OVERVIEW OF HELPFUL RESOURCES
Data Privacy Resources
•
•
National and International Organizations
o American Bar Association (ABA)
 Various privacy, data protection, and cybersecurity links,
http://apps.americanbar.org/dch/committee.cfm?com=PC802500
o Association of Corporate Counsel (ACC)
 Resources regarding compliance and data management, including
data privacy, http://www.acc.com/legalresources/ (membership
required to access resources)
o CERT Societe Generale
 https://cert.societegenerale.com/
 CERT Societe Generale Incident Response Methodologies,
https://cert.societegenerale.com/en/publications.html
o Compliance, Governance and Oversight Council (CGOC)
 https://www.cgoc.com/ (membership required to access resources)
 Privacy resources, https://www.cgoc.com/resources/privacyresources
o International Association of Privacy Professionals (IAPP)
 https://www.privacyassociation.org/ (membership required to
access resources)
 Close-Up: How to Build a Privacy Program,
https://www.privacyassociation.org/resource_center/close_up_how
_to_build_a_privacy_program
 Close-Up: Creating a Privacy Policy,
https://www.privacyassociation.org/resource_center/close_up_crea
ting_a_privacy_policy
o The Sedona Conference
 https://thesedonaconference.org/
 The Sedona Conference® International Principles on Discovery,
Disclosure & Data Protection (December 2011),
https://thesedonaconference.org/download-pub/495
 International privacy resources,
https://thesedonaconference.org/publications
United States (Federal and State)
o Department of Health and Human Services (DHHS)
 Health Information Privacy resources,
http://www.hhs.gov/ocr/privacy/hipaa/understanding/index.html
Copyright © 2014 Daley & Fey LLP. All rights reserved.
•
•
o Federal Trade Commission (FTC)
 Bureau of Consumer Protection Business Center,
http://www.business.ftc.gov/privacy-and-security/data-security
o State of California
 Department of Justice Office of the Attorney General,
http://oag.ca.gov/privacy
o U.S. Commodity Futures Trading Commission (CFTC)
 http://www.cftc.gov/consumerprotection/index.htm
 Gramm-Leach-Bliley Act Security Safeguards, CFTC Staff
Advisory No. 14-21, Feb. 26, 2014
http://www.cftc.gov/ucm/groups/public/@lrlettergeneral/document
s/letter/14-21.pdf
European Union
o European Commission
 Data Protection resources, http://ec.europa.eu/justice/dataprotection/index_en.htm
o European Union Agency for Network and Information Security
(ENISA)
 http://www.enisa.europa.eu/
United Kingdom
o Information Commissioner’s Office (ICO)
 http://ico.org.uk/for_organisations/data_protection
Information Security Resources
•
•
National and International Organizations
o International Organization for Standardization (ISO)
 http://www.iso.org/iso/home.htm
 ISO/IEC 27002:2013 Information Technology—Security
Techniques—Code of Practice for Information Security Controls,
http://www.iso27001security.com/html/27002.html
o The SANS Institute (SANS)
 http://www.sans.org/
 Information Security Policy Templates,
http://www.sans.org/security-resources/policies/
United States (Federal and State)
o HealthIT.gov
 http://healthit.gov/
o National Institute of Standards and Technology (NIST), U.S.
Department of Commerce
 http://www.nist.gov/
 Framework for Improving Critical Infrastructure Cybersecurity
(2014),
Copyright © 2014 Daley & Fey LLP. All rights reserved.
