? A person's first name or first initial and last name in combination with other information such as: F. Marshall Wall mwall@cshlaw.com @NCCyberLawyer

  12. What is “personal information”? • Social Security number • Driver's license number • Passport number • Checking or savings account number • Credit or debit card number • PIN code • Biometric data • Passwords F. Marshall Wall mwall@cshlaw.com @NCCyberLawyer

  13. How quickly must notice be given? • There is no specific deadline for notice • Notice must be “made without unreasonable delay, consistent with the legitimate needs of law enforcement.” F. Marshall Wall mwall@cshlaw.com @NCCyberLawyer

  14. Who Gets Notice? • Everyone whose personal information was contained in the records • The Consumer Protection Division of the Attorney General’s staff • If more than 1,000 people are affected, notice must also be given to the three major credit bureaus F. Marshall Wall mwall@cshlaw.com @NCCyberLawyer

  15. What if customers live in other States? • Data protection statutes are specific to the States where your customers live • All 50 States – Alabama became the last in March 2018 – the District of Columbia, and Puerto Rico have their own statutes • Notice requirements, including the time to give notice, vary significantly F. Marshall Wall mwall@cshlaw.com @NCCyberLawyer

  16. What if customers live in other States? THE BOTTOM LINE – if clients/customers are in other States, you have to give notice based on their home State’s law F. Marshall Wall mwall@cshlaw.com @NCCyberLawyer

  17. Who can sue? • North Carolina allows a private right of action, but only if the consumer can show injury • A cause of action under the Act cannot be assigned • Violation of the Act is an unfair or deceptive trade practice under N.C. Gen. Stat. § 75-1.1 F. Marshall Wall mwall@cshlaw.com @NCCyberLawyer

  18. Federal Trade Commission • FTC has brought more than 500 enforcement actions related to consumer privacy • Typically relies on Section 5 of the FTC Act, which prohibits unfair and deceptive trade practices • Most actions are resolved by way of a Consent Order. F. Marshall Wall mwall@cshlaw.com @NCCyberLawyer

  19. FTC • Key focus – whether companies are living up to their stated privacy policies – Wyndham Hotels case (Third Circuit 2015) – https://www.ftc.gov/system/files/documents/ca ses/150824wyndhamopinion.pdf F. Marshall Wall mwall@cshlaw.com @NCCyberLawyer

  20. FTC • Also examines what data companies keep, how long they keep it, where they keep it, and whether they should keep it in the first place F. Marshall Wall mwall@cshlaw.com @NCCyberLawyer

  21. FTC Enforcement Action Examples • VIZIO paid $2.2M to settle claims that it put software in its TV sets that monitored viewing habits without customers’ knowledge or consent F. Marshall Wall mwall@cshlaw.com @NCCyberLawyer

  22. FTC Actions • Brought an action against Twitter for failing to suspend user’s access after a certain number of failed log in attempts and for allowing almost all of its employees “administrative” access to information in its system F. Marshall Wall mwall@cshlaw.com @NCCyberLawyer

  23. FTC Actions • Uber had a breach in May 2014 that exposed consumer data; engineers posted access key information on GitHub. • While negotiating a settlement with FTC, the same thing happened again. • Uber learned of the second breach in November 2016 but did not report it until November 2017. F. Marshall Wall mwall@cshlaw.com @NCCyberLawyer

  24. FTC Actions • Brought an enforcement action against Snapchat when its promise that messages would “disappear forever” but in fact they did not F. Marshall Wall mwall@cshlaw.com @NCCyberLawyer

  25. FTC Actions • Pursued Lenovo for including software on its laptops that allowed another company to deliver pop-up ads when customers hovered over certain products on websites F. Marshall Wall mwall@cshlaw.com @NCCyberLawyer

  26. Securities and Exchange Commission Washington D.C., Sept. 22, 2015 — The Securities and Exchange Commission today announced that a St. Louis-based investment adviser has agreed to settle charges that it failed to establish the required cybersecurity policies and procedures in advance of a breach that compromised the personally identifiable information (PII) of approximately 100,000 individuals, including thousands of the firm’s clients. F. Marshall Wall mwall@cshlaw.com @NCCyberLawyer

  27. SEC • This is the first enforcement action from SEC • Found that the firm failed to have policies and procedures, failed to have a firewall, failed to encrypt data, and failed to have a response plan • $75,000 fine • Censure • Cease and desist order F. Marshall Wall mwall@cshlaw.com @NCCyberLawyer

