Attention:
Card image cap

Data Privacy Compliance: Pre-Attack Risk Mitigation and Post-Attack Best Practices


Level: Intermediate
Runtime: 50 minutes
Recorded Date: April 18, 2024
Click here to share this program
Printer-Friendly Version
Closed Caption

Agenda

  • Overview
  • Data Privacy Compliance
  • Managing & Assessing Risk
  • Impact and Liability Reduction
  • California Cybersecurity Audit Regulation
  • Data Privacy Compliance: Preparation
  • Company Protection
  • Notice & Disclosure Requirements
  • Mitigating Risk
  • Controlling Vendors & Mitigating Risk

For NY - Difficulty Level: Both newly admitted and experienced attorneys

Description

Led by experienced practitioners in privacy law, cybersecurity, and incident response, the discussion highlights the evolving landscape of data privacy compliance, emphasizing the interdisciplinary approach needed to address incidents effectively. Insights are shared on breach analysis, transparency, and adherence to regulations, with a focus on integrating data privacy compliance into company protocols and learning from healthcare industry developments to prevent future incidents.

Throughout the discussion, the speakers stress the importance of clear communication with regulators, control over vendors, and transparent communication to mitigate the risk of breaches and ensure compliance maturity.

Provided By

Card image cap Securities Docket
Card image cap

Panelists

Card image cap

Adam Solander

Partner
King & Spalding

As a data, privacy and security, health care, and employee benefits partner at King & Spalding LLP, Adam Solander provides counsel on data breach and cybersecurity issues across various industries, particularly health care. Adam represents clients with respect to employee benefits regulatory and compliance issues including designing, implementing, and maintaining employee benefit plans. He also advises clients on issues related to managed care laws and telemedicine.

Adam has experience helping clients preparing for, responding to, and recovering from data, privacy and security incidents. He is a Certified CSF Practitioner, a designation given by the Health Information Trust Alliance (HITRUST). This organization provides training to develop and maintain effective security programs for health care and life sciences companies that comply with security laws, regulations, and standards, including HITECH, HIPAA, PCI, JCAHO, CMS, ISO, NIST, and various other federal, state, and business requirements.

Prior to joining King & Spalding, Adam was a member of a nationally recognized law firm where he was a part of their health care and life sciences practice group. Much of his experience is centered around assisting health care clients with HIPAA compliance, ERISA, managed care laws, telemedicine, and privacy and data security.

He also assisted private equity companies with evaluating privacy and security and employee benefits compliance risk in connection with potential investments. Previously, he served as Health Policy Counsel at the ERISA Industry Committee. There, he counseled Fortune 500 companies on healthcare legislation, including ACA, the HITECH Act, and ERISA. He also has experience advocating on behalf of trade associations and advocacy groups to Congress and Executive branch.

Card image cap

Daniel Greene

Partner
Octillo

Daniel Greene is a Partner and Incident Response Team Lead at Octillo. He has been on the frontline of hundreds of cybersecurity incidents, including headline-making attacks, data breaches involving millions of affected individuals and compromises across industries and of businesses of every size, from small and medium-sized businesses to publicly held companies. He guides clients through each stage of an incident – from detection to eradication, response to recovery, and crisis communications to compliance with legal obligations and defense of regulatory investigations.

Dan has shepherded clients through breaches in highly regulated industries such as healthcare, financial services, government contracting, and cannabis, as well as in software, global retail, professional services, and more.

Dan leads and oversees round-the-clock responses to:
- Ransomware
- Business email compromises & wire fraud
- Rogue employees
- Inadvertent disclosures
- Phishing and social engineering
- Card-stuffing, DDOS, and bot attacks
- Domain-jacking and DMCA issues
- Government and regulatory investigations

Dan was recognized in 2022 as one of the top 40 Incident Response attorneys in the nation by Cybersecurity Docket. He is also a Certified Information Privacy Professional, United States (CIPP/US) and Certified Information Privacy Professional, Europe (CIPP/E) as recognized by the International Association of Privacy Professionals (IAPP).

Card image cap

Amelia Gerlicher

Partner
Perkins Coie

Amelia Gerlicher focuses her practice in the areas of privacy and data security, counseling clients on preparing for and reacting to data breaches and network intrusions, as well as helping clients assess and address the privacy and data security risks that arise from a wide range of commercial activities.

Amelia has counseled numerous clients through data breach preparation and response, assisting clients assess their risks, develop response strategies, comply with legal obligations and address regulatory inquiries following an incident. She has advised clients ranging from small startups to Fortune 100 companies on the protection and use of personal data, including disclosure obligations, security requirements and data breach notification and response.

Amelia’s privacy-related litigation experience includes actions arising from a variety of online activity, brought under the federal Wiretap Act, the Stored Communications Act, the Computer Fraud and Abuse Act and state privacy laws. She also represents clients, such as Facebook, in defending against illegal spamming, scraping, data misuse, harassment and other forms of malicious behavior that interfere with client websites.

