ADCG on Privacy & Cybersecurity (Association for Data and Cyber Governance)

Scott Giordano is an attorney with more than 20 years of legal, technology, and risk management consulting experience. He serves as Spirion's subject matter expert on multinational data protection and its intersection with technology, export compliance, internal investigations, information governance, and risk management.  During his career, Scott has held senior positions at several legal technology firms, established global privacy programs, and is listed as co-inventor on Intelligent Searching of Electronically Stored Information. 

*****

Contact us:

Jerry Buckley | jbuckley@buckleyfirm.com

Jody Westby | westby@globalcyberrisk.com

ADCG | info@adcg.org

In this episode, Jody Westby interviews Gerry Stegmaier, a partner in ReedSmith’s Tech & Data Group. Gerry focuses on digital issues, corporate governance, incident response, privacy, and cybersecurity matters, plus other areas. We discuss the new SEC Cybersecurity Risk Management Rule for public companies, how it differs from the proposed rule, key requirements and compliance deadlines, and the practical impact on cyber incident disclosures, identifying and disclosing material cyber risks, and how boards and C-suites will approach cyber governance.

*****

Contact us:

Jerry Buckley | jbuckley@buckleyfirm.com

Jody Westby | westby@globalcyberrisk.com

ADCG | info@adcg.org

*****

Contact us:

Jerry Buckley | jbuckley@buckleyfirm.com

Jody Westby | westby@globalcyberrisk.com

ADCG | info@adcg.org

This week’s podcast guest is Chris Jay Hoofnagle, professor of law in residence at the University of California, Berkeley and affiliated faculty with the Simons Institute for the Theory of Computing. We discuss Chris and Simson Garfinkel’s new book, Law and Policy for the Quantum Age, what quantum technologies are, the consequential implications of quantum technologies, actions within the White House and Congress supporting quantum R&D, and geopolitical issues in the race to develop quantum technologies.

*****

Contact us:

Jerry Buckley | jbuckley@buckleyfirm.com

Jody Westby | westby@globalcyberrisk.com

ADCG | info@adcg.org

In this episode, Jerry and Jody are joined by Michael Copps, former Commissioner and Acting Chairman of the FCC, who now serves as Special Advisor on Media and Democracy Reform at Common Cause. Copps has called on the new Biden administration to establish a Presidential Commission on the Future of the Internet. He contrasts the regulation of the broadcast industry in the public interest with the relatively hands-off treatment of internet commerce and cites privacy, disinformation, and antitrust concerns, as well as the impact of social media giants on local news outlets, as reasons why a comprehensive policy review is in order. At the same time, Copps says that the new Congress need not wait for the Commission report to start to deal with issues that can be addressed.

Kate Flocken and Ty Griffin provide an up-close look at the current state of play for legislation that would create a national privacy/data protection regime. Kate is a senior policy adviser at Allon Advocacy LLC where she works with fintech and financial services companies to help them navigate complex policy issues, and worked for Senator Rob Portman of Ohio (a founder and co-chair of the bipartisan Senate AI caucus).  Ty Griffin co-founded Prism Money, a consumer-focused bill payment tool, in 2012 and is now a managing partner at Financial Venture Studio, which invests in fintech startups.

Kate and Ty bring us a real time, close-up look at the legislative landscape from two points of view: Kate's close following of Senate and House legislative proposals and Ty's understanding of how these proposals will impact the fintech and other companies who are seeking to bring technology-based solutions to the marketplace. The legislative landscape on Capitol Hill is fluid and the results of the election will have a big impact on what way Congress decides to go. Further, there are multiple claimants to writing the rules with several congressional committees seeking a role. Even the core principles that will inform any national legislation are still up for debate. This episode provides a snapshot of where we are now and looks ahead at the issues that will need to be resolved if national privacy legislation is to become a reality.

Mark Rasch is an Adjunct Professor of Law at George Washington University Law School and had a career at the Department of Justice where he led their efforts to combat cybercrime and high technology crime, which led to the establishment of the Computer Crime and Intellectual Property Section within the Criminal Division of DOJ. He has also served as a chief privacy officer in the private sector.

*****

Contact us:

Jerry Buckley | jbuckley@buckleyfirm.com

Jody Westby | westby@globalcyberrisk.com

ADCG | info@adcg.org

*****

Contact us:

Jerry Buckley | jbuckley@buckleyfirm.com

Jody Westby | westby@globalcyberrisk.com

ADCG | info@adcg.org

This week, we examine the evolution of the European Union’s General Data Protection Regulation (GDPR). As we consider the issues surrounding potential adoption of national privacy legislation in the U.S., we will explore what knowledge might be derived from the evolution of data protection legislation in the EU – why it happened and how. Starting with the 1980 with Guidelines Governing the Protection of Privacy and Trans-Border Data Flows, the EU gradually moved to a Union-wide law, which proved necessary to avoid the confusion created by varying member nation privacy policies.

 Our guest, John Bowman, now a Senior Principal at Promontory, served as the U.K. government’s lead negotiator as GDPR was being drafted. In this episode, we explore with John the rationale that led to adoption of the GDPR as well as what has worked and what hasn't. Of particular relevance to the American experience is how the nation states that make up the EU arrived at a common framework, but also the role each member country plays when it comes to interpretation and enforcement of the GDPR.

