Thursday, May 20
11:50-12:00 Welcome and Introductions
- Harlan M. Sands, President, Cleveland State University
12:00-12:15 Cybersecurity and Privacy Law and Policy in Ohio
- Jon Husted, Ohio Lieutenant Governor and Director, Innovate Ohio
This talk will review exciting new cybersecurity and privacy legal and policy developments in Ohio, including legislative proposals from CyberOhio and workforce development initiatives.
Sponsored by CyberOhio
12:20-1:20 Cybersecurity in the Biden Administration
This panel will survey the cybersecurity priorities President Biden has announced and the challenges his administration will face in accomplishing them over the next four years.
- Frances Floriano Goins, Partner and Co-Group Leader, Cybersecurity & Privacy, Ulmer & Berne LLP
- Jamil Jaffer, SVP Strategy, Partnerships & Corporate Development, IronNet Security
- Brian Ray, Leon M. and Gloria Plevin Professor of Law, Cleveland-Marshall College of Law
1:30-2:30 “Fixing” Health Care Privacy
While the health care privacy field may appear stable, this is no longer true (if it ever was). HIPAA is being pushed
in a variety of new directions, “non-HIPAA” health data is being created outside of these protections in enormous volumes, and new law, regulation and enforcement is creating inconsistencies and new challenges. This session will
explore these new concerns and discuss potential options for a solution, in the context of the national privacy law
- Joseph Dickinson, Partner, Michael, Best & Friedrich LLP
- Kirk Nahra, Partner & Co-Chair Cybersecurity and Privacy Practice, WilmerHale
- Suchi Pahi, Acting Chief Privacy Officer, Rally Health, Inc.
2:40-3:40 Developments in Cyber Risk Insurance
This panel will discuss the rapidly evolving world of cyber risk insurance. The experienced panelists will discuss the options available to cover cyber risk; what you should look for when purchasing coverage, the role of insurance pre- and post-breach and whether and how insurance could drive the development of standards for security and privacy practices.
- Tim Opsitnick, Executive Vice President and General Counsel, TCDI
- Lacy Rex, Vice President, Cyber Strategic Leader, Oswald Companies
- Steven Roesing, President & CEO, ASMGi
- Timothy K. Smit, Global Privacy and Cyber Risk Consulting Leader, Lockton Companies
Sponsored by TCDI
3:50-4:00 Introducing the Ohio Privacy Protection Act
This session will introduce Ohio's first comprehensive consumer data privacy bill that was recently introduced in the Ohio Legislature. Kirk Herath, Chair of CyberOhio's Legislation group, which developed the initial version of the bill, will explain how Ohio is taking a distinctive approach to protecting consumer data privacy by creating incentives for organizations to adopt robust privacy programs following the NIST Privacy Framework.
4:00-5:00 Will the States Move the Feds on Privacy Legislation? And what does that mean for companies and consumers?
- Ariel Fox Johnson, Senior Counsel for Policy, Common Sense Media
- Lydia de la Torre, Commissioner, California Privacy Protection Agency and Privacy Certificate Director, UC Santa Clara Law School
- John Landolfi, Partner, Vorys, Sater, Seymour & Pease LLP
- James Trilling, Senior Attorney, FTC Division of Privacy and Identity Protection
- Hayley Tsukayama, Legislative Activist, Electronic Frontier Foundation
Friday, May 21
11:40-11:45 Welcome and Introductions
- Brian Ray, Leon M. & Gloria Plevin Professor of Law, Cleveland-Marshall College of Law
11:45-12:30 Keynote: Cybersecurity Maturity: From Oxymoron to Inevitable
- Tony Sager, Senior Vice President and Chief Evangelist for The Center for Internet Security
This talk will discuss some history of the key issues and trends for this type of maturation of cybersecurity, and its role under-the-hood of a decision-making, risk-managing machine, fueled by information and designed to deal with real-life business, legal and social questions.
12:40-1:40 Data Ethics & Automated Decision-Making
Organizations face difficult challenges when it comes to ethically informed data collection, sharing and use. There also is growing demand for incorporating ethical considerations into products and services involving big data, AI and machine learning and increasing recognition of the potential bias in them. This panel will discuss these challenges as well as emerging best practices for ethical data collection, processing and use and mitigating bias in the use of automated decision-making.
- Kirk Herath, Principal, Pillars Consulting Group
- Dennis Hirsch, Professor and Director, Data Governance and Protection Program, Moritz College of Law, The Ohio State University
- Brenda Leong, Sr. Counsel and Director, AI & Ethics at the Future of Privacy Forum
- Barb Lawler, Chief Operations Officer and Senior Strategist, Information Accountability Foundation
Sponsored by Lewis Brisbois Bisgaard & Smith, LLP
1:50-2:50 Wait...what do I need to implement? Tackling security and privacy governance and strategy tumultuous times.
Quickly evolving regulations, institutional leaders and strategies, and crises can push even the most robust privacy and security programs to their breaking point. In this session, security and privacy leaders share how they balance their institution’s strategies and values, regulations, and trust during tumultuous times. Most importantly, what do they need from legal counsel.
- Ashley Berry, Compliance Manager Lead, USAA
- Holly Drake, Chief Privacy Officer, The Ohio State University
- Helen Patton, Advisory CISO, CISCO
- Kathleen Ojala, Administrative Director, Compliance and Integrity, HIPAA Privacy Officer, The Ohio State University Wexner Medical Center
3:00-4:00 National Security and Law Enforcement Roundtable
This panel convenes an experienced group of federal government and industry experts to discuss recent developments in the field of cybersecurity and data privacy with a specific focus on national security and law enforcement interests. This panel will survey the latest issues in this fast-changing field of law with a focus on election security, industry support to law enforcement, cyber-crime investigations, foreign investment and trade reviews, intelligence and information-sharing, and screening/vetting programs.
- Kristin Bergman, Assistant General Counsel, U.S. Department of Homeland Security Office of the General Counsel, Intelligence Law Division
- Terence Check, Counsel, U.S. Department of Homeland Security
- Desiree Hanssen, Attorney-Advisor, U.S. Department of Homeland Security Office of the General Counsel, Operations and Enforcement Law Division
- Daniel J. Riedl, Chief, National Security and Cyber Unit, U.S. Attorney’s Office for the Northern District of Ohio
- Kemba Walden, Assistant General Counsel, Microsoft Digital Crimes Unit
4:10-5:10 Technical and Legal Implications of the Growth in Supply Chain Cyberattacks
2020 was the best year on record…for supply chain cyberattacks. While incidents involving SolarWinds and Microsoft dominated the headlines for their impact and technical sophistication, attacks that originate from third-parties are coming off a banner year. According to DevOps research by Sonatype, supply chain attacks are up 430% year over year, with particular impact on vendors and software components that are used by large organizations around the world.
In this panel, we’ll dive into why supply chain attacks are exploding in popularity and discuss practical techniques for staying resilient in the face of this increasingly challenging attack vector.