Lessons Learned from the Tues. Jan. 31st 2-3 p.m. EST Moderator

. Joe McMorris, Vice President and Chief Information Officer, Wolters Kluwer ELM Solutions . Joe leads Information Technology for ELM Solutions and is responsible for driving the global IT strategy and managing the IT infrastructure required to support the Enterprise Legal Management business. This includes providing world-class hosting infrastructure and services to ELM Solutions corporate clients and law firms. He has overall accountability for the operation of the ELM Solutions information security management system and oversees all internal and external third-party information security audits. His vision and direction drove the process to secure both ISO 27001 and FISMA certifications for the company.

2 Guest Panelists

. Jeff Novak, Chief Counsel - Litigation & Compliance, Vice President - Public Policy at AOL Inc. . Jeff Novak manages litigation, compliance, and state public policy for AOL and its subsidiaries. Prior to joining AOL in 2003, he was a partner at McGuireWoods and a law clerk to the late Charles R. Richey, US District Judge for the District of Columbia. Jeff manages state public policy, litigation, and compliance for multiple lines of business including the litigation team, the regulatory compliance team, the criminal compliance and public safety teams, and the internal business conduct and compliance investigations.

. Ryan Bilbrey, Vice President Charles River Associates . Ryan Bilbrey is a senior professional in the litigation consulting industry with over 23 years’ experience in litigation and investigation projects, directing the identification, collection, analysis, processing, and hosted review of electronically stored information (ESI). He has provided expert consulting and advisory services for clients in a large variety of industries, including financial services, education, manufacturing, health care, insurance, energy, technology, communications, pharmaceutical, and entertainment, as well as U.S., state, and local government agencies. Mr. Bilbrey is currently focused on electronic discovery, text analytics related to ESI management, technology assisted review, strategic consulting regarding workflows in all stages of the Electronic Discovery Reference Model (EDRM), structured data discovery, and structured data analytics.

. Marco Salcedo, Senior Counsel, Wolters Kluwer ELM Solutions . Marco joined Wolters Kluwer on November 4, 2013 as Senior Counsel for Wolters Kluwer Health. Now, as the Senior Counsel at ELM Solutions since April 2014, his role encompasses licensing, intellectual property management, privacy law advice, and oversight of compliance, litigation and employment matters handled internally or with support from outside counsel. Prior to this position, Marco held the position of Corporate Counsel for Cognizant Technology Solutions, a leading Fortune 500 provider of IT, consulting and business process outsourcing services. While there, he supported Cognizant's Manufacturing, Consumer Goods and Utilities business segment, providing legal services for a wide variety of domestic and international commercial and transactional agreements, including master services, license and services agreements.

3 The Source of the Panama Papers

4 The Law Firm

Mossack Fonseca . Panamanian law firm that sells anonymous offshore companies around the world. These shell companies enable their owners to conceal their business dealings. . is the fourth-largest "asset protection" law firm in the world per businessinsider.com

5 Panama Papers

. 11.5M documents leaked . 2.6 terabytes of data made public . Involved 214K entities . Implicated 12 heads of state, 29 Forbes billionaires, 150 politicians, dozens of major banks . Spanned across 200+ countries “The Panama Papers are the largest information dump of their kind, and the information that has been released…appears to be just the tip of the iceberg.”

6 The Scale of the Leak Volume of data compared to previous leaks

7 The Structure of the Leak

8 Developments

Title of presentation 9 Lessons Learned from the Panama Papers Suspected Mossack Fonseca Failures

. What was done wrong? . Failed to maintain current patch levels and software versions of internet facing systems . Failed to leverage encryption for sensitive data, specifically email . Failed to deploy web servers and customer portal systems behind firewalls . Failed to follow the “principle of least privilege” on accounts supporting key production systems

11 What should Clients ask for from their Law Firms about Security?

. Does the firm have a security policy? . What is done for incident response? . Who does it cover? . Have you conducted a risk assessment? . What systems does it cover? . What security is provided for your network? . How is information classified and . What security is in place for workstations, protected? desktops, laptops? . Are personal devices allowed to connect to the . Sensitive data network, and, if so, how are they secured? . Public Data . What security is on your servers? . Protected (PII) data: HIPAA, GLB, FERPA, . What antivirus and malware software do you state law, EU, PCI use? . Default Classification of data . What is your encryption policy? How are keys . managed? How are users trained? . Do you have a log management standard? . Is there an access control policy? . What discipline is applied for failure to follow . What is done for physical and the policy? environmental security?

12 Takeaways

1 2 3

When legal data is The stakes are high - Current industry involved, law firms and yet law firms and legal standards and corporate legal departments are playing encryption should be departments are some catch up in terms of their implemented to ensure of the prime targets for response to the Panama information security and data breaches Papers incident and its avoid such incidents in implications the future

13 Resources

. What are the Panama papers and why do they matter? The Economist. April 2016. . http://www.economist.com/blogs/economist-explains/2016/04/economist-explains-1 . What are the Panama Papers? A guide to history's biggest data leak. The Guardian. April 2016 . https://www.theguardian.com/news/2016/apr/03/what-you-need-to-know-about-the-panama-papers . Here’s Why You Should Give About the Panama Papers. Drew Schwartz. Vice. April 2016 . http://www.vice.com/read/why-you-should-care-about-panama-papers-mossack-fonseca . Panama Papers: ‘Hello, this is John Doe. Interested in data?’ Jeremy Au Young. April 2016. The Straits Times. . http://www.straitstimes.com/world/panama-papers-hello-this-is-john-doe-interested-in-data . A Message from the Panama Papers Whistleblower Submitted by John Doe on May 9, 2016 . http://www.taxfairness.ca/en/blog/message-panama-papers-whistleblower . William Ponsoldt and Mossack Fonseca. The New York Times (example documents) . http://www.nytimes.com/interactive/2016/06/03/us/document-ponsoldt-mossack-fonseca.html . David Cameron Dodges Questions about his Family’s Tax Affairs after Panama Papers Revelations. White, Larry. Capital Bay. April 2016. . http://www.capitalbay.news/news/latest-news/world-news/1012593-david-cameron-dodges-questions-about-his-family-s-tax- affairs-after-panama-papers-revelations.html . Art collector, Entourage actress and a beer entrepreneur: New York socialites and business execs exposed in the Panama Papers. Daily Mail. May 15, 2016. . http://www.dailymail.co.uk/news/article-3591518/New-York-socialites-business-execs-exposed-Panama- Papers.html#ixzz4KBcyoG3t

14 Q & A

15