Welcome and Introductions

• Lee Fisher, Dean and Joseph C. Hostetler-BakerHostetler Chair in Law, CSU College of Law

Technology/Technologists at the FTC

• Alex Gaynor, Deputy Chief Technologist, Federal Trade Commission

Managing Regulatory Investigations

Cybersecurity and data privacy regulatory enforcement actions are on the rise, driven by the growing number of state laws and increased scrutiny from federal regulatory agencies, including the Federal Trade Commission, Securities and Exchange Commission, and Department of Justice. This panel will share critical insights on how to proactively approach a regulatory investigation, including best practices for responding to civil investigative demands, litigation challenges, and successfully negotiating resolutions with regulatory agencies.

• Donald Brewer, Associate Data Privacy and Cybersecurity, McDonald Hopkins LLC
• Alex Gaynor, Deputy Chief Technologist, Federal Trade Commission
• Douglas Meal, Adjunct Professor of Law, CSU College of Law, AAA Commercial Arbitrator
• Timothy R. Murphy, Senior Deputy Attorney General, Commonwealth of Pennsylvania
• Brian Ray, Associate Dean and Leon & Gloria Plevin Professor, CSU College of Law (lead)

Networking Break

Keynote: Fireside Chat with Tony Sager – A Life in Cyber

Tony Sager’s career spans 34 years at the National Security Agency (NSA), where he led two cyber defense organizations and released NSA security guidance to the public, expanding the NSA’s role in the development of open standards for security. He twice received the Presidential Rank Award at the Meritorious Level and the NSA Exceptional Civilian Service Award. Sager also led the work that would later become known as the CIS Critical Security Controls, an independent, volunteer-developed, cyber defense best practice program that is currently used throughout the industry. During his remarkable career, Sager has exemplified unwavering dedication to the cause of cybersecurity, including volunteering in numerous community service activities and nonprofit organizations.

• Tony Sager, Vice President and Chief Evangelist, Center for Internet Security
• Brian Ray, Associate Dean and Leon & Gloria Plevin Professor, CSU College of Law

State Privacy Law Updates

More than a dozen states have passed comprehensive consumer data privacy laws, with more joining nearly every month. At the same time, states with established privacy laws like California, continue to issue new regulations implementing those laws. Join this panel to learn what trends we’re seeing in these state laws and regulations and how organizations should navigate their requirements.

• Justin Clark, Counsel, UB Greensfelder LLP
• Ariel Fox Johnson, Principal, Digital Smarts Law & Policy LLC (lead)
• John Landolfi, Chair Data Security & Privacy, Vorys LLP
• Jordan Francis, Elise Burkower Memorial Fellow, Future of Privacy Forum

Lunch

Data Breach Reporting Obligations

The Securities and Exchange Commission’s new requirements for companies to disclose material cybersecurity incidents took effect in December 2023. The FBI, in coordination with the Department of Justice, has provided guidance on how victims can request disclosure delays for national security or public safety reasons. This panel will discuss how public companies should navigate this complex interplay and how these new rules fit within the increasingly complex patchwork of federal and state data breach reporting requirements.

• Chris Cronin, Partner, Halock Security Labs
• Timothy Opsitnick, Executive Vice President and General Counsel, TCDI (lead)
• Steven Stransky, Co-Chair, Privacy and Cybersecurity, Thompson Hine LLP
• Jess Walpole, Chief Technology Officer, Fortress SRM

The FTC’s Ongoing Revolution in Privacy and Security

The Federal Trade Commission (FTC) is making news almost every day in a growing range of privacy and security areas. This session will address the most critical areas of the FTC’s activity – where they are changing law, dictating new practices and seeking even more aggressive sanctions for regulatory violations. Learn where these activities are going and how best to plan for these investigations.

• Kirk Nahra, Co-Chair Artificial Intelligence, Co-Chair Cybersecurity and Privacy, WilmerHale LLP

Break

AI in Cybersecurity

Limited security resources coupled with today’s sophisticated threat landscape continue to increase pressure on organizations’ cybersecurity teams. This panel will discuss how artificial-intelligence-enabled tools can provide security teams with a more robust and automated response strategy to manage this increasingly complex threat landscape and the ways those same tools can help quantify that risk to comply with federal and state laws.

