Follow ACC Docket Online:  

ACC Foundation Hosts Cybersecurity Summit

O n January 31, the Association of Corporate Counsel Foundation hosted a summit on cybersecurity at the American University Washington College of Law. The event brought over 150 in-house counsel from around the country to discuss pertinent cybersecurity best practices outlined in the ACC Foundation State of Cybersecurity Report. In today’s technology-driven world, it’s no longer the question of if you will succumb to a data breach; it’s when.

The day began with breakfast and an opening plenary analyzing the contents of the report. Jinna Bulava, associate general counsel and director of corporate services at ACC, moderated a panel of distinguished cybersecurity experts as they answered questions from the audience about key takeaways and statistics. Jandria Alexander, principal director, Aerospace Corporation; Phillip Yannella, partner, Ballard Spahr LLP; and Anthony Lowe, associate general counsel, Freddie Mac, were all part of the panel.

According to the report, 31 percent of in-house counsel have experienced a data breach in the past 12 months. Twenty-four percent of in-house counsel who experienced a breach reported that employee error was to blame. When asked about these trends, Lowe underscored the importance of using data from the ACC report to shape cybersecurity practices going forward.

“I want to thank ACC for putting this out because it’s very instructive to in-house counsel. If I look at this survey and I see that the main causes of a data breach are employee error, insider trading, and phishing, then that affects my role as in-house counsel. That tells me what I need to be talking to my general counsel about,” he says.

After the discussion, guests were invited to split into smaller sessions that focused on specific cybersecurity initiatives affecting in-house counsel. In one session entitled “Anonymization and Aggregation – Big Data Meets Privacy and Security,” speakers Jim Goepel, vice president, general counsel, and chief technology officer, Clear Armor Corp.; Ari Waldman, associate professor of law, New York Law School; and Aliya Ramji, director, Figure 1, discussed the importance of protecting personal data to ensure compliance with data regulations.

Ramji pointed out that in our increasingly interconnected society, we struggle with a reasonable expectation of our own privacy. In an internet minute, 347,000 tweets are sent out, 700,000 people log into Facebook, and 21,000,000 WhatsApp and 150,000,000 emails are sent.

“This morning I came from Toronto, I got into an Uber, got to the airport, scanned my nexus card, scanned my passport, and did a retinal scan. Someone knows everything that I’ve done this morning. Do I really have an expectation of privacy anymore? While we think we’re putting our data in different buckets, we really aren’t” she explains.

Attendees took a break for lunch, where they networked with fellow in-house counsel and listened to a panel entitled “Lessons Learned from the Top – What They Know Now and Wish They Had Known Then.” Panelists K Royal, privacy counsel, Align Technology, Inc.; Angeline Chen, general counsel, Siemens Government Technologies, Inc.; Sloane Perras, chief legal officer, The Krystal Company; and Elliot Davis, general counsel, Allegheny Technologies Incorporated, provided step-by-step tips for how to prepare for a breach.  

“It’s about having that communication with your IT department. You have to build a strong relationship,” says Perras. “You want to come across as someone who is going to talk it out. They’re going to see smoke weeks or months before you do.”

Chen emphasized the importance of training staff to respond to incidents of data security. Getting caught off guard is a surefire way to fail as general counsel.

“There is nothing worse than getting a call at 2 a.m. in the morning on a holiday saying ‘we don’t know what happened,’” she exclaims.

In the afternoon, attendees participated in substantive sessions on cyber-attack damage, emerging security technologies, and post-breach law enforcement interactions. Sessions provided guests with the opportunity to engage on a more personal level with cybersecurity professionals that are experts in their field.

The event closed with a large-scale interactive exercise, in which guests were given a specific set of cybersecurity circumstances and were then asked to use skills learned form the summit to react to the breach. In-house counsel were prompted with incidents of ransomware attacks, extortion, and stolen data dumps.

“Just because you’re a victim, doesn’t mean that’s your only role. You’re in a position of having to defend your actions in the courtrooms, before regulators, and in the media. You have to be prepared,” says moderator Edward McAndrew, partner, Ballard Spahr LLP.  

The ACC Foundation Cybersecurity Summit was a huge success, providing tangible, real-world strategies for how to mitigate and respond to a data breach. If were unable to attend the summit but would like more information, please visit the ACC Foundation website for information about how to gain access to the conference digitally.

About the Author

Matthew Sullivan is an editorial coordinator at the Association of Corporate Counsel.

The information in any resource collected in this virtual library should not be construed as legal advice or legal opinion on specific facts and should not be considered representative of the views of its authors, its sponsors, and/or ACC. These resources are not intended as a definitive statement on the subject addressed. Rather, they are intended to serve as a tool providing practical advice and references for the busy in-house practitioner and other readers.