Schedule and Panel Topics
Thursday, April 7
Welcome and Overview
Cyber and Privacy Risks: Surveying the Landscape
Cybersecurity attacks are increasing in frequency and sophistication. Data breaches and privacy concerns create significant reputational, legal and economic risks to organizations of all sizes. This panel will survey these risks, and the steps organizations should take to identify and evaluate their own risks as well as opportunities available for managing them.
Kevin Bocek, Vice President, Security Strategy & Threat Intelligence, Venafi, Inc.
Aaron Verdell Call, Director, Information Security, MN.IT Services
Joe Compton, Principal, Skoda Minotti
Corey M. Dennis, Associate Counsel & Privacy Officer at Pharmaceutical Product Development, LLC
Kevin Goodman, Partner, Managing Director, BlueBridge Networks
Leon Wilson, Chief Information Officer, Cleveland Foundation (moderator)
Data Breach Class Action Litigation Developments
Every organization collects and stores increasingly large amounts of information, including sensitive personally identifiable information (PII) of employees, clients, customers, and patients. Exposure of this information, whether inadvertently or as a result of criminal activity increasingly results in class action litigation. These breaches and actions have drawn significant media attention, but many of the core legal issues are largely unsettled. This session will review recent legal developments and open issues in data breach class actions, including the incidents that result in litigation, the laws implicated and remedies sought, class certification and settlement considerations and future trends.
Christopher Dore, Partner, Edelson, PC
Joseph P. Guglielmo, Partner, Scott & Scott
Paul Karlsgodt, Partner, BakerHostetler
Douglas Meal, Partner, Ropes & Gray
Brian Ray, Professor of Law, Cleveland-Marshall College of Law (moderator)
11:15 AM - 12:30 PM
Cyber-risk insurance is one of the fastest-growing segments of the insurance industry. This session will discuss the options available to cover cyber risk, what you should look for when purchasing coverage, what happens when a claim is filed, and whether and how insurance could drive the development of standards for security and privacy practices.
Brian J. Branner, Executive Vice President, RiskAnalytics, LLC
Candice Hoke, Professor, Cleveland-Marshall College of Law (moderator)
Charles J. Pruzinsky, Underwriter Specialty Lines, Beazley Group
Bridget Sakach, Network Security and Privacy Specialist – Midwest Region, AIG
Brian Warszona, Cyber/E&O Placement Specialist, Assistant Vice President, Willis Towers Watson
Current Regulatory Issues and Opening Keynote Travis LeBlanc
Data security and privacy is the subject of an overlapping web of laws and regulations at the state, federal and international level. As a result, any data breach brings with it an increasing array of complex requirements and risks ranging from notification of the potential victims to potential regulatory penalties. This session will discuss the roles of the major federal and state regulatory agencies, current trends in enforcement, what steps to take when a breach is discovered and how to prepare for a potential investigation.
Travis LeBlanc, Chief of the Bureau of Enforcement, Federal Communications Commission (keynote and panel)
Tim Opsitnick, Founder and General Counsel, JurInnov (moderator)
Kevin Rosen, Senior Regional Counsel, Financial Industry Regulatory Authority
Kevin Moriarty, Senior Attorney, Division of Privacy and identity Protection, Federal Trade Commission
Melissa Szozda Smith, Assistant Attorney General, State of Ohio
The Role of Law Enforcement Agencies
Data breaches frequently are the result of criminal activity, and cyber crime has emerged as one of federal law enforcement’s top priorities. Recent federal legislation and policy emphasizes the need for information sharing between law enforcement and the private sector to counter the increasing range and sophistication of criminal attacks. This session will examine the role key federal law enforcement agencies play in combating cyber crime; what happens during a cyber crime investigation and the benefits and challenges of effective information sharing, including recent legal and policy developments.
Bryan McDowell, Chief Information Security Officer, University Hospitals (moderator)
Brian O’Neil, Assistant to the Special Agent in Charge, United States Secret Service, Cleveland Ohio
Matthew W. Shepherd, Chief, National Security and Cyber Unit, United States Attorney, Northern District of Ohio
Jeffrey Tricoli, Assistant Special Agent in Charge, Federal Bureau of Investigation, Cleveland, Ohio
Networking Cocktail Reception
Friday, April 8
Information Sharing and the NEO Cyber Consortium Model
Sharing information on emerging cyber risks in as close to real-time as possible can enable more effective and timely responses and minimize the risk of a breach. But information sharing also raises significant practical, legal and organizational challenges. The Northeast Ohio Cybersecurity Consortium (NEOCC) was established in 2015 to develop a model for sharing timely and actionable information on cyber risks and strategies and tactics to combat cyber attacks across industries in the region. This session will open with an overview of NEOCC formation and the work it is doing to develop innovative information sharing approaches in the region. A panel of information sharing experts will then discuss the benefits, challenges, recent developments and best practices in this area.
Carole Rendon, Acting U.S. Attorney, Northern District of Ohio
Candice Hoke, Professor, Cleveland-Marshall College of Law (moderator)
Amy Mushahwar, Counsel and Chief Information Officer, ZwillGen, PLC
Michael Stovsky, Partner and Leader, Firmwide Innovations, Information Technology and Intellectual Property (3iP) Group; CIPP/United States
Incident Response Strategies and Tactics
Security breaches are nearly inevitable, but a thorough and effective incident response plan can prevent or significantly minimize the legal, business and reputational risks that result. This session will discuss developing, implementing and executing incident response policies and procedures before, during and after a security breach, including defensible incident response plans, who should be on the incident response team, third-party vendor management, breach notification requirements and the role of outside counsel and vendors in breach response.
Craig Hoffman, Partner, BakerHostetler
Serge Jorgensen, Vice President Technology and Chief Technology Officer, Sylint
Bryan McDowell, Chief Information Security Officer, University Hospitals
Alfred J. Saikali, Partner, Shook, Hardy & Bacon
Robert Wallace, Director, Security Consulting Services, Mandiant Consulting
10:45 AM-12:30 PM
Health Care Perspectives and Closing Keynote Deven McGraw
Health-care information, especially personally identifiable patient information, is both highly sensitive and significantly valuable. As a result, the health-care sector has been at the forefront of data security and privacy regulation as well as a common target of cyber attacks. This panel will examine best practices and current trends in compliance and enforcement, including what is security risk analysis and how do you develop defensible privacy and security policies, notifying business associates of their obligations and securing compliance and the security and privacy implications of emerging technologies including connected medical devices and tele-health.
Joseph Dickinson, Privacy and Information Security Officer, MetroHealth System
Keith Fricke, Principal Consultant, tw-Security (moderator)
Deborah Marko Koeberer, Manager, Privacy and Compliance University Hospitals System
Michael Gross, Lead Security Analyst, Cleveland Clinic