Privacy & Data Protection for: Nonprofit Organizations Presentation for:

Privacy & Data Protection for: Nonprofit Organizations

Presentation for:

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAUQjRxqFQoTCNDWjbvXp8cCFUXvgAodOXcCVA&url=http%3A%2F%2Fwww.cfgfw.org%2Fdocs%2Fdefault-source%2Fcommunications%2Fcommunity-foundation---publicity-guidelines.pdf%3Fsfvrsn%3D2&ei=bGfNVdDwLsXegwS57omgBQ&bvm=bv.99804247,d.eXY&psig=AFQjCNGXmjcdMhFkRgDyIHBYHmHxQDn5Jg&ust=1439611114643912




http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAUQjRxqFQoTCPna2c_Xp8cCFYGZgAodZqIEKg&url=http%3A%2F%2Fwww.cfgfw.org%2Fdocs%2Fdefault-source%2Fcommunications%2Fcommunity-foundation---publicity-guidelines.pdf%3Fsfvrsn%3D2&ei=l2fNVbmzOoGzggTmxJLQAg&bvm=bv.99804247,d.eXY&psig=AFQjCNGXmjcdMhFkRgDyIHBYHmHxQDn5Jg&ust=1439611114643912

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAUQjRxqFQoTCPna2c_Xp8cCFYGZgAodZqIEKg&url=http%3A%2F%2Fwww.cfgfw.org%2Fdocs%2Fdefault-source%2Fcommunications%2Fcommunity-foundation---publicity-guidelines.pdf%3Fsfvrsn%3D2&ei=l2fNVbmzOoGzggTmxJLQAg&bvm=bv.99804247,d.eXY&psig=AFQjCNGXmjcdMhFkRgDyIHBYHmHxQDn5Jg&ust=1439611114643912

• 2

Team Intro

Robert SturtevantPrincipal

David WaltersRisk Advisor

HHS Practice Leader

Chris NiezerRisk Advisor

• 3

Gibson Overview

► Founded in 1933 as a Typical Small Town Insurance Agency

► Offices in South Bend, Plymouth, Indianapolis & Fort Wayne

► Top 1% of Largest Independent Agencies in the United States

► Top 5 privately held Independent Agencies in Indiana

► Awarded Best Practices Status Annually Since 1994

► 100% Employee Owned- Including ESOP Program

► Recognized as a Best Place to Work in Indiana Since 2013

► 2014 Principal 10 Best Companies for Employee Financial Security

► Inc. 5000 Fastest Growing Private Companies in 2015

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRw&url=http%3A%2F%2Fstarkeagency.com%2Fnews-and-events%2F&ei=O6iSVb_NFcOngwTenYKQDA&bvm=bv.96783405,d.eXY&psig=AFQjCNFGjtlG-qQ5fNveToIQepmJUqh4mA&ust=1435761078910913

• 4

“The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards.”

– Gene Spafford, Professor of Computer Sciences at Purdue University

• 5

“Two years from now, spam will be solved.”-Bill Gates, 2004

“The problem of viruses is temporary and will be solved in two years.”

- John McAfee, 1988

“Computer viruses are an urban legend.”

- Peter Norton, 1988

• 6

o Laptops, Bluetooth, Tablets

o Cell Phones, Smart Phones, PDAs

o Entertainment (satellite radio, wireless streaming, mp3s)

o Transportation (self parking cars, voice commands, GPS)

o Shopping (online, credit/debit cards)

o Medicine (equipment, medical records)

o Social Media & Cloud Computing

o Online Banking/Check Cashing

and the list goes on and on….

All Things Technology

• 7

o Personal identity theft

o Theft of personal/company banking information

o Utilization of one system to hack other systems

o Viruses erasing entire systems or altering existing files

o Hardware & software property damage

o Unwanted spyware, adware, tracking programs

A Data breach for all businesses…It’s not if, but when!

What’s the Risk?

