Master cybersecurity tactics to safeguard client data and navigate digital risks. Elevate your practice by mastering crucial strategies for data protection.

The mantra for cybersecurity professionals is protecting confidentiality, integrity, and availability of data through the appropriate use of physical, administrative, and technical safeguards. In the U.S., cybersecurity laws have historically adopted that mantra to require the application of reasonable security measures.
The more recent trend is for regulations to be more prescriptive, but even under a framework requiring reasonable security measures, the requirements can vary based on industry and specific laws such as:
· The HIPAA Security Rule for protected health information for covered entities and business associates under HIPAA
· The FTC Safeguards Rule for financial institutions for non-public information under the Gramm-Leach-Bliley Act (GLBA)
· The Colorado Privacy Act for protecting consumer privacy rights
· The California Consumer Protection Act (CCPA), New York Shield Act, and many other state laws
· The UK and EU General Data Protection Regulation (GDPR) for UK and EEA residents
· Rules of Professional Ethics and Responsibility, exemplified by the ABA Model Rules of Professional Conduct
The common thread remains the same: maintaining reasonable security measures that are standard for your industry. And there is a baseline expectation that spans across all industries, such as designating a qualified individual (or group) to be responsible for security, and the encryption of sensitive data at rest and in transit.
Jack and Demian will discuss the reasonable security measures that are common across all of these laws and regulations and steps that companies can take to meet these measures. Whether you have an established information security program or are just getting started, you will benefit from the back-and-forth discussion between Jack and Demian on these topics.

Live and Recorded CLE & CPE Webcasts in the Legal, Tax, Finance, Risk, Compliance and Human Resources Industries
Founded in November 2006, The Knowledge Group has established itself as a premier eLearning hub for Continuing Legal Education (CLE), Continuing Professional Education (CPE), and technology-focused webcasts. We equip lawyers, accountants, and industry professionals with expert-driven insights, timely regulatory updates, and practical strategies to help them stay ahead in an ever-evolving landscape.

Shareholder at Brownstein Hyatt Farber Schreck, LLP
Jack Hobaugh combines his global software, database and network engineering experience with his legal practice to focus on artificial intelligence governance and law, cybersecurity law and privacy law. A certified iapp artificial intelligence governance professional (AIGP) and information privacy professional (FIP/CIPT/CIPP/US/E) plus ISC2 Certified Information System Security Professional (CISSP), Jack uses his extensive inhouse experience as a data protection officer, incident response counsel, and global privacy program compliance counsel to provide legal and cybersecurity guidance to his clients. His work includes GDPR, EU AI ACT, HIPAA, GLBA, FERPA, COPPA, PIPEDA, FTC, and state compliance including data protection agreements, business associate agreements and data protection impact assessments. Jack specializes in guiding start-up companies through AI, privacy, and security compliance maze. A guest lecturer and author of four books on cybersecurity law, Jack sought out counsel for startups, and mergers and acquisitions. Prior to his legal career, Jack was a software engineer with a focus on international IT consulting and telecom (Europe / Middle East / North West Africa / Brazil), writing his first artificial intelligence program in 1989. In addition to litigating and prosecuting patents, Jack also served as a patent examiner for the United States Patent and Trademark Office

Partner at Wilson Sonsini Goodrich & Rosati
Demian Ahn is a member of the firm’s data, privacy, and cybersecurity practice based in Washington, D.C. He leads the firm’s incident response practice and advises companies confronting data, privacy, and cybersecurity risks—risks from threat actors, regulatory risks from federal and state agencies, and other legal risks related to cybersecurity and technology-driven products and services, including software-as-a-service, AI and machine learning, cloud computing, digital health, fintech, e-commerce, online platforms, social media, and cybersecurity services.