8:00–8:15 Welcome Remarks
8:15–9:15 Counsel as Quarterback in Incident Response
Data breach response workflow requires careful navigation because the legal ramifications of any failure can be calamitous or even fatal for any public or private company. This panel will explore how, just like with any other independent and thorough investigation, the work relating to a cyber-attack will involve a team of lawyers leading IR efforts with different skillsets and expertise (e.g., regulatory, ediscovery, data breach response, privacy, white collar defense, litigation, law enforcement liaison). The panel will focus especially on the law enforcement liaison and regulatory response aspects of IR.
- Luke Dembosky (Partner, Debevoise & Plimpton LLP; former Deputy Assistant Attorney General, DOJ’s National Security Division)
- Kimberly Kiefer Peretti (Partner, Alston & Bird LLP; former Senior Litigator, DOJ’s Computer Crime and Intellectual Property Section)
- Ronald Yearwood (Section Chief of Cyber Operations III, FBI’s Cyber Division)
- Moderator: David R. Fontaine (CEO, Corporate Risk Holdings LLC)
9:20–10:00 Managing Financial Firm Data Breaches
This panel will focus on the unique regulatory and legal framework engulfing cyber-attacks of financial firms, with a focus in particular upon managing issues pertaining to the U.S. Securities and Exchange Commission and the Financial Industry Regulatory Authority (FINRA).
- Stephanie Avakian (Acting Director, SEC Division of Enforcement)
- J. Bradley Bennett (former Executive Vice President of Enforcement, FINRA)
- Justin L. Root (Of Counsel, Dickinson Wright PLLC; former Special Agent, Cyber Crimes Unit, Ohio AG’s Office)
- Moderator: Philip S. Khinda (Partner, Steptoe & Johnson LLP; former Senior Counsel, SEC Division of Enforcement)
10:15-10:55 Managing Retail Data Breaches
This panel will focus on the unique aspects of handling a data breach involving a retail organization, or any other organization that collects credit card information. When a cyber-attack targets electronically transmitted, collected or stored payment card information, so-called Payment Card Industry Data Security Standards (“PCI-DSS”) compliance triggers a unique investigative and remedial workflow, which can be extremely complex, costly, cumbersome and disruptive. This panel will also help clarify the value of personal identifying information (PII); how PII is sold/exploited by criminals; and why protecting PII is so important.
- Paul Luehr (Partner, Faegre Baker Daniels LLP; former FTC Assistant Director and DOJ Computer Crimes Prosecutor)
- Douglas H. Meal (Partner, Ropes & Gray LLP)
- Maneesha Mithal (Associate Director, FTC’s Division of Privacy and Identity Protection)
- Moderator: Bret Padres (CEO, The Crypsis Group; former Special Agent, U.S. Air Force Office of Special Investigations and Chief of R&D, Computer Crimes Unit, U.S. Postal Service’s OIG)
11:00-11:40 Managing Healthcare Data Breaches
This panel will focus on data breaches involving health care institutions. Given the litany of specific regulations concerning health care related data, this area has evolved into a highly regulated and increasingly important area of government concern. For instance, companies storing personal health information (PHI) are scrutinized intensely, and their privacy and security protocols must pass muster not only under The Health Information Technology for Economic and Clinical Health Act (HITECH Act), but also under the privacy protections afforded under Health Insurance Portability and Accountability Act of 1996 (HIPAA).
- Theodore J. Kobus III (Partner, Baker & Hostetler LLP)
- Darren Lacey (CISO and Director of IT Compliance, Johns Hopkins University and Johns Hopkins Medicine)
- Erik Rasmussen (Managing Director, Kroll; former Special Agent, U.S. Secret Service)
- Moderator: Edward R. McNicholas (Partner, Sidley Austin LLP; former Associate Counsel to President Clinton)
11:55-12:45 Managing Data Breaches Across Borders
This panel explores the many international issues which can arise during a data breach response. When a data security incident occurs, the ramifications typically cross borders and are global in nature – mandating special attention, navigation, expertise and oversight. For instance, in addition to federal and state regulations, U.S. companies who maintain subsidiaries, affiliates or employees in the European Union (E.U.), must comply with relevant E.U. Member State data protection laws and guidelines where “personal data” is collected, processed or transferred by local operations.
