Successfully reported this slideshow.

Introduction to US Privacy and Data Security: Regulations and Requirements (Series: Cybersecurity & Data Privacy)

1

Share

1 of 45
1 of 45

Introduction to US Privacy and Data Security: Regulations and Requirements (Series: Cybersecurity & Data Privacy)

1

Share

There is no federal law governing privacy and data security applicable to all US citizens. Rather, individual states and regulatory agencies have created a patchwork of protections that may overlap in certain industries.

This webinar provides an overview of the many privacy and data security laws and regulations which may impact your business, from the state law protecting personal information to regulations covering the financial services industry to state breach notification laws.

To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/us-privacy-and-data-security-regulations-2019/

There is no federal law governing privacy and data security applicable to all US citizens. Rather, individual states and regulatory agencies have created a patchwork of protections that may overlap in certain industries.

This webinar provides an overview of the many privacy and data security laws and regulations which may impact your business, from the state law protecting personal information to regulations covering the financial services industry to state breach notification laws.

To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/us-privacy-and-data-security-regulations-2019/

More Related Content

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

Introduction to US Privacy and Data Security: Regulations and Requirements (Series: Cybersecurity & Data Privacy)

  1. 1. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe 1
  2. 2. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe Practical and entertaining education for attorneys, accountants, business owners and executives, and investors. 2
  3. 3. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe DISCLAIMER The material in this webinar is for informational purposes only. It should not be considered legal, financial or other professional advice. You should consult with an attorney or other appropriate professional to determine what may be best for your individual needs. While Financial Poise™ takes reasonable steps to ensure the information it publishes is accurate, Financial Poise™ makes no guaranty in this regard. About this PowerPoint: if you are looking at this PowerPoint without the benefit of listening to the conversation that surrounded it then you are doing yourself a disservice. This PowerPoint was prepared in contemplation of being viewed in conjunction with listening to a one hour webinar on the topic 3
  4. 4. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe MEET THE FACULTY Moderator: Kathryn Nadro – Sugar Felsenthal Grais & Helsinger LLP Panelists: Daniel Farris – K&L Gates LLP Cassandra Porter – Cognizant Technology Solutions Alexander Bilus – Saul Ewing Arnstein & Lehr, LLP 4
  5. 5. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe ABOUT THIS WEBINAR: Introduction to US Privacy and Data Security: Regulations and Requirements There is no federal law governing privacy and data security applicable to all US citizens. Rather, individual states and regulatory agencies have created a patchwork of protections that may overlap in certain industries. This webinar provides an overview of the many privacy and data security laws and regulations which may impact your business, from the state law protecting personal information to regulations covering the financial services industry to state breach notification laws. 5
  6. 6. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe ABOUT THIS SERIES: Cybersecurity & Data Privacy 2019 Data security, data privacy, and cybersecurity are critical issues for your company to consider in today’s business landscape. Data breaches from high profile companies, including law firms, generate worldwide headlines and can severely damage your business’s reputation. In certain industries, a patchwork of state and federal laws and regulations may cover your business, leading to compliance headaches. This series explores the various laws and regulations which govern businesses both in the US and abroad, as well as how to implement and enforce an information security policy to protect your company and limit any damage from a data breach. 6
  7. 7. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe EPISODES IN THIS SERIES 9/24/19 Episode #1: Introduction to US Privacy and Data Security: Regulations and Requirements 10/22/19 Episode #2: Introduction to EU General Data Protection Regulation: Planning, Implementation, and Compliance 11/19/19 Episode #3: How to Build and Implement your Company's Information Security Program 12/17/19 Episode #4: Data Breach Response: Before and After the Breach 7 Dates shown are premiere dates. All webinars will be available On Demand approximately 4 weeks after they premiere.
  8. 8. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe Episode #1: Introduction to US Privacy and Data Security: Regulations and Requirements 8
  9. 9. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe WHAT IS DATA SECURITY? a. Confidentiality, availability, and integrity of data b. All the practices and processes used to protect data from being used or accessed by unauthorized individuals c. How a company safeguards the data it collects and uses from threats 9
  10. 10. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe WHAT IS DATA PRIVACY? a. The appropriate use of data, including the use of data according to agreed purposes b. How a company uses the data that it has collected 10
  11. 11. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe WHAT IS PERSONAL INFORMATION? a. “personally identifiable information” sometimes called “PII” i. Can be linked to a specific individual ii. Name, email, full postal address, birth date, SSN, driver’s license number, account numbers b. “non-personally identifiable information” i. Cannot by itself be used to identify a specific individual ii. Aggregate data, zip code, area code, city, state, gender, age 11
  12. 12. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe WHAT IS PERSONAL INFORMATION? (CON’T) c. Gray area – “anonymized” data i. Non-PII that, when linked with other data, can effectively identify a person ii. Geolocation data iii. Site history and viewing patterns from IP address iv. Note: recent rollback of privacy regulation with the FCC? 12
  13. 13. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe WHY DO WE NEED TO PROTECT IT? a. Data is a corporate asset b. Corporate data is at a higher risk of theft or misuse than ever before c. Consumers now expect companies to take initiative to protect both security and privacy 13
  14. 14. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe WHAT MUST COMPANIES DO TO PROTECT IT? a. Compliance with state, local, federal laws and regulations i. Patchwork of laws developed by sector ii. Contrast to Europe, which has a centralized, uniform law iii. Makes it difficult to comply when multiple, possibly inconsistent laws apply b. Contracts with third parties 14
  15. 15. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe WHAT MUST COMPANIES DO TO PROTECT IT? (CON’T) c. Privacy policies for website users i. Don’t need one if: website is static, is purely B2B, and collects no PII from consumers ii. Should cover: 1. Actual practices for PII and information that reasonably could be associated with a person or device, regarding collection, storage, use, and sharing of info iii. Be aware of: financial information, medical information, children’s information d. Privacy audits: i. Run them periodically to review and assess policies and practice for data 15
