Cybersecurity, Privacy and Data Security from a Business Lawyer's Perspective

The presentation includes a discussion of data breach cases and the takeaways from these cases, i.e., that no companies (large, medium or small) are immune from liability. I discuss the potential impact of a data breach on a business and the steps that businesses can take to protect themselves along the timeline of a breach (i.e, before, during and after.) I discuss the FTC's role in the regulation and enforcement of actions related to data security and data breaches, and talk about the commercially reasonable standard that the FTC applies to determine liability, what that standard means from a legal perspective, and how it relates to data security measures and cyber insurance. I present examples of practices that the FTC has found to be commercially unreasonable and discuss what security experts have deemed to be some of the best practices when it comes to data security. I also discuss businesses' liability for their vendor's data breaches, cyber insurance and current and future data security and privacy regulations and legislation including the GDPR and CCPA.

The objectives of the presentation are to:

1. ensure that attendees know that they are exposed to risk in the area of cybersecurity and data breaches;
2. provide them with information to minimize that risk;
3. make them aware of current and expected privacy laws and regulations; and
4. provide pragmatic, specific actionable information to help enable them to comply with their legal obligations.