privacy and data security for your nonprofit ...29 to view an index of venable’s articlesand...
TRANSCRIPT
![Page 1: Privacy and Data Security for Your Nonprofit ...29 To view an index of Venable’s articlesand presentations or upcoming seminars on nonprofit legal topics, see or](https://reader033.vdocument.in/reader033/viewer/2022042315/5f03c5ae7e708231d40ab1ac/html5/thumbnails/1.jpg)
1
© 2008 Venable LLP
MODERATOR: JEFFREY S. TENENBAUM, ESQ. TUESDAY, OCTOBER 14, 2014
PRESENTER: EMILIO W. CIVIDANES, ESQ. 3:00 p.m. ET
© 2014 Venable LLP
Nonprofit Organizations Committee Legal Quick Hit:
Privacy and Data Security for Your Nonprofit: Understanding Your Client’s Legal Obligations and
Minimizing Legal Risk
![Page 2: Privacy and Data Security for Your Nonprofit ...29 To view an index of Venable’s articlesand presentations or upcoming seminars on nonprofit legal topics, see or](https://reader033.vdocument.in/reader033/viewer/2022042315/5f03c5ae7e708231d40ab1ac/html5/thumbnails/2.jpg)
2
© 2014 Venable LLP
Program Overview
The Cyber Threat Landscape
Top 4 Risks to Nonprofits
Risks Are Getting Riskier…
– Part 1: Top 4 Industry Trends
– Part 2: Top 4 Legal Developments
Five Steps to Mitigating Privacy and
Data Security Risks
![Page 3: Privacy and Data Security for Your Nonprofit ...29 To view an index of Venable’s articlesand presentations or upcoming seminars on nonprofit legal topics, see or](https://reader033.vdocument.in/reader033/viewer/2022042315/5f03c5ae7e708231d40ab1ac/html5/thumbnails/3.jpg)
3
The Cyber Threat Landscape
© 2014 Venable LLP
![Page 4: Privacy and Data Security for Your Nonprofit ...29 To view an index of Venable’s articlesand presentations or upcoming seminars on nonprofit legal topics, see or](https://reader033.vdocument.in/reader033/viewer/2022042315/5f03c5ae7e708231d40ab1ac/html5/thumbnails/4.jpg)
4
Four Horsemen of the “Cybocalypse”
© 2014 Venable LLP4
Rogue/Disgruntled
“Hacktivist”
Organized CrimeAdvanced Persistent Threat
![Page 5: Privacy and Data Security for Your Nonprofit ...29 To view an index of Venable’s articlesand presentations or upcoming seminars on nonprofit legal topics, see or](https://reader033.vdocument.in/reader033/viewer/2022042315/5f03c5ae7e708231d40ab1ac/html5/thumbnails/5.jpg)
5
What’s the “Catch”?
© 2014 Venable LLP5
Information Targeted by Attackers
Category Objective Examples
Financial
Personally Identifiable Info Identity Theft or Inadvertent
Loss
Payment Card Data TJX, Hannaford, Home Depot
Identifying Data JP Morgan (76m hhlds)
Intelligence
Intellectual Property Corporate Misdeeds
Attorney/Client Comm. Gipson Hoffman & Pancione
R&D Material Across industries
Government Plans Dem. Nat’l Committee
Military Secrets F35 Joint Strike Fighter
Energy Infrastructure and
Architecture
Rumored Data Collection
Other Destruction/Disruption/Leak Insiders, Hacktivists
![Page 6: Privacy and Data Security for Your Nonprofit ...29 To view an index of Venable’s articlesand presentations or upcoming seminars on nonprofit legal topics, see or](https://reader033.vdocument.in/reader033/viewer/2022042315/5f03c5ae7e708231d40ab1ac/html5/thumbnails/6.jpg)
6
But I’m Just a Nonprofit…What Do I
Have to Fear?
