In a “when, not if” world of data breaches, organizations must position themselves for effective breach response. And a response to an actual breach requires synchronized coordination of multidisciplinary activities beyond the ambit of IT security: legal, forensic, law enforcement, regulatory, insurance, public relations, stakeholders, notifications and personnel management.
A broad overview of EU data protection regulation, impact on business, application to cloud computing, and related contractual provisions.
This is a panelist document list.
In-house counsel need look no further than the headlines for validation that it is not a matter of whether they will confront a cyber incident; instead, it is simply a matter of when. This program will explore the ways that digital risk affects all aspects of an in-house legal practice. From M&A to employment to litigation, managing cyber risks is no longer the exclusive domain of IT. This program will provide practical guidance on how all members of the in-house legal team can better prepare for and respond to cyber incidents to reduce their company’s financial, legal and reputational exposure.
Data flow is endless, branching out to vendors, affiliates and the personal mobile device of employees. Organizations must manage this data in a legally compliant manner — which is where in-house counsel come in. Corporate attorneys wear multiple hats: the investigator that understands the flow of data and potential threats to its controls; the analyzer that knows legal and contractual obligations; and the advisor that offers reasonable and practical advice.
As in-house counsel, you provide your outside counsel with some of your company's most highly sensitive information. Your company may have robust procedures for evaluating other third-party vendors with access to company data, but often with respect to law firms, the procurement process is left solely to in-house counsel. Do you know what your law firms are doing to protect that information from cyber attacks and other disclosures? Even if you consider your company to be at low risk for cyber incidents, can the same be said of your law firms? This discussion will explore the issue of law firm data security - how to address the issue when retaining a new firm or raise the issue with an existing firm. The panel will also discuss what policies and processes should be applied inside the legal department to meet in-house counsel's ethical obligations under Rule 1.6 of the Model Rules of Professional Conduct.
A stolen company laptop these days is much more than a nuisance, if customer information resided on the computer. The law in this area is fast-developing, with different schemes evolving in California, other states, and throughout Europe. Learn what advice to give your clients in the case of identity theft, what further actions they should take, and whether there is a difference between the practical business actions and the legally required actions when their databases are breached and customer information is stolen.
Planning for disaster can be a time-consuming process. However, the pros of protection undoubtedly outweigh the consequences of feeling unprepared.
Have you ever received a surprise invoice from a software supplier issuing an audit that you mistakenly agreed to? If you haven’t, you will. In an effort to combat this growing trend, in-house counsel should modernize their software management processes, and negotiate the terms of any audit clause to protect both the business and the budget.
This program will focus on effective information security and data privacy assessment programs for third-party vendors—including practical tips for effectively assessing information security practices and procedures of third-party vendors, such as law firms and other professional consultants — from the pros and cons of using industry-standard questionnaires to determining when onsite reviews are appropriate and how to handle subcontractors. We will also highlight key, and common, sticking points in negotiating data privacy and information security terms in vendor agreements and provide options and sample language for successfully resolving them, distinguishing as applicable between US negotiations and negotiations where either the customer or the vendor has substantial operations in Europe or Asia.