2015 Cyber Security Bills and Impact on Data Breaches Explored
Live Webcast Date:
Wednesday, August 12, 2015 from 12:00 pm to 2:00 pm (ET)
Cyber Security Bills and Impact CLE/CPE
Join us for this Knowledge Group Cyber Security Bills and Impact CLE/CPE Webinar. In this two hour Webcast, The Knowledge Group has assembled a panel of notable leaders and professionals to provide the audience with an overview of newly enacted cyber security laws. The speakers will discuss the benefits and implications of the new acts and offer best practices to help in Understanding the 2015 Cyber Security Bills. This CLE course will also provide the audience with useful tips and effective measures to ensure the proper management and protection of corporate data. Guidelines on cyber risk assessment and planning essential in preparing a company from possible cyberattack and financial loss will also be discussed.
Key topics include:
- National Cyber Security Protection Act
- Federal Information Security Modernization Act
- Cyber Security Enhancement Act
- Cybersecurity Workforce Recruitment and Retention Act
- Cyber Security Workforce Assessment Act
- Private-Sector Information Sharing Process
- Codifying Cyber Security Framework
- Reform of Federal Information Systems
- Federal Government's Cybersecurity Workforce
- Compliance Issues
- Cyber Risk Assessment
- Identifying Most Valuable Corporate Assets to Protect
- Identifying Threats
- Quantifying Risks of Cyber Attack
- Strategies for Cyber Risk Mitigation
- Prevention
- Resolution
- Restitution
- Transferring Risks through Cyber Insurance
Agenda
SEGMENT 1:Stuart T. O’Neal, Trial Attorney and Litigator
Burns and White
- INTRODUCTION
- Stuart O’Neal
- Burns White
- WHY DATA BREACH AND CYBER LIABILITY
- State reasons this is a hot topic
- OUTLINE OF PRESENTATION
- Current Business Trends involving Personal Identifiable Information (PII)
- What is PII?
- How Can Data Security be Breached?
- The Danger of PII Being Compromised
- Data Breach Lawsuits
- Plaintiffs’ Attorney’s Strategy/Causes of Action
- Successful Theories of Defense
- Current State of Case Law/Precedent
- What can we Learn from the Current Case Law/Precedent
- What can we Anticipate moving Forward
- Resources
- Questions and Answers
- CURRENT BUSINESS TRENDS INVOLVING PERSONAL IDENTIFIABLE INFORMATION (PII)
- WHAT IS PII?
- HOW CAN DATA SECURITY BE BREACHED?
- Hackers
- Internally
- Accidentally
- THE DANGER OF PII BEING COMPROMISED
- Bad Press/Future Impact on Business
- Costs of Correction
- Costs of Litigation
- Potentially Large Settlement/Judgment Values
- DATA BREACH IN THE NEWS
- Home Depot – 56 Million Credit Card Numbers
- Staples – 1.16 Million Customer Payment Cards
- Target – 40 Million Credit Card Numbers
- South Carolina Dept. of Revenue
- TRICARE Management Activity – Largest HIPAA breach in history
- PLAINTIFFS’ ATTORNEY STRATEGY/CAUSES OF ACTION
- Individual Lawsuits or Class Actions
- Breach of Express/Implied Contract
- Breach of Fiduciary Duty
- Unjust Enrichment
- Negligence
- State Statutory Claims
- Federal Statutory Claims
- SUCCESFUL THEORIES OF DEFENSE
- Lack of Injury in Fact
- Challenge to the Class Certification
- CURRENT STATE OF CASE LAW/PRECEDENT
- Injury in Fact – no Article III standing
- Clapper v. Amnesty International, 133 S. Ct. 1138 (2013)
- Harris v. comScore, Inc., 825 F.Supp.2d 924 (N.D. Ill. 2011)
- In Re: Google Inc. Cookie Placement Consumer Privacy Litigation, 988 F.Supp.2d 434 (USDC Del. 2013)
- In re Barnes & Noble Pin Pad Litigation, No. 12-cv-8617 (N.D. Ill. 2013)
- Injury in Fact Found!!
- Krottner v. Starbucks, No. 09-35823 (9th Cir. 2010) – Article III standing for “future harm”, but not for Washington State Law
- Resnick v. AvMed, Inc., 693 F.3d 1317 (11th Cir. 2012) – Reversal of trial court finding no standing. Subsequently, this prompted a $3 million dollar settlement.