Welcome Back! In our podcast episode today, we will discuss the new SEC proposed cybersecurity rules for registered advisers and funds, potential issues with the proposed rules and anticipated benefits. Our guest will be Frank Jones from Ariel Investments. Frank Jones is Vice President, Infrastructure and Information Security Officer for Ariel Investments. He leverages his experience in establishing cybersecurity programs and meeting financial industry compliance requirements in discussing the proposed SEC cybersecurity rules.

*****

Contact us:
Jerry Buckley | jbuckley@buckleyfirm.com
Jody Westby | westby@globalcyberrisk.com
ADCG | info@adcg.org

This week, Jerry and Jody are joined by Jill Reber, General Manager – Data Privacy at Logic20/20, who discusses the strategies companies are adopting as they seek to operationalize data protection in a rapidly changing environment. Reber notes how compliance challenges have ramped up as multiple jurisdictions, domestically and internationally, are putting in place varying requirements and outlines the merits of having national privacy legislation. She also talks about the efforts companies are undertaking to help each other in navigating the privacy and cyber-risk terrain.

The Federal Reserve Bank of San Francisco has published a report titled The Role of Individuals in the Data Ecosystem. The report is a comprehensive catalog of issues related to data rights and data protection for individuals. Notably, it concludes that "most of this regulation is limited to specific sectors or geographies and creates a complexity that is precarious for individuals and burdensome for businesses and government oversight. There is clear value in creating a foundation of data protection that extends across all entities and individuals in the U.S. and borrows from the possible lessons that current laws have taught us."

In this episode, Jody Westby and Jerry Buckley interview the report’s author, Kaitlin Asrow. The report offers a potential national legal framework for data governance, but also suggests the need for a significant rethinking of the ways in which we approach the legal structure for individual data protection. The report and our discussion with Kaitlin are a must hear for anyone seriously interested in understanding the way forward in privacy and data protection policy.

This week our guest is Heather West, Silicon Valley rock star and Senior Director of Cybersecurity Services at Venable LLP. We explore artificial intelligence (AI) and chatbots, such as ChatGPT, and discuss what these technologies can do, who will be early adopters and beneficiaries of AI, whether articles or answers generated by AI can be trusted, and look at some of the privacy and security risks associated with AI. Heather is policy and tech translator, product consultant, and long-term Internet strategies working at the intersection of emerging technologies, culture, governments, and policy. Prior to joining Venable, Heather had stints at Meta and Mozilla.

This week, we're joined by Steven Francesco, Chairman and CEO of Cohere Cyber Secure, a managed service provider (MSP), managed security service provider (MSSP), and consultant to the small and mid-sized business market. We explore the IT and cybersecurity needs of mid-sized businesses, what motivates them, and how they manage privacy and cybersecurity compliance requirements. We also explore whether mid-sized companies leverage vendors better than big business.

*****

Contact us:

Jerry Buckley | jbuckley@buckleyfirm.com

Jody Westby | westby@globalcyberrisk.com

ADCG | info@adcg.org

In this episode, Mark Graham, Director of the Wayback Machine of the Internet Archive discusses his work backing up the Internet, TV, radio, chats, etc. around the globe, and the role it plays in preserving not only data, but cultures of countries. Mark describes the value of having content preserved and accessible from a source where governments can’t take it down and discusses the Internet Archive’s project in backing up and scanning data important to Urkaine’s culture, which is getting destroyed in the Russia-Ukraine conflict. Archive.org and the Wayback Machine are live and freely accessible to research, journalism, academia, businesses, and ordinary people. Additional Resources: • https://archive.org/web/ • https://www.theguardian.com/books/2022/dec/04/our-mission-is-crucial-meet-the-warrior-librarians-of-ukraine • https://www.washingtonpost.com/politics/2022/09/29/russia-nord-stream-tucker-carlson-fox-news/ • http://blog.archive.org/2019/10/29/weaving-books-into-the-web-starting-with-wikipedia/ • https://www.youtube.com/watch?v=BWfqV_adW54&t=19842s

*****

Contact us:

Jerry Buckley | jbuckley@buckleyfirm.com

Jody Westby | westby@globalcyberrisk.com

ADCG | info@adcg.org

This week, Jerry and Jody are joined by leading consumer advocate, India McKinney, to hear her views on the prospects for national privacy legislation and explore the increasingly important voice that consumers and their advocates have in shaping the debate about the content of legislation at both the state and federal levels. Among the issues discussed are whether a federal law should preempt state privacy enactments and the role that India believes private rights of action must play in the enforcement privacy laws as a supplement to the resources that state and federal authorities are able to assign. On the question of whether a national privacy law should cover industries like financial services and health, which already have long-standing privacy regimes, India expresses reservations, citing the difficulty of implementing new legislation that disrupts long standing, industry specific privacy regulation. India McKinney is Director of Federal Affairs for the Electronic Frontier Foundation based in San Francisco. Prior to joining EFF, India spent 10 years in Washington as a staffer for three members of Congress from California. Her passion has always been good public policy and she is excited to be using her skills in advocating for privacy rights for consumers. ***** Contact us: Jerry Buckley | jbuckley@buckleyfirm.com Jody Westby | westby@globalcyberrisk.com ADCG | info@adcg.org

Contact us:

Jerry Buckley | jbuckley@buckleyfirm.com

Jody Westby | westby@globalcyberrisk.com

ADCG | info@adcg.org

*****

Contact us:

Jerry Buckley | jbuckley@buckleyfirm.com

Jody Westby | westby@globalcyberrisk.com

ADCG | info@adcg.org

Contact us:

Jerry Buckley | jbuckley@buckleyfirm.com

Jody Westby | westby@globalcyberrisk.com

ADCG | info@adcg.org

Jamie Danker had a distinguished privacy career in government both at GAO and DHS before moving to the private sector. In this episode, she makes connections between privacy laws and rules of conduct that bind the federal government and expectations for private companies. The federal government has had a privacy law since 1974 and the E-Government Act has required privacy impact assessments since its enactment in 2002.  Federal government agencies are bound by statute to treat information obtained from or related to private citizens with care and not to accumulate information that is not needed to perform a governmental function. 