Her litigation experience also includes a variety of other matters, including contract, intellectual property and internet law issues for a wide range of clients. In pro bono matters, she has assisted a nonprofit in developing resources to educate victims of nonconsensual pornography on their legal options, represented immigrants seeking asylum before the immigration court and the U.S. Court of Appeals for the Ninth Circuit and served as counsel for 30,000 Arizona prisoners in a class action case against the state of Arizona seeking constitutional medical care and conditions of confinement.

Card image cap

Demian Ahn

Of Counsel
Wilson Sonsini Goodrich & Rosati

Demian Ahn is Of Counsel in the Washington, D.C., office of Wilson Sonsini Goodrich & Rosati, where he is a member of the firm’s privacy and cybersecurity practice. Demian’s practice focuses on the representation of companies confronting cybersecurity risks, including risks from threat actors, regulatory risks from governmental bodies, and litigation risks related to data privacy regulations and cybersecurity breaches. He also provides advice and advocacy for clients needing to respond to law enforcement requests for data.

Demian is focused on emerging cybersecurity regulations and the government’s expanding enforcement efforts related to cybersecurity. He helps companies navigate this increasingly complex regulatory environment so they can remain focused on innovation, growth, and profitability. For most of his career at the U.S. Attorney’s Office, Demian was a Computer Hacking and Intellectual Property Prosecutor and National Security-Cyber Specialist. He led groundbreaking prosecutions of advanced persistent threat (APT) actors who targeted companies, universities, and U.S. government agencies and officials. He also handled matters involving cybersecurity-related export control violations, procured the seizure of servers and domains used by terrorists and cyber criminals, and led investigations into organized identity theft rings.

Demian’s prosecutions led to convictions of the individual responsible for the largest known computer intrusion and data theft from the United States Senate; of multiple hackers who targeted banks and other financial services firms; and of individuals who carried out ransomware attacks. In addition, he prosecuted cases involving other internet-related conduct, including crimes inspired by internet conspiracy theories and cyberstalking offenses motivated by racial and religious bias.

Demian’s CFAA and ECPA expertise was highly regarded in the Department of Justice, and federal law enforcement agencies across the country sought his assistance in matters that required novel evidence collection and prosecutorial strategies. He was a member of the Ransomware Action Network of the Executive Office for U.S. Attorneys, was invited faculty at the National Security Division’s training for National Security Cyber Specialists, and has presented about cybercrime before groups such as the National Association of Attorneys General and the National Association of Former United States Attorneys.

Prior to joining the Department of Justice, Demian worked at a prominent multinational law firm, where he represented clients in high-stakes litigation and investigations, including matters before Congress, federal and state regulatory bodies, and federal and state trial and appellate courts. Following law school, Demian clerked for the Honorable Frederick J. Martone of U.S. District Court for the District of Arizona. During law school, he served as a law clerk for the South African Human Rights Commission in Durban, South Africa.


Card image cap

Similar Courses

Card image cap
64 minutes
"I Am Not a Cat" Proceedings in a Virtual World
Besides becoming a pop-culture catchphrase, how has the shift to a virtual environment impacted proceedings over the last year, and what changes do you believe are here to stay? Our panel of experts will examine some of the greatest challenges, faux pas, and successes in virtual proceedings over the course of this transformative time.

Women, Influence & Power in Law Conference

$65

Add to Cart
Card image cap
63 minutes
2021: The Year of the ELM
Panelists will clarify what constitutes an ELM platform, examine its unique and compelling capabilities, and discuss its strategic and tactical advantages, particularly those stemming from data-driven insights and machine-driven decision making. Attendees will gain a clear understanding of the significance of the emergence of ELM solutions, what firms and law departments can achieve with ELM platform, and practical and ethical considerations related to adopting an ELM solution.

Legalweek

$65

Add to Cart
Card image cap
118 minutes
A Comprehensive Guide on Non-Fungible Tokens (NFTs): Managing Potentials and Perils
In this program, a panel of thought leaders and practitioners assembled by The Knowledge Group will discuss the recent trends and significant challenges surrounding NFTs and the associated legal landscape, including helpful insights to avoid potential risks.">In this program, a panel of thought leaders and practitioners assembled by The Knowledge Group will discuss the recent trends and significant challenges surrounding NFTs and the associated legal landscape, including helpful insights to avoid potential risks.

The Knowledge Group

$165

Add to Cart
Card image cap
85 minutes
A Practical Guide in Drafting Data Privacy and Security Agreements: Mitigating Data Security Breach Risks
Listen as experienced data security attorneys Kenneth Dort (Faegre Drinker Biddle & Reath LLP) and Melissa Krasnow (VLP Law Group LLP) provide a comprehensive discussion of the latest trends, developments, and critical issues surrounding data privacy and security agreements. They will, among other things, offer practical tips and strategies for drafting these provisions in light of recent developments and the current legal landscape.

The Knowledge Group

$115

Add to Cart
Previous Next