Legally Compliant: Navigating Data Breach Laws

In today’s digital age, businesses of all sizes and industries increasingly rely on technology to communicate with clients and store user data or intellectual property. This dependence can also mean third-party vendors, from gardeners to cloud providers, can pose a security risk. Vendors often have less strict security practices than larger clients while having privileged access to sensitive data or systems. Attorneys advising boards and managing law firms should have a thorough understanding of this critical and developing area of risk and liability. As regulations continue to develop and enforcement measures stricter, businesses must ensure that they employ the proper security measures both internally and with third parties, as “function can be outsourced, but not risk.” This seminar will help equip attorneys to assess and manage third-party risk and contracts, as well as advise clients on the importance of thorough vendor risk monitoring to ensure that they are complying with the relevant security standards. Attorneys advising boards and managing law firms must have a thorough understanding of this area of risk and liability to effectively advise clients on how to mitigate these risks and prepare for an increasingly common phenomenon.
Part Two: Webinar Focus
In part two (2) of this webinar, our expert panelists begin by discussing the questions organizations should ask third-party vendors when informed of a data breach. Next, our speakers break down the steps to understanding and evaluating contracts during breaches, as well as reviewing breach notification clauses and author preventative contractual provisions. Finally, they provide some of the key elements to prevent vendor risks, sharing their expert opinions to highlight the value of incorporating cybersecurity practices into corporate governance and culture, as well as taking rigorous preventative measures.

Our Mission is to bridge the knowledge gap between law and technology professionals by educating attorneys on technology to attorneys and technology executives on its laws and regulations. Legal Cyber Academy provides a comprehensive tool and evolving knowledge base through exclusive insights from world class cybersecurity, privacy, web 3.0, forensic, and e-discovery legal and technical practitioners. Earn CLE, CPE, and CE credits. (Refunds are available if you do not receive credit) At Legal Cyber Academy We recognize that technology, the cybersecurity threats it faces, and relevant laws and regulation are rapidly evolving, presenting unique challenges and opportunities. Our platform is dedicated to empowering legal professionals with the skills and understanding necessary to navigate the complex landscape of technology in their field, enabling them to effectively advise clients, draft contracts, and navigate legal implications in a technology-driven world. Simultaneously, we strive to equip technology professionals with the legal knowledge they need to make informed decisions, ensure compliance with regulations, and limit liability. By fostering a deep understanding of legal frameworks, we hope to support technology professionals in creating innovative, compliant, and socially conscious technological advancements. Join us in our mission to reshape the way legal professionals and technology experts understand and interact with each other in a rapidly changing technical and legal landscape. Together, they will mitigate risk better, ensure compliance, and actively shape the future of technology and its accompanying laws.

LAW & FORENSICS LLC – FOUNDER; JAMS – NEUTRAL; HARVARD – ADJUNCT;
Danie Garrie, Esq., is the Co-Founder of Law & Forensics LLC, where he heads the Computer Forensics and digital discovery Cybersecurity teams. Daniel has been a dominant voice in the computer forensics and cybersecurity space for the past 20 years, as an attorney and technologist. He is an adjunct professor at Harvard for Computer Forensics, and prior to Law & Forensics, he successfully built and sold several technology start-up companies. Since co-founding Law & Forensics LLC in 2008, Daniel has built it into one of the leading boutique firms specializing in cybersecurity and forensic engineering. He is a mediator, arbitrator, and e-discovery special master for JAMS and is a partner and head of Cybersecurity practice at Zeichner, Ellman & Krause LLP. Daniel earned both a Bachelor’s and a Master’s degree in computer science from Brandeis University, as well as a J.D. from Rutgers Law School. Daniel has led cyber and forensic teams in some of the most visible and sensitive incidents in the United States. He and his team have worked globally for two of the top five banks and dozens of the largest private and public companies in the world. In addition, Daniel has been awarded several patents for advanced cybersecurity and forensic platforms he built with his team, including TableTop.AI, CustodyTrack.IO, and Forensic Scan. Daniel is also well-published in the cybersecurity space and has authored more than 200 articles and books. His work is cited by Black’s Law Dictionary 10th Ed. defining the terms 'software', 'internet', and 'algorithm'. Lastly, he has been recognized by several United States Supreme Court Justices for his legal scholarship and is a trusted source and thought leader for cybersecurity articles and opinions, cited over 500 times to date.

