“Personal information of more than 1 million current and former CareFirst BlueCross BlueShield members was leaked in a cyberattack on the insurer’s database.” The information exposed included names, birth dates, email addresses, and subscriber identification numbers. The attack was similar to the Premera BlueCross breach, which was hit one month earlier than CareFirst.
I have always been a fan of AllClear ID for being the best of the best at handling breach response logistics but now, I have to give them a shoutout for another reason. AllClear has a Resources page with some of the very best and most well-respected law firm blogs in the world.
While I am certainly not saying it is deserved, it is very much appreciated that they have chosen to include this blog — the Business Cyber Risk Law Blog — among such great company. Go check it out and you will see for yourself why this is such an honor.
Thank you AllClear ID!
Why do I need to report a data breach?
This is a common question that business owners ask me all of the time. In response, I rattle off a laundry list of reasons why reporting is not optional — but mandatory. This includes ethical stewardship and obligations, business and public relationship reasons, and finally legal obligations that make it mandatory.
Some still think I am just Chicken Little claiming the sky is falling, but so it goes as some people just can’t be helped.
Thanks to the FTC, I now have another reason to give them. It fits into the legal obligations requirement and, while implicitly, most of us in this profession knew this all along, it never helps like an agency like the FTC just comes right out and says it: The FTC said that it looks ‘favorably’ on firms that report data breach.
“In our eyes, a company that has reported a breach to the appropriate law enforcers and cooperated with them has taken an important step to reduce the harm from the breach,” said Mark Eichorn, the agency’s assistant director for privacy and identity protection.
There you go, simple enough? Yes, you must report the data breach. Period. End of story.
The law is trending toward more risk of liability for Officers and Directors. Learn more about this from my recent article in Ethical Boardroom — full text available without paywall here: Cybersecurity Risk: Law and Trends.
As you can see, I have had a whirlwind week of presentations with the IAIP Keynote on Tuesday, ACFE Fraud Conference on Friday, and then Saturday I finish it up in Austin at the Collin County Bench Bar Foundation’s Collin County Bench Bar Conference!
You Should Be Here!
The Bench Bar Conference is a really fun event that I spoke at last year (see Collin County Bench Bar Presentation on Cyber Risks to Lawyers #CCBBF) and I could not miss the opportunity to be a part of it again this year. To add to that, it is a real honor for me to share the stage and be presenting with so many well-respected legal jurists, scholars, and
To add to that, it is a real honor for me to share the stage and be presenting with so many well-respected legal jurists, scholars, and practitioners:
- Hon. Eva Guzman, Justice, Supreme Court of Texas
- Hon. Angela Tucker, Judge, 199th District Court, Collin County, Texas (@AttorneyTucker)
- Hon. Jill Willis, Judge, 429th District Court, Collin County, Texas
- Rep. Jason Villalba, Texas House of Representatives
- Thomas Ashworth – Collin County District Attorney’s Office
- Leah Boyd – ALARM
- Kelly Crawford – Scheef & Stone, L.L.P.
- David Clouston – Sessions Fishman Nathan & Israel
- Melinda Eitzen – Duffee + Eitzen
- Martin Thornthwaite, Strasburger & Price
- Emily Miskel – Koons Fuller
- Jeff Domen – Goranson Bain
- Lee Bean
- Charity Borserine
- Penny Phillips
As I am sure you can imagine by now, my presentation will focus on cybersecurity law, mitigation, and compliance for both lawyers and businesses.
Stay Tuned for More
Check back soon for a blog or two about the event as well as the slides from my presentation.
I recently posted about how corporate general counsel now view cybersecurity as a top 3 concern. At this rate, it will soon be their #1 concern. A recent article in Corporate Counsel gives several reasons for why this problem will only continue to increase in volume, expense, and overall risk to companies:
- Companies continue to move more infrastructure online
- The annual cost of data breaches is projected to rise to $2.1 trillion by 2019
- Cybercriminals are more often hacking for profit instead of for “causes” as with hacktivism
- Nearly 60 percent of data breaches in 2015 are anticipated to be in North America
- The average cost of a data breach is projected to exceed $150 million by 2020
- Companies are developing quantum computers with so much power they will render ineffective all currently known defenses
Not only should corporate general counsel be concerned about cybersecurity, but so too should companies’ officers and directors because there is a growing trend toward liability for them as well.
I am really looking forward to speaking to the 400+ attendees at the Association of Certified Fraud Examiners’ (ACFE) 25th Annual DFW Fraud Conference event on Friday, May 15, 2015.
My address is titled Addressing the Most Current Cybersecurity Threats: Don’t Be the Next Victim.
You can learn more about this event at this LINK and here are some of the event materials: