8:55 Welcome and Introductions
9:00 Updates to Federal Agency Breach Notification Standards
Elizabeth H. Johnson, Wyrick Robbins Yates & Ponton LLP, Raleigh
This session covers the multiple federal agencies with new, revised or pending breach notification standards, including various federal banking regulators, the Securities and Exchange Commission, the Department of Homeland Security, and the Federal Trade Commission. The session also includes a discussion of when and how these new breach notification standards apply to businesses, what triggers the breach notification requirement, and relevant timing requirements.
10:02 Lessons Learned From Law Firm Data Breaches*‡
Steven W. "Will" Quick, Brooks Pierce McLendon Humphrey & Leonard LLP, Raleigh
Uta M. Zacharias, Lawyers Mutual Liability Insurance Company of NC, Cary
Law firms collect and maintain a plethora of personal and confidential information about their clients. Time and again we read about law firms falling prey to spearfishing, ransomware, BEC and other similar scams. These and other cyberthreats are a particular concern to attorneys because of their confidentiality obligations and expectation of technical competence. This session explores lawyers' duties following a data breach and provides some useful tips to keep from ending up in the worst-case scenario.
Steven T. Snyder, Charlotte
Cryptocurrencies have become large, sometimes volatile markets that nonetheless have generated a degree of institutional support in the financial industry. This session examines the privacy and data security implications of cryptocurrencies and the technologies that underlie them for both users and financial institutions and some of the problems that lawyers need to grapple with as a result.
12:16 Lunch Break
12:46 Cybersecurity Framework for Lawyers‡
Robert M. Botkin, Parker Poe Adams & Bernstein LLP, Raleigh
Seth Cutler, Raleigh
Sarah F. Hutchins, Parker Poe Adams & Bernstein LLP, Charlotte
This session provides an overview of various cybersecurity principles that data privacy and technology lawyers should know. The speakers review various security standards, with an emphasis on the NIST standards, as well as a brief overview of ISO 27001 and how a SOC II audit works, and provide practical perspectives on how these cybersecurity frameworks might influence privacy-related contracts or litigation matters.
1:48 Development of Corporate Data Protection Program
Katrina Church, Bioventus LLC, Durham
Angela P. Doughty, Ward and Smith PA, New Bern
Richard Peters, Berkeley Research Group (BRG), Houston, TX
Amy R. Worley, Berkeley Research Group (BRG), Raleigh
An effective and successful data protection program cannot be built with just a knowledge of the relevant laws and how to comply with them; it also requires proactive strategies, persuasion, adaptability and an understanding of how an organization operates. This panel discusses practical approaches to developing and implementing an effective corporate data protection program.
3:00 What? Employees Have Privacy Rights Too?
Matthew A. Cordell, VF Corporation, Greensboro
Karin M. McGinnis, Moore & Van Allen PLLC, Charlotte
Sarah H. Negus, Moore & Van Allen PLLC, Charlotte
A lot of attention has been paid to the privacy rights of consumers and the obligations of businesses with respect to their customers, but businesses also have significant obligations with respect to the privacy of their own employees. The panelists discuss two of the thornier privacy issues facing U.S. employers — biometrics and compliance with the California Privacy Rights Act — and provide practical guidance for employers and the lawyers who advise them.
* Indicates portion providing Ethics/Professional Responsibility credit
‡ Indicates portion providing Technology Training credit
Click here to view Forms and CLE Policies, Terms and Conditions.
If paying by check,
click here for a printable registration form. Please reference the live webcast program code 200RWC.