This week our guest is Susan Israel, principal of Susan Israel Law, and one of the most respected privacy professionals in the field. Susan has a pre-law background in broadcast news and publishing and has become one of the foremost experts on privacy compliance in the field of advertising technology. We discuss key aspects of AdTech compliance, such as cookies, location data, and IP addresses, the issues associated with them, and trends in legal frameworks and regulatory approaches. Susan also delves into industry groups playing a large role in AdTech and US and EU government perspectives.

Contact us:

Jerry Buckley | jbuckley@buckleyfirm.com

Jody Westby | westby@globalcyberrisk.com

ADCG | info@adcg.org

Contact us:

Jerry Buckley | jbuckley@buckleyfirm.com

Jody Westby | westby@globalcyberrisk.com

ADCG | info@adcg.org

This week the ADCG Privacy & Cybersecurity Podcast is pleased to have Shoshana Rosenberg, CEO and Founder of SafePorter and one of the most respected names in the field of privacy and a thought leader at the intersection of privacy and Diversity, Equity & Inclusion ("DEI"). We discuss her groundbreaking work analyzing how principles governing privacy and DEI can influence the development and use of AI technologies, including how privacy and bias concerns shape the conversation around AI, how the evolving landscape of AI is challenging our traditional understanding of privacy and inclusion, and how advancements in AI both challenge and embrace our ability to uphold DEI principles…and more!

Jim Dempsey is the Executive Director, Berkeley Center for Law and Technology and formerly held leadership roles at the Center for Democracy and Technology. Jim Dempsey provided one of the inaugural podcasts of the ADCG series and discussed the lengthy and unsuccessful attempts to enact a federal privacy law. In light of the EU GDPR, California’s passage of the CCPA, and the EU Court of Justice invalidating the US Privacy Shield, he ponders whether the U.S. needs a federal privacy law and what that might look like. The discussion covers likely stumbling blocks to a federal privacy law, such as preemption of state law and a private right of action, similar to that provided in the CCPA. As a professor of cybersecurity issues at UC Berkeley, Jim also explores the potential cybersecurity aspects of privacy legislation and the role cybersecurity requirements have played in breach notification laws.

Contact us:

Jerry Buckley | jbuckley@buckleyfirm.com

Jody Westby | westby@globalcyberrisk.com

ADCG | info@adcg.org

In this episode we interview David Navetta, vice chair of Cooley LLP's cyber/data/privacy practice and a prominent leader in privacy, information security and technology law. We discuss the differences between cybersecurity governance and privacy governance, what are the critical activities in privacy governance, what actions are the hardest for organizations to implement, and how privacy governance will evolve in the future. David is a frontrunner in privacy and security and shares his decades of experience and insights into what lies ahead in these fields.

At Flourish, Kabir Kumar leads global policy and makes investments in U.S. and emerging markets seeking to incubate enterprises that will improve people's economic outlook. He is an advisor to the Omidyar Foundation and to the Indian Software Product Industry Roundtable Foundation (iSprit). At Flourish, Kabir has led an initiative that developed proposed privacy legislation that has been presented to the U.S. Senate Banking Committee for consideration.

*****

Contact us:

Jerry Buckley | jbuckley@buckleyfirm.com

Jody Westby | westby@globalcyberrisk.com

ADCG | info@adcg.org

 

Contact us:

Jerry Buckley | jbuckley@buckleyfirm.com

Jody Westby | westby@globalcyberrisk.com

ADCG | info@adcg.org

This week, we're joined by Anthony Matyjaszewski, Vice President and Chief Compliance Officer of the Network Advertising Initiative. We explore the world of digital advertising, the impact of ad tech, how state privacy laws are impacting the use of digital data for advertising, and how the industry is adapting to advertising changes from companies like Apple and Google. And more….

This week our guest is Keith Cheresko, Principal of Privacy Associates International LLC and former general counsel of the Ponemon Institute, a privacy research organization, to discuss the increasing tangle of contractual compliance obligations in privacy laws. From mandated contractual obligations to standard contract clauses for forward transfers, companies are finding it increasingly difficult to manage — and meet — contractual obligations associated with privacy laws and regulations.

This week we are joined by Ron Raether, co-lead of the Privacy + Cyber team at Troutman Pepper, and explore aspects of the recent criminal conviction of Uber’s former CISO and fallout from Twitter’s former CISO turning whistleblower. The “culture of fear” that has developed in CISO offices nationwide has dramatically increased risk for companies that have such a culture. Ron Raether discusses how organizations can better support their CISOs and how the general counsel and outside counsel can help influence change in organizations for better governance and cyber risk management. We also explore how CISOs can gain more C-suite visibility and board access.

