Category Archives: Risk Management

Jeffrey Steele quotes me in his Multi Housing News article, “Addressing Cyber Security: New Tools and Laws Combat the Threat.”

Posted on by 5 comments

Multihousing building

In his article, Addressing Cyber Security:  New Tools and Laws Combat the Threat, Multi Housing News contributing editor Jeffrey Steele writes about cyber risks, risk management, and insurance coverage for the multi housing industry for the February 2013 edition of the magazine.

The article opens:

The growing threat to companies in the multifamily industry from cyber-attacks is serious enough that the National Apartment Association staged a webinar in 2012 entitled “The New Cyber Reality for the Multifamily Rental Housing Industry: Threats, Responsibilities and Risk Management Strategies.”  [Link added]

In this special tech report, Multi-Housing News interviews two of the leading participants on that panel to discuss the types of threats the industry faces, legislative developments currently underway, and what measures companies can undertake now to ensure they are prepared in the event of such attacks.

Mr. Steele interviewed my former colleague, Brian Finch, and me, for the article, getting our thoughts on cyber and privacy risks facing the multifamily housing industry.  We discuss data breach laws that could affect the multifamily housing industry, including the current slate of 46 different state data breach notification laws, current legislative developments, and risk mitigation tools.  We also give some predictions as to the future of cyber and privacy risks.

If you’d like to read the full piece, please click on over to Addressing Cyber Security:  New Tools and Laws Combat the Threat to read the entire article.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2013.

Please join me for the January 11, 2013 Delaware Valley RIMS Chapter Meeting: “Cyber Risk Management and Control”

Posted on by 2 comments

Please join me for a luncheon hosted by the Delaware Valley chapter of RIMS on Friday, January 11, 2013:  Cyber Risk Strategies Meeting.

Here are the details that the Delaware Valley chapter of RIMS has postedCybersecurity about the meeting:

Every day the media reports another major cyber breach. No person or corporation is immune. And the inevitable class action privacy breach lawsuits follow. The trend among courts and government regulators has been to allow these suits to proceed to discovery and beyond. The associated costs are increasing exponentially. Become better informed by a debate on cyber risks and litigation, crisis management, loss control, the applicability of insurance and cyber risk strategies by joining us on January 11, 2013 at Aramark’s Philadelphia office.

The panelists will be Scott Godes [formerly] from Dickstein Shapiro and Richard Bortnick [formerly] from Cozen and O’Connor. Scott Godes [was] counsel in the Insurance Coverage Practice and focuses on representing corporate policyholders in insurance coverage disputes. He is a seasoned litigator who has extensive experience in trying complex insurance coverage disputes, including class actions, in state, federal, bankruptcy, and appellate courts, as well as in commercial arbitrations. He [was] co-leader of the firm’s Cyber Security Insurance Coverage Initiative.

Richard Bortnick, from Cozen & O’Connor is a member resident in Cozen O’Connor’s Philadelphia office. He litigates and counsels U.S. and international clients on cyber and technology, directors’ and officers’ liability, securities fraud, professional liability, insurance coverage, products liability, and commercial litigation cases. He also drafts professional liability insurance policies of varying types, including Cyber/Tech policies, and is co-publisher of the cyber industry blog, Cyberinquirer.com.

Moderating the discussion will be Art Boyle, Vice President of Enterprise Risk at Radian Group.

Here are the time and location details:

DATE:  Friday, January 11th from 8:00 AM – 10:00 AM
LOCATION:  Aramark office, Center City, Philadelphia

Please be sure to join us!  Click here to register.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2013.  As a presenter, I will not be charged a fee to attend the meeting.

Please join me on August 15, 2012 for a webinar: You’ve had a privacy breach…now what?

Posted on by One comment

Please join me on August 15, 2012 for a webinar:  You’ve had a privacy breach…now what?