Orrick, Herrington & Sutcliffe LLP - Partner
Stacy is an experienced trial lawyer who practices complex business litigation for clients in the entertainment industries, with an emphasis on intellectual property, licensing, unfair competition, business torts, and breach of contract claims. She also represents financial institutions and property owners in real estate disputes. Stacy counsels high-profile artists, producers, and talent in accounting and profit participation, licensing, and other disputes involving the television and motion picture industries. She has also represented numerous other producers and artists, including a film production company, defeating a copyright and trademark infringement lawsuit filed by an individual claiming to have co-written a screenplay; well-known artists prosecuting a copyright infringement and right to publicity action for defendants' improper use of performance sound recordings; and a film financier regarding investments in several independent films. Her work for clients in the commercial real estate, banking, and financial services industries focuses on partnership disputes and representing secured creditors in judicial and non-judicial foreclosure actions and bankruptcy proceedings. She has represented numerous real estate developers and property owners, including Ronald A. Simms and the Simms/Mann Institute for Education and Community Development, in connection with various disputes. She has also represented financial institutions in bankruptcy proceedings, including adversary proceedings, regarding priority lien disputes and other business issues. While she is always prepared to try any case, Stacy firmly believes that the resolution of certain matters outside of court is sometimes in the best interests of her clients. As such, she is highly skilled in representing clients in alternative dispute resolution through mediations and arbitrations and was elected as an Alternative Dispute Resolution Neutral for the Los Angeles County Superior Court in 2006.

Partner | Spencer Fane LLP
Shawn Tuma helps businesses protect their information and protect themselves from their information. He represents a wide range of clients, from small to midsize companies to Fortune 100 companies, across the U.S. and globally in dealing with cybersecurity, data privacy, data breach and incident response, regulatory compliance, computer fraud related legal issues, and cyber-related litigation. Having practiced in this area of law since 1999, Shawn is widely recognized in cybersecurity and data privacy law. He is frequently sought out and hired by other lawyers and law firms to advise them when these issues arise in cases for their own clients. While this area of the law has evolved greatly in the decades while Shawn has been practicing, he continues to evolve with it as a practitioner representing his clients, academically as an author and instructor, and as an analyst for the national media. Shawn’s ideal role is to serve as a member of a company’s risk management team as outside cybersecurity counsel to help the company proactively prepare for and minimize its risks of doing business in today’s digital business world. Then, if a problem does arise, he is there to guide the company through resolving those issues as well.

Partner | Orrick, Herrington & Sutcliffe LLP
Joe is a trusted cybersecurity lawyer and strategic advisor, who regularly steers clients through data breaches as a partner in crisis management. He brings significant experience advising companies – from one of the largest telecommunications providers to leading entertainment companies to startups on the cutting-edge of AI and more – on the full cycle of an incident. He also advises clients regarding regulatory investigations, class actions, and contract disputes that frequently flow from privacy and cybersecurity incidents. His goal is to help clients respond quickly and with integrity to protect their brand, build trust and mitigate legal risk. He is highly adept at directing incident investigations, analyzing potential claims and defenses, examining potential notification obligations and advising on communications strategies that build trust and engagement. Joe is committed to using these experiences to finding creative and engaging strategies to help companies proactively prepare for an incident and mitigate cybersecurity legal risk. This includes helping to build and improve incident response programs through incident response plans, simulated incidents, threat workshops, and training. It also includes assisting clients to practically evaluate legal risk of security decisions in a variety of transactions and across the product lifecycle. He is driven by a desire to evolve what it means to be a cybersecurity lawyer in the face of rapidly evolving technologies and laws. As a leader, he strives to create spaces where people are valued and solve problems creatively and collaboratively. He also provides strategic advice to cybersecurity companies, including those looking to push technological and defense boundaries in cyber defense, incident response, and threat intelligence. This includes helping companies maximize their security offerings by navigating the Computer Fraud and Abuse Act (CFAA), the Electronic Communications Privacy Act (ECPA), and the Federal Wiretap Act, as well as state law analogs. Joe serves on the Orrick’s Finance and Audit Committee and Pro Bono Committee. A leader and advocate for diversity and inclusion initiatives, Joseph is the co-head of the Latinx affinity group at Orrick and served as a fellow for the Leadership Counsel on Legal Diversity. He is also a member of the Washington Latino Bar Association and the Hispanic National Bar Association.

Managing Director, Cybersecurity and Data Privacy, Strategy and Transactions | Ernst & Young
Brian leads a team of 30 cybersecurity and data privacy professionals, focused on the strategic application of security in the context of capital transactions, including mergers, acquisitions, divestitures, real estate transactions and restructurings. He joined EY from the US Department of Justice (DOJ), where he served as the National Coordinator for more than 300 federal prosecutors focused on investigating and prosecuting computer crime and intellectual property crime. He also served as a federal prosecutor and senior counsel with the DOJ’s Computer Crime and Intellectual Property Section. Prior to joining the DOJ, Brian served as an Assistant Attorney General for the Internet & Technology Bureau of the New York Attorney General’s Office, a civil litigator for international law firms, and a law clerk to federal district and appellate judges. He earned his BA, summa cum laude, from the University of Pennsylvania and his JD, magna cum laude, from New York University School of Law.