Agenda

MayflowerBallroom 700x150

 

2019 Agenda

7:00 – 8:15 am: Breakfast and Check-In

8:15 – 8:30 am: Welcome Remarks

8:30 – 9:20 am  DATA BREACH RESPONSE: BIG ISSUES GOING FORWARD

Data breach response workflow and coordination requires careful navigation because, among other things, the legal, public communications, and compliance ramifications of any failure can be devastating and value destructive for both public and private companies. This discussion will explore that, just like any other independent and thorough investigation, the work relating to a cyber-attack will involve a team of lawyers with different skill-sets and expertise (e.g., regulatory, ediscovery, data breach response, privacy, litigation, law enforcement liaison, and public communications). This panel of top incident response experts will discuss the hottest and most timely issues of IR. Most importantly, this panel will discuss what to expect in the future, kicking it all off with a roundtable on predictions of the biggest IR issues facing legal and compliance professionals during the next few years, including data breach-related class actions.

 

9:25 – 10:15 am  MANAGING RETAIL DATA BREACHES

This panel will focus on the unique aspects of handling a data breach involving any organization, especially retail companies, that collect credit card information. When a cyber-attack targets electronically transmitted, collected or stored payment card information, so-called Payment Card Industry Data Security Standards(PCI-DSS) compliance sparks unique investigative and remedial workflow which creates a catalogue of challenging legal issues.

 

10:15 – 10:25  Break

 

10:25 – 11:10 am  CYBER-INSURANCE: HOW TO WORK WITH INSURANCE COMPANIES, BATTLEGROUND ISSUES AND HOW TO GET PAID

Companies have begun taking into account cybersecurity concerns when considering overall enterprise risk management and insurance risk transfer mechanisms, just as they do with other hazards of doing business. Yet there is no standard cyber-insurance policy, and many corporate cyber-insurance policies are bespoke. This discussion focuses on battleground legal issues concerning cyber-insurance, including a discussions of how to make sure all parties involved are properly covered and reimbursed.

 

11:10 -11:20  Break

 

11:20 – 12:10 pm  NATIONAL SECURITY, RANSOMWARE AND CYBER-ATTACKS

This panel focuses on the national security aspects and implications of cyber-attacks. For legal and compliance professionals, understanding the national security interests involved in cyber-threats is critical to adequately represent the interest of corporate clients – especially in the context of regulatory compliance and privacy protections. This panel will also address the dire threat of ransomware. Are ransomware attacks becoming more pervasive and more effective? Are companies paying ransomware demands? Does the phenomenon of bitcoin and other cryptocurrencies exacerbate the problem of ransomware by providing a conveniently pseudo-anonymous means of payment?

 

12:10 – 1:20 pm  LUNCH AND AFTERNOON KEYNOTE: Assistant Attorney General for the National Security Division, U.S. Department of Justice, John C. Demers

 

1:20 – 2:05 pm  PRIVACY AND THE GDPR

The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. The regulation will fundamentally reshape the way in which data is handled across every sector, from healthcare to banking and beyond. This panel will discuss how to manage GDPR issues during a data breach as well as the litany of other U.S. state and federal issues of privacy that arise. Discussion will include issues to spot concerning the recently enacted privacy statute enacted California, a sweeping consumer privacy law that might force significant changes on companies that deal in personal data (especially those operating in the digital space).

 

2:05 – 2:15  Break

 

2:15 – 3:05 pm  COUNSELING BOARDS AND THE C-SUITE BEFORE THE INEVITABLE BREACH

This discussion focuses on the requisite strategic framework for boards of directors to effectively analyze and supervise corporate cybersecurity risks. In the aftermath of a corporate cyber-attack, boards and the companies they govern are subjected to immediate public scrutiny and criticism. This new cyber-reality has essentially removed the distinction between board member and IT executive, with cybersecurity emerging as a key corporate risk area.

 

3:05 – 3:15 pm  Break

 

3:15 – 4:05 pm  AFTER THE BREACH: DIGITAL FORENSICS, REMEDIATION AND NOTIFICATION

This discussion is a bit more technical than other panel discussions, and covers the latest methods and practices of cyber-attackers, which is critical for legal and practitioners to understand. For instance, during the aftermath of a data breach, an expert forensic team will typically present its findings to the legal team leading the incident response. The legal team will then determine the nature and substance of any contractual, statutory (federal and state) or other requirements triggered by the attack. Without understanding the nature of the latest attacks and threats, a legal team can stumble (badly) concerning this critical responsibility and cannot effectively carry out many of the most critical aspects of data breach response – including what is required/expected during a typical remediation. Also, after a data security incident, how to improve cybersecurity so as to avoid attracting attention of a state, federal, and/or sector-based regulator.

 

4:05 – 4:15 pm  Break

 

4:15 – 5:00 pm  FINANCIAL REGULATORS, CYBERSECURITY AND DATA BREACHES

This discussion will focus on the unique regulatory and legal framework surrounding cyber-attacks of financial firms, with a particular focus on managing issues pertaining to the U.S. Securities and Exchange Commission, the Financial Industry Regulatory Authority, the New York State Department of Financial Service and other federal and state financial law enforcement/regulatory agencies.

 

5:00 – 6:00 pm: Announcement of “Incident Response 30” and Cocktail Party

Details

When: Wednesday, April 10, 2019
7:00 am - 8:15 am (breakfast & registration)
8:15 am - 5:00 pm (followed by cocktail party)
Where: Mandarin Oriental
1330 Maryland Avenue, SW
Washington, D.C. 20024
CLE Credit: 6.0 hours (approved in PA)

Materials

Links to materials available here.

CLE Info and Forms

SEF2014 CLE -smCLE forms available here.

Corporate Sponsors

Kroll 230 2019

Ankura 230x60

CrypsisLogo

FTI Cyber 230

Intel 230

JRS230

Sard Verbinnen 230

Academic Sponsor: Duke Law

Duke LENS 230

Law Firm Sponsors

Alston 230 v2

BakerMcKenzie230

BarnesThornburg230

Beckage 230

Cooley2016-230

Covington2018 230

Debevoise230v2

Faegre 230

ks230v2

latham230x60

Lewis Brisbois 230

Norton Rose 230

O'Melveny 230

Orrick 230 v2

Ropes &Gray

SheppardMullin 230

Sidley230v3

Willkie 230