- Class Certification
- Comcast Corporation, et al. v. Behrend, 133 S.Ct. 1426 (2013) – individualized damages issue precludes certification of class
- In re Hannaford Bros. Co. Customer Data Breach Security Breach Litigation, 293 F.R.D. 21 (USDC Maine 2013) – actual effect and mitigating steps taken by class members differed too much to be certified as class.
- Injury in Fact – no Article III standing
- WHAT CAN WE LEARN FROM CURRENT CASE LAW/PRECEDENT?
- Defense attorneys have two strong arguments, arising early in litigation, to defeat data breach lawsuits.
- Challenges to Injury in Fact and Class Action could significantly devalue such cases, thus leading to a desirable result for your client.
- HOWEVER…..
- WHAT CAN WE ANTICIPATE MOVING FORWARD?
- Plaintiffs’ Attorneys
- Altered strategies to counter attack the negative precedent
- Legislature
- New statutes and Initiatives are out there that could strengthen and broaden the ability to bring litigation for Data Breach.
- California Voters voting on “presumption of harm” in privacy breach cases.
- Data Security and Data Breach Notification Act in front of the Senate
- New statutes and Initiatives are out there that could strengthen and broaden the ability to bring litigation for Data Breach.
- Closely monitor your Jurisdiction to be aware of new developments.
- Plaintiffs’ Attorneys
- RESOURCES
- The Information Law Group
- Data Breach Today
- The Knowledge Group
- Professional Liability Defense Federation
- Burns White, LLC
- Our own Cyber Security Group will continue to stay on top of the trends and developments and post periodic articles on the subject.
- QUESTIONS AND ANSWERS
Caroline McCaffery, General Counsel, Chief Privacy Officer
Clarifai, Inc.
- How a Data Breach currently affects a company
- Training
- Breach preparedness
- Response
- Costs
- Damages - reputational
- Positive and Negative of 1 Federal Breach Notification Law
- If the legislation is one federal breach notification law, that is a good thing for companies who work in technology
- However, not all companies are the same and some requirements may stifle certain sectors due to cost of compliance
- Positives and Negatives of State by State Breach Notification Laws
- If the legislation continues to be state by state, it continues to burden the company with cost in both preparation and response.
- There is familiarity and expertise with this approach already
- Practical advise on how to keep track of new laws in this area and breach preparedness
Who Should Attend
- Cyber Security Lawyers
- Federal Lawyers
- Homeland Security Lawyers
- Legal Counsel
- Privacy and Data Security Lawyers and Consultants
- Compliance, Risk and IT Officers
- Data Security Professionals
- IT Heads
- Risk Analysts & Controllers
- Risk Officers and Administrators
- Third Party Administrators
- Other Related/Interested Professionals
Cyber Security Bills and Impact CLE/CPE
SEGMENT 1:Stuart T. O’Neal, Trial Attorney and Litigator
Burns and White
- INTRODUCTION
- Stuart O’Neal
- Burns White
- WHY DATA BREACH AND CYBER LIABILITY
- State reasons this is a hot topic
- OUTLINE OF PRESENTATION
- Current Business Trends involving Personal Identifiable Information (PII)
- What is PII?
- How Can Data Security be Breached?
- The Danger of PII Being Compromised
- Data Breach Lawsuits
- Plaintiffs’ Attorney’s Strategy/Causes of Action
- Successful Theories of Defense
- Current State of Case Law/Precedent
- What can we Learn from the Current Case Law/Precedent
- What can we Anticipate moving Forward
- Resources
- Questions and Answers
- CURRENT BUSINESS TRENDS INVOLVING PERSONAL IDENTIFIABLE INFORMATION (PII)
- WHAT IS PII?
- HOW CAN DATA SECURITY BE BREACHED?