  28. SEC • Enforces the Gramm-Leach-Bliley Act – Title V governs when non-public consumer information may be disclosed – Requires notice of privacy policies to customers • Regulation S-P governs privacy of consumer financial information • Oversees broker-dealers and advisers, among others F. Marshall Wall mwall@cshlaw.com @NCCyberLawyer

  29. US Department of Health and Human Services • Enforces compliance with HIPAA and HITECH through the Office of Civil Rights • HIPAA privacy rule applies to Protected Health Information (PHI) F. Marshall Wall mwall@cshlaw.com @NCCyberLawyer

  30. DHHS Enforcement June 18, 2018 DHHS Press Release M.D. Anderson Cancer Center ordered to pay more than $4.3M for violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules. F. Marshall Wall mwall@cshlaw.com @NCCyberLawyer

  31. M.D. Anderson case • Case stemmed from loss of a laptop and two USB “thumb drives” containing unencrypted electronic protected health information (ePHI) for more than 33,000 individuals F. Marshall Wall mwall@cshlaw.com @NCCyberLawyer

  32. General Data Protection Regulation (GDPR) • European Union regulation • Went into effect on 25 May 2018 • Applies to anyone processing personal data of EU “data subjects” or offering goods or services to individuals in the EU • Doesn’t matter where your business is located or the data is processed F. Marshall Wall mwall@cshlaw.com @NCCyberLawyer

  33. GDPR • Data subjects have more control over their personal information • “Right to be forgotten” • Steep fines for violations • Short time to give notice of data breaches F. Marshall Wall mwall@cshlaw.com @NCCyberLawyer

  34. California Consumer Privacy Act • Effective 1 January 2020 • Protects privacy of California residents • Already amended and more amendments possible/likely • Similar to GDPR • Private right of action with dollar limits on potential recovery F. Marshall Wall mwall@cshlaw.com @NCCyberLawyer

Recommend

Katie Hartzog, Attorney | Hartzog Law Group Dan Hartzog, Jr., Attorney | Hartzog Law Group

Katie Hartzog, Attorney | Hartzog Law Group Dan Hartzog, Jr., Attorney | Hartzog Law Group

April 9, 2020 FAMILIES FIRST CORONA VIRUS RESPONSE ACT Katie Hartzog, Attorney | Hartzog Law Group Dan Hartzog, Jr., Attorney | Hartzog Law Group Emergency FMLA Expansion Act (eFMLA) The FFCRA is a series of related Acts, one of which is

956 views • 57 slides
Why are municipalities targeted by hackers? F. Marshall Wall mwall@cshlaw.com @NCCyberLawyer 3

Why are municipalities targeted by hackers? F. Marshall Wall mwall@cshlaw.com @NCCyberLawyer 3

3/20/20 F. Marshall Wall Cranfill Sumner & Hartzog LLP F. Marshall Wall mwall@cshlaw.com @NCCyberLawyer 1 Cyber Risks for Municipalities 1. Ransomware 2. Business Email Compromise (BEC) 3. Data Breach 4. Employment Issues F. Marshall

434 views • 12 slides
Sumner County Schools May 14, 2019 Our Mission Sumner County Schools commits to growing

Sumner County Schools May 14, 2019 Our Mission Sumner County Schools commits to growing

Budget SY 2019-20 Sumner County Schools May 14, 2019 Our Mission Sumner County Schools commits to growing learners who are college and career ready through quality instruction, effective use of resources, building a collaborative culture,

547 views • 20 slides
Sumner County Schools May 12, 2020 Our Mission Sumner County Schools commits to growing

Sumner County Schools May 12, 2020 Our Mission Sumner County Schools commits to growing

Budget SY 2020-21 Sumner County Schools May 12, 2020 Our Mission Sumner County Schools commits to growing learners who are college and career ready through quality instruction, effective use of resources, building a collaborative culture,

390 views • 17 slides
Sumner County Schools May 9, 2017 Our Mission Sumner County Schools commits to growing learners

Sumner County Schools May 9, 2017 Our Mission Sumner County Schools commits to growing learners

Budget SY 2017-18 Sumner County Schools May 9, 2017 Our Mission Sumner County Schools commits to growing learners who are college and career ready through quality instruction, effective use of resources, building a collaborative culture,

716 views • 20 slides
NCCADV Conference Presentation May 27, 2014 Chief Marty Sumner Chief Marty Sumner

NCCADV Conference Presentation May 27, 2014 Chief Marty Sumner Chief Marty Sumner

