1 / 13

Issuer Agent Panel 2008 SSA Annual Conference

Issuer Agent Panel 2008 SSA Annual Conference. Data Breach Response Plan. Data Breach. Summary Define the scope Specify when it applies Definitions Critical - what the policy applies to What is a data breach? Prevention Everyone’s job. Data Breach. Detection – have mechanisms in place

winter
Download Presentation

Issuer Agent Panel 2008 SSA Annual Conference

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Issuer Agent Panel2008 SSA Annual Conference Data Breach Response Plan

  2. Data Breach • Summary • Define the scope • Specify when it applies • Definitions • Critical - what the policy applies to • What is a data breach? • Prevention • Everyone’s job

  3. Data Breach • Detection – have mechanisms in place • Investigation • Did it occur? • Scope of breach • Risk that data will be mis-used • Prevent further access • STA Data Breach Action Steps

  4. Data Breach • Implement Response Plan • Notification timeframe • Communications • Dear stockholder letter • Web site • Press release • TJX – A Cautionary Tale • Regulation S-P

  5. Issuer Agent Panel2008 SSA Annual Conference Framework for Safeguarding Shareholder Assets and Information

  6. Safeguard Project • Objective • Safeguard shareowner securities, funds and information from: • External and internal fraud • Processing errors • Safeguard corporate assets and information from: • External and internal fraud • Processing errors

  7. Project Process • Identify • Assets • Shares: certificate; DRS; Plan • Funds: dividends; OCP; sales proceeds; money orders • Information • Account registration • TIN • Bank account number • B/D information • PIN • Determine processes/actions/tasks that impact assets and information • Internal • Vendor

  8. Project Process • Assess each P/A/T for: • Risk • Documentation level • Policy in place • Clear performing entity • Operational control • Additional internal control • Potential for external oversight • Who has internal and external access

  9. Project Process • Prioritize P/A/T’s • Highest impact • Greatest deficiencies • Address in rank order • Remediate process • Institute new process • Insure regulatory compliance

  10. Project Process • Department Review • Internal Audit assistance • Phased Implementation • Safeguarding part of culture • Business unit goal • Individual performance goals

  11. Compliance Notebooks Business Continuity Plan Shareholder confidentiality policy Legal name changes Removing hard stop codes Disbursement addresses Lost certificate replacements Securities transfer Data breach response Purchase through direct debit Dividends through EDD Sale of shares Adjust shares Adjust funds CSSII data security VRS data security Interlink data security Level 1 Processes/Actions/Tasks

  12. Purchase shares with OCP Purchase shares with ICP Pay dividend by check Change account information Replace checks Vendor non-disclosure agreements Existing disbursement addresses Certificate storage Lost stockholders Payments via dividend order Level 2 Processes/Actions/Tasks

  13. SEC Audit • “During the examination, staff found that the Treasury Department manages securityholder funds prior to payment of presented checks.” • “The staff has concerns that securityholder funds earmarked for dividend payments could be at risk of loss to the shareholders in the event of bankruptcy or similar financial difficulties.”

More Related