Shawn E. Tuma

Posts Tagged ‘breach notification’

Cybersecurity Legal Issues: What you really need to know (slides)

In Corporate Governance, Cyber Issues, Cybersecurity Law, Data Breach, Media, Privacy on September 14, 2016 at 8:46 pm

Shawn Tuma delivered the presentation Cybersecurity Legal Issues: What you really need to know at a Cybersecurity Summit sponsored by the Tarleton State University School of Criminology, Criminal Justice, and Strategic Studies’ Institute for Homeland Security, Cybercrime and International Criminal Justice. The presentation was on September 13, 2016 at the George Bush Institue. The following are the slides from Tuma’s presentation — a video of the presentation will be posted soon!

Read the rest of this entry »

Cybersecurity Incident Response Checklist

In Cyber Issues, Cybersecurity Law, Data Breach, Digital Information Law on September 8, 2016 at 8:30 am

Business leaders, when people like me tell you that having a cybersecurity incident in your company is like being in a building on fire, we are not exaggerating. Take a look at the following checklist (note, this is not an incident response plan!) while keeping in mind that over half of the items on that checklist should be performed almost simultaneously within hours of learning that your company has had a data breach.

While this is not an exhaustive list, these are the items that most often need to be performed in the cases in which I guide clients through the incident response and remediation process. Of course there will be exceptions, additions, and omissions — take this for what it is, a starting point. Finally, note that the picture below is an image of the checklist and is blurry — you can download the original here.

checklist-image

______________________

Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

 

 

Cybersecurity: How Long Should An Incident Response Plan Be?

In Corporate Governance, Cyber Issues, Cybersecurity Law, Data Breach, Digital Information Law on July 1, 2016 at 9:23 am

Last evening I had the pleasure of talking cybersecurity law with a group of CIOs from some pretty sophisticated companies. It was a great discussion and I learned as much as I shared — just the way I like it. During our discussion, the subject of Incident Response Plans came up and I explained why these are now a must-have.  Read the rest of this entry »

Why Cybersecurity Incidents Are Legal Events

In Corporate Governance, Cybersecurity Law, Data Breach, Digital Information Law, Privacy on March 18, 2016 at 7:23 pm

In this video, cybersecurity and data protection attorney Shawn Tuma explains why cybersecurity incidents are as much legal events as they are information technology and business / public relations events.

Read the rest of this entry »

Cybersecurity Legal Year in Review – #DtSR Podcast

In Corporate Governance, Cybersecurity Law, Data Breach, Digital Information Law, Privacy, Regulatory on January 13, 2016 at 8:16 am

Do not miss this podcast discussing key cybersecurity legal events from 2015. Shawn Tuma joined the DtSR Gang [Rafal Los (@Wh1t3Rabbit), James Jardine (@JardineSoftware), and Michael Santarcangelo (@Catalyst)] on the Down the Security Rabbit Hole podcast.

In this episode…

  • Most important cybersecurity-related legal developments of 2015
    • Tectonic Shift that occurred with “standing” in consumer data breach claims
      • Discussion of law prior to Neiman Marcus case, and post-Neiman Marcus
      • Does this now apply to all consumer data breach cases?
      • Immediate impact? Companies now liable?
      • Lesson is in seeing the trend and how incrementalism works
      • Michaels & SuperValu case dismissals in light of Neiman Marcus
  • Regulatory Trends
    • FTC & SEC gave hints in 2014, post-emergence of Target details
    • Wyndham challenged authority – came to fruition in August 2015
    • SEC not far behind – significant case in September 2015
    • Aggressiveness of FTC is substantial – FTC v. LabMD … all over LimeWire
  • Officer & Director Liability
    • 2014 – SEC Comm. fired the warning shot … pointed the finger
    • Shareholder derivative litigation
    • Individual liability of IT / Compliance / Privacy “officers”
  • Anticipated 2016 Legal Trends
    • Regulatory enforcement … which, by the way, is why NIST is becoming default
    • Shareholder Derivative – much more likely than consumer class actions at this time
    • Lessons from both of these: when you need to persuade the “money folks” that they need to act, mention D&O Liability (especially Caremark) and Regulatory focus on individuals … now they’re in the cross-hairs
    • Realization that cybersecurity is more of a legal issue than anything else (IT or business) b/c it is the legal requirements and consequences that ultimately drive everything

Go HERE to listen to the Podcast!

%d bloggers like this: