2019 Materials

Incident Response Forum West 2019 Materials

Data Breach Response/the In-House Team/The Board

Four Part Series: Top Cybersecurity Concerns for Every Board of Directors, by John Reed Stark (NASDAQ Governance Clearing Center, 2018)

New York Cybersecurity Rules: What Firms Need to Know, by Kimberly Peretti and  Nameir Abbas (Securities Regulation, Daily, 2017)

Notes from a Law Firm Chief Privacy Officer: New Demands by Phyllis Sumner (Law 360, August 2017)

The Equifax and SEC Data Breaches: Takeaways, Reminders & Caveats, by John Reed Stark (D&O Diary, September 2017)

Yahoo’s Warning to GCs: Your Job Description Just Expanded (Big-Time), by David Fontaine and John Reed Stark (Law 360, 2017)

Cyber Awareness to Cyber Expertise: The Evolution of Board Cyber Risk Management by Phyllis Sumner and Nick Oldham (Directors Governance Center, 2016)

Cyber Awareness to Cyber Expertise: The Evolution of Board Cyber Risk Management, by Phyllis Sumner and Nick Oldham (January, 2016)

Ensuring Best Practices in the Investigation of an Incident, by David Fagan, Ashden Fein and David Bender (March, 2016)

Cyber Alert: 2016 Breach Roundup, Part I: U.S. State Data Breach Notification Laws Highlights and Trends (Alston & Bird, December 2016)

Boards of Directors and Cybersecurity: Applying Lessons Learned From 70 Years of financial Reporting Oversight, by David Fontaine and John Reed Stark (Cybersecurity Docket, 2016)


Managing Retail Data Breaches

California’s new data privacy law could change how companies do business in the Golden State, by Jason Tashea (ABA Journal, January 2019)

Amazon Unfair Practice Case May Affect Data Breach Cases, by Doug Meal, David Cohen and Joseph Cleemann (Law 360, July 2016)

Recent Decisions Highlight Product Cybersecurity Issues, by Heather Sussman, Doug Meal and David Cohen (Law 360, 2016)

Cyber Alert: Security Vulnerabilities: You Don’t Need a Breach to Face Regulatory Scrutiny (Alston & Bird, September 2016)

St. Joseph Demonstrates Challenges for Breach Plaintiffs, By Doug Meal, Mark Szpak and David Cohen (Law 360, 2015)


Managing Financial Firm Data Breaches

Five Hidden Takeaways from the Khaled and Mayweather SEC Orders(D&O Diary, Law 360, 2018)

New York State Cybersecurity Regulations: First milestone in sight, what is next on the horizon? By Jeewon Serrato (contributor among several Shearman & Sterling colleagues, 2018)

Beyond Disclosure: SEC Reinforces Public Company Cybersecurity Obligations(Willkie Farr & Gallagher 2018)

Virtual Currency Update: Increased Government Scrutiny and Enforcement (Willkie Farr & Gallagher 2018)

Ten Questions the SEC Probably Has for Google, by John Reed Stark (Law 360, October 2018)

https://www.alston.com/en/insights/publications/2017/03/governor-cuomo-announces-cybersecurity-regulations (Alston & Bird, March 2017)

NYDFS issues final cybersecurity regulations, setting new industry standard for cybersecurity controls (Sidley & Austin, February 2017)

Think the SEC EDGAR Data Breach Involved Insider Trading? Think Again, By John Reed Stark (D&O Diary & Law 360, October 2017)

8 Critical Lessons From Morgan Stanley Cybersecurity Case, by John Reed Stark (Law 360, October 2016)

SEC Pushes New Limits on Cybersecurity, Securities Fraud, by John Reed Stark (Compliance Week, 2016)

Avoiding Vanguard’s Cybersecurity Stumble, by John Reed Stark (Compliance Week 2016)


National Security and Cyber-Attacks

Ten Lessons from Six 2018 DOJ Indictments of State-Sponsored Hackers, by By Kim Peretti, Emily Poole, and Nameir Abbas (Alston Cyber Alert, 2019)