LexisNexis® Emerging Issues Series | Social Media and Employment Policy Considerations

Here are the details from Lexis and HB:

LexisNexis® Presents a Complimentary CLE Accredited* Webinar:
The 2012 Top Privacy Concerns for Companies and Best Practices for Cyber Breach Preparedness

Government reports estimate that cyber breaches cost the U.S. economy over $1 trillion annually. The need to protect your company against breaches, data loss and theft are increasing in today’s ever-changing technological landscape. Our expert panelists will provide insights plus a risk manager’s perspective on privacy security, best practices for breach preparedness and explain the necessary coverage needs. Learn how to protect yourself in this 90-minute complimentary Webinar designed for in-house counsel.

On August 15, from 2 – 3:30 P.M. ET, join our panel of experts as they bring you the crucial steps needed to prepare for and address cyber privacy issues.

  • Understanding cyber privacy concerns today: Identifying your vulnerabilities & protecting against breaches, data loss or theft.
  • The state and federal statutory frameworks requiring the most observation and compliance.
  • Risk manager’s perspective on privacy security, breach preparedness and coverage needs.
  • Privacy breach—Now what? Understanding the case theories involved, the relevant developments in insurance coverage and the vendors you’ll need in place.
  • Unique concerns raised by the use and storage of health-related information.

Register now

Wednesday, August 15, 2012
2 – 3:30 P.M. ET

FREE CLE-Eligible Webinar!
Earn 1.5 credit hours

Panelists include:

Scott Godes [formerly] of Dickstein Shapiro LLP

Mario Paez of Wells Fargo Insurance Services

Jimmy Kirtland of ING Americas

Lynn Sessions of Baker & Hostetler LLP

Professor David Bender of the University of Houston Law Center

*CLE is approved or in the process of approval for the mandatory CLE states listed below for 1.5 hours of CLE Credit. Of these, 0 qualify as hours of general, participatory, or skills credit, 0 qualify for hours of law office management, and 0 qualify for hours of ethics/professionalism.

Alabama, Alaska, Arizona, Arkansas, California, Colorado, Delaware, Florida, Georgia, Hawaii, Idaho, Illinois, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maine, Minnesota, Mississippi, Missouri, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, New York†, North Carolina, North Dakota, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, Tennessee, Texas, Utah, Vermont, Virginia, Washington, West Virginia, Wisconsin and Wyoming.

†Only experienced NY attorneys may take Webinar training for CLE. New York regulation requires that all CLE sessions must be conducted by an attorney in good standing or a JD. The presenter for this event meets this New York regulation. Contact the LexisNexis® CLE group directly atCLE.Sales@lexisnexis.com with questions about eligibility requirements and for further details on CLE paperwork.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2012.

Business Insurance quotes me in “Risk managers’ expertise valuable in cyber risk efforts”

Posted on by 4 comments

In the article, Risk managers’ expertise valuable in cyber risk effortsBusiness Insurance writes about managing cyber risks and insurance for those risks.

The article opens:

Most risk managers might not be information technology experts, but they can effectively manage cyber risks by applying their expertise in such areas as contract risks, assessing the value of exposures and communicating the potential impact of exposures across their organizations.

The article provides viewpoints from multiple people who deal with risk management, cyber risk, and insurance issues.  Business Insurance quotes a risk manager, underwriter, and a broker.  Business Insurance also quoted me in the article, writing:

Using last year’s California Supreme Court ruling in Pineda vs. Williams Sonoma Stores Inc. that held that ZIP codes can be considered personally identifiable information in certain cases as an example, “It’s really quite a changing time in terms of what’s out there in terms of risks and what companies’ potential risks and liabilities might be,” said Scott N. Godes, [formerly] of counsel in the insurance coverage practice at Dickstein Shapiro L.L.P. in Washington.

“We now have 46 states with data breach notification statutes. There’s pending legislation in Congress,” Mr. Godes said. In addition, the U.S. Securities and Exchange Commission has produced cyber security disclosure guidance requiring publicly traded companies to disclose their cyber risks to investors and makes those companies’ boards responsible for assessing their exposures and taking appropriate steps to address them, he said.