© 2014 Venable LLP6
![Page 7: Privacy and Data Security for Your Nonprofit ...29 To view an index of Venable’s articlesand presentations or upcoming seminars on nonprofit legal topics, see or](https://reader033.vdocument.in/reader033/viewer/2022042315/5f03c5ae7e708231d40ab1ac/html5/thumbnails/7.jpg)
7
Top 4 Risks to Nonprofits
© 2014 Venable LLP
![Page 8: Privacy and Data Security for Your Nonprofit ...29 To view an index of Venable’s articlesand presentations or upcoming seminars on nonprofit legal topics, see or](https://reader033.vdocument.in/reader033/viewer/2022042315/5f03c5ae7e708231d40ab1ac/html5/thumbnails/8.jpg)
8
Financial Costs of a Data Breach
Forensic
consultants
Lawyers
Call centers
Credit monitoring
Public relations
crisis response and
repair
© 2014 Venable LLP8
![Page 9: Privacy and Data Security for Your Nonprofit ...29 To view an index of Venable’s articlesand presentations or upcoming seminars on nonprofit legal topics, see or](https://reader033.vdocument.in/reader033/viewer/2022042315/5f03c5ae7e708231d40ab1ac/html5/thumbnails/9.jpg)
9
Reputational Damage
Front page news
Notifying donors,
employees, consumers,
government agencies
Public outcry
Erosion of donor trust
Antipathy of service
constituency; boycotts
© 2014 Venable LLP9
![Page 10: Privacy and Data Security for Your Nonprofit ...29 To view an index of Venable’s articlesand presentations or upcoming seminars on nonprofit legal topics, see or](https://reader033.vdocument.in/reader033/viewer/2022042315/5f03c5ae7e708231d40ab1ac/html5/thumbnails/10.jpg)
10
Government “Fine”-Tuning
Watchdogs have a lot to watch in today’s
nonprofit world:
– Electronic solicitations (CAN-SPAM)
– Donation platforms (breach laws)
– Donor list management (privacy policies)
– Social media outreach (COPPA)
Government handing out fines to nonprofits
© 2014 Venable LLP10
![Page 11: Privacy and Data Security for Your Nonprofit ...29 To view an index of Venable’s articlesand presentations or upcoming seminars on nonprofit legal topics, see or](https://reader033.vdocument.in/reader033/viewer/2022042315/5f03c5ae7e708231d40ab1ac/html5/thumbnails/11.jpg)
11
A Not-So-Class Act:
More Privacy/Data Security Lawsuits
Organizations have been
sued for:
– Failing to maintain
reasonable data security
– Collecting personal
information with payment
– Sharing data with third
parties
– Mobile device practices
© 2014 Venable LLP11
![Page 12: Privacy and Data Security for Your Nonprofit ...29 To view an index of Venable’s articlesand presentations or upcoming seminars on nonprofit legal topics, see or](https://reader033.vdocument.in/reader033/viewer/2022042315/5f03c5ae7e708231d40ab1ac/html5/thumbnails/12.jpg)
12
Risks Are Getting Riskier…
Part 1: Top 4 Industry Trends
© 2014 Venable LLP
![Page 13: Privacy and Data Security for Your Nonprofit ...29 To view an index of Venable’s articlesand presentations or upcoming seminars on nonprofit legal topics, see or](https://reader033.vdocument.in/reader033/viewer/2022042315/5f03c5ae7e708231d40ab1ac/html5/thumbnails/13.jpg)
13
Data Collection:
Turn up the Volume of Data Flow
Online giving: fastest
growing fundraising
channel for nonprofits
Social media: key to
donor and constituent
engagement
Move to mobile and
“internet of things”:
geolocation and more
© 2014 Venable LLP13
![Page 14: Privacy and Data Security for Your Nonprofit ...29 To view an index of Venable’s articlesand presentations or upcoming seminars on nonprofit legal topics, see or](https://reader033.vdocument.in/reader033/viewer/2022042315/5f03c5ae7e708231d40ab1ac/html5/thumbnails/14.jpg)
14
The Growing Uses of Data:
More of It, More from It
Big Data: Opening the
door for analytics and
predictive modeling
– Boost donor network and
fundraising opportunities
– Extend reach of services
and solicitations
– Develop new products
and services
© 2014 Venable LLP14
![Page 15: Privacy and Data Security for Your Nonprofit ...29 To view an index of Venable’s articlesand presentations or upcoming seminars on nonprofit legal topics, see or](https://reader033.vdocument.in/reader033/viewer/2022042315/5f03c5ae7e708231d40ab1ac/html5/thumbnails/15.jpg)
15
Data Transfer and Storage:
All Systems Cloud and Clear
Nonprofits gain from hosted IT
services and cloud-based
solutions that cut costs and free
up resources.
