mitigating d o liability exposure for data privacy and
play

Mitigating D&O Liability Exposure for Data Privacy and - PowerPoint PPT Presentation

Presenting a live 90-minute webinar with interactive Q&A Mitigating D&O Liability Exposure for Data Privacy and Cybersecurity Breaches Reducing D&O Risk With Internal Controls, Insurance, and Indemnification; Defending Derivative


  1. Presenting a live 90-minute webinar with interactive Q&A Mitigating D&O Liability Exposure for Data Privacy and Cybersecurity Breaches Reducing D&O Risk With Internal Controls, Insurance, and Indemnification; Defending Derivative Lawsuits TUESDAY, JUNE 23, 2015 1pm Eastern | 12pm Central | 11am Mountain | 10am Pacific Today’s faculty features: Sharon R. Klein, Partner, Pepper Hamilton , Irvine, Calif. Larry Racioppo, Senior Vice President, USI Insurance Services , Westport, Conn. Angelo A. Stio, III, Partner, Pepper Hamilton , Princeton, N.J. The audio portion of the conference may be accessed via the telephone or by using your computer's speakers. Please refer to the instructions emailed to registrants for additional information. If you have any questions, please contact Customer Service at 1-800-926-7926 ext. 10 .

  2. Tips for Optimal Quality FOR LIVE EVENT ONLY Sound Quality If you are listening via your computer speakers, please note that the quality of your sound will vary depending on the speed and quality of your internet connection. If the sound quality is not satisfactory, you may listen via the phone: dial 1-866-961-8499 and enter your PIN when prompted. Otherwise, please send us a chat or e-mail sound@straffordpub.com immediately so we can address the problem. If you dialed in and have any difficulties during the call, press *0 for assistance. Viewing Quality To maximize your screen, press the F11 key on your keyboard. To exit full screen, press the F11 key again.

  3. Continuing Education Credits FOR LIVE EVENT ONLY In order for us to process your continuing education credit, you must confirm your participation in this webinar by completing and submitting the Attendance Affirmation/Evaluation after the webinar. A link to the Attendance Affirmation/Evaluation will be in the thank you email that you will receive immediately following the program. For additional information about CLE credit processing call us at 1-800-926-7926 ext. 35.

  4. Program Materials FOR LIVE EVENT ONLY If you have not printed the conference materials for this program, please complete the following steps: Click on the ^ symbol next to “Conference Materials” in the middle of the left - • hand column on your screen. • Click on the tab labeled “Handouts” that appears, and there you will see a PDF of the slides for today's program. • Double click on the PDF and a separate page will open. Print the slides by clicking on the printer icon. •

  5. Mitigating D&O Liability Exposure For Data Privacy And Cybersecurity Breaches Sharon R. Klein, Larry Racioppo, Angelo A. Stio III

  6. Speakers 949.567.3506 203.291.2015 609.951.4125 kleins@pepperlaw.com Larry.Racioppo@usi.biz stioa@pepperlaw.com 6

  7. Mitigating D&O Liability Exposure for Data Privacy and Cybersecurity Breaches TOPICS • Recent focus on data privacy and security issues − Analysis of Major Breaches − Consequences of Breach • Duties of Directors and Officers − Duty to Warn − Duty to Protect • Class Actions and Derivative Suits • Insurance • Practical Considerations 7

  8. Mitigating D&O Liability Exposure for Data Privacy and Cybersecurity Breaches TOPICS • Recent focus on data privacy and security issues − Analysis of Major Breaches − Consequences of Breach • Duties of Directors and Officers − Duty to Warn − Duty to Protect • Class Actions and Derivative Suits • Insurance • Practical Considerations 8

  9. Recent Focus on Data Privacy and Security Issues Chair Mary Jo White - SEC Cybersecurity Roundtable – March 2014 − “This is a global threat. Cyber threats are of extraordinary and long-term seriousness. They are first on the Division of Intelligence’s list of global threats, even surpassing terrorism. And Jim Comey, director of the FBI, has testified that resources devoted to cyber-based threats are expected `to eclipse’ resources devoted to terrorism.” SEC Commissioner Luis Aguilar – Cyber Risks and the Boardroom Conference – June 2014 − 42% increase between 2011 and 2012 in the number of successful cyber-attacks per week. − “[B]oards that choose to ignore, or minimize, the importance of cybersecurity oversight responsibility, do so at their own peril.” 9

