Day 1 - Thursday, September 29, 2016

7:30
Registration and Continental Breakfast
8:00
Chair Welcoming Remarks
8:05
In-House Viewpoints on Cyber Security Protocols, Data Breach and Privacy Litigation, and Managing Litigation Costs
9:25
Class Actions: Data Privacy & Security Breach Case Law, Trends in Key Jurisdictions and Circuit Court Rulings, New Class Certification Issues, Novel Standing, Causation, Damages, Injury and Actual Harm Nuances, and ​How the Spokeo and PF Chang Decisions Will Change the Landscape
10:45
Morning Break
10:55
Responding to and Evaluating Claims Involving the Telephone Consumer Protection Act (TCPA) and Related Case Law Claims: Impact of the FCC Order Regarding Clarification on Telemarketing Rules, ​Factoring in Key State Legislative Activity From Different Jurisdictions, and Litigation Over Collection and Use of Online or Mobile Information
12:00
Networking Luncheon
1:00
Federal and State Enforcement for Invasion of Privacy, Data Breaches, Failure to Comply with Notification Statutes Including the Impact of Recent CFPB Consent Orders for Misrepresentation of Security Practices, and ​Increased Focus from SEC and FINRA Regarding Cyber Security
2:40
Global Impact of Data Breaches: Finalization of General Data Protection Regulation Recently Passed by the EU, Right to be Forgotten Law in Europe, Compliance with EU Law, EU/US Privacy Shield, and Managing Cross-Border Information
3:40
Afternoon Break
3:50
Ransomware Litigation: Data Breach Notification Issues, Key Jurisdictional Differences, and Cyber Coverage Issues
4:45
Cyber & Data Risk Insurance and Its Related Litigation Issues and Coverage Disputes Including the Travelers Decision Finding Cyber Coverage in a CGL Policy
5:40
Attorney/Client Privilege Issues Arising out of Breach Notification: Attorneys’ Ethical Duties When Clients Seek Advice During a Breach, Examining the Communication That is Considered Privileged, and ​Determining Whether Forensic Reports Should be Turned Over
6:30
Conference Adjourns to Day Two

Day 2 - Friday, September 30, 2016

7:30
Continental Breakfast
8:00
View From the Bench on Data Breach, Privacy and TCPA Class Actions & Litigation: Presenting Technology to Fact Finders and Settlement & Discovery Strategies in These Complex Cases
10:00
Break
10:15
Business to Business Litigation: Vendor Litigation, Service Provider Litigation, and Examining the Ecosystem of Payment Card Breaches
11:15
Big Data: Opportunities, Challenges, and Regulatory Scrutiny
12:15
Conference Adjourns
Lunch for Workshop Speakers and Attendees

Information Governance and Data Management: Your Complete Guide

Sep 30, 2016 1:15pm - 3:15pm

Speakers

Elizabeth Rogers
Shareholder
Greenberg Traurig, LLP

Day 1 - Thursday, September 29, 2016

7:30
Registration and Continental Breakfast
8:00
Chair Welcoming Remarks
8:05
In-House Viewpoints on Cyber Security Protocols, Data Breach and Privacy Litigation, and Managing Litigation Costs

Nestor J. Rivera
Executive Privacy & IT Counsel HIPAA Privacy Officer
GE Healthcare

Arpan A. Sura
Attorney
Hogan Lovells LLP (former Counsel at Sprint)

Timothy J. Nagle
VP, Chief Privacy Counsel
Prudential Financial Inc.

Christopher Pierson
Chief Security Officer & General Counsel
Viewpost

Jennifer Harkins Garone
Global Privacy Lead, MSIT
Microsoft

Moderator:

Liisa M. Thomas
Partner
Winston & Strawn LLP

9:25
Class Actions: Data Privacy & Security Breach Case Law, Trends in Key Jurisdictions and Circuit Court Rulings, New Class Certification Issues, Novel Standing, Causation, Damages, Injury and Actual Harm Nuances, and ​How the Spokeo and PF Chang Decisions Will Change the Landscape

Janis Kestenbaum
Partner
Perkins Coie LLP

Ronald I. Raether
Partner
Troutman Sanders LLP

Douglas H. Meal
Partner
Ropes & Gray LLP

  • Examining class action suits jurisdiction by jurisdiction, involving data breach cases
  • How have the circuit courts held? How have the state courts held?
  • Different decisions in the last 6 months
  • Rule 23 Issues: How are Rule 23 issues brought up in the context of litigation
  • Class Certification: seeking and defending against class certification; best motion practices involving class cert; what survives summary judgment and what does not?; class certification case law; circuit splits
  • Standing and damages: Spokeo – interpreting the Supreme Court ruling on standing; PF Chang – imminent harm confers standing; Circuit courts are not aligned as to when you have standing and show actual damages; Is the individual responsible or the provider responsible?; “Threat of harm” issues – Determining whether the consumer has suffered damages
  • Plaintiff ’s attorney involvement: how and why plaintiffs decide to sue; what makes a good case for plaintiffs?; how do plaintiffs become named plaintiffs?; lawsuit on a contingent basis; Attorney’s fees
  • Consolidating cases before MDL panel
  • Arbitration clauses?
  • Class action settlements – settlement value; settlement structure and implementation; judicial approval and scrutiny; objectors

