Agenda

Mandarin Agenda photo

2020 Agenda

(start times for each panel will be posted here shortly)

 

MORNING SESSIONS  

I.              DATA BREACH RESPONSE: BIG ISSUES GOING FORWARD 

Data breach response workflow and coordination requires careful navigation because, among other things, the legal, public communications, and compliance ramifications of any failure can be devastating and value destructive for both public and private companies. This panel of top incident response experts will discuss the hottest and most timely issues of IR. Most importantly, this panel will discuss what to expect in the future, kicking it all off with a roundtable on predictions of the biggest IR issues facing legal and compliance professionals during the next few years, from incident response workflow and law enforcement/ regulatory interphase to notification, remediation and cyber-related class actions.

 

II.            COUNSELING BOARDS AND THE C-SUITE BEFORE THE INEVITABLE BREACH 

This discussion focuses on the requisite strategic framework for boards of directors to effectively analyze and supervise corporate cybersecurity risks. In the aftermath of a corporate cyber-attack, boards and the c-suite they supervise are subjected to immediate public scrutiny and criticism. This new cyber-reality has essentially removed the distinction between board member and IT executive, with cybersecurity emerging as a key corporate risk area. This panel will also discuss how to approach/improve/manage cybersecurity so, that when the inevitable data security incident occurs, a company’s cyber-hygiene will not only meet, but also impress, the litany of state, federal, and/or sector-based regulators that will suddenly become engaged as well as the many other parties who may seek reparation and/or recompense.

 

III.           RESPONDING TO BUSINESS EMAIL COMPROMISE ATTACKS 

Business email compromise (BEC) attacks can have significant regulatory implications, can involve important legal responsibilities and liabilities, and are growing exponentially both in scope and in breadth. Because BEC issues are critical to the very survival of a company, lawyers typically oversee and direct investigative workflow, command the investigation and remediation for the C-suite, and share with senior management the ultimate responsibility for key decisions. This panel will cover the latest developments in, and the latest legal techniques, practices and countermeasures for, BEC attacks. Most importantly, this panel will address the most effective methods and processes available for BEC recovery.

 

IV.          MANAGING THE INSIDER THREAT IN THE WORLD OF CYBER 

One of the most significant, and too often ignored cybersecurity risks, involves the company insider. Leaks, theft, and sabotage by employees (and former employees) have become a major cybersecurity risk – and pose unique investigatory and response challenges for legal and compliance professionals. This panel discusses how to handle the many challenging issues which can arise when a data security incident involves the negligent or intentional misconduct of a current or former employee. This panel will also include a discussion of one of the more infamous insider threat investigations, the thrilling, true-life account of the FBI’s hunt for the ingenious traitor Brian Regan. Before Edward Snowden’s infamous data breach, the largest theft of government secrets was committed by Regan whose intricate espionage scheme and complex system of coded messages were made even more baffling by his dyslexia. Regan, who came to be known as The Spy Who Couldn’t Spell, was captured because of the extraordinary efforts of  Bret Padres (then Air Force OSI) and Gary Walker, (then FBI) as described in a book by Yudhijit Bhattacharjee – all of whom will be on this panel.

 

V.        INCIDENT RESPONSE AND THE CALIFORNIA CONSUMER PRIVACY ACT AND GDPR 

The CCPA, effective January 1, 2020, creates new consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses. The CCPA now takes its place alongside the European Union’s General Data Protection Regulation (GDPR), which has its own legal framework with different scopes, definitions, and requirements. Both statutes will have a tremendous impact on businesses and will permanently change the way customer data is collected, stored, and used. This panel will focus on the most critical items in both blockbuster statutes, all in the context of how to manage these responsibilities in the context of a data security incident.

 

LUNCH AND AFTERNOON KEYNOTE 

A moderated Q&A discussion with Justin Shibayama Herring, current Executive Deputy Superintendent, Cybersecurity Division for New York Department of Financial Services, and former Chief of the Cybercrimes Unit of the U.S. Attorney’s Office of New Jersey.

 

AFTERNOON SESSIONS  

I.              RESPONDING TO RANSOMWARE ATTACKS 

Ransomware attacks can have significant regulatory implications, can involve important legal responsibilities and liabilities, and are growing exponentially. Because ransomware response is critical to the very survival of a company, lawyers typically oversee and direct investigative workflow, command the investigation and remediation for the C-suite, and share with senior management the ultimate responsibility for key decisions. In the context of ransomware in particular, because most companies end up paying the ransom, effective legal counsel is essential. This panel will discuss some of the more typical ransomware workflow such as: working with law enforcement; quarterbacking remediation; managing any possible customer and regulatory notification responsibilities; and leading the battle for any insurance claims. This panel will also address some of the unique and complex issues involved such as the legal risks of negotiating with, and tendering payment to, the ransomware purveyor.

 

II.            NATIONAL SECURITY and CYBER-ATTACKS 

This panel will focus on the national security implications of cyber-attacks. For legal and compliance professionals, understanding the national security dynamic of cyber-threats is critical to represent adequately the interest of corporate clients – especially in the context of regulatory compliance; insurance claims; and privacy protections. This panel will include a look at which foreign entities are hacking into American systems, and how they are doing it. Other questions include: What sort of impact does foreign complicity in a data breach have upon a successful strategic incident response? If foreign countries are tampering with elections, should boards be concerned that they’re also tampering with supply chains?

 

III.          CYBER-INSURANCE (TRENDS AND HOW TO GET PAID); CLASS ACTIONS (TRENDS AND HOW TO AVOID); AND DAMAGES (TRENDS AND HOW TO CALCULATE)

Companies have begun taking into account cybersecurity concerns when considering overall enterprise risk management and insurance risk transfer mechanisms, just as they do with other hazards of doing business. Yet there is no standard cyber-insurance policy, and many corporate cyber-insurance policies are bespoke. This discussion focuses on: 1) battleground legal issues concerning cyber-insurance (and other types of insurance), including discussions of how to make sure all parties involved are properly covered and reimbursed; 2) how to understand/calculate/anticipate the actual damages of a data security incident; and 3) how the latest class action developments impact the conducting of an incident response.  

 

IV.          FINANCIAL REGULATORS, CYBERSECURITY AND DATA BREACHES  

This discussion will focus on the unique regulatory and legal framework surrounding cyber-attacks of financial firms, with a particular focus on managing issues pertaining to the U.S. Securities and Exchange Commission, the Financial Industry Regulatory Authority, and the litany of other federal and state financial law enforcement/regulatory agencies.

 

ANNOUNCEMENT OF “INCIDENT RESPONSE 30” AND COCKTAIL PARTY

Details

When: Tuesday, April 14, 2020
7:30 am - 8:15 am (breakfast & registration)
8:15 am - 5:00 pm (followed by cocktail party)
Where: Mandarin Oriental
1330 Maryland Avenue, SW
Washington, D.C. 20024
CLE Credit: 6.0 hours (pending)

Corporate Sponsors

Kroll 230 2019

Ankura 230x60

Cornerstone230-v2

CrypsisLogo

Intel 230

JRS230

Sard Verbinnen 230 UGT 230

Law Firm Sponsors

Orrick 230 v2

Alston 230 v2

BakerMcKenzie230

BarnesThornburg230

Beckage 230

Cooley2016-230

Covington2018 230

Debevoise230v2

ks230v2

latham230x60

Lewis Brisbois 230

Norton Rose 230

O'Melveny 230

PerkinsCoie

Ropes &Gray

SheppardMullin 230

Willkie 230

Wilson Sonsini 230 2019