- Hackers
- Internally
- Accidentally
- THE DANGER OF PII BEING COMPROMISED
- Bad Press/Future Impact on Business
- Costs of Correction
- Costs of Litigation
- Potentially Large Settlement/Judgment Values
- DATA BREACH IN THE NEWS
- Home Depot – 56 Million Credit Card Numbers
- Staples – 1.16 Million Customer Payment Cards
- Target – 40 Million Credit Card Numbers
- South Carolina Dept. of Revenue
- TRICARE Management Activity – Largest HIPAA breach in history
- PLAINTIFFS’ ATTORNEY STRATEGY/CAUSES OF ACTION
- Individual Lawsuits or Class Actions
- Breach of Express/Implied Contract
- Breach of Fiduciary Duty
- Unjust Enrichment
- Negligence
- State Statutory Claims
- Federal Statutory Claims
- SUCCESFUL THEORIES OF DEFENSE
- Lack of Injury in Fact
- Challenge to the Class Certification
- CURRENT STATE OF CASE LAW/PRECEDENT
- Injury in Fact – no Article III standing
- Clapper v. Amnesty International, 133 S. Ct. 1138 (2013)
- Harris v. comScore, Inc., 825 F.Supp.2d 924 (N.D. Ill. 2011)
- In Re: Google Inc. Cookie Placement Consumer Privacy Litigation, 988 F.Supp.2d 434 (USDC Del. 2013)
- In re Barnes & Noble Pin Pad Litigation, No. 12-cv-8617 (N.D. Ill. 2013)
- Injury in Fact Found!!
- Krottner v. Starbucks, No. 09-35823 (9th Cir. 2010) – Article III standing for “future harm”, but not for Washington State Law
- Resnick v. AvMed, Inc., 693 F.3d 1317 (11th Cir. 2012) – Reversal of trial court finding no standing. Subsequently, this prompted a $3 million dollar settlement.
- Class Certification
- Comcast Corporation, et al. v. Behrend, 133 S.Ct. 1426 (2013) – individualized damages issue precludes certification of class
- In re Hannaford Bros. Co. Customer Data Breach Security Breach Litigation, 293 F.R.D. 21 (USDC Maine 2013) – actual effect and mitigating steps taken by class members differed too much to be certified as class.
- Injury in Fact – no Article III standing
- WHAT CAN WE LEARN FROM CURRENT CASE LAW/PRECEDENT?
- Defense attorneys have two strong arguments, arising early in litigation, to defeat data breach lawsuits.
- Challenges to Injury in Fact and Class Action could significantly devalue such cases, thus leading to a desirable result for your client.
- HOWEVER…..
- WHAT CAN WE ANTICIPATE MOVING FORWARD?
- Plaintiffs’ Attorneys
- Altered strategies to counter attack the negative precedent
- Legislature
- New statutes and Initiatives are out there that could strengthen and broaden the ability to bring litigation for Data Breach.
- California Voters voting on “presumption of harm” in privacy breach cases.
- Data Security and Data Breach Notification Act in front of the Senate
- New statutes and Initiatives are out there that could strengthen and broaden the ability to bring litigation for Data Breach.
- Closely monitor your Jurisdiction to be aware of new developments.
- Plaintiffs’ Attorneys
- RESOURCES
- The Information Law Group
- Data Breach Today
- The Knowledge Group
- Professional Liability Defense Federation
- Burns White, LLC
- Our own Cyber Security Group will continue to stay on top of the trends and developments and post periodic articles on the subject.
- QUESTIONS AND ANSWERS
Caroline McCaffery, General Counsel, Chief Privacy Officer
Clarifai, Inc.
- How a Data Breach currently affects a company
- Training
- Breach preparedness
- Response
- Costs
- Damages - reputational
- Positive and Negative of 1 Federal Breach Notification Law
- If the legislation is one federal breach notification law, that is a good thing for companies who work in technology
- However, not all companies are the same and some requirements may stifle certain sectors due to cost of compliance
- Positives and Negatives of State by State Breach Notification Laws
- If the legislation continues to be state by state, it continues to burden the company with cost in both preparation and response.
- There is familiarity and expertise with this approach already
- Practical advise on how to keep track of new laws in this area and breach preparedness
Cyber Security Bills and Impact CLE/CPE
Stuart T. O’NealTrial Attorney and LitigatorBurns and White
Stuart T. O’Neal is a trial attorney and litigator at Burns White, where he maintains an active practice throughout Pennsylvania. Mr. O’Neal is Co-Chair of the firm’s Cybersecurity and Professional Liability groups and was named its first Chief Privacy Officer in 2014.