10:45
Morning Break
10:55
Responding to and Evaluating Claims Involving the Telephone Consumer Protection Act (TCPA) and Related Case Law Claims: Impact of the FCC Order Regarding Clarification on Telemarketing Rules, ​Factoring in Key State Legislative Activity From Different Jurisdictions, and Litigation Over Collection and Use of Online or Mobile Information

Nancy L. Perkins
Counsel
Arnold & Porter LLP

Heather J. Enlow-Novitsky
Of Counsel
Vorys, Sater, Seymour and Pease LLP

TCPA Litigation

  • TCPA violations; TCPA compliance; TCPA litigation ramping up as consumers receive more texting and phone messages; More companies are using text messages to reach out to consumers; Litigation is emerging
  • Privacy issues related to robo dialing
  • What authority does the FTC have in this type of privacy litigation?
  • How are plaintiffs bringing claims?
  • Direct marketing via phone
  • Standing – under TCPA you can have standing without injury
  • Getting rid of TCPA if you can get rid of class members
  • Impact of the FCC order involving clarification on telemarketing rules, interpretation of rules, and standards; Private cause of action, lawsuits that followed after the order was issued

 

FTC Authority

  • FTC authority as defined under Section 5 of the FTC act or state law equivalent of the mini FTC act (unfair and deceptive practices); Standard that is vague and difficult to prove
  • New issues related to settlement regarding improper release of personal information or issues in the security context

12:00
Networking Luncheon
1:00
Federal and State Enforcement for Invasion of Privacy, Data Breaches, Failure to Comply with Notification Statutes Including the Impact of Recent CFPB Consent Orders for Misrepresentation of Security Practices, and ​Increased Focus from SEC and FINRA Regarding Cyber Security

Steve Kinion
Director, Bureau of Captive and Financial Insurance Products
Delaware Dept. of Insurance

Deborah Marrone
Assistant Regional Director Northeast Regional Office
U.S. Federal Trade Commission

Vincente Martinez
Chief, Office of Market Intelligence, Division of Enforcement
U.S. Securities and Exchange Commission

C. Brad Schuelke
Assistant Attorney General, Consumer Protection Division
Texas Attorney General's Office

Victoria Chou
Assistant United States Attorney
United States Attorney Office Central District of California

Travis LeBlanc
Chief, Bureau of Enforcement
FCC

Prashanth Mekala
Supervisory Special Agent, NY Field Office, Cyber Div.
FBI

Moderator:

Joseph Borg
Director
Ala. Sec. Commission

Federal

  • Enforcement actions from the FTC based on the FTC act
  • CFTC or Federal Reserve for financial institutions
  • HHC or OCR for healthcare data breaches
  • CFPB enforcement of data breach/cyber security issues following its consent order against Dwolla, Inc. alleging misrepresentation of security practices
  • Increased scrutiny from the SEC and FINRA on cyber security

 

State

  • View from different states and case examples specifically
  • Breach notification letters
  • Multi state agency investigations: Federal investigation can happen as well as state investigations; Did you follow all the right protocols?; What does your information security program look like?; Do you have encryption?; Can you enter into protracted negotiation with state attorney generals
  • State attorney general’s activity in New York: Request for information; Conducting the investigation; Proposals for assurance of continuance; Laying out factual statement and providing remediation; Negotiation; Settlement; Trial
  • California attorney general enforcement actions; Number of forms and notification if a public or government funded entity

2:40
Global Impact of Data Breaches: Finalization of General Data Protection Regulation Recently Passed by the EU, Right to be Forgotten Law in Europe, Compliance with EU Law, EU/US Privacy Shield, and Managing Cross-Border Information

Hillary Kaplan
Assistant General Counsel
Microsoft

Darren A. Bowie
Chief Privacy Officer and Associate General Counsel Global Legal, Compliance, and Regulatory
AIG

Ryan P. Blaney
Member
Cozen O’Connor (Washington, DC)

James T. Shreve
Counsel
BuckleySandler LLP

  • EU fining Google on Right to be Forgotten; Compliance with EU law is costly as the Google case is an example
  • How to manage cross border of information
  • Finalization of general data protection regulation recently passed: Takes into effect 2 years from now; Expanded territorial scope; Stricter obligations; Immediate impact of member states in the EU
  • EU/US privacy shield: Mechanism of transferring data from EU to US; Finalized summer 2016; Self certification process; Privacy shield replacing safe harbor
  • Breach notification in the international context
  • A closer look at Latin America and Asia and its data privacy requirements

3:40
Afternoon Break
3:50
Ransomware Litigation: Data Breach Notification Issues, Key Jurisdictional Differences, and Cyber Coverage Issues