NCCADV Conference Presentation May 27, 2014 Chief Marty Sumner Chief Marty Sumner Chief Marty Sumner Chief Marty Sumner High Point Police Department Dr. Stacy Dr. Stacy Sechrist Dr. Stacy Dr. Stacy Sechrist Sechrist

620 views • 58 slides
Sumner High School Presentation of the Value Analysis December 13, 2017 Sumner High School

Sumner High School Presentation of the Value Analysis December 13, 2017 Sumner High School

Sumner High School Presentation of the Value Analysis December 13, 2017 Sumner High School Value Analysis Outcomes for Tonights Presentation Summary of Process, Project and Direction Definition of Value Analysis Value Analysis

463 views • 19 slides
Academy Street Bike Lane Improvements 4' Sidewalk 7' Parking Lane Bike Travel Lane Travel

Academy Street Bike Lane Improvements 4' Sidewalk 7' Parking Lane Bike Travel Lane Travel

City Council Study Session 10-14-2019 Sumner High School Main Street Maple Street SUMNER TRANSIT CENTER Academy Street: Kincaid Avenue Sumner Avenue W Cherry Avenue o Alder Avenue o d Curb Bulbs and A v e Add Bike Lanes, n u e

591 views • 3 slides
The epic battle between Markov and phylogenetic invariants: equations Jeremy Sumner School of

The epic battle between Markov and phylogenetic invariants: equations Jeremy Sumner School of

The epic battle between Markov and phylogenetic invariants: equations Jeremy Sumner School of Physical Sciences University of Tasmania, Australia Phylomania 2014 Jeremy Sumner The epic battle between Markov and phylogenetic invariants:

345 views • 16 slides
Needs Janet Sumner, Executive Director, Wildlands League The two great environmental

Needs Janet Sumner, Executive Director, Wildlands League The two great environmental

What the Planet Needs Janet Sumner, Executive Director, Wildlands League The two great environmental challenges of our time biodiversity loss and climate change https://www.cnn.com/2016/12/12/world/sutter-vanishing- help/index.html The

493 views • 22 slides
Competencies are Important to Job Success? Mary Sumner Anne Powell Southern Illinois University

Competencies are Important to Job Success? Mary Sumner Anne Powell Southern Illinois University

What Project Management Competencies are Important to Job Success? Mary Sumner Anne Powell Southern Illinois University Edwardsville Literature Review Prior research focused on 3 main areas Hard Skills (Alam et al., 2010; PMBOK)

160 views • 13 slides
Covid-19 Litigation Outline Introduction Robert Sumner I. a. Butler Snows C OVID-19 Task

Covid-19 Litigation Outline Introduction Robert Sumner I. a. Butler Snows C OVID-19 Task

Covid-19 Litigation Outline Introduction Robert Sumner I. a. Butler Snows C OVID-19 Task Force and Introduce Panelists b. Big Picture Graphs, Charts, and Statistics c. South Carolina Cases of Note i. Failed attempt to create MDL for business

188 views • 5 slides
INDONESIA Arriya Mungsunti Andy Sumner Arief Yusuf The Developers Dilemma: Structural

INDONESIA Arriya Mungsunti Andy Sumner Arief Yusuf The Developers Dilemma: Structural

Kyunghoon Kim INDONESIA Arriya Mungsunti Andy Sumner Arief Yusuf The Developers Dilemma: Structural Transformation, Inequality Dynamics, and Inclusive Growth UNU-WIDER Workshop, 10 th /September/2019, Bangkok, Thailand BACKGROUND: STEADY

521 views • 19 slides
Mesh-Based Inverse Kinematics R. W. Sumner, M. Zwicker, C. Gotsman, J. Popovi c SIGGRAPH 2005

Mesh-Based Inverse Kinematics R. W. Sumner, M. Zwicker, C. Gotsman, J. Popovi c SIGGRAPH 2005

CS468, Wed Nov 9th 2005 Mesh-Based Inverse Kinematics R. W. Sumner, M. Zwicker, C. Gotsman, J. Popovi c SIGGRAPH 2005 The problem 1 Mesh-Based Inverse Kinematics R. W. Sumner, M. Zwicker, C. Gotsman, J. Popovi c General approach

685 views • 31 slides
Comparative Causality: Explaining the Differences Between Executions William N. Sumner Xiangyu

Comparative Causality: Explaining the Differences Between Executions William N. Sumner Xiangyu