“Because of the ongoing changes, it’s certainly something companies need to be paying attention to,” he said.

Want to read the other opinions and thoughts offered on the subject?  Then click on over to Risk managers’ expertise valuable in cyber risk efforts to read the entire article.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2012.

Join me for the IRMI Cyber & Privacy Risk Conference.

Posted on by One comment

IRMI Cyber & Privacy Risk Conference.  Mark your calendar to join us in Baltimore, MD on May 16-17, 2012.

Noted cybersecurity, homeland and national security expert Richard A. Clarke will deliver the keynote address.

Discussing the last IRMI Cyber & Privacy Risk Conference, IRMI notes:

This past July in San Francisco, 100 risk managers, underwriters, agents and brokers attended the first IRMI Cyber & Privacy Risk Conference.

These industry thought leaders came away with a greatly improved understanding of how to identify, contractually transfer, and insure liability risks arising from the use of technology and the Internet in business. Many networking opportunities were provided to build relationships with leaders in cyber and privacy risk management and insurance.

My session will be:

Wednesday, May 16, 10:45 a.m. – 12:15 p.m.

The Cyber Risk Regulatory and Legal HorizonAs the web of laws and regulatory requirements increases, managing the risks of cyber security becomes even more challenging. On top of the multitude of state laws, the SEC recently released reporting requirements and Congress is set to take up a number of bills during 2012. This workshop will provide an overview the range of laws and regulations in place and explore the new legislative developments affecting cyber insurance and risks, as well as the reporting requirements issued recently by the SEC.

Panelists:

  • Scott N. Godes, Counsel in the Insurance Coverage Practice, [formerly] Dickstein Shapiro LLP
  • Jacob Olcott, Principal, Cybersecurity, Good Harbor Consulting, LLC
  • Tim Stapleton, Assistant Vice President and Professional Liability Product Manager, Zurich North America
  • Other Panelists To Be Announced

Interested in attending?  Then head on over to the RIMS 2012 website to register.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2012.

Note:  as a speaker at the conference, I will not be charged a fee related to the conference.

myspace profile views counter

“2012 Data Privacy and Information Security Predictions”

Posted on by 4 comments

My friend, Christine Marciano, who is President, Cyber Data Risk Managers, just released her 2012 Data Privacy and Information Security Predictions. The report is an interesting series of predictions on what 2012 will hold in the areas of privacy and cyber risks. Here is how Christine describes the report:

This is our first Data Privacy and Information Security Predictions report. We asked
leading Data Privacy and Information Security professionals what they thought the New
Year will hold in terms of the threats that are on the 2012 landscape. The predictions
that are included in this report offer a wide range of threats and concerns that need to
be considered by every business or organization that operates in cyberspace regardless
of its size.

Christine starts off the report with some of her own predictions regarding 2012 and what people might expect in terms of cyber risks and cyber threats:

As we start 2012, we can expect to see a continuance of data breaches and increasing cyber attacks. Taking a look back at 2011, we have learned that no system is ever 100% secure no matter the name or the size of an organization. It’s important for businesses and organizations to know what they need to be prepared for and to take steps to help minimize the threats that do not appear to be going away. Looking ahead, it appears that in 2012 we will see an increase of heightened and very sophisticated threats than what was seen in 2011. We can recall 2011 as the year the hackers and the hacktivists got started on the data breach and gained a great amount of attention. With all of the digital information and big data that is being stored, it should come as no surprise that data breaches are not going away in 2012 as they are only going to get bigger. I expect that we will also see more serious hacktivists attacks. It seems that the hacktivist is no longer hacking organizations just for the fun of it. They are attacking for specific causes and I believe that hacktivists are going to be a very serious threat in 2012 and organizations must be prepared.