This week, we are joined by three cybercrime experts, John Bandler, Scott Giordano, and John Bates, to discuss how the FBI is obtaining court orders to enter companies' computers and seize harmful malware — and take other actions — in a new approach to countering cybercrime. The FBI’s Cyber Division coordinated with the UK and private companies to disrupt a two-tiered global botnet of infected devices controlled by a cybercriminal aligned with the Russian Intelligence Unit GRU. This episode’s guests are: John Bandler, Founder, Bandler Law Firm PLLC John G. Bates, Manager, Ernst & Young LLP, Cybersecurity Scott M. Giordano, V.P., Corporate Privacy, and General Counsel

In January 2020, the National Institute of Standards and Technology (NIST) released a voluntary Privacy Framework, a repository of resource materials and a roadmap to support continued collaboration between NIST and stakeholders from across government, academia, and industry on privacy risk management. The Privacy Framework raises important privacy principles and approaches that should be taken into consideration when discussing possible national privacy legislation. This episode features two NIST advisors who helped lead the development of the Privacy Framework: Naomi Lefkovitz, Senior Privacy Policy Advisor, and Dylan Gilbert, Privacy Policy Advisor.  

Contact us:

Jerry Buckley | jbuckley@buckleyfirm.com

Jody Westby | westby@globalcyberrisk.com

ADCG | info@adcg.org

Contact us:

Jerry Buckley | jbuckley@buckleyfirm.com

Jody Westby | westby@globalcyberrisk.com

ADCG | info@adcg.org

The European Union’s General Data Protection Regulation (GDPR) has led the way in establishing cross-border data protection standards. As the U.S. explores the possibility of enacting a national law that establishes privacy and data protection standards, it is worthwhile to consider what GDPR has accomplished in terms of uniform compliance requirements. 

Joined by Crowell & Moring's Maarten Stassen, we look beneath the surface to see what is working and explore how individual EU country oversight and enforcement regimes may still present challenges for companies operating in Europe seeking to do business on a continent-wide or world-wide scale.

This episode features Andrew Grosso, a former Assistant U.S. Attorney and tech lawyer whose practice focuses on whistleblower complaints. We take a look at the legal framework for whistleblowers and protections afforded them and then delve into the Twitter whistleblower case in which their former CISO handed over evidence to the DOJ, FTC, and SEC detailing gaps in Twitter’s cybersecurity practices. We discuss whether we are on the edge of a new trend...tech whistleblowers who will expose privacy and cybersecurity gaps within the companies they work for.

This episode features Peter Halprin, a partner in the New York City office of Pasich LLP in New York, representing commercial policyholders in complex insurance coverage matters, including cyber. We discuss the price increases in coverage and the scrutiny given claims under property and casualty, cyber, and corporate general liability policies, the risks in the application process, new technology risks associated with biometrics and AI, cyberwar exclusions, and possible changes to policy language to help manage claim risks to carriers.

Chet Hosmer is a cybersecurity professor at University of Arizona and one of the country’s leading experts in forensics and the development of biometric and encryption technologies.

*****

Contact us:

Jerry Buckley | jbuckley@buckleyfirm.com

Jody Westby | westby@globalcyberrisk.com

ADCG | info@adcg.org

This week, we're joined by Jamey Cummings, a partner at JM Search and a member of the Firm’s Cybersecurity and IT Executives Practice. Jamey will discuss the hunt for cybersecurity personnel, and give us his inside view of the cybersecurity job market, what companies need, and how new laws and regulations and global events are impacting the cybersecurity search market. JM Search is the premier retained executive search firm for private equity firms, venture capital firms, portfolio companies, and the Fortune 1000.

Contact us:

Jerry Buckley | jbuckley@buckleyfirm.com

Jody Westby | westby@globalcyberrisk.com

ADCG | info@adcg.org

This week’s podcast episode features Steve Britt, Counsel at Parker Poe and privacy expert to discuss the five state privacy laws that went into effect in 2023 and the TEN that have been enacted in 2023, how they vary, what they have in common, and this new “trend” to protect consumer health data (not HIPAA data). Steve also discusses the new requirement for Data Protection Assessments, expanded protections for children’s data, and regulatory risk factors and triggers. He ends with key takeaways and has provided a slide deck for listeners to download and follow along as they listen to the podcast (see adcg.org/podcast for supplemental materials on this episode).

*****

Contact us:

Jerry Buckley | jbuckley@buckleyfirm.com

Jody Westby | westby@globalcyberrisk.com

ADCG | info@adcg.org

The EU has launched a series of data regulation initiatives designed to make Europe the "Data Continent" while the U.S. has yet to adopt national data governance rules and lacks an authoritative voice in the international data policy discussions. Jody and Jerry discuss their thoughts on where's the U.S. is going and what's next.

*****

Contact us:

Jerry Buckley | jbuckley@buckleyfirm.com

Jody Westby | westby@globalcyberrisk.com

ADCG | info@adcg.org

Contact us:

Jerry Buckley | jbuckley@buckleyfirm.com

Jody Westby | westby@globalcyberrisk.com

ADCG | info@adcg.org

In this episode of the ADCG Privacy & Cybersecurity Podcast, host Jody Westby is joined by former Magistrate Judge Ronald J. Hedges, a legal thought leader in the areas of electronic discovery and artificial intelligence and the law. Jody and Ron discuss how AI is driving legislative and regulatory action, including action within the judiciary and ethics rules and guidance from bar associations. In addition to discussing issues with admissibility and discovery of evidence, Ron discusses how the work of three bar associations regarding the use of AI in the legal profession could be a model for professionals in other industry sectors. Ron is a member of the New York and New Jersey state bar associations’ AI Task Forces, and is Chair of the Court Technology Committee of the ABA Judicial Division. He is principal at Ronald J. Hedges LLC.