More vendors means more
third-party access to data.
© 2014 Venable LLP15
Data sharing fosters
collaboration within and
beyond the organization.
![Page 16: Privacy and Data Security for Your Nonprofit ...29 To view an index of Venable’s articlesand presentations or upcoming seminars on nonprofit legal topics, see or](https://reader033.vdocument.in/reader033/viewer/2022042315/5f03c5ae7e708231d40ab1ac/html5/thumbnails/16.jpg)
16
The Growing Value of Data
Data revolution driving all decision-making for
entities and individuals alike
Growing dependence on data boosts ROI for
cybercriminals
© 2014 Venable LLP16
1994 2014
![Page 17: Privacy and Data Security for Your Nonprofit ...29 To view an index of Venable’s articlesand presentations or upcoming seminars on nonprofit legal topics, see or](https://reader033.vdocument.in/reader033/viewer/2022042315/5f03c5ae7e708231d40ab1ac/html5/thumbnails/17.jpg)
17
Risks Are Getting Riskier…
Part 2: Top 4 Legal Developments
© 2014 Venable LLP
![Page 18: Privacy and Data Security for Your Nonprofit ...29 To view an index of Venable’s articlesand presentations or upcoming seminars on nonprofit legal topics, see or](https://reader033.vdocument.in/reader033/viewer/2022042315/5f03c5ae7e708231d40ab1ac/html5/thumbnails/18.jpg)
18
Legislative and Enforcement Push after
High Profile Breaches
© 2014 Venable LLP18
![Page 19: Privacy and Data Security for Your Nonprofit ...29 To view an index of Venable’s articlesand presentations or upcoming seminars on nonprofit legal topics, see or](https://reader033.vdocument.in/reader033/viewer/2022042315/5f03c5ae7e708231d40ab1ac/html5/thumbnails/19.jpg)
19
Security Standards for a New World:
“Reasonableness”
Data security
– Duty of care: Anticipate foreseeable risks
Preparation
– Incident response planning a must
© 2014 Venable LLP19
![Page 20: Privacy and Data Security for Your Nonprofit ...29 To view an index of Venable’s articlesand presentations or upcoming seminars on nonprofit legal topics, see or](https://reader033.vdocument.in/reader033/viewer/2022042315/5f03c5ae7e708231d40ab1ac/html5/thumbnails/20.jpg)
20
State Government Watchdogs:
Lots of Bark and Lots of Bite
Innovation means new
practices
New practices mean
more scrutiny
Privacy policies, terms
of use, types of data
© 2014 Venable LLP20
![Page 21: Privacy and Data Security for Your Nonprofit ...29 To view an index of Venable’s articlesand presentations or upcoming seminars on nonprofit legal topics, see or](https://reader033.vdocument.in/reader033/viewer/2022042315/5f03c5ae7e708231d40ab1ac/html5/thumbnails/21.jpg)
21
Expect the Unexpected:
The Evolving Privacy Landscape
Expansion of PII
(geolocation,
biometric)
transforming nature of
privacy
© 2014 Venable LLP21
Government
surveillance revelations
driving public
sensitivities
![Page 22: Privacy and Data Security for Your Nonprofit ...29 To view an index of Venable’s articlesand presentations or upcoming seminars on nonprofit legal topics, see or](https://reader033.vdocument.in/reader033/viewer/2022042315/5f03c5ae7e708231d40ab1ac/html5/thumbnails/22.jpg)
22
Summary
Top 4 Risks to Nonprofits
– Cost of a breach
– Reputational damage
– Government fines
– Class action lawsuits
Risks Getting Riskier: Industry Trends and Legal
Developments
Top 4 Industry Trends
– Data collection; use; transfer/storage; value
Top 4 Legal Developments
– Legislative/enforcement push; security standards; UDAP enforcement; shifting expectations of privacy
© 2014 Venable LLP22
![Page 23: Privacy and Data Security for Your Nonprofit ...29 To view an index of Venable’s articlesand presentations or upcoming seminars on nonprofit legal topics, see or](https://reader033.vdocument.in/reader033/viewer/2022042315/5f03c5ae7e708231d40ab1ac/html5/thumbnails/23.jpg)
23
Five Steps to Mitigating Privacy
and Data Security Risks
© 2014 Venable LLP
![Page 24: Privacy and Data Security for Your Nonprofit ...29 To view an index of Venable’s articlesand presentations or upcoming seminars on nonprofit legal topics, see or](https://reader033.vdocument.in/reader033/viewer/2022042315/5f03c5ae7e708231d40ab1ac/html5/thumbnails/24.jpg)
24
Five Steps to Mitigating Privacy/Data
Security Risks
1) Accept that this is an enterprise-wide risk,
not just an IT issue.