- David C. Lashway, Partner, Baker & McKenzie LLP
- Nicholas A. Oldham (Partner, King & Spalding LLP; former Counsel for Cyber Investigations, DOJ’s National Security Division)
- Stephen Reynolds (Deputy Chief for Cyber Law and Policy, National Security Division, U.S. Department of Justice)
- Liisa M. Thomas (Partner, Winston & Strawn LLP)
- Moderator: David N. Fagan (Covington & Burling LLP)
12:45 – 2:00 Lunch and Afternoon Keynote by Adam S. Hickey, Deputy Assistant Attorney General for National Security, U.S. Department of Justice
2:00 – 3:00 National Security and Cyber-Attacks
What countries are targeting the U.S. with cyber-attacks? How are these attacks evolving? What is the US government doing to counter this trend? Can state sponsored cyber-terrorism be stopped? This extraordinary panel of highly-credentialed and experienced experts will focus on answering these questions, discussing not only the nature of the international threat of cyber-attacks but also what to expect in the future. For legal and compliance professionals, understanding the national security implications of cyber-threats is critical to represent adequately the interest of corporate clients – especially in the context of regulatory compliance; insurance claims; and privacy protections.
- John P. Carlin (Partner, Morrison & Foerster; former Assistant Attorney General, DOJ’s National Security Division)
- Maj. Gen. Charles Dunlap (Exec. Dir., Duke Law’s Center on Law, Ethics and National Security; Retired Air Force Major General)
- Susan Hennessey (Fellow, National Security in Governance Studies, Brookings Institution; former Attorney, Office of General Counsel, NSA)
- Aaron Hughes (former Deputy Assistant Secretary of Defense for Cyber Policy, U.S. Department of Defense)
- Benjamin A. Powell (Partner, WilmerHale; former GC to the Director of National Intelligence, Office of the President of the United States)
- Moderator: Anthony Scaramucci (Founder and Co-Managing Partner, SkyBridge Capital)
3:00 – 3:15 Break
3:15 – 4:00 CISO Spotlight on IR: The View From Within
This panel will focus on how data breaches are handled from within a corporation and what legal, investigative and compliance professionals need to know in order to counsel clients to meet a standard of cybersecurity that, despite a data breach, will avoid liability, regulatory penalties and other legal and compliance problems.
- Ken Davidson (Senior Director, Information Security and Compliance, HMSHost Corporation)
- Mark Lohman (Senior Director, Information Security, W.W. Grainger, Inc.)
- Joe Segreti (Co-Founder, KoreLogic; former Security Officer, SEC)
- Moderator: Benjamin Eason (CISO and Principal, The Carlyle Group)
4:00 – 4:15 Break
4:15 – 5:00 Post-Breach Risk Management, Remediation Best Practices and Cyber Insurance Issues
This panel will focus on risk management efforts occurring after a cyber-attack, including remediation best practices that will address the immediate concerns of the litany of interested/concerned constituencies (such as regulators, customers, partners, shareholders, board members, employees and many others). The panel will also discuss the related area of cyber insurance. Clearly, cyber insurance is becoming yet another basic element of a company’s insurance coverage, just like property insurance and health insurance.
- Steve Bunnell (Partner, O’Melveny & Myers LLP; former General Counsel of DHS and former Chief, Criminal Division, USAO (D.C.))
- Tara McGraw Swaminatha (Of Counsel, DLA Piper; former Trial Attorney, DOJ’s Computer Crime and Intellectual Property Section)
- Luke Tenery (Senior Managing Director, Ankura Consulting Group, LLC)
- Moderator: Scott N. Godes (Partner, Barnes & Thornburg LLP)
5:00 – 6:00 Cocktail Reception