This week we are honored to have Rob Shavell, CEO and Co-Founder of DeleteMe, join us to discuss the threat of publicly available PII to individuals and companies, the types of threats they are encountering, the need for companies to protect executives and employees, and how individuals and organizations can address these issues, using both technological and legal/policy approaches. Rob is a privacy expert who has been quoted in The Wall Street Journal, New York Times, The Telegraph, NPR, ABC, NBC, and Fox. Rob is a vocal proponent of privacy legislation reform, including the California Privacy Rights Act (CPRA).

Contact us:

Jerry Buckley | jbuckley@buckleyfirm.com

Jody Westby | westby@globalcyberrisk.com

ADCG | info@adcg.org

This episode features Berit Anderson, COO of Future in Review and Strategic News Service, and Evan Anderson, CEO of INVNT/IP. Both Berit and Evan are geopolitical analysts, tech thought leaders, and media executives. We discuss the issue of whether TikTok will be banned in the U.S. and examine the data that could be collected, how it can be a rich source for open intelligence, and how it could be used for election interference. Strategic News Service coined the term CRINK — China, Russia, Iran, and North Korea, and Berit and Evan discuss the geopolitical aspects of TikTok (including CRINK) and how it could be a threat to national security and cybersecurity.

*****

Contact us:

Jerry Buckley | jbuckley@buckleyfirm.com

Jody Westby | westby@globalcyberrisk.com

ADCG | info@adcg.org

This episode features Donata Stroink-Skillrud, Co-Founder and President of Termageddon, a software service that specializes in the identification of privacy laws applicable to an organization and the development of privacy policies, terms of service, and end user license agreements for that organization. Donata is an attorney who also represents the American Bar Association’s Section of Science and Technology Law on the ABA President’s Cybersecurity Legal Task Force (CLTF). In this episode, we discuss the CLTF, its purpose, topics and issue areas it addresses, and the cybersecurity resources the CLTF has created for attorneys and law firms (which are free and applicable to many other organizations). We also discuss recent Resolutions that CLTF has put forward for adoption by the ABA, including is AI Resolution. Links to CLTF resources are provided on the ADCG website for this episode.

This episode features Cory Simpson, Founder & CEO of Gray Space Strategies Inc., who discusses the relationship between privacy, cybersecurity, and national security. He draws upon his experience as Senior Director and lead for the U.S. Cyberspace Solarium Commission and discusses whether the U.S. Government and private sector are prepared for conflict involving critical infrastructure. Cory also describes how national security has evolved over the past several decades and looks at how some privacy protections in the American Data Privacy & Protection Act may be important national security considerations.

In this podcast episode, host Jody Westby discusses the impact that privacy, cybersecurity, and governance issues are having on businesses with ADCG’s new leaders, Patrick J. Kennedy, Jr. and Dub Sutherland of Kennedy Sutherland LLP. We discuss proposed federal of these issues are also covered. Patrick Kennedy and Dub Sutherland are lawyers with an entrepreneurial perspective who take a macro level view of the business challenges associated with current privacy laws, a looming cyber threat environment, and a lack of cyber governance by many boards and C-suites.

*****

Contact us:

Jerry Buckley | jbuckley@buckleyfirm.com

Jody Westby | westby@globalcyberrisk.com

ADCG | info@adcg.org

In this week's episode, we're joined by Jurgen Van Staden, Associate General Counsel for Privacy and Technology at Verizon Media, to discuss the complexities and trade-offs involved in the various types of data used by businesses and the pros and cons of national legislation.

Contact us:

Jerry Buckley | jbuckley@buckleyfirm.com

Jody Westby | westby@globalcyberrisk.com

ADCG | info@adcg.org

This week we are joined by Jeff Jockisch, Data Privacy Researcher and founder of PrivacyPlan. We discuss the Data Collaboration Alliance, the concept of “zero copy integration,” data ownership, and the "Privacy Brain” that Jeff and others have under development. We also weave in a discussion of the recent Ninth Circuit opinion in HiQ v. LinkedIn and the impact that case could have on privacy and copying of data.

This week we are joined by Violet Sullivan, Vice President of Client Engagement for Redpoint Cybersecurity, and incident response expert. Violet discusses how incident response has changed over the past five years, how ransomware has changed IR plans and how companies respond to attacks, and how cyber insurance has pushed revisions to incident response. We also discuss the role incident response plays in litigation management, and what companies can do to improve their response and reduce risk.

*****

Contact us:

Jerry Buckley | jbuckley@buckleyfirm.com

Jody Westby | westby@globalcyberrisk.com

ADCG | info@adcg.org

*****

Contact us:

Jerry Buckley | jbuckley@buckleyfirm.com

Jody Westby | westby@globalcyberrisk.com

ADCG | info@adcg.org

This week, we're joined by Michael Robinson, Chairman & CEO of The Montgomery Strategies Group. We explore the new SEC cybersecurity requirements from the communications, brand, and regulatory management perspective and more.

This episode features Scott Giordano, former vice president and general counsel for Spirion who has more than 25 years of legal, technology, and risk management expertise and was one of the first attorneys to jump into artificial intelligence. We will discuss the implications of AI for privacy and information security, current US state laws, the EU AI Act, and what companies can do to prepare for “AI everywhere.” Scott also discusses the recent “Career Essentials in Generative AI” course he took, which is offered by Microsoft and LinkedIn.

This week we have Violet Sullivan, Vice President of Client Development for Redpoint Cybersecurity, as our guest to discuss incident response, gaps that are costly, using external resources, bottlenecks that can take time, interacting with vendors, and successful approaches to tabletops. Violet also serves as a professor of Cybersecurity & Privacy Law for Baylor Law School’s LLM program where she focuses on litigation management. On the podcast, she offers tips on incident response that can help organizations manage future litigation related to the incident.

Cory Simpson is the Managing Director for Cybersecurity and Privacy at Ankura Consulting Group LLC. He has had a distinguished career as a U.S. Army officer, a federal prosecutor, and a national security law practitioner. He served as Senior Director and lead for the U.S. Cyberspace Solarium Commission, charged with developing a comprehensive strategy to protect the United States from cyberattacks. He continues to be engaged in discussions following up on the issuance of the Commission's recommendations.

*****

Contact us:
Jerry Buckley | jbuckley@buckleyfirm.com
Jody Westby | westby@globalcyberrisk.com
ADCG | info@adcg.org

Contact us:

Jerry Buckley | jbuckley@buckleyfirm.com

Jody Westby | westby@globalcyberrisk.com

ADCG | info@adcg.org

This episode features Dr. Peter Trim, a Reader in Marketing and Security Management at the University of London’s Birkbeck Business School. Dr. Trim has published a dozen books, and his most recent (2023) focuses on Strategic Cyber Security Risk Management. Cybersecurity best practices began in the UK with British Standard 7799, which morphed into ISO 27001/002. Dr. Trim discusses the necessity for a collective approach in cybersecurity and the need to maintain an international perspective. His work endeavors to link cyber risk management theory with practical application through use cases and simulation exercises. We explore the need for improved private sector interaction with academia and the need to integrate cybersecurity risk management content in interdisciplinary curricula.

In this episode, we are joined by Matthew Esworthy, partner at Bowie-Jensen LLP, to discuss geofence warrants and their use by law enforcement in investigating the January 6 insurrection. Geofence warrants involve court issued warrants for geolocation data from Google. These warrants were sealed and have only recently come to light through motions to suppress the evidence obtained from the geofence warrants. We explore Google’s process for responding to the 10,000 warrants it receives annually and the constitutional and legal issues swirling around them.

This week we are joined by Carlos Solari, ADCG Advisory Board Member and VP of Product for SecureG, Inc., a company developing universal security technologies for 5G, industrial IoT and other critical infrastructure.We discuss 5G availability, how an orchestrated 5G attack could occur, how to rethink the security problem with 5G, and how 5G is connected to national security.  

Data is the lifeblood of the financial services industry and personal financial data is among the most sensitive data that exists. An informal Financial Services Data Protection Working Group of national financial services trade associations has come together to respond to proposed state and federal privacy legislative proposals. Nicole Booth (Executive Vice President of Public Affairs, Notarize) and Elizabeth Young-LaBerge (Senior Regulatory Counsel, NAFCU) are playing leadership roles in Working Group. This episode will explore the data protection issues the financial services industry is grappling with at the state level and the prospects for national privacy legislation.

In this episode of ADCG on Privacy & Security podcast, host Jody Westby is joined by Sabrina Gross, regional director of strategic partners at Veridas. Sabrina has worked globally and spent 15 years working with law enforcement agencies in Europe, the Middle East, and Africa. At Veridas, Sabrina focuses on cutting-edge technologies that are used for authentication and to prevent identity fraud. We discuss the importance of having a choice of authentication options, limitations of various devices, the pros and cons of facial recognition, fingerprints, and voice as authentication methods, what companies should look for in a biometrics provider, security factors, customer preferences, and more. We drill down into the role of state privacy laws and the circumstances under which a business should consider multiple, layered verification methods.

Carlos Solari is Vice President of Product Engineering at Secure G and serves as Chairman of the Advisory Board of ADCG. After a career in military service, he served as a senior executive at the FBI and as Chief Information Officer at the White House from 2003-2005.  His private sector career includes leadership in cybersecurity at Bell Labs and CSC.

*****

Contact us:
Jerry Buckley | jbuckley@buckleyfirm.com
Jody Westby | westby@globalcyberrisk.com
ADCG | info@adcg.org

In this episode we discuss privacy rights with Tom Kemp, a Silicon Valley-based author, entrepreneur, investor, and policy advisor who helped get the CPRA adopted and is author of the California Delete Act of 2023. His forthcoming book, Containing Big Tech: How to Protect our Civil Rights, Economy, and Democracy, published by Fast Company Press, focuses on the use of AI with personal data and the concentrated power of large Big Tech companies and how this paradigm impacts our personal privacy and lives. As an angel investor, Tom also discusses the types of privacy and cybersecurity companies that he is attracted to and the need for more technical solutions that can help manage privacy compliance. Here is an additional resource for you to post. Plus his book is available on pre-order at https://www.amazon.com/Containing-Big-Tech-Protect-Democracy/dp/1639080619