  10. Mitigating D&O Liability Exposure for Data Privacy and Cybersecurity Breaches TOPICS • Recent focus on data privacy and security issues − Analysis of Major Breaches − Consequences of Breach • Duties of Directors and Officers − Duty to Warn − Duty to Protect • Class Actions and Derivative Suits • Insurance • Practical Considerations 10

  11. Major Drivers to a Higher Cost of Data Breach in 2015 • Cyber attacks have increased in frequency • The consequences of lost business are having a great impact on the cost of data breach • Data breach costs associated with detection, escalation and remediation increased 11

  12. 2014 / 2015 Witnessed Major Breaches • Target • Home Depot • Anthem • Premera • Sony • J P Morgan Chase & Company 12

  13. Factors that Increase Cost • Third Parties • Rush to Notify • Lost or Stolen Devices 13

  14. Factors that Decrease Cost • Incident Response Team • Encryption • Employee Training • Appointing Chief Information Security Officer • Board Involvement • Insurance 14

  15. Mitigating D&O Liability Exposure for Data Privacy and Cybersecurity Breaches TOPICS • Recent focus on data privacy and security issues − Analysis of Major Breaches − Consequences of Breach • Duties of Directors and Officers − Duty to Warn − Duty to Protect • Class Actions and Derivative Suits • Insurance • Practical Considerations 15

  16. Data Breach Consequences • Harm to individual • Costs of notice and remediation • Regulatory action • Fines and penalties • Potential lawsuits • Loss of business, resources and employee time • Damage to brand and reputation • Disruption 16

  17. Mitigating D&O Liability Exposure for Data Privacy and Cybersecurity Breaches TOPICS • Recent focus on data privacy and security issues − Analysis of Major Breaches − Consequences of Breach • Duties of Directors and Officers − Duty to Warn − Duty to Protect • Class Actions and Derivative Suits • Insurance • Practical Considerations 17

  18. Mitigating D&O Liability Exposure for Data Privacy and Cybersecurity Breaches TOPICS • Recent focus on data privacy and security issues − Analysis of Major Breaches − Consequences of Breach • Duties of Directors and Officers − Duty to Warn − Duty to Protect • Class Actions and Derivative Suits • Insurance • Practical Considerations 18

  19. Duties of Directors and Officers • Directors are liable for oversight of Company affairs due to their fiduciary duties of loyalty and due care • Cyber liability due to disclosure of personally identifiable information and trade secrets are known material risks • Standard of Care as to cyber liability generally can be categorized into regulations dealing with: − Duty to warn − Duty to protect 19

  20. Duty to Warn • SEC Guidance • Data Breach Laws and Regulatory Requirements 20

  21. Duty to Warn: SEC Guidance 21

  22. Duty to Warn: SEC Guidance SEC Guidance: Disclosure • Cybersecurity risks and cyber incidents are required to be disclosed when: • Necessary in order to make other required disclosures not misleading. • They are such that a reasonable investor would consider important to an investment decision. • No existing specific disclosure requirement. • Registrants should review, on an ongoing basis, the adequacy of their disclosure relating to cybersecurity risks and cyber incidents. 22

  23. Duty to Warn: SEC Guidance SEC Guidance: Disclosure • Places reporting companies may need to include disclosure: − Risk Factors − MD&A − Description of the Business − Legal Proceedings − Financial Statement Disclosures − Disclosure Controls and Procedures 23

  24. Duty to Warn: SEC Guidance SEC Guidance: Disclosure • Is a Form 8-K required after a breach? No (not yet) • Some companies have elected to file under item 8.01 (Other Information) • Some companies have taken the position that they notify the public of a breach in other ways and an 8-K is unnecessary. − Pros: Eliminate any potential insider trading, don’t raise flags with the SEC, disclosure can be copied from breach notices − Cons: Imperfect information 24

  25. Duty to Warn: Target Breach SEC Disclosure − Filed an 8-K in late February in connection with its earnings release • Updated risk factors that could affect forward-looking statements in the release (including cybersecurity risks) • Total of 18 risk factors, 5 relating to the incident − Filed 10-K on March 14. • Disclosures re breach included in: Risk Factors, Legal Proceedings, MD&A (executive summary subpart) and Financial Statement footnotes (commitments and contingencies) • Target recorded $61 million in breach-related expenses, with insurance covering $44 million for net expenses of $17 million • Did not estimate losses resulting from litigation, enforcement and related fines 25

Recommend


More recommend