Comparative Causality: Explaining the Differences Between Executions William N. Sumner Xiangyu Zhang {wsumner,xyzhang} @ cs.purdue.edu ICSE 2013 22 May 2013 Background Debugging requires understanding how a program behaves. Background

1.41k views • 122 slides
Geoffrey Sumner-Smith Saturday 5 November 2016 8:00pm Tributes His passing marks the end of

Geoffrey Sumner-Smith Saturday 5 November 2016 8:00pm Tributes His passing marks the end of

In celebration of the life of Geoffrey Sumner-Smith Saturday 5 November 2016 8:00pm Tributes His passing marks the end of an era in the teaching of veterinary surgery and I feel privileged to have not only been taught by him, but also to

528 views • 40 slides
Forbidden Conjectures David Sumner, Professor Emeritus University of South Carolina Graph

Forbidden Conjectures David Sumner, Professor Emeritus University of South Carolina Graph

Forbidden Conjectures David Sumner, Professor Emeritus University of South Carolina Graph Theory app for iPad coming soon to the Apple app store. ! Email david@dpsumner.com for more information or to request to be a beta-tester. See more

442 views • 26 slides
SY 21 Charles Sumner School January 8, 2020 What is Weighted Student Funding? Weighted Student

SY 21 Charles Sumner School January 8, 2020 What is Weighted Student Funding? Weighted Student

Parent Council Budget Presentation SY 21 Charles Sumner School January 8, 2020 What is Weighted Student Funding? Weighted Student Funding (WSF) is BPSs current way to distribute resources to schools based on a per pupil allocation with the

281 views • 15 slides
D2 - Multi-Document Summarization Maria Sumner, Micaela Tolliver, Elizabeth Cary GOAL /

D2 - Multi-Document Summarization Maria Sumner, Micaela Tolliver, Elizabeth Cary GOAL /

D2 - Multi-Document Summarization Maria Sumner, Micaela Tolliver, Elizabeth Cary GOAL / MOTIVATION Implement a simple base system FREQUENCY Luhn (1958), Nenkova & Vanderwende (2005) the high frequency words from the

876 views • 65 slides
Priority Services Register Update to Change Overview Board Bhavika Mithani Phil Sumner

Priority Services Register Update to Change Overview Board Bhavika Mithani Phil Sumner

Priority Services Register Update to Change Overview Board Bhavika Mithani Phil Sumner 03/08/2015 Background Consumer Vulnerability Strategy (CVS) CVS aims q Protect and empower

87 views • 8 slides
SOIL MOISTURE EFFECTS ON EMISSION OF CHLOROPICRIN AND DIMETHYL DISULFIDE Paul E. Sumner*,

SOIL MOISTURE EFFECTS ON EMISSION OF CHLOROPICRIN AND DIMETHYL DISULFIDE Paul E. Sumner*,

SOIL MOISTURE EFFECTS ON EMISSION OF CHLOROPICRIN AND DIMETHYL DISULFIDE Paul E. Sumner*, University of Georgia Stanley Culpepper, University of Georgia Introduction Liquid fumigants have been used for many years in the production of vegetables

453 views • 5 slides
Public Involvement Meeting WIS 106 Improvements Town of Sumner Town Hall October 8, 2019

Public Involvement Meeting WIS 106 Improvements Town of Sumner Town Hall October 8, 2019

Public Involvement Meeting WIS 106 Improvements Town of Sumner Town Hall October 8, 2019 Project Team WisDOT Southwest Region Karla Knorr,PE, Project Supervisor Brad Schultz, PE, Project Manager MSA Professional Services, Inc.

386 views • 14 slides
Observing the gravitational universe from space Peter Wass Tim Sumner, Daniel Hollington,

Observing the gravitational universe from space Peter Wass Tim Sumner, Daniel Hollington,

Observing the gravitational universe from space Peter Wass Tim Sumner, Daniel Hollington, Jonathon Baird High Energy Physics Group Imperial Space Lab 29 September 2015 Gravitational Waves Gravitational waves are ripples made by

300 views • 17 slides
D3 - Multi-Document Summarization Maria Sumner, Micaela Tolliver, Elizabeth Cary SYSTEM

D3 - Multi-Document Summarization Maria Sumner, Micaela Tolliver, Elizabeth Cary SYSTEM

D3 - Multi-Document Summarization Maria Sumner, Micaela Tolliver, Elizabeth Cary SYSTEM ARCHITECTURE Content realization Content selection Information ordering Input docs Sentence Tf-idf, Identify lead segmentation SumBasic sentence

707 views • 69 slides

More recommend