Contact us:

Jerry Buckley | jbuckley@buckleyfirm.com

Jody Westby | westby@globalcyberrisk.com

ADCG | info@adcg.org

Jerry Buckley | jbuckley@buckleyfirm.com

Jody Westby | westby@globalcyberrisk.com

ADCG | info@adcg.org

This podcast episode features Mark Rasch, a renowned privacy and cybersecurity attorney, to discuss the SEC’s investigation into the SolarWinds incident and the “Wells notices” it sent to the company’s CISO and CFO. The Wells notices indicate the SEC is conducting a civil investigation of those individuals and they may be facing enforcement actions. The news sent tremors through the CISO community and brought back thoughts of Joe Sullivan’s criminal prosecution — and conviction — for the way he handled a breach while CISO at Uber. The SEC’s action is civil, but it targets certain individuals. We discuss what this means for CISOs, what they can do to protect themselves, and generally how the implementation of cyber governance programs can help protect CISOs by making cyber risk management a responsibility of all officers and directors.

This week our guest is Peter Halprin, a partner in Pasich LLP’s New York office. Peter has helped clients pursue insurance coverage for a wide range of cyber incidents. We discuss the lack of standardized applications, premium hikes no matter how good your cybersecurity program is, nation state-sponsored cyber attacks and the war exclusion clause, and regulators running rampant. Learn insights from a master in the field!

*****

Contact us:

Jerry Buckley | jbuckley@buckleyfirm.com

Jody Westby | westby@globalcyberrisk.com

ADCG | info@adcg.org

This week we are joined by Rachel Briggs and Richard Brinson from Savanti, a UK-based cybersecurity consulting entity. Richard Brinson is CEO of Savanti, has been CISO at several large corporations, including Unilever and Sainsbury’s. He was named one of the top CISOs in the world and has over 20 years of experience in the field. Rachel Briggs is an Executive Adviser to Savanti and a leading expert on security and regularly advises large multinationals and governments. She is an Associate Fellow and Chatam House and was awarded the OBE in 2014. Richard and Rachel have just authored The Future of Cyber Security Leadership Series and their first publication is “Cyber Security Leadership is Broken: Here’s how to fix it.”

Contact us:

Jerry Buckley | jbuckley@buckleyfirm.com

Jody Westby | westby@globalcyberrisk.com

ADCG | info@adcg.org

This week, hosts Jody Westby and Jerry Buckley explore the nexus between privacy and cybersecurity and how these issues may play into the national legislative response to privacy and data protection challenges. Privacy and cybersecurity are often referenced as separate issues, yet both are part of the data protection ecosystem and both may need to be the subject of legislative and regulatory focus at the national level. ***** Contact us: Jerry Buckley | jbuckley@buckleyfirm.com Jody Westby | westby@globalcyberrisk.com ADCG | info@adcg.org

Lauren Wallace, Chief Privacy Officer and General Counsel for RadarFirst, a leading tool for cyber incident management joins our host, Jody Wesby, on episode 86 of ADCG on Privacy & Cybersecurity. Building off our last podcast with Violet Sullivan, we discuss how privacy and cybersecurity incidents are converging and the difficulty large companies are having in managing the vast array of data involved in incident response, especially as it relates to U.S. and global privacy and cybersecurity compliance requirements. We also delve into the complexity of notification requirements, involving law enforcement, consumer protection agencies, attorneys general, regulators, and victims and how incident response tools can help manage the notification process and decrease notification. Lauren Wallace is a digital privacy subject matter expert, working at the intersection of technology and data subject rights. A senior privacy and technology counsel, Lauren has significant real-world experience in enterprise technology transactions, data protection, partnerships, and product.

This week we are joined by Mark Rasch, Adjunct Professor at George Washington University Law School and former DOJ prosecutor of cybercrimes, to discuss the DOJ's recent change to its policy for charging good faith security research cases under the Computer Fraud and Abuse Act. We explore the types of actions that fall within the new policy and those that do not and linkages to the Register of Copyrights definition of “good faith research.” In addition, the episode weaves in a discussion of the recent Ninth Circuit opinion in HiQ v. LinkedIn and Supreme Court decision in Van Buren v. U.S.

On this episode, we are joined by David Cotney, Senior Advisor at FS Vector and former Massachusetts Banking Commissioner, who shares some ideas about how the Federal Financial Institutions Examination Council (FFIEC) could play a role in shaping national privacy policy by publishing privacy guidance for banks similar to the FFIEC's Cybersecurity Guidance. He also reflects on how a compromise on the tricky issue of preemption in privacy legislation might be achieved by looking to experience with the Fair Credit Reporting Act. Cotney, who currently advises fintech companies and other financial services providers, has held leadership positions in the world of financial regulation, serving as Massachusetts Banking Commissioner, Chairman of the Conference of State Bank Supervisors, and as a participant in the FFIEC. This week, we also discuss his thoughts on how to assign responsibility for privacy regulation among various federal agencies that each have some claim on jurisdiction, particularly referencing the appropriate responsibilities of bank regulators.