Ten Crypto-Caveats Floyd Mayweather and DJ Khaled Should Have Heard From Their Lawyers, by John Reed Stark (The Harvard Law School Forum on Corporate Governance and Financial Regulation, April, 2018)

A Dozen Obvious (and Not So Obvious) C-Suite Takeaways from the 2018 SEC Cyber-Disclosure Guidance, by John Reed Stark  (Law 360, May, 2018)

Opinion: Here’s how the Trump administration needs to boost cybersecurity,by John Carlin (Marketwatch, 2017)

Petya Ransomware Attacks, by (Debevoise June, 2017)

Cybersecurity Requirements Clarified (National Defense, March 2017)

Implications of WikeLeaks Publishing Details of CIA’s Cyber Arsenal (Ankura Consulting Group, March 2017)

The Risk in Making a Ransomware Payment, by John Reed Stark (Law 360, 2017)

Here’s what went wrong for Equifax in those first 48 hours, by John Carlin and David Newman (Aspen institute, 2017)

A GDPR Primer For U.S.-Based Cos. Handling EU Data: Part 1 (By Caroline Krass, et al) (Law 360, 2017)

A GDPR Primer For U.S.-Based Cos. Handling EU Data: Part 2 (By Caroline Krass, et al) (Law 360, 2017)

Think the SEC EDGAR Data Breach Involved Insider Trading? Think Again, by John Reed Stark (Law 360, October 2017)

“Cybervandalism” or “Digital Act of War”? America’s Muddled Approach to Cyber Incidents Won’t Deter More Crises, by Charlie Dunlap (Lawfire, 2017)

Are Cyber Norms as to What Constitutes an “Act of War” Developing as we Would Want?, by Charlie Dunlap (Lawfire, 2017)


Managing Data Breaches Across Borders

White House Releases Vulnerability Equities Policy and Processes, by David Fagan and Caitlan Meade(Inside Privacy, 2017)

2016 Privacy Year in Review, by Winston & Strawn LLP (Feb. 2017)

Cyber Alert: 2016 Breach Roundup, Part II: U.S. and EU Data Breach Notification Regulations Highlights and Trends, (Alston & Bird, January 2017)

Detect, Disrupt, Deter: A Whole-of-Government Approach to National Security Cyber Threats, by John Carlin (Harvard National Security Journal, 2016)

Microsoft-Ireland: Decision underscores tension between privacy principles and the digital environment, by Squire Patton Boggs (Tara Swaminatha) (JD Supra 2016)

Presidential Cybersecurity Commission Issues Ambitious Policy Roadmap for Next Administration, by Benjamin Powell, Jonathan Cedarbaum and D. Reed Freeman (WilmerHale 2016)

Ensuring Best Practices in the Investigation of an Incident, by David Fagan, Ashden Fein and David Bender, (Cybersecurity Law and Practice Report, 2016)


After the Breach: Digital Forensics and Remediation

Image Exploits: With the Tax Season Come the Thieves, by Sean Hoar (Digital Insights Blog, 2019)

5 Fraud Insurance Decisions Sure to Shape 2019, by Patricia Carreiro (Law 360, 2019)

Takeaways, Reminders & Caveats From the Equifax and SEC Data Breaches, by John Reed Stark (Cybersecurity Docket and D&O Diary, 2017)

Hidden Legal Lessons from Anthony Weiner’s Laptop by John Reed Stark (Cybersecurity Docket, 2017)

Here’s what went wrong for Equifax in those first 48 hours, by John Carlin and David Newman (September, 2017)

Cybersecurity Preparedness & Response Alert: Effective Cybersecurity: You Have a Breach Response Plan … Now How Do You Test It? (Alston & Bird, December 2015)


After the Breach: Cyber Insurance and Class Actions

The Great data Breach Standing Court Split, by Amanda Lawrence, Antonio Reynolds, Michael Rome and Daniel Paluch (January, 2019)

Courts Wrestle With Coverage for Cyber-Related Claims, by Peter Selvin (October, 2018)

Who gets Coverage? by Scott Godes (BTLaw Cybersecurity Blog, 2017)

High Hurdles Faced by Data Security Breach Shareholder Derivative Plaintiffs, by Douglas Meal, Mark Szpak, David Cohen and Lindsey Sullivan (Bloomberg Privacy and Law Review, 2017)

