Cybersecurity incidents continue to be an ever-growing threat - breaches involving the theft of sensitive customer and business information, service disruptions caused by ransomware or DoS attacks, insider threats, and supply chain attacks are just some of the concerns companies face – and financial institutions are especially at risk due to the significant value of their informational resources. The role of lawyers in managing the risks associated with cybersecurity both before and after an incident is growing. This seminar, taught by Michael LaMarca of Hunton Andrews Kurth, will provide an update on how to manage these issues and minimize the legal risk associated with a cyber incident in the financial services industry.
Examine the current cybersecurity threat environment in the financial services industry
Assess the current cybersecurity and data breach legal landscape
Apply best practices for data breach response
Prepare your clients for the inevitable by taking proactive steps to minimize risks
Mike advises multinational clients on compliance with all federal, state and international privacy and data security laws, and managing privacy and cybersecurity risks and policy issues. He also regularly assists companies with developing and implementing their information security programs and addressing related governance issues. Mike has managed several large-scale cybersecurity incidents, including advising on data breach response and notification obligations. He also regularly assist clients with negotiating and drafting privacy and data security terms in commercial contracts and M&A transactions. Mike is a certified information privacy professional (CIPP/US) by the International Association of Privacy Professionals (IAPP).
In addition, Mike maintains an active pro bono practice. He has represented pro bono clients in criminal appeals and special education matters and has advised a variety of issues, including trademark, copyright and cybersquatting disputes; privacy and cybersecurity obligations; and US national security policies and regulations.
Advising numerous clients on compliance with the California Consumer Privacy Act of 2018 (CCPA), including conducting due diligence, preparing gap analyses, developing remediation plans, and undertaking compliance projects.
Advising financial services clients on compliance and managing risk associated with the privacy, data security and incident response requirements under the Gramm-Leach Bliley Act and its implementing regulations and guidance.
Represents a large financial services and communications company on global privacy and data security matters, including providing privacy compliance advice, advising on the New York State Department of Financial Services cybersecurity regulations, assisting with building a GDPR compliance program, and assisting with a large data security incident.
Assists a global retail and technology company with a recent cybersecurity incident affecting approximately 150 million user accounts, handling response efforts including notification, follow-up investigations by regulators and data protection authorities, and resulting litigation.
Advises multinational financial services companies on privacy and cybersecurity due diligence issues.
Advises a large manufacturing company on myriad privacy and cybersecurity issues, including certification to the EU-US Privacy Shield.
Advises technology companies, retailers, consumer goods companies and financial institutions on data breach and cybersecurity incident response, including preparation of required notifications pursuant to state breach notification laws, call center training and development of media strategies.
Provides advice on cybersecurity risks, including proactive breach readiness activities such as developing data breach toolkits, reviewing incident response plans and preparing tabletop exercises.
Drafts comprehensive data security policies, standards and procedures in connection with corporate information security programs.
Advises clients on their international data transfer strategies, including certification to the EU-US Privacy Shield.