• 8

• The culprit is often someone close to your business

• The perpetrator could live halfway around the globe

• Size doesn’t matter

• Any company can be hit

• A breach can result from a simple mistake

• Cyber risk is consistently in the top three risk exposures identified by risk managers nationwide

No one is immune

• 9

It’s not if, but when…

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRxqFQoTCLXxh4DOp8cCFQI5PgodqqkA3Q&url=http%3A%2F%2Fwww.chicagock.com%2Fnews%2Fwellpoint-anthem-includes-coverage-of-sbrt-for-prostate-cancer%2F&ei=gV3NVfWsAYLy-AGq04LoDQ&bvm=bv.99804247,d.cWw&psig=AFQjCNHdQkGGwBspxHvXtDRh1HdLTEF2Rg&ust=1439608573250493

https://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRxqFQoTCIPu_pfOp8cCFYoZPgodldED0w&url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FTarget_Corporation&ei=s13NVcPIDIqz-AGVo4-YDQ&bvm=bv.99804247,d.cWw&psig=AFQjCNHXP47HaGK93CKPZ8JuRkWfiPYM7w&ust=1439608625656817

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRxqFQoTCKXb1dHOp8cCFcM9PgodB_sBWA&url=http%3A%2F%2Fbeam.beaconhealthsystem.org%2F2014%2F09%2F&ei=LF7NVaWVCsP7-AGH9ofABQ&bvm=bv.99804247,d.cWw&psig=AFQjCNF7cKBHBz5sCQ0FH6qzxKXIst71aQ&ust=1439608744903068

• 10

“A data breach is an incident that involves the unauthorized or illegal viewing, access or retrieval of

data by an individual, application or service. It is a type of security breach specifically designed to steal and/or

publish data to an unsecured or illegal location.”

• Source: www.techopedia.com

Defining a Breach

• 11

Average Number of Records Breached Per Incident:

28,765

Average Cost Per Breached Record:

$192 - $240

Varying Factors– Number of Records Breached

– Type of Breach (SS#, Credit Card Info, PHI)

– Class Action Lawsuit Filed?

• Source: Ponemon Institute / Symantec Study

Quantifying a Breach

• 12• Source: Net Dilligence Data Breach Cost Estimator

Sample Calculators

• 13

www.databreachcalculator.com

Sample Calculators

http://www.poweryourpractice.com/is-your-patient-data-safe-data-breaches-nearly-doubled-in-2011/

• 14

Forensic Experts

Legal Expenses

Public Relations Consulting

Notification Costs

Hotline Support

Credit Monitoring Subscriptions

Discounts for Future Products & Services

Reputation Damage / Loss of Customers

Fines & Penalties (HIPAA / PCI)

Class Action Lawsuits

Business Interruption / Income Loss

Data Breach “Costs”

• 15

Prevention Strategies► Encryption of portable devices

► Technology use manuals

► Third-party IT expertise

► HIPAA/PCI compliance audits & security scans

► Employee education/training (39% of breaches are caused by human errors)

Mitigation Strategies► Incident response plans

► Public relations consultation

Transfer Strategies► Review contract (indemnification) language with attorney

Finance Strategies► Insurance protection (1st & 3rd party coverage available)

Risk Management Strategies

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRxqFQoTCMzYn6nUp8cCFQrRgAodnIgCEw&url=http%3A%2F%2Fmyeportal.net%2Fcourses%2Frisk-management%2F&ei=ImTNVcw_iqKDBJyRipgB&bvm=bv.99804247,d.eXY&psig=AFQjCNFeC9ml3zpi52CZ_tss5khX-TmQEg&ust=1439610271129144

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRxqFQoTCMzYn6nUp8cCFQrRgAodnIgCEw&url=http%3A%2F%2Fmyeportal.net%2Fcourses%2Frisk-management%2F&ei=ImTNVcw_iqKDBJyRipgB&bvm=bv.99804247,d.eXY&psig=AFQjCNFeC9ml3zpi52CZ_tss5khX-TmQEg&ust=1439610271129144

• 16

First Party Coverages

Privacy Notification Expenses & Monitoring

Crisis Management and Reward Expenses

Business Interruption

Electronic Vandalism

Privacy Liability Defense

Regulatory Defense (including fines & penalties)

Third Party Liability

Disclosure Injury

Content Injury

Reputational Injury

Conduit Injury

Impaired-access Injury

Class actions suits

Insurance Protection

• 17

State data platforms do not create immunity at the local level

Indications are easy to obtain

No two policies are created equally

Be sure to thoroughly compare coverage options available in the marketplace

Cheaper is not always better

Assess tools and resources available by the insurance companies offering coverage

Quantify impact of a breach and assess limits accordingly

Some protection is better than no protection

Insurance Tips

Thank You!www.gibsonins.com

Documents

Privacy & Data Protection for: Nonprofit Organizations Presentation for: