IAOP Chapter: Data Security

Meeting held on January 27, 2010

A Data Security Chapter meeting chaired by JANUS Associates was held on January 27, 2010 from 8:00 am to 10:30 am at Mayer Brown’s New York City offices at 1675 Broadway, New York, NY 10019.

The meeting featured presentations and a panel discussion on the rapidly changing Information Security and Privacy regulations affecting outsourcing, with a focus on developments, trends and practical applications.

Presentations were delivered by Rebecca S. Eisner of Mayer Brown and Karl Muenzinger of JANUS. A panel discussion featured speakers from IBM, BlackRock, Mayer Brown and JANUS. The panel addressed security and privacy challenges and discussed how customers and providers of outsourcing services can address these critical needs.

Agenda

8:00 am-8:30 am: Registration, Continental Breakfast & Networking

8:30 am-8:40 am: Welcome & Introductions

8:40 am-9:15 am: "New Developments – US Security and Privacy Laws Affecting Outsourcing"

Rebecca Eisner, Partner, Mayer Brown

9:15 am- 9:45 am: " Technical Challenges and a Practical Approach to Vendor Compliance Management "

Karl Muenzinger, Senior Compliance Consultant, JANUS

9:45 am-10:30 am: Panel Discussion: "Managing the Data Security and Privacy Risks and Opportunities in Outsourcing"

David Hudanish (Moderator), Partner, Mayer Brown

Phil Hausler, Vice President, Banking Industry, IBM

Benjamin Smith, Chief Information Security Officer, BlackRock, Inc.

John Mancini, Partner, Mayer Brown

Matthew Lane, Chief Technology Officer, JANUS

10:30 am-11:00 am: Closing Remarks & Networking

IAOP members wishing to attend the upcoming meeting please email  the chapter coordinator at amanda.corbett@outsourcingprofessional.org

If you are not as yet a member of IAOP and would like a guest pass for the meeting, please Request a Guest Pass.

IAOP Members:

Click Here and login  to download past meeting presentations for all IAOP chapters.

Webinar held on July 16, 2009!

A Data Security Chapter webinar, hosted by corporate member JANUS Associates, was held Thursday, July 16.

Industry expert, Patricia Fisher from JANUS Associates, shared valuable insights on the “Changing Security Issues Involved in the ARRA (Stimulus) Act and How it Might Affect Outsourcing.”  Members learned about the significant developments that occurred with the passage of the ARRA and how they may impact the outsourcing industry.  Pat identified major changes and focused on the new penalties that may be applied if a data breach occurs as well as outlined the expectation of greater enforcement due to increased government incentives to the entities that will be monitoring the new requirements. 

In addition, Pat outlined specific action steps members would want to take to lower their risks and liabilities.

Meeting held - October 21, 2008

A Data Security Chapter webinar, hosted by corporate member JANUS Associates, was held on Tuesday, October 21, 2008.

The program topic was “Outsourcing in Today’s New Risk Averse Business Climate:  Why Information Security is becoming a top business priority and what you need to do.” Karl W. Muenzinger, CISSP, CISM, MBCI and Project Manager of JANUS Associates, shared his expertise about the dramatic effect the rapidly changing financial landscape will have on outsourcing.  He shared valuable information about what you need to do to prepare for it! 

He covered real-life business cases where strong information security was used as a market differentiator and where information security breaches cost more than any benefit they derived.  He provided insight about how lax information security can be a deal breaker.  He reviewed the regulatory trend for increased due diligence, information security standards and approaches to demonstrating strong security.

Webinar Held Wednesday, April 30, 2008

The latest Data Security Webinar took place on April 30, 2008 at 11:00 a.m. (PDT).  Data Security chapter chair, Frank Teruel of Vormetric, and guest speakers Tom Grubb of Polivec and Gabe Zubizaretta conducted a dynamic discussion concerning: “The Impending US Economic Down-turn…What does it mean for Outsourcing and the Safety of Your Data”. 

The presentation was split into three parts beginning with Gabe Zubizaretta who spoke to the subject of outsourcing trends among emerging technical and non-technical enterprises, Tom Grubb who addressed extending your behavioral infrastructure to ensure the protection of your data and Frank Teruel who wrapped up with developing and extending a data security eco-system across your outsourcers’ environment.  A question and answer session completed the program.
 
Face to Face Meeting of the Data Security Chapter

The Data Security Chapter of IAOP held a face to face meeting at the 2006 Summit on February 20, 2006. Pat Fisher, President of Janus Associates, Tom Grubb, Chapter Chair and Heather Mark (CISSP) presented growing evidence that data security poses a significant challenge to service providers and their customers.   An informal survey was conducted to determine the attitude of those in the outsourcing industry regarding the protection of sensitive data. Download the survey results here. After the formal presentation, suggestions for future topics and speakers were discussed.

Inaugural Meeting of the Data Security Chapter

The inaugural meeting of the Data Security Chapter was held on February 14th, 2006 at 2:00 pm Eastern Time via web conference. The meeting was hosted by chapter chair Tom Grubb of Vormetric. To keep consumers' trust and minimize the risk of a security breach when outsourcing, the premise of the meeting suggests that organizations need to take steps to ensure that personal data is safeguarded in vendor relationships.

Chairman’s Summary

The Data Security Chapter of the IAOP, bringing together providers, their customers and advisors that use sensitive digital information in the course of conducting outsourcing business, held its first meeting on February 14th, 2006 via teleconference and web-seminar. 

IAOP Executive Director Michael Corbett provided an overview of the outsourcing industry and the IAOP. Tom Grubb described the Data Security chapter goals and objectives, followed by information describing why data security matters to outsourcing professionals. Mr. Grubb explained that disclosure laws such as California SB1386 push data theft into the media, which prompts customers and consumers to demand more legislation to protect data. Then he used a case study to show how a single public data breach at an India-based service provider caused long lasting brand damage evidenced by almost 10,000 Google many months after the breach occurred.

Dr. Larry Ponemon, chairman and founder of Ponemon Institute, and Sandra Hughes, chief privacy officer of Procter & Gamble presented the Vendor Information Clearinghouse, a framework developed by the Ponemon Institute. Ponemon and Hughes explained that the VIC is a Web-based infrastructure and process for registering qualified vendors and for disclosing baseline qualifications for handling information about people and households. They invited outsourcing professionals to consider adopting the VIC as a means for customers to validate service providers they are dealing with.  This validation process will help construct and corroborate confidence in doing business where private data is exchanged between service provider and vendor.

Tom Grubb from Vormetric wrapped up the meeting with the encouragement to submit ideas, thoughts and suggestions to IAOP in order for the group to continue to grow and remain topically focused for 2006. Topic suggestions may be sent to her directly at tgrubb@vormetric.com.

Meeting Agenda:

· 5-10 minute introduction by Mike Corbett, IAOP Executive Director

· 10 minutes by Tom Grubb, Why data securitys is important to Outsourcing Professionals

· 30 minutes by Dr. Larry Ponemon and Sandy Hughes, Lose Their Data — Lose Their Trust: Enabling Secure Vendor Relationships