Christine cites me for a prediction about data breaches and insurance coverage for data breaches and privacy risks. Here is her write up for me in the report:

DATA BREACHES WILL FORCE MANY TO REVIEW THEIR EXISTINGINSURANCE POLICIES TO SEE WHAT’S COVERED

Scott N. Godes, [formerly] Counsel, Dickstein Shapiro LLP, states…

In terms of a trend in the areas of privacy and information security, I have noticed a sea change in both areas, leading to more need for analysis of insurance policies to cover these risks. When considering privacy risks, there has been an expansion of risks and potential liability for privacy violations, with the Pineda v. Williams Sonoma decision serving as one example. This year also has been called the year of the data breach, and companies are taking a hard look at how their insurance might and does cover such claims. These risks are being considered much more closely by companies, along with a careful analysis of how their insurance policies might cover.

Follow Scott Godes on Twitter:
@insurancecvg

She also quotes several people who write and speak a good deal about cyber risks, including:

  • Misha Glenny, Author of DarkMarket: Cyberthieves, Cybercops and You (Knopf, 2011), about smartphones and international cybercrime;
  • Jim Duster, Vice President of Sales, Debix; and Jake Kouns, Director of Cyber Security and Technology Risks, Underwriting, Markel Corporation, about the growth of cyberinsurance for 2012;
  • InfoLawGroup Senior Counsel, Richard Santales, about EU Data Protection regulation changes, HIPAA breach notification changes, upcoming FTC privacy report, and cloud computing;
  • InfoLawGroup Partner, David Navetta, about concerns over BYOD (“bring your own device”) and COIT (“consumerization of information technology);
  • Bruce Anderson, CEO, Cyber Investigation Services, about small and medium businesses becoming a target for data breaches in 2012, increased cyber attacks, growth in website attacks, mobile threats, and hacktivists targeting the cloud;
  • Anthony M. Freed, Managing Editor at Infosec Island, about cyber attacks on critical infrastructure;
  • Shaun Dakin, Managing Director, Webbmedia Group, about the FTC using existing power to regulate commercial enterprises; and
  • Robert Fletcher, founder and CEO of Intellectual Property Insurance Services Corporation, as to how Changes in America Invents Act will drive intellectual property owners to explore specialized intellectual property insurance policies to fund IP litigation.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2012.

Join me for RIMS 2012 Annual Conference & Exhibition in Philadelphia!

Posted on by One comment

Looking for a fantastic seminar devoted to risk and insurance?  Are you a risk manager?  Are you part of the insurance industry?  Are you someone who helps companies get their claims covered and paid (that’s me! that’s me!)?

Of course, then, you want to attend a risk management seminar with “no boundaries.”  Well, look no further.  “No boundaries” is how RIMS describes its RIMS12 annual conference for 2012:

If your organization is like most, risk is not confined to just one department. Everyone has risk management responsibilities. At RIMS 2012 Annual Conference & Exhibition, there are no limits to the information and resources available to help you and your organization innovatively minimize risks. You’ll find a wide array of educational sessions offering practical strategies, no matter what your business area. Sessions are offered at all experience levels—from beginner to advanced—so you can design an educational experience that fits your needs. And, the Exhibit Hall is jam-packed with solutions–everything you’ll need for the upcoming year.

The event is from April 15-18, 2012 in Philadelphia.

Not sure whether you should attend?  Here’s what RIMS says, and I couldn’t have said it better myself:

The Value of Attending

As the current economic climate continues to affect companies, some critical training and education budgets have been slashed or put on hold. Yet, the need for proper training, innovative tools and resources is greater now than ever before. At RIMS 2012 Annual Conference & Exhibition you will participate in the single most educational, informative conference for risk professionals. Refresh your skill set, pick up new tips and techniques, and network with nearly 10,000 risk professionals.