David Hankin
CEO
Alfred Mann Foundation for Scientific Research

Jonathan L. Schwartz Esq.
Partner
Goldberg Segalla

Nace Naumoski
Partner
Stewart Bernstiel Rebar & Smith

  • Jurisdictional differences of how to handle ransomware litigation in terms of whether it’s a data breach and whether there is unauthorized use of data
  • Determining whether ransomware litigation requires notification
  • From an insurance standpoint is it lawful to provide coverage when you are engaging in criminal activity (i.e., paying ransom in bitcoins to get the data back)

4:45
Cyber & Data Risk Insurance and Its Related Litigation Issues and Coverage Disputes Including the Travelers Decision Finding Cyber Coverage in a CGL Policy

Brian J. Dusek
Partner
McCullough, Campbell & Lane LLP

Linda D. Kornfeld
Managing Partner
Kasowitz, Benson, Torres & Friedman LLP

  • How cyber & data risk insurance is important in the litigation context
  • Liability issues
  • Coverage issues
  • Need for comprehensive insurance

 

Underwriting Issues

  • Cyber approach that is risk based
  • Interface of underwriting and claims
  • Quantifiable data
  • Using property/casualty as an example you can make determination based on aging structure and mitigate loss/calculate versus cyber arena where calculations can’t be made and limits are much lower

 

Litigation Against Insurance Companies

  • Niche market around drafting, writing of policies to cover data breach and cyber breaches
  • Examining the growing cottage industry of how to litigate disputes
  • Litigating coverage disputes

 

Impact of the Travelers Decision on Finding Cyber Coverage in a CGL Policy

  • Analysis of the court’s decision finding cyber coverage in a CGL Policy
  • Impact of insureds not using the ISO form which excludes cyber coverage
  • Finding coverage for unreasonable publicity of medical records

5:40
Attorney/Client Privilege Issues Arising out of Breach Notification: Attorneys’ Ethical Duties When Clients Seek Advice During a Breach, Examining the Communication That is Considered Privileged, and ​Determining Whether Forensic Reports Should be Turned Over

Nicole Hughes Waid Esq.
Attorney
Fisher Broyles, LLP

Dominic A. Paluzzi
Attorney
McDonald Hopkins PLC


(featuring 30 minutes of Ethics credit)

 

  • Use of forensic experts
  • In litigation, plaintiffs are always looking for forensic reports and defendants are concerned about turning those over
  • What communication is considered privileged between the client, attorney and IT professional?
  • What is the attorney’s obligation with respect to discovery issues?
  • How does the attorney’s role as a breach coach affect attorney/client privilege; Determining whether the breach report is discoverable
  • Application of attorney/client privilege to documents part of security audit or part of incident response
  • Annual security audit is protected because there was a breach
  • Forensic reports by the company in response to breach or documents prepared in annual report
  • Application of Genesco to attorney/client privilege and whether it applies to request from regulators

6:30
Conference Adjourns to Day Two

Day 2 - Friday, September 30, 2016

7:30
Continental Breakfast
8:00
View From the Bench on Data Breach, Privacy and TCPA Class Actions & Litigation: Presenting Technology to Fact Finders and Settlement & Discovery Strategies in These Complex Cases

Hon. James G. Carr

U.S. Dist. Ct., N.D. Ohio

Hon. Clifton Newman

South Carolina Circuit Court

Hon. James P. O’Hara

U.S. Dist. Ct., D. Kan.

Hon. Daniel E. Knowles‚ III

U.S. Dist. Ct., E.D. La.

Hon. Berle M. Schiller

U.S. Dist. Ct., E.D. Pa.

Hon. Michael M. Baylson

U.S. Dist. Ct., E.D. Pa.

Hon. Ruben Castillo

U.S. Dist. Ct., N.D. Ill.

Moderator:

Brian J. Dusek
Partner
McCullough, Campbell & Lane LLP

10:00
Break
10:15
Business to Business Litigation: Vendor Litigation, Service Provider Litigation, and Examining the Ecosystem of Payment Card Breaches

Jeffrey Taft
Partner
Mayer Brown

Cody Wamsley
IT Risk & Information Security Manager
ISSA

  • Business associates as a covered entity: Breach occurs and vendor is in the covered entity agreement; Litigation surrounding around the vendor; 3rd party vendor makes the assessment; Retailer who is at fault for breaches; Issuing bank loses out and go back to acquiring bank and sweep money out of retailer’s bank; Arguments the retailer makes that the fault is not their own
  • Service provider litigation
  • Payment card breaches

11:15
Big Data: Opportunities, Challenges, and Regulatory Scrutiny

Asra Ali
Compliance and Risk Manager
Healthscape Advisors

James H. Koenig
Of Counsel
Paul Hastings LLP

Corey Dennis
Associate Counsel & Privacy Officer
Pharmaceutical Product Development, LLC (PPD)

  • Sharing data with third parties and selling and monetizing data
  • Privacy/security concerns associated with personal information
  • FCRA Act – certain types of data collection relating to credit reports and credit reporting agencies
  • FTC’s increased regulatory scrutiny on using data to discriminate against certain class of people such as lower income, etc.

12:15
Conference Adjourns
Lunch for Workshop Speakers and Attendees