• Daniel Desantis, Director of CISO Advisory, CISCO Systems
• Kevin Goodman, Managing Director, Partner, BlueBridge Networks
• Tony Pietrocola, Co-Founder and President, AgileBlue
• Amanda Towler, Independent Researcher, SUDOGirl Consulting, Adjunct Professor CSU Law
• Spence Witten, Senior Advisor, 38 North Security (lead)

Networking Break

Sponsored by UB Greensfelder LLP

Implementing Effective Cybersecurity and Privacy Programs

The myriad range of compliance activities required by each new law, regulation and court decision can seem overwhelming. Legal and compliance professionals across industries share how organizations of all sizes can develop a comprehensive, robust and resilient privacy and cyber-risk program by prioritizing policies and actions that cross multiple regulatory regimes.

• Ashley Berry, Compliance Manager Lead, USAA
• Holly Drake, CISO, State of Ohio (lead)
• Maxwell Herath, Associate, Porter Wright LLP
• Mehmet Munur, Partner, Taft LLP
• Nick Walton, Information Security Consultant, RSM US LLP

Cyber Criminal Investigations

The past year has seen a concerning rise in ransomware and extortion attacks. Attackers like SCATTERED SPIDER and others are using new AI-enabled techniques, including advanced phishing and social engineering, as well as tactics like SIM-swapping and other multi-factor authentication bypass techniques. Attackers are also moving much faster and typically combine ransomware with theft of personal or sensitive commercial data.

• Terence Check, Senior Counsel, Cybersecurity & Infrastructure Security Agency (CISA) (lead)
• Jeffrey Biller, Professor, United States Air Force Academy, Adjunct Professor, CSU College of Law
• Jo-Lein Quarles, Supervisory Special Agent, Federal Bureau of Investigations
• Daniel Riedl, Assistant U.S. Attorney, Department of Justice

Cocktail Reception

Welcome and Introductions

Data Ethics

Organizations face difficult challenges when it comes to ethically informed data collection, sharing and use. There also is growing demand for incorporating ethical considerations into products and services involving big data, AI and machine learning and increasing recognition of the potential bias in them. This panel will discuss these challenges as well as emerging best practices for ethical data collection, processing and use and mitigating bias in the use of AI.

• Kirk Herath, Cybersecurity Strategic Advisor, State of Ohio, Adjunct Professor, CSU College of Law
• Brian Mannion, Chief Legal Officer, Aware
• Kirk Nahra, Co-chair Wilmer Hale Cybersecurity and Privacy and Big Data Practices

Incident Response: Coordinating Legal, Technical, and Communications

Threat actor tactics evolved significantly over the past year with more sophisticated groups using different techniques like exploiting software and API vulnerabilities to obtain access and adopting different tactics including more indiscriminate data exfiltration. This panel will explore the critical need for organizations to adapt their incident response plans to prepare for and respond to this evolving threat landscape.

• Robert Eckman, Enterprise Manager of Data Protection and Privacy, Parker Hannifin (lead)
• Gabrielle Hartstein, Associate, Dinsmore LLP
• Craig Horbus, Partner, Dinsmore LLP
• Matt Kipp, Director of IT Risk, Centric Consulting
• Ed Trissel, Partner, Joele Frank

Networking Break

Sponsored by Benesch LLP

AI Regulation and Assessment

From passage of the historic EU AI Act to the launch of the NIST AI Risk Framework, this past year has seen a virtual avalanche of AI-related, laws, regulations and best practices aimed at requiring organizations to understand and manage the risks posed by AI systems. This panel will discuss how these trends are shaping the use of AI in organizations, the risks these trends create, and the challenges organizations face in developing AI governance.

• Kristopher Chandler, Associate, IP and Technology Transactions, Benesch LLP
• Charles-Albert Helleputte, Head EU Data Privacy, Cybersecurity & Digital Assets, Squire Patton Boggs LLP
• Brenda Leong, Partner, Luminos Law
• Matthew Neely, Director of Information Security, Progressive Insurance
• Brian Ray, Associate Dean and Leon & Gloria Plevin Professor, CSU College of Law (lead)

Keynote: AI Risks Fireside Chat

Join this session for a conversation with Nicholas Fairfax, 14th Lord of Fairfax of Cameron to discuss the roles he has played in highlighting the risks posed by AI in both civilian and military contexts, as well as advocating for legislation and policies to address those risks.

• Lord Nicholas Fairfax of Cameron, UK House of Lords
• Brian Ray, Associate Dean and Leon & Gloria Plevin Professor, CSU College of Law

Closing Reception