Stakeholders include but are not limited to
the Boardroom, HR, Audit, IT and Legal.
© 2014 Venable LLP24
![Page 25: Privacy and Data Security for Your Nonprofit ...29 To view an index of Venable’s articlesand presentations or upcoming seminars on nonprofit legal topics, see or](https://reader033.vdocument.in/reader033/viewer/2022042315/5f03c5ae7e708231d40ab1ac/html5/thumbnails/25.jpg)
25
Five Steps to Mitigating Privacy/Data
Security Risks
2) Identify your organization’s most critical
data assets.
Where do these assets reside?
Who has access to these assets?
© 2014 Venable LLP25
![Page 26: Privacy and Data Security for Your Nonprofit ...29 To view an index of Venable’s articlesand presentations or upcoming seminars on nonprofit legal topics, see or](https://reader033.vdocument.in/reader033/viewer/2022042315/5f03c5ae7e708231d40ab1ac/html5/thumbnails/26.jpg)
26
Five Steps to Mitigating Privacy/Data
Security Risks
3) Identify vendors used for business
functions involving critical data assets.
Seek to transfer risk contractually
Understand where data is stored
Understand the level of vendor security
Require vendor to buy cyber insurance
© 2014 Venable LLP26
![Page 27: Privacy and Data Security for Your Nonprofit ...29 To view an index of Venable’s articlesand presentations or upcoming seminars on nonprofit legal topics, see or](https://reader033.vdocument.in/reader033/viewer/2022042315/5f03c5ae7e708231d40ab1ac/html5/thumbnails/27.jpg)
27
Five Steps to Mitigating Privacy/Data
Security Risks
4) 4) Layered Defense – assume attackers
will penetrate your network.
Firewalls to protect perimeter
Intrusion detection systems
Two factor authentication
Anti-virus
Encryption
Enterprise-wide
Portable devices
© 2014 Venable LLP27
![Page 28: Privacy and Data Security for Your Nonprofit ...29 To view an index of Venable’s articlesand presentations or upcoming seminars on nonprofit legal topics, see or](https://reader033.vdocument.in/reader033/viewer/2022042315/5f03c5ae7e708231d40ab1ac/html5/thumbnails/28.jpg)
28
FiveSteps to Mitigating Privacy/Data
Security Risks
5) Establish a data breach incident response
plan.
Identify the legal department as quarterback.
Establish a reporting structure to legal.
Set up key legal, IT, forensic, and PR vendor
relationships.
© 2014 Venable LLP28
![Page 29: Privacy and Data Security for Your Nonprofit ...29 To view an index of Venable’s articlesand presentations or upcoming seminars on nonprofit legal topics, see or](https://reader033.vdocument.in/reader033/viewer/2022042315/5f03c5ae7e708231d40ab1ac/html5/thumbnails/29.jpg)
29
To view an index of Venable’s articles and presentations or upcoming seminars
on nonprofit legal topics, see www.Venable.com/nonprofits/publications or
www.Venable.com/nonprofits/events.
To view recordings of Venable’s nonprofit programs on our YouTube channel,
see www.youtube.com/user/VenableNonprofits.
Jeffrey S. Tenenbaum, Esq.
t 202.344.8138
Emilio W. Cividanes, Esq.
t 202.344.4414
Contact Information
© 2014 Venable LLP