Data Privacy Compliance: Pre-Attack Risk Mitigation and Post-Attack Best Practices

As a data, privacy and security, health care, and employee benefits partner at King & Spalding LLP, Adam Solander provides counsel on data breach and cybersecurity issues across various industries, particularly health care. Adam represents clients with respect to employee benefits regulatory and compliance issues including designing, implementing, and maintaining employee benefit plans. He also advises clients on issues related to managed care laws and telemedicine.

Adam has experience helping clients preparing for, responding to, and recovering from data, privacy and security incidents. He is a Certified CSF Practitioner, a designation given by the Health Information Trust Alliance (HITRUST). This organization provides training to develop and maintain effective security programs for health care and life sciences companies that comply with security laws, regulations, and standards, including HITECH, HIPAA, PCI, JCAHO, CMS, ISO, NIST, and various other federal, state, and business requirements.

Prior to joining King & Spalding, Adam was a member of a nationally recognized law firm where he was a part of their health care and life sciences practice group. Much of his experience is centered around assisting health care clients with HIPAA compliance, ERISA, managed care laws, telemedicine, and privacy and data security.

He also assisted private equity companies with evaluating privacy and security and employee benefits compliance risk in connection with potential investments. Previously, he served as Health Policy Counsel at the ERISA Industry Committee. There, he counseled Fortune 500 companies on healthcare legislation, including ACA, the HITECH Act, and ERISA. He also has experience advocating on behalf of trade associations and advocacy groups to Congress and Executive branch.

Daniel Greene is a Partner and Incident Response Team Lead at Octillo. He has been on the frontline of hundreds of cybersecurity incidents, including headline-making attacks, data breaches involving millions of affected individuals and compromises across industries and of businesses of every size, from small and medium-sized businesses to publicly held companies. He guides clients through each stage of an incident – from detection to eradication, response to recovery, and crisis communications to compliance with legal obligations and defense of regulatory investigations.

Dan has shepherded clients through breaches in highly regulated industries such as healthcare, financial services, government contracting, and cannabis, as well as in software, global retail, professional services, and more.

Dan leads and oversees round-the-clock responses to:
- Ransomware
- Business email compromises & wire fraud
- Rogue employees
- Inadvertent disclosures
- Phishing and social engineering
- Card-stuffing, DDOS, and bot attacks
- Domain-jacking and DMCA issues
- Government and regulatory investigations

Dan was recognized in 2022 as one of the top 40 Incident Response attorneys in the nation by Cybersecurity Docket. He is also a Certified Information Privacy Professional, United States (CIPP/US) and Certified Information Privacy Professional, Europe (CIPP/E) as recognized by the International Association of Privacy Professionals (IAPP).

Amelia Gerlicher focuses her practice in the areas of privacy and data security, counseling clients on preparing for and reacting to data breaches and network intrusions, as well as helping clients assess and address the privacy and data security risks that arise from a wide range of commercial activities.

Amelia has counseled numerous clients through data breach preparation and response, assisting clients assess their risks, develop response strategies, comply with legal obligations and address regulatory inquiries following an incident. She has advised clients ranging from small startups to Fortune 100 companies on the protection and use of personal data, including disclosure obligations, security requirements and data breach notification and response.

Amelia’s privacy-related litigation experience includes actions arising from a variety of online activity, brought under the federal Wiretap Act, the Stored Communications Act, the Computer Fraud and Abuse Act and state privacy laws. She also represents clients, such as Facebook, in defending against illegal spamming, scraping, data misuse, harassment and other forms of malicious behavior that interfere with client websites.

Her litigation experience also includes a variety of other matters, including contract, intellectual property and internet law issues for a wide range of clients. In pro bono matters, she has assisted a nonprofit in developing resources to educate victims of nonconsensual pornography on their legal options, represented immigrants seeking asylum before the immigration court and the U.S. Court of Appeals for the Ninth Circuit and served as counsel for 30,000 Arizona prisoners in a class action case against the state of Arizona seeking constitutional medical care and conditions of confinement.

Demian Ahn is Of Counsel in the Washington, D.C., office of Wilson Sonsini Goodrich & Rosati, where he is a member of the firm’s privacy and cybersecurity practice. Demian’s practice focuses on the representation of companies confronting cybersecurity risks, including risks from threat actors, regulatory risks from governmental bodies, and litigation risks related to data privacy regulations and cybersecurity breaches. He also provides advice and advocacy for clients needing to respond to law enforcement requests for data.

Demian is focused on emerging cybersecurity regulations and the government’s expanding enforcement efforts related to cybersecurity. He helps companies navigate this increasingly complex regulatory environment so they can remain focused on innovation, growth, and profitability. For most of his career at the U.S. Attorney’s Office, Demian was a Computer Hacking and Intellectual Property Prosecutor and National Security-Cyber Specialist. He led groundbreaking prosecutions of advanced persistent threat (APT) actors who targeted companies, universities, and U.S. government agencies and officials. He also handled matters involving cybersecurity-related export control violations, procured the seizure of servers and domains used by terrorists and cyber criminals, and led investigations into organized identity theft rings.

Demian’s prosecutions led to convictions of the individual responsible for the largest known computer intrusion and data theft from the United States Senate; of multiple hackers who targeted banks and other financial services firms; and of individuals who carried out ransomware attacks. In addition, he prosecuted cases involving other internet-related conduct, including crimes inspired by internet conspiracy theories and cyberstalking offenses motivated by racial and religious bias.

Demian’s CFAA and ECPA expertise was highly regarded in the Department of Justice, and federal law enforcement agencies across the country sought his assistance in matters that required novel evidence collection and prosecutorial strategies. He was a member of the Ransomware Action Network of the Executive Office for U.S. Attorneys, was invited faculty at the National Security Division’s training for National Security Cyber Specialists, and has presented about cybercrime before groups such as the National Association of Attorneys General and the National Association of Former United States Attorneys.

Prior to joining the Department of Justice, Demian worked at a prominent multinational law firm, where he represented clients in high-stakes litigation and investigations, including matters before Congress, federal and state regulatory bodies, and federal and state trial and appellate courts. Following law school, Demian clerked for the Honorable Frederick J. Martone of U.S. District Court for the District of Arizona. During law school, he served as a law clerk for the South African Human Rights Commission in Durban, South Africa.