Crisis Management for In-House Counsel: Data Breaches, Disasters, Fraud, Government Investigations and More Developing a Proactive Plan, Identifying Potential Liabilities and Damages, Navigating the PR Fallout, Ensuring Business Continuity Today’s faculty features: 1pm Eastern | 12pm Central | 11am Mountain | 10am Pacific The audio portion of the conference may be accessed via the telephone or by using your computer's speakers. Please refer to the instructions emailed to registrants for additional information. If you have any questions, please contact Customer Service at 1-800-926-7926 ext. 10. WEDNESDAY, JUNE 4, 2014 Presenting a live 90-minute webinar with interactive Q&A Alison P. Buchanan, Shareholder, Hoge Fenton Jones & Appel, San Jose, Calif. Theresa Adams Coetzee, Vice President & Assistant General Counsel, Marriott International, Washington, D.C. Thomas F. Zych, Partner, Thompson Hine, Cleveland
31
Embed
Presenting a live 90 -minute webinar with interactive Q&A ...media.straffordpub.com/products/crisis-management-for-in-house... · Data Breaches, Disasters, Fraud, Government Investigations
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Crisis Management for In-House Counsel: Data Breaches, Disasters, Fraud, Government Investigations and More Developing a Proactive Plan, Identifying Potential Liabilities and Damages, Navigating the PR Fallout, Ensuring Business Continuity
The audio portion of the conference may be accessed via the telephone or by using your computer's speakers. Please refer to the instructions emailed to registrants for additional information. If you have any questions, please contact Customer Service at 1-800-926-7926 ext. 10.
WEDNESDAY, JUNE 4, 2014
Presenting a live 90-minute webinar with interactive Q&A
Alison P. Buchanan, Shareholder, Hoge Fenton Jones & Appel, San Jose, Calif.
Theresa Adams Coetzee, Vice President & Assistant General Counsel, Marriott International, Washington, D.C.
Thomas F. Zych, Partner, Thompson Hine, Cleveland
Tips for Optimal Quality
Sound Quality If you are listening via your computer speakers, please note that the quality of your sound will vary depending on the speed and quality of your internet connection. If the sound quality is not satisfactory, you may listen via the phone: dial 1-866-961-8499 and enter your PIN when prompted. Otherwise, please send us a chat or e-mail [email protected] immediately so we can address the problem. If you dialed in and have any difficulties during the call, press *0 for assistance. Viewing Quality To maximize your screen, press the F11 key on your keyboard. To exit full screen, press the F11 key again.
FOR LIVE EVENT ONLY
Continuing Education Credits
For CLE purposes, please let us know how many people are listening at your location by completing each of the following steps:
• In the chat box, type (1) your company name and (2) the number of attendees at your location
• Click the SEND button beside the box
If you have purchased Strafford CLE processing services, you must confirm your participation by completing and submitting an Official Record of Attendance (CLE Form).
You may obtain your CLE form by going to the program page and selecting the appropriate form in the PROGRAM MATERIALS box at the top right corner.
If you'd like to purchase CLE credit processing, it is available for a fee. For additional information about CLE credit processing, go to our website or call us at 1-800-926-7926 ext. 35.
FOR LIVE EVENT ONLY
Program Materials
If you have not printed the conference materials for this program, please complete the following steps:
• Click on the ^ symbol next to “Conference Materials” in the middle of the left-hand column on your screen.
• Click on the tab labeled “Handouts” that appears, and there you will see a PDF of the slides for today's program.
• Double click on the PDF and a separate page will open.
• Print the slides by clicking on the printer icon.
Chaos Corp. is a publically traded, global manufacturer of a wide range of apparel, sporting goods and “wearable” technology.
Chaos Corp.’s upper management is regularly featured in the business press, cable television and its CEO was invited to Davos last year.
Chaos has enjoyed double digit year-over-year sales and earnings growth for three straight years.
9
THE PLOT THICKENS
Chaos has been approached by private equity funds to consider going private. Chaos management is currently evaluating the possibility.
Chaos has retained the assistance of consultants to create a strategy to “rationalize” its sourcing and manufacturing systems, including its extensive BPO relationships, to reduce costs.
10
AND THEN . . .
A well-known NGO publishes a scathing report revealing allegedly wretched working conditions in factories in southern and southeastern Asia that supply goods to Chaos.
Within weeks, hacktivists announce that Chaos is and will be the target of DDOS attacks.
They’re not bluffing: serious attacks begin.
11
Uh Oh!
Chaos IT managers and its IT consultant report indications that the interfaces with Chaos’ cloud hosted vendor management, CRM, manufacturing and order fulfillment systems have been compromised “behind” the DDOS attacks.
By Day 3 of the attacks, unusual purchasing and ordering patterns appear on Chaos’ customer-facing websites, along with unexplained spikes in atypical product orders.
12
BUT WAIT, THERE’S MORE!
By Day 4, Chaos HR files as well as employment records of Chaos vendors begin appearing on the internet. Workers are, understandably, unhappy. Threats of strikes appear on blogs and social media.
Chaos’ stock price takes a serious hit.
State attorneys general announce investigations at the NAAG annual meeting.
13
SETTING THE STAGE Data Are Assets
Knowing What Data You Manage Is No Longer Intuitive
Knowing Where The Data Are Gets More Complicated
Knowing How Data Can Be Lost Is Critical
We Have Met The Enemy . . .
14
A CONFLUENCE OF FORCES
Customer/ Consumer
Schizophrenia
Intensifying Regulatory Focus
15
IT’S THE WHOLE ENTERPRISE Data Insecurity Impacts Your Company’s:
Brand and Reputation
Ability to Exploit Lawfully Gathered Information
Competitive Standing
Human Resources Management
System Integrity
Regulatory Risk Exposure
16
INFORMATION SECURITY: THE RISK PROFILE
Cyber hacking is one real risk
Advanced persistent threat actors:
Foreign government agencies
Industrial espionage
-BUT-
The highest risk profile comes from more prosaic sources
17
THE RISK PROFILE
Socially engineered vulnerabilities
Phishing
Impersonation – everyone needs a friend
The “too good to be true”
The “help” desk
Human frailty
+
A little engineering
+
Patience
=
Treasure Trove!
18
OTHER RISK SOURCES Insecure third party practices
Data on devices
Temporary work forces
Simple carelessness
Not knowing what is where
19
PLANNING, AND THEN MORE PLANNING
The time for learning the emergency plan is not while the disaster is happening!
An unknown plan is worth less than no plan at all.
Crisis Management for In-House Counsel: Data Breaches, Disasters, Fraud, Government Investigations and More Preparing for the Worst
20
Preparing for the Worst…
Elements of Business Continuity
Management
21
Preparing for the Worst…
• RESOURCES • Federal Emergency Management Agency (FEMA)
Business Continuity Planning Suite software.
• The Federal Financial Institutions Examination Council (FFIEC) publishes the “Business Continuity Planning Booklet”.
• The American Bar Association provides a template disaster preparedness plan titled “Surviving a Disaster, Guide to Disaster Planning for Bar Associations”.
22
23
Crisis Management for In-House Counsel: Data Breaches, Disasters, Fraud, Government Investigations and More Ethics Considerations
• Your organization’s PR team is not comprised of lawyers; they are not subject to the Rules of Professional Conduct, but you are – Model Rule 4.1, Truthfulness in Statements to Others
– Model Rule 4.4, Respect for Rights of Third Persons
– Model Rule 3.9, Advocate in Nonadjudicative Proceedings
• You cannot instruct someone to do something you are ethically prohibited from doing – Model Rule 5.3, Responsibilities Regarding Nonlawyer Assistants