•
•
http://www.nist.gov/cyberframework/upload/cybersecurityframework-021214-final.pdf
 Guidelines for Managing Security of Mobile Devices in the
Enterprise (2013),
http://www.nist.gov/customcf/get_pdf.cfm?pub_id=913427
European Union
o ENISA
 Cyber Attack Readiness, https://www.enisa.europa.eu/media/keydocuments/infographics/enisa-and-european-cyber-securityexercises
 Information Security Awareness Materials,
http://www.enisa.europa.eu/media/multimedia/material
United Kingdom
o ICO
 A Practical Guide to IT Security,
https://ico.org.uk/Global/~/media/documents/library/Data_Protecti
on/Practical_application/it_security_practical_guide.ashx
o UK Department for Business Innovation & Skills
 10 Steps to Cyber Security,
http://www.bis.gov.uk/assets/biscore/business-sectors/docs/0-9/121121-10-steps-to-cyber-security-advice-sheets.pdf
Mobile Device Security Resources
•
•
National and International Organizations
o ABA
 Mobile Device Security (2014),
http://www.americanbar.org/content/dam/aba/administrative/litigat
ion/materials/2014_sac/2014_sac/mobile_device_security.authchec
kdam.pdf
 Protecting PHI on Mobile Devices (2013),
http://www.americanbar.org/publications/aba_health_esource/2013
-14/november/protecting_phi.html
o SANS
 Mobile Security Policy Templates, http://www.sans.org/securityresources/policies/mobile.php
United States (Federal and State)
o HealthIT.gov
 Mobile Device and Health Information Privacy and Security,
http://www.healthit.gov/providers-professionals/your-mobiledevice-and-health-information-privacy-and-security
Copyright © 2014 Daley & Fey LLP. All rights reserved.
Data Breach Resources
•
•
•
•
National and International Organizations
o ABA
 Introduction to Data Security Breach Preparedness with Model
Data Security Breach Preparedness Guide (2012),
http://www.americanbar.org/content/dam/aba/administrative/litigat
ion/materials/sac_2012/2215_intro_to_data_security_breach_preparedness.authcheckdam.pdf
o DRI
 Anatomy of Data Breaches: The Technology of How They Happen
and The Legal Response, http://www.dri.org/DRI/coursematerials/2011%20NFJE%20Symposium/pdfs/03-Whitman.pdf
o IAPP
 Close-Up: Responding to a Data Breach,
https://www.privacyassociation.org/resource_center/close_up_resp
onding_to_a_breach (membership required to access resources)
United States (State and Federal)
o FTC
 FTC Report: Protecting Consumer Privacy in an Era of Rapid
Change (2012),
http://www.ftc.gov/sites/default/files/documents/reports/federaltrade-commission-report-protecting-consumer-privacy-era-rapidchange-recommendations/120326privacyreport.pdf
 Taking Charge: What to Do if Your Identity Is Stolen,
http://www.consumer.ftc.gov/articles/pdf-0009-taking-charge.pdf
o DHHS
 Breach Notification Rule,
http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotific
ationrule/
European Union
o ENISA
 Data Breach Notifications,
http://www.enisa.europa.eu/activities/identity-and-trust/risks-anddata-breaches/dbn
United Kingdom
o ICO
 Guidance on Data Security Breach Management,
http://ico.org.uk/for_organisations/data_protection/~/media/docum
ents/library/Data_Protection/Practical_application/guidance_on_da
ta_security_breach_management.pdf
Copyright © 2014 Daley & Fey LLP. All rights reserved.
Cloud Computing Resources
•
•
National and International Organizations
o Cloud Security Alliance
 Security Guidance for Critical Areas of Focus in Cloud Computing
v3.0 (2011),
https://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf
o IAPP
 Close-Up: Cloud Computing,
https://www.privacyassociation.org/resource_center/close_up_clou
d_computing (membership required to access resources)
o NIST
 Cloud Computing Standards Roadmap (2013),
http://www.nist.gov/itl/cloud/upload/NIST_SP-500-291_Version2_2013_June18_FINAL.pdf
o PCI DSS
 PCI DSS Cloud Computing Guidelines (2013),
https://www.pcisecuritystandards.org/pdfs/PCI_DSS_v2_Cloud_G
uidelines.pdf
United Kingdom
o ICO
 Guidance on the Use of Cloud Computing,
http://ico.org.uk/for_organisations/data_protection/topic_guides/on
line/cloud_computing
If you would like an electronic version of this document or if you have any
questions, please contact Laura Clark Fey at lfey@daleylegal.com
or 913.948.6301.
Copyright © 2014 Daley & Fey LLP. All rights reserved.