orlando, florida prevention: the legacy (data) we leave behind courtney m. dunn registered patent...
TRANSCRIPT
Orlando, Floridawww.lowndes-law.com
Prevention:
The Legacy (Data) We Leave Behind
Courtney M. DunnRegistered Patent Attorney, Senior Associate
© 2011 Lowndes, Drosdick, Doster, Kantor & Reed, P.A. All Rights Reserved
Putting the Genie Back in the BottlePreventing and Dealing with Data Breaches in Your Company
Orlando, Florida | www.lowndes-law.com
The Problem
Disposing of computer equipment without destroying the data on the equipment.
Putting the Genie Back in the BottlePreventing and Dealing with Data Breaches in Your Company
Orlando, Florida | www.lowndes-law.com
Data Privacy Laws
Duty to protect personal information of an individual
Putting the Genie Back in the BottlePreventing and Dealing with Data Breaches in Your Company
Orlando, Florida | www.lowndes-law.com
Data Privacy Laws
Whose information must a company protect?
Employees
Clients
Customers
Job Applicants
Consultants
Independent Contractors
Anyone whose personal data is acquires
Putting the Genie Back in the BottlePreventing and Dealing with Data Breaches in Your Company
Orlando, Florida | www.lowndes-law.com
Data Privacy Laws
What types of information must a company protect?
Medical (HIPAA)
Genetic (GINA)
Consumer Credit (FACTA)
Personally identifiable Information
Putting the Genie Back in the BottlePreventing and Dealing with Data Breaches in Your Company
Orlando, Florida | www.lowndes-law.com
Legal Implications• Civil Liability
º e.g. HIPAA • $100 to $50,000+ per violation• annual cap $1.5M
º e.g. FACTA• Employees identities stolen due to knowing violations
– statutory minimum - up to $1,000 plus punitive damages and attorney fees plus
– Actions brought by FTC - up to $2,500 per employee
– Additional amounts for state actions
• Criminial Liabilityº For egregious acts or acts committed knowinglyº E.g. HIPAA
• Knowingly obtain or disclose identifiable health information - $50,000 and up to 1 year imprisonment
• Involves false pretenses - $100,000 and up to 5 years imprisonment• Intent to sell, transfer, or use for commercial advantage, personal gain, or malicious harm -
$250,000 and up to 10 years imprisonment
Putting the Genie Back in the BottlePreventing and Dealing with Data Breaches in Your Company
Orlando, Florida | www.lowndes-law.com
Recent Case – Affinity Health Plan
• Affinity returned a number of photocopiers to its leasing company• CBS purchased one of the copiers at a wholesale warehouse• CBS found medical records on the copier’s hard drive• CBS notified Affinity (March 17, 2013)• Affinity filed a breach report with the U.S. Dept. of Health and Human
Services • An estimated 344,579 may have had personal and medical data
compromised• Affinity sent breach notice to all those potentially affected (April 5, 2103)• CBS returned the copier’s hard drive to Affinity (April 8, 2013)
Putting the Genie Back in the BottlePreventing and Dealing with Data Breaches in Your Company
Orlando, Florida | www.lowndes-law.com
Recent Case – Affinity Health Plan
• Affinity reaches a resolution with the U.S. Dept. of Health and Human Services (August 7, 2013)
º Fine - $1,215,780º Within 5 days - use best efforts to retrieve all copier hard drives that
remain in their leasing company’s possession.º Within 30 days - Conduct comprehensive risk analysis of all electronic
equipment owned, controlled, or leased; develop plan to address and mitigate risk
Putting the Genie Back in the BottlePreventing and Dealing with Data Breaches in Your Company
Orlando, Florida | www.lowndes-law.com
What should you do?
• Remove all data
• Keep logs of activity done
to remove data
• Set security policy for disposal of electronic equipment and data removal
Putting the Genie Back in the BottlePreventing and Dealing with Data Breaches in Your Company
Orlando, Florida | www.lowndes-law.com
What should you do?(Copiers)
• FTC Brochure – Copier Data Security
• http://www.business.ftc.gov/documents/bus43-copier-data-security
Putting the Genie Back in the BottlePreventing and Dealing with Data Breaches in Your Company
Orlando, Florida | www.lowndes-law.com
What should you do?(Copiers)
• Include copier-specific policies in your organization’s security policies
Orlando, Floridawww.lowndes-law.com
Prevention:
The Legacy (Data) We Leave Behind
Courtney M. [email protected]
407-418-6465