May 20‑21
Register Here

Online Conference Agenda

Thursday, May 20

11:30-11:45 Registration

11:45-12:00 Welcome and Introductions

  • Lee Fisher, BakerHostetler Chair and Dean, Cleveland-Marshall College of Law
  • Harlan M. Sands, President, Cleveland State University

12:00-12:15 Cybersecurity and Privacy Law and Policy in Ohio

  • Jon Husted, Ohio Lieutenant Governor and Director, Innovate Ohio

This talk will review exciting new cybersecurity and privacy legal and policy developments in Ohio, including legislative proposals from CyberOhio and workforce development initiatives.

12:15-12:20 Break

Sponsored by CyberOhio

12:20-1:20 Cybersecurity in the Biden Administration

This panel will survey the cybersecurity priorities President Biden has announced and the challenges his administration will face in accomplishing them over the next four years.

1:20-1:30 Break

Sponsored by Ulmer & Berne LLP

1:30-2:30 “Fixing” Health Care Privacy

While the health care privacy field may appear stable, this is no longer true (if it ever was). HIPAA is being pushed
in a variety of new directions, “non-HIPAA” health data is being created outside of these protections in enormous volumes, and new law, regulation and enforcement is creating inconsistencies and new challenges. This session will
explore these new concerns and discuss potential options for a solution, in the context of the national privacy law
debate.

2:30-2:40 Break

2:40-3:40 Developments in Cyber Risk Insurance

This panel will discuss the rapidly evolving world of cyber risk insurance. The experienced panelists will discuss the options available to cover cyber risk; what you should look for when purchasing coverage, the role of insurance pre- and post-breach and whether and how insurance could drive the development of standards for security and privacy practices.

3:40-3:50 Break

Sponsored by TCDI

3:50-4:00 Introducing the Ohio Privacy Protection Act

This session will introduce Ohio's first comprehensive consumer data privacy bill that was recently introduced in the Ohio Legislature. Kirk Herath, Chair of CyberOhio's Legislation group, which developed the initial version of the bill, will explain how Ohio is taking a distinctive approach to protecting consumer data privacy by creating incentives for organizations to adopt robust privacy programs following the NIST Privacy Framework.

4:00-5:00 Will the States Move the Feds on Privacy Legislation? And what does that mean for companies and consumers?

This panel will explore recent trends in state and federal privacy policy. As states introduce new privacy bills--and even new privacy regulators--will Congress finally feel compelled to act? The panel will also consider what the variety of new laws mean for consumers and for companies.

 

Friday, May 21

11:30-11:40 Registration

11:40-11:45 Welcome and Introductions

  • Brian Ray, Leon M. & Gloria Plevin Professor of Law, Cleveland-Marshall College of Law

11:45-12:30 Keynote: Cybersecurity Maturity: From Oxymoron to Inevitable

  • Tony Sager, Senior Vice President and Chief Evangelist for The Center for Internet Security

This talk will discuss some history of the key issues and trends for this type of maturation of cybersecurity, and its role under-the-hood of a decision-making, risk-managing machine, fueled by information and designed to deal with real-life business, legal and social questions. 

12:30-12:40 Break

Sponsored by the Internet of Things Collaborative/CSU TECH Hub

12:40-1:40 Data Ethics & Automated Decision-Making*

Organizations face difficult challenges when it comes to ethically informed data collection, sharing and use. There also is growing demand for incorporating ethical considerations into products and services involving big data, AI and machine learning and increasing recognition of the potential bias in them. This panel will discuss these challenges as well as emerging best practices for ethical data collection, processing and use and mitigating bias in the use of automated decision-making. 1 Ethics credit 

  • Kirk Herath, Principal, Pillars Consulting Group
  • Dennis Hirsch, Professor and Director, Data Governance and Protection Program, Moritz College of Law, The Ohio State University 
  • Brenda Leong, Sr. Counsel and Director, AI & Ethics at the Future of Privacy Forum
  • Barb Lawler, Chief Operations Officer and Senior Strategist, Information Accountability Foundation

1:40-1:50 Break

Sponsored by Lewis Brisbois Bisgaard & Smith, LLP

1:50-2:50 Wait...what do I need to implement? Tackling security and privacy governance and strategy tumultuous times.

Quickly evolving regulations, institutional leaders and strategies, and crises can push even the most robust privacy and security programs to their breaking point. In this session, security and privacy leaders share how they balance their institution’s strategies and values, regulations, and trust during tumultuous times. Most importantly, what do they need from legal counsel.

2:50-3:00 Break

3:00-4:00 National Security and Law Enforcement Roundtable

This panel convenes an experienced group of federal government and industry experts to discuss recent developments in the field of cybersecurity and data privacy with a specific focus on national security and law enforcement interests. This panel will survey the latest issues in this fast-changing field of law with a focus on election security, industry support to law enforcement, cyber-crime investigations, foreign investment and trade reviews, intelligence and information-sharing, and screening/vetting programs.

  • Kristin Bergman, Assistant General Counsel, U.S. Department of Homeland Security Office of the General Counsel, Intelligence Law Division
  • Terence Check, Counsel, U.S. Department of Homeland Security
  • Desiree Hanssen, Attorney-Advisor, U.S. Department of Homeland Security Office of the General Counsel, Operations and Enforcement Law Division
  • Daniel J. Riedl, Chief, National Security and Cyber Unit, U.S. Attorney’s Office for the Northern District of Ohio

4:10-5:10 Technical and Legal Implications of the Growth in Supply Chain Cyberattacks

2020 was the best year on record…for supply chain cyberattacks. While incidents involving SolarWinds and Microsoft dominated the headlines for their impact and technical sophistication, attacks that originate from third-parties are coming off a banner year. According to DevOps research by Sonatype, supply chain attacks are up 430% year over year, with particular impact on vendors and software components that are used by large organizations around the world.

In this panel, we’ll dive into why supply chain attacks are exploding in popularity and discuss practical techniques for staying resilient in the face of this increasingly challenging attack vector.


*1 Ethics credit is for attendees of the Data Ethics & Automated Decision-Making panel 5/21 12:40-1:40.

 

  • Share