Our third speaker at the ITX Data Security Summit was Gerry Elman from Elman Technology Law, who asked the question: “Are You Legally Prepared for the Coming Cyber War?” He also chose a sub-topic even more relevant to the audience: “Preparing Your Legal Playbook In Anticipation of Data Security Breaches.”

Here’s a clip from the beginning of Gerry Elman’s presentation:

Elman quickly addressed Data Security breaches to the audience and covered recent attacks on companies like T.J. Maxx (who possibly had 46.2 million credit and debit card compromised) and Sony’s massive breach on April 17^th, 2011 that has an estimated cleaning cost of up to $171 Million. The best way to not become a major data breach is to follow necessary rules and regulations to mitigate your risk. You want to be famous, not infamous

Gerry provided the audience with The Legal Playbook: Step by Step.  This plan will help you respond to a data breach:

Incident Response Plan

• Was there a breach of data security?
• Investigate its severity and nature
• Fix it and mitigate damage (pecuniary and to reputation) so much as possible
• Notify appropriate authorities, companies and individuals
• Do you have contractual obligations to others?
  • Others to you?
  • Insurance policy to trigger?
  • Whats pertinent to your industry?
  • Involve company team members and outside advisors/consultants

To help you prepare your own legal playbook and anticipate data security breaches, Gerry highlighted a few crucial policies and regulations:

• Federal Information Security Management Act (FISMA)
• Fair and Accurate Credit Transactions Act (FACTA)
• Health Insurance Portability and Accountability Act (HIPAA)
• Health Information Technology for Economic and Clinical Health (HITECH) Act, and
• the Payment Card Industry Data Security Standard (PCI DSS)

Gerry explained that all of these policies and regulations are necessary to your legal playbook!

At the end of Gerry’s presentation, he told the audience that we should be prepared to do more than merely what the law requires. Don’t rely solely on lawmakers because the government is not protecting private industries. It’s not just complying with laws; it’s also about strategic thinking!

Gerry had a very comprehensive presentation on how to prepare your legal playbook.  If you wish to have more information on the Legal Playbook or why the policies and regulations are important please email us at info@inetu.net.  Thank you, Gerry Elman, for rowing the legal oar for the Data Security Summit!

Other posts that might interest you:

• Managing ePHI on the Internet
• Obtaining HIPAA Compliance Through a PCI DSS Framework
• Data Security Fundamentals
• INetU & Trustwave Partner to Provide Hosted Security Services for PCI DSS and HIPAA Compliance
• What’s This Multi-Factor Authentication About….