7:00 – 8:20 am: Breakfast and Check-in
8:20 – 8:30 am: Welcome Remarks
8:30 – 9:10 am: The Rollout and Impact of the California Consumer Privacy Act and GDPR
- Michael G. Morgan (McDermott Will & Emery) – Moderator
- Natasha Kohne (Akin Gump Strauss Hauer & Feld)
- Dominique Shelton Leipzig (Perkins Coie)
- Steven B. Roosa (Norton Rose Fulbright)
The CCPA, effective January 1, 2020, creates new consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses. The CCPA now takes its place alongside the European Union’s General Data Protection Regulation (GDPR), which has its own legal framework with different scopes, definitions, and requirements. Both statutes will have tremendous on businesses and will permanently change the way customer data is collected, stored, and used.
This panel will focus on the most critical items in these blockbuster statutes, including how they relate and differ. Topics will include fines, breach notifications, opt-in consent and responsibility for data transfers.
9:20 – 10:00 am: Counseling a Corporation Before a Data Security Incident
- Jim Pastore (Debevoise & Plimpton) – Moderator
- Robyn K. Bacon (Munger, Tolles & Olson)
- Diana Tani (U.S. Securities and Exchange Commission)
- Ronald Yearwood (FTI Consulting)
Although data breaches are inevitable, companies should still take important and thoughtful preemptive measures to meet their compliance obligations and to help prepare themselves to respond. This panel will focus on preemptive steps that legal and compliance professionals should implement today to not only insure adequate preparation for the latest types of data breaches, but also to assure adequate compliance amid increasing regulatory scrutiny.
Topics will include incident response planning; C-Suite and Board responsibilities; and cyber-insurance.
10:10 – 10:50 am: Counseling a Corporation After a Data Security Incident
- Phyllis B. Sumner (King & Spalding) – Moderator
- Aravind Swaminathan (Orrick, Herrington & Sutcliffe)
- J. Andrew Valentine (Kroll)
- Joseph Woodring (AUSA, Central District of California)
Data breach response workflow and coordination requires careful navigation because, among other things, the legal, public communications, and compliance ramifications of any failure can be devastating and value destructive for both public and private companies. It can also cost corporate executives their jobs. This panel will explore that, just like any other independent and thorough investigation, the work relating to a cyber-attack will involve a team of lawyers with different skill-sets and expertise (e.g., regulatory, e-discovery, data breach response, privacy, litigation, law enforcement liaison, and public communications).
This panel will focus on the litany of issues that arise not only during the “Golden Hour” immediately after becoming aware of a cyber-attack, but also during the months that follow where any misstep can severely and instantaneously impact a company’s bottom-line.
11:00 – 11:40 am: National Security and Cyber-Attacks
- Travis LeBlanc (Cooley LLP) – Moderator
- Allison J. Bender (Wilson Sonsini Goodrich & Rosati)
- Daron M. Hartvigsen (Ankura Consulting)
- Justin M. Vallese (FBI Los Angeles Field Office)
This panel will focus on the nature of the international threat of cyber-attacks. For legal and compliance professionals, understanding the international dynamic of cyber-threats is critical to represent adequately the interest of corporate clients – especially in the context of regulatory compliance; insurance claims; and privacy protections.
This panel will include a look at which foreign entities are hacking into American systems, and how they are doing it. What sort of impact does foreign complicity in a data breach have upon a successful strategic incident response? If foreign countries are tampering with elections, should boards be concerned that they’re also tampering with supply chains?
11:50 – 12:30 pm: Ransomware and Business Email Compromise
- Jennifer C. Archie (Latham & Watkins) – Moderator
- Jesse Baker (U.S. Secret Service)
- Sean B. Hoar (Lewis Brisbois)
- Bret Padres (Crypsis Group)
Ransomware and business email compromise (BEC), have significant regulatory implications, can involve important legal responsibilities and liabilities, and are growing exponentially. Even the most traditional realms of IT dominion such as exfiltration analysis, malware reverse engineering, digital forensics, logging review and most technological remediation measures are rife with legal and compliance issues and a myriad of potential conflicts.
Because ransomware response and BEC issues are critical to the very survival of a company, lawyers typically oversee and direct investigative workflow, command the investigation and remediation for the C-suite, and share with senior management the ultimate responsibility for key decisions. In the context of ransomware in particular, because most companies end up paying the ransom, effective legal counsel is essential.
This panel will discuss some of the more typical ransomware and BEC response workflow such as working with law enforcement, customer and regulatory notification responsibilities and remediation. This panel will also address some of the unique and complex issues involved such as the legal risks of negotiating with, and tendering payment to, the ransomware purveyor and the most effective methods available for BEC recovery.
12:30 pm: Lunch in Astor Ballroom