Contact us:

Jerry Buckley | jbuckley@buckleyfirm.com

Jody Westby | westby@globalcyberrisk.com

ADCG | info@adcg.org

This week’s episode of ADCG’s Privacy & Cybersecurity Podcast features a discussion with Jeff Jockisch about his new company, Avantis Privacy, which specializes in data deletion services. Jeff is a renowned privacy researcher, the CEO of PrivacyPlan and CPO of Avantis Privacy. In this episode, we discuss the daunting prospect of managing one’s personal data, data brokers and what they do, and the process of requesting personal be deleted. Jeff discusses the approach taken by Avantis Privacy and offers thoughts on anonymization and what is driving this type of service.

*****

Contact us:

Jerry Buckley | jbuckley@buckleyfirm.com

Jody Westby | westby@globalcyberrisk.com

ADCG | info@adcg.org

This week we are joined by Leslie Lamb, Director of Global Risk Management for Flex, Inc. and former Head of Global Risk & Resiliency Management for Cisco. We discuss the current cyber insurance market, getting boards and C-suites engaged, working across the organization and with CISOs and CPOs, and developing a cyber resiliency plan.

This podcast will explore:

• What would national legislation look like?  On what principles would it be based?
• What are the arguments for and against a preemptive national standard?
• What federal agency or agencies should  be charged with implementing a national privacy law?
• What role would be left to the states if a national policy were to be adopted?
• How is congressional debate likely to unfold?
• What role will the executive branch play in this debate?
• Will the United States, where the digital economy was born, cede leadership on data protection regulation to other countries?
• How would a U.S. national privacy law relate to the EU General Data Protection Regulation (GDPR)?
• What domestic and international competitive issues are in play?

All points of view, pro and con, will be heard on these podcasts.

Show Notes:

Visit our website for more information: adcg.org
Visit our resource page for new and other information: adcg.org/news-resources/
Follow us on our social media platforms for updates:
- Twitter
- LinkedIn
- Facebook

Don't forget to review the podcast to help us reach out to other listeners. And also, do not forget to subscribe to get our next episode automatically.

Thanks again for listening!

Daniel J. Solove is the John Marshall Harlan Research Professor of Law at the George Washington University Law School. He is also the founder of TeachPrivacy, a privacy and cybersecurity training company.  

Professor Solove provided one of the inaugural podcasts of the ADCG series and discussed the current privacy landscape including the CCPA, the EU GDPR, and the EU Court of Justice decision invalidating the US Privacy Shield.  Against this backdrop, Prof. Solove discussed whether a federal privacy law is more likely now than in the past and, if so, what such a law might cover and how close it might get to the GDPR or the CCPA. In this discussion, Prof. Solove also discusses the American Law Institute (ALI) Principles of Data Privacy, which propose comprehensive privacy principles for legislation that are consistent with key foundations in the U.S. approach to privacy, but also better align the U.S. with the EU.  The Principles will likely be influential in future policy discussions, especially with respect to notice and choice.  Finally, the podcast explores with Prof. Solove potential stumbling blocks that are likely to be encountered in discussions regarding a federal privacy law.

This week our guest is Sam DeNormandie, Senior Account Director with Silver Sky Security, a Managed Detection and Response (MDR) firm primarily servicing the small and mid-sized business (SMB) market. Sam is a seasoned cybersecurity expert with experience at Cylance, Blackberry, and Cyvatar and understands the security needs of the small to mid-sized business. This episode discusses the challenges faced by SMBs, in part due to the difficulty they have in hiring the people they need and managing the vulnerabilities they face. The MDR industry is growing at CAGR 18.1% and is expected to be $22B by 2030. What does that growth mean for MSSPs? Join us for this episode and learn how companies are struggling to keep pace with the threat environment and how MDRs are filling a void.

We're joined again by Georgia Tech Professor and Alston & Bird LLP Senior Counsel Peter Swire to discuss the implications of the Schrems II decision by the Court of Justice of the European Union (CJEU) and its interpretation and implementation by the European Data Protection Board (EDPB). Prof. Swire talks about the potential consequences of the CJEU’s opinion and the strict interpretation by the EDPB in its draft guidance. One such consequence could be data localization in Europe and elsewhere and negative implications for commerce. Prof. Swire, who serves on the board of the Cross-Border Data Forum, notes the need to resolve the issue of U.S. government surveillance and access to personal data of persons covered by the EU’s GDPR. We also go over the importance of enactment of a U.S. national data protection law to give U.S. negotiators more credibility with their counterparts in the EU and more confidence in the importance the U.S places on individual privacy, and cover Prof. Swire’s comprehensive testimony on these issues before the Senate Commerce Committee in December 2020.

In this episode, two incredible guests discuss Cyber Command, its role and jurisdiction, and what it can do in cyber conflict situations and how it may help the private sector when under nation state attacks. Gary Corn is director of the Technology, Law & Security Program at American University’s Washington College of Law and former career military with his last position as the Staff Judge Advocate (General Counsel) to U.S. Cyber Command. Jamil N. Jaffer is the Founder and Executive Director of the National Security Institute, and an Assistant Professor of Law and Director of the National Security Law & Policy Program and the nation’s first Cyber, Intelligence, and National Security LLM at the Antonin Scalia Law School at George Mason University. Jamil is also affiliated with Stanford University’s Center for International Security and Cooperation and served on the leadership teams of the Senate Foreign Relations Committee as Chief Counsel and Senior Advisor and as Senior Counsel to the House Permanent Select Committee on Intelligence.

*****

Contact us:

Jerry Buckley | jbuckley@buckleyfirm.com

Jody Westby | westby@globalcyberrisk.com

ADCG | info@adcg.org