Cyber Insurance:  How to Find the Right Policy, by John Reed Stark (NASDAQ Clearinghouse, November 2016)

How Insurance Can Protect Your Company, by Scott Godes (Law Journal Newsletter, 2016)

Should Retailers Rely On CGL Coverage For Data Breaches?,  by: Scott Godes (Barnes & Thornburg, 2015)

Who Gets Coverage? Cyber Insurance and Credit Card Risks: Will Coverage Apply After the P.F. Chang’s Denial?  by: Scott Godes (Barnes & Thornburg 2017)

Cyber-Physical Risks: Are You Covered? (Covington, December 2016)

5 Tips for Buying and Reviewing Cyber Insurance, by Scott Godes (Law 360, 2014)


Breach Avoidance/Preparation: Counseling Companies Before the Inevitable Breach 

Six Best Ways to Protect Your Organization from Insider Cyber Risks, by David Klopp (Kroll Insights, 2019)

Ransomware: Recommendations for Preparation and Response, By: Christopher E. Ballod, Frank J. Gillman and Sean B. Hoar (Digital Insights Blog, 2019)

Cybersecurity Resolutions for 2019, by Frank Gillman and Sean Hoar (Digital Insights Blog, 2019)

The Legal Threat Giving Compliance Officers Nightmares, by Michelle Gorman (Law 360, 2019)

4 Privacy Law Predictions for 2019, by Liisa Thomas (Law 360, 2019)

Dark Web Monitoring: A Strategic Advantage for Law Firms and Their Clients, by Anju Schopra and Brian Lapidus (Kroll Insights, 2018)

Planned Methodology for Forensically Sound Incident Response in Office 365, by David Ackerman (Kroll Insights, 2018)

Alternative Communications Planning and Cybersecurity Incident Response, by Tara Swaminatha (CSO Magazine, 2018)

Presidential Executive Order on Cybersecurity: No More Antiquated IT, by Jonathan Meyer, John Chierichella and Townsend Bourne (Bloomberg BNA Privacy and Law Report, 2017)

How a Consumer Group’s Cybersecurity Initiative Could Shape the Market, by Dave Thonas, Jonathan Meyer and Abraham Shanedling (Morning Consult, 2017)

Connecting the Dots: Key Developments and Best Practices for Evaluating Privacy and Security Risks in lot Investments, by Jeewon Serrato (Shearman and Sterling, 2017)

NY Cybersecurity Bill Shows “Reasonable Security” Standard Gathering Force, by Debevoise (Debevoise and Plimpton, 2017)

Cybersecurity Due Diligence: A New Imperative, by John Reed Stark (Complliance Week, 2017)

Cybersecurity: Past is Prologue, by Squire Patton Boggs (Tara Swaminatha) (JD Supra 2016)

Top Cybersecurity Concerns for Every Board of Directors, Part One: Cybersecurity Governance, by John Reed Stark (NASDAQ Clearinghouse, December 2016)

Cybersecurity Preparedness & Response Alert:  Effective Cybersecurity: The Evolving Regulatory Landscape for Investment Advisers, Investment Companies and Broker-Dealers, by Alston and Bird (Including Kimberly Kiefer Peretti)  (JDSupra Business Advisor, 2016)


When: Thursday, Jan. 30, 2020
7:00 am - 8:20 am (Breakfast & Registration)
8:20 am - 8:30 am (Welcome Remarks)
8:30 am - 12:30 pm (Panel Discussions)
12:30 pm - Lunch sponsored by Kroll
Where: Waldorf Astoria Beverly Hills
9850 Wilshire Blvd
Beverly Hills, California, 90210
CLE Credit: 3 hours (pending in CA)
Presented by: Cybersecurity Docket 

CLE Info and Forms

SEF2014 CLE -smCLE forms available here.


Links to materials available here.

Corporate Sponsors

Kroll 230 2019

Ankura 230x60


FTI Cyber 230

Law Firm Sponsors

Akin Gump 230





Lewis Brisbois 230

MWE 230 v2

Norton Rose 230

Orrick 230 v2


Wilson Sonsini 230 2019