Mr. O’Neal's trial practice revolves around commercial, contractual and employment disputes, as well as matters related to medical malpractice on an individual and corporate level. Mr. O’Neal has been retained by clients to handle internal investigations involving the misappropriation of funds, embezzlement and internal audits. Mr. O'Neal has also been retained by large institutions to defend class actions in data breach and privacy actions.
Mr. O'Neal obtained his J.D. from Villanova University. He is a Board Member and past President of the Professional Liability Defense Federation, as well as Chair of its Data Breach/Privacy Committee.
Caroline McCafferyGeneral Counsel, Chief Privacy OfficerClarifai, Inc.
Caroline has 15 years of experience in counseling and providing legal services to technology start-up companies, both as in-house and outside counsel. Caroline has spent a majority of her time as in-house counsel focused on developing privacy and security infrastructure. Caroline received her JD from New York University School of Law, is admitted to both the CA and NY bars and is a Certified Information Privacy Professional (CIPP/US).
Cyber Security Bills and Impact CLE/CPE
Course Level:
Intermediate
Advance Preparation:
Print and review course materials
Method Of Presentation:
On-demand Webcast
Prerequisite:
NONE
Course Code:
144719
NASBA Field of Study:
Specialized Knowledge and Applications
NY Category of CLE Credit:
Skills
Total Credits:
2.0 CLE
No Access
You are not logged in. Please Login or register to the event to gain access to the materials and login instructions.
About the Knowledge Group
The Knowledge Group has been a leading global provider of Continuing Education (CLE, CPE) for over 13 Years. We produce over 450 LIVE webcasts annually and have a catalog of over 4,000 on-demand courses.
Speaker Firms
Click firm logo/firm name to learn more
Faculty
Click show bio to learn more
Stuart T. O’Neal
Trial Attorney and Litigator
Burns and White
Trial Attorney and Litigator
Burns and White
Caroline McCaffery
General Counsel, Chief Privacy Officer
Clarifai, Inc.
General Counsel, Chief Privacy Officer
Clarifai, Inc.
About the Knowledge Group
The Knowledge Group has been a leading global provider of Continuing Education (CLE, CPE) for over 13 Years. We produce over 450 LIVE webcasts annually and have a catalog of over 4,000 on-demand courses.
Founded in 1987, Burns White is a regional law firm with a national presence in several practice areas. With a full range of service offerings, the firm employs more than 100 attorneys across nine office locations in Pittsburgh, PA (headquarters); Philadelphia, PA; Harrisburg, PA; Wilkes-Barre, PA; Cherry Hill, NJ; Princeton, NJ; Wheeling, WV; Wilmington, DE; and Cleveland, OH. Our lawyers are supported by a staff of more than 50 professionals, including paralegals, information technology specialists, and administrators. Together, they form teams organized around 18 practice groups serving specific industry areas, including cybersecurity, commercial litigation, business practices and employment law to provide unsurpassed service and efficiency.
Website: https://www.burnswhite.com/
Clarifai develops powerful machine learning algorithms to augment intelligence in a new generation of applications. Starting in 2013 with the world’s leading image recognition technology, Clarifai has quickly expanded to incorporate new data sources and support a variety of platforms to provide a deep understanding of image and video content at scale in many environments.
Website: https://www.clarifai.com/
Stuart T. O’Neal is a trial attorney and litigator at Burns White, where he maintains an active practice throughout Pennsylvania. Mr. O’Neal is Co-Chair of the firm’s Cybersecurity and Professional Liability groups and was named its first Chief Privacy Officer in 2014.
Mr. O’Neal's trial practice revolves around commercial, contractual and employment disputes, as well as matters related to medical malpractice on an individual and corporate level. Mr. O’Neal has been retained by clients to handle internal investigations involving the misappropriation of funds, embezzlement and internal audits. Mr. O'Neal has also been retained by large institutions to defend class actions in data breach and privacy actions.
Mr. O'Neal obtained his J.D. from Villanova University. He is a Board Member and past President of the Professional Liability Defense Federation, as well as Chair of its Data Breach/Privacy Committee.
Caroline has 15 years of experience in counseling and providing legal services to technology start-up companies, both as in-house and outside counsel. Caroline has spent a majority of her time as in-house counsel focused on developing privacy and security infrastructure. Caroline received her JD from New York University School of Law, is admitted to both the CA and NY bars and is a Certified Information Privacy Professional (CIPP/US).
