Steve Helland’s Highlights from the Midwest Data Privacy & Security Conference
As in past years, the Minnesota Bar Association’s “Midwest Legal Conference on Privacy & Data Security” was fantastic.
First, I must thank my informative and entertaining co-presenters for our session on Privacy and Security in Vendor-Customer Relations: Tiffanea Trice Mulder of Medtronic and Jake Omann of Ahmann-Martin.
Second, below are my 100 percent subjective highlight notes from the full day conference:
- Cyberattacks are on the rise. Security threats run the gambit from simple dumpster diving to sophisticated hacks and social engineering schemes.
- Government is interested, investigating and enforcing on data privacy issues on the international, U.S., state and local levels.
- Safe Harbor is no longer a reliable compliance mechanism for moving personal data from the E.U. to the U.S. Although a Safe Harbor 2.0 is under discussion/negotiation, companies should consider Plan B such as model contract clauses or binding corporate rules.
- Norse Attack Map is a mesmerizing and terrifying way to visualize the incredible level of cyber and hacking threats.
- Bitcoin is the preferred currency of cyber criminals.
- Vendors are regularly the “weak link” in a company’s security system.
- Cyber insurance has evolved in the past five years and is worth considering / pricing out. With that said, “cyber” insurance is a misleading term given the various types of coverage and limits under that umbrella; we need to be more specific.
- Encryption of laptops and mobile devices is for sure a recommended practice; and it may even be “negligent” to fail to encrypt such devices. Stolen laptops / mobile devices remain a common vector for data security breaches, and one estimate is that one out of 10 business laptops is lost or stolen each year.
- Written Privacy / Security Policies not only help guide you and reduce the risk of a security breach, but they are also a potential shield to liability even if you do experience a breach. A Security Breach Response Policy is an especially important policy to have and thought through in advance.
- Use a Loaner Laptop if traveling to China or Russia.
- 2-Factor-Authentication is becoming an increasingly popular method of device sign-on. For example, in order to log on, I enter my name + password into my laptop, and then also respond to a telephone call or send a text to my mobile device.
The International Association of Privacy Professionals (IAPP), is the leading industry group in this space and if you join their website has loads of useful information including sample policies and other documents.
Lisa Sotto’s Privacy and Security Law Deskbook is my own go-to resource for detailed information and research in this area.
Or, best yet, to learn more join us for the 2017 Privacy/Security Conference!