Defining “Reasonable Security” Standards: Understanding Current Cybersecurity Threats, Data Transfers Rules, and AI Compliance with Data Privacy Laws

John D. Flory III | Harbor Networks & HarborShield Cybersecurity

John D. Flory III is a recognized Cybersecurity expert with over 25 years in the security field. His hands on experience dealing with real time cybersecurity attacks and remediation offers a valuable resource to organizations’ cyber preparation. John’s leading-edge approach has allowed him to combat cybercrime. His dedication to this cause has led to numerous successful operations, including assisting in the apprehension and extradition of cybercriminals and criminal gangs involved in a wide range of illegal activities, including identity theft, cyber fraud, and ransomware attacks. John’s ability to work collaboratively with law enforcement agencies around the globe has been instrumental in bringing these criminals to justice and ensuring that they are held accountable for their actions. Collaborative efforts have not only resulted in the arrest of these criminals but also in the payment of restitution, which has helped to provide some relief to the victims of these illegal activities.

John has been highlighted in multiple publications as a knowledge leader and cybersecurity expert, including Cybersecurity Magazine, Cyber Protection Magazine, and many other industry leading outlets. Featured as a keynote, John has spoken at numerous conferences including, The Symantec Global Conference, NY Bankers Conference, The Department of Homeland Security Forum, NY State Bar Association, The Emergency Preparedness Conference, and many other diverse venues.

John is a proven business leader with an unprecedented history of building effective and overachieving teams. John is a former Partner at TAG Solutions as well as the Co-Founder of Cyberstone Security. He currently serves as the Chief Information Security Officer at Harbor Networks and is the creator of HarborShield Cybersecurity.

Maeve Malik | Hunton Andrews Kurth LLP

Maeve’s practice focuses on privacy and cybersecurity law. Maeve regularly advises clients across various industry sectors on developing or enhancing existing global privacy compliance and records management programs to help manage privacy risks. She also has extensive experience advising clients on cybersecurity incident response, including for several large-scale, high-profile cybersecurity incidents. In addition, Maeve regularly assists clients with proactive cyber incident readiness activities, such as tabletop exercises and incident response procedures.

Maeve is a co-chair of the firm’s veteran’s pro bono program and serves on the pro bono committee of Hunton Andrews Kurth’s New York office. Her active pro bono practice includes providing legal services to veterans, focusing on recovering disability benefits for physical and mental conditions incurred in military service. In addition, Maeve has represented undocumented children in immigration court matters, and has volunteered with the New York City Bar Justice Center’s Legal Clinic for the Homeless, advocating for clients facing denials and reductions of public benefits.

Dhara Shah | InfoLawGroup LLP

Dhara joined InfoLawGroup in 2022 from Sheppard Mullin LLP’s data privacy team. Dhara focuses her practice on data privacy and emerging technology law, with an emphasis on comprehensive data privacy laws and AI, including state-specific laws and international laws including the EU AI Act and the GDPR. Dhara’s proficiency with a wide range of programming languages allows her to engage with clients’ in-house legal and operational teams to identify and handle the legal aspects of highly technical issues – while simultaneously meeting business objectives and protecting consumer privacy interests. She is the lead of the International Association of Privacy Professionals (“IAPP”) AI Governance Affinity Group, a working group member of the EU AI Act Code of Practice, and is a certified Artificial Intelligence Governance Professional (AIGP). She also publishes a daily column, AI Governance, which you can find here: https://www.linkedin.com/newsletters/7293773682009640960/.

Julia B. Jacobson | Squire Patton Boggs

Julia B. Jacobson is a partner in the Data Privacy, Cybersecurity & Digital Assets Practice. Julia offers practical and tactical counsel on privacy and cybersecurity compliance strategies, data breach response, technology transactions and marketing initiatives for national and multinational organizations.

A significant portion of Julia’s practice is devoted to advising clients on an array of privacy, cybersecurity, data breach and data governance matters. She assists clients with the design and development of privacy-sensitive policies for the collection and use of personal data. Julia regularly advises businesses on the privacy and cybersecurity aspects of environmental, social and governance (ESG) programs, ethical data use, machine learning and artificial intelligence, vendor contracting and management and business sales, combinations and acquisitions. She has helped her clients design, develop and implement compliance programs to meet the challenges of the evolving privacy and cybersecurity law landscape, including the California Consumer Privacy Act and other US state privacy and cybersecurity laws, the EU’s General Data Protection Regulation, the UK Data Protection Act 2018, cross-border personal data transfers and New York Department of Financial Services Cybersecurity Regulations, as well as to align with industry standards, including the National Institute of Standards and Technology (NIST) cybersecurity and privacy frameworks, and ESG standards and frameworks. Julia also serves as the data breach coach for several national and international clients.

Julia helps clients maximize the value of their strategic relationships by drafting and negotiating a wide range of commercial contracts, particularly technology-centric agreements and the deployment of machine learning and artificial intelligence. For both product and service providers and users, she structures and negotiates contracts and develops customized template agreements and tools for vendor screening and assessments.

Julia’s practice spans a wide array of issues associated with consumer marketing and promotional campaigns. She is skilled at establishing effective compliance programs and regularly counsels clients on the risks surrounding mobile marketing and text messaging, email marketing and telemarketing, social media, and sweepstakes and contests. Her work also includes helping clients navigate the digital advertising ecosystem and deploy emerging technologies. Increasingly, her practice focuses on supporting clients in designing data practices that consider stakeholder expectations and data ethics. On behalf of brands, agencies and marketing technology providers, she routinely structures and negotiates co-branding, sponsorships, and commercial co-venture and other agreements associated with the marketing and promotion of products and services.

Session I – Managing Risks in Today’s Cybersecurity Landscape | 12:00pm – 1:00pm

• Examine the current cybersecurity threat environment
• Trends in the cybersecurity landscape
• Learn best practices for data breaches
• Notification obligations and regulatory reporting timelines
• Prepare for the inevitable by taking proactive steps to minimize risks

Break | 1:00pm – 1:10pm

Session II – Cybersecurity Expert: What Reasonable Security Looks Like and Why Breaches Still Happen | 1:10pm – 2:10pm

• Defining “reasonable security” standards
• Common causes of data breaches despite security programs
• Cyber risk assessment in transactions and vendor management

Break | 2:10pm – 2:20pm

Session III – The Sensitive Bulk Data Transfer Rules | 2:20pm – 3:20pm

• Determining when data and a data transaction are in scope for the DOJ Rule
• Evaluating covered data transactions as prohibited or restricted
• Assessing vendors and vendor contracts for covered data transactions
• Assessing and uplifting current compliance policies and procedures to meet the October 6th deadline

Break | 3:20pm – 3:30pm

Session IV – Legal Compliance and Enforcement Trends at the Intersection of AI & Data Privacy | 3:30pm – 4:30pm

• Intersection of data privacy and AI governance
• Enforcement hotspots
• Key compliance steps