But just in case you need help justifying the value of attending RIMS to your management, here are the top reasons why you should register today:

  • Top-notch education–With 120+ sessions, hot topic sessions, keynote presentations, a jam-packed Exhibit Hall and unique networking opportunities, RIMS ’12 has more new strategies, ideas and practical solutions in one place that you will find anywhere else!
  • Keynote presentations–You’ll hear business visionaries share how to best utilize your resources in this time of financial uncertainty, enhance your leadership skills and align effective risk management with your organization’s business goals. Learn how to incorporate successful change management strategies into your risk policy, work in constantly evolving markets and structure your risk program to handle planned—and unplanned—challenges as they arise.
  • Industry leaders–Solve today’s challenges with the help of top industry leaders. At RIMS 2012, world-class speakers will discuss techniques and best practices that will advance your understanding of risk management and help you maneuver your risk program past current and future obstacles. This is the knowledge that will ensure your organization’s stability and growth—especially in these demanding times!
  • Save your company money!–Attend sessions that will save your company money and take away cost-cutting strategies. Your registration will have paid for itself! View the conference program to find the best sessions to fit your business needs.
  • Exhibit Hall–Walk through the Exhibit Hall to meet with service providers and discover thousands of ground-breaking resources, the latest innovations and breakthrough solutions. Hold on to those business cards—they will help you create innovative strategies and find new solutions when you need them.
  • Networking–Navigate the twists and turns of developing a successful risk management program with nearly 10,000 leading risk professionals who will bring a fresh perspective to your risk program. We’ve got events such as a grand Opening Reception, keynote presentations, award receptions, Wednesday Night Spectacular and more for you to meet old friends and make new ones.
  • Make a difference–Join your peers and give back to Vancouver, our host city, or support the future of the risk management industry. Participate in RIMS Community Service Day or join us for the Spencer Educational Foundation fundraising event. Details on these special events are available in the conference program.
  • Global reach–Attendees from more than 50 countries will come together in Philadelphia at RIMS 2012 to learn how to improve their risk program and operate efficiently and effectively in today’s global marketplace. Learn the challenges of doing business in China, balancing operational risks associated with global sourcing, tips for implementing a global risk program, and more! Attend one of the sessions offered in Spanish and Japanese for a truly global perspective. What’s more, you’ll find many multinational corporations and international organizations in the Exhibit Hall.
  • Share your knowledge–Host an “everything I learned at RIMS ’12” information session for your coworkers and pass on the new tools and strategies that you acquired, as well as information on the new contacts and solution providers you met.
  • It’s the premier industry conference–In terms of learning, networking, solution-sharing, peer exchange and connecting with service providers, RIMS ’12 is the only place where you can find it all. So, join us in Philadelphia and gain the advantage that you need to elevate your profile with your organization!

My session will be CLM203: Cyber Attacks and Privacy Claims: Litigation, Insurance and Crisis Management.  Joined by Rick Bortnick and Art Boyle, we’ll be discussing insurance coverage for cyberrisks and privacy claims, including data breaches, denial-of-service attacks, privacy class actions, and other cybersecurity and privacy events:

Session Code: CLM203
Date: Wednesday, April 18, 2012
Time: 8:45 AM – 10:00 AM
Every day, the media reports another major cyber breach. No person or corporation is immune. Government entities, financial institutions, health care providers, Fortune 500 companies and even cyber-security firms are under constant attack. And the inevitable class action privacy breach lawsuits follow. The trend among courts and government regulators has been to allow these suits to proceed to discovery and beyond. The associated costs are increasing exponentially. A single cyber breach could cost tens of millions of dollars. Projections for costs from the Sony breach start at $1 billion. You may think to look to your cyber or tech insurer for help, but what about a straightforward first- or third-party policy or a professional services policy? Is the theft of information covered under a fiduciary policy? How will you address and coordinate the crisis management? Who do you hire? Can a law firm help? And while an increasing number of underwriters offer cyber-insurance products, many claims professionals are not yet familiar with the coverages or how to evaluate and handle the resultant claims. Become better informed with a debate on cyber risks and litigation, crisis management, loss control, the applicability of insurance and cyber-risk strategies.
Panel

Interested in attending?  Then head on over to the RIMS 2012 website to register.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2011.

myspace profile views counter