  16. 16. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe WHAT MUST COMPANIES DO TO PROTECT IT? (CON’T) a. Your company may have more PII than you are aware of i. For example, if your company gives out commercial loans, it must comply with GLB ii. BUT: if you also take guarantees, then you have personal information such as account information, possibly life insurance information, mortgage information, etc. that must be secured iii. Have to think more creatively about what types of information you might be collecting 1. Credit card payments – have to secure that information 16
  17. 17. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe CALIFORNIA CONSUMER PRIVACY ACT a. Effective January 1, 2020, companies will have to observe restrictions on data monetization business models, accommodate rights to access, deletion, and porting of personal data, and update privacy policies b. “Consumers” (defined as natural persons who are California residents) have the right to know what personal information a business has collected about them and what it is used for, the right to opt out of allowing a business to sell their personal information to third parties, the right to have a business delete personal information, and the right to receive equal servicing and pricing from a business even if they exercise their privacy rights under the Act. 17
  18. 18. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe CALIFORNIA CONSUMER PRIVACY ACT (CON’T) c. “personal information” is “any information that…relates to…a particular consumer or household” i. Information about a household may include information like utility bills or pricing d. Companies must comply if they receive personal data from California residents and they or their parent company or a subsidiary exceed (a) annual gross revenues of $25 million, (b) obtains personal information of 50,000 or more California residents, households or devices annually, or (c) 50 percent or more annual revenue from selling California residents’ personal information. 18
  19. 19. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe CALIFORNIA CONSUMER PRIVACY ACT (CON’T) e. The Act provides a private right of action that allows consumers to seek, either individually or as a class, statutory or actual damages and injunctive relief, if their sensitive personal information is subject to unauthorized access and exfiltration, theft or disclosure as a result of a business’s failure to implement and maintain reasonable security measures i. Statutory damages can be between $100 and $750 per California resident per incident, or actual damages, whichever is greater 19
  20. 20. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe MASSACHUSETTS STANDARDS – 201 C.M.R. 17 a. 2010 law – most protective privacy law in the US at that time b. Requires every business that licenses or owns personal information of Massachusetts residents to comply with the minimum security standards set forth in the regulation c. Considered the gold standard d. Require, when technically feasible, the encryption of personal information stored on portable devices and personal information transmitted across public networks or wirelessly 20
  21. 21. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe MASSACHUSETTS STANDARDS – 201 C.M.R. 17 (CON’T) e. Requires any natural person or entity that owns or licenses information of a Mass. Resident to implement a written information security program (“WISP”) with appropriate administrative, technical, and physical safeguards i. Standards must be consistent with those set forth in state and federal regulations to which a business is subject, including data breach notification laws, HIPAA, and the Gramm-Leach-Bliley Act 21
  22. 22. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe MASSACHUSETTS STANDARDS – 201 C.M.R. 17 (CON’T) f. “personal information” – “a Massachusetts resident’s first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to such resident: (a) Social Security number; (b) driver’s license number or state-issued identification card number; or (c) financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a resident’s financial account.” 22
  23. 23. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe GRAMM-LEACH-BLILEY a. Overseen by the FTC i. Requires financial institutions (companies that offer consumers financial products or services like loans, financial or investment advice, or insurance) – to explain their information-sharing practices to their customers and to safeguard sensitive data. b. The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to provide notice of their privacy policies and practices to their customers, and prohibits financial institutions from disclosing non-public personal information about a consumer to non-affiliated third parties, unless the institutions provide certain information to the consumer and the consumer has not elected to opt out. 23
  24. 24. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe GRAMM-LEACH-BLILEY (CON’T) c. The GLBA also requires financial institutions to protect the security and confidentiality of their customers’ non-public personal information. d. Regulators (e.g., the Securities and Exchange Commission, the Office of the Comptroller of the Currency, the Federal Reserve and the Commodity Futures Trading Commission) have promulgated rules under the GLBA. 24
  25. 25. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe HIPAA a. The Health Insurance Portability and Accountability Act (HIPAA) regulates medical information. b. HIPAA Privacy Rule: i. Requires appropriate safeguards to protect the privacy of “protected health information” (PHI). ii. Sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. c. Gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections. 25
  26. 26. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe HIPAA (CON’T) d. HIPAA Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of “electronic protected health information” (ePHI). e. Privacy Rule and Security Rule are primarily enforced by the U.S. Department of Health & Human Services Office for Civil Rights. 26
  27. 27. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe COPPA a. Children’s Online Privacy Protection Act (administered by the FTC) i. Requires parental consent for the collection or use of any personal data for a child under 13 years old ii. Requires posting of a privacy policy on the website iii. Site operators must permit parental review of any data stored on their child iv. Parents are permitted to delete, but not otherwise alter, their child’s data 27
  28. 28. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe FTC ACT a. Section 5(a) of the FTC Act prohibits “unfair methods of competition in or affecting commerce, and unfair or deceptive acts or practices in or affecting commerce.” b. Under Section 5(n) of FTC Act, the Federal Trade Commission (FTC) may prohibit an act or practice on the grounds that it is “unfair,” if it causes (or is likely to cause) substantial injury to consumers that is: i. Not reasonably avoidable by consumers themselves and ii. Not outweighed by countervailing benefits to consumers or to competition. 28
  29. 29. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe FTC ACT (CON’T) c. “unfair” if: a practice causes or is likely to cause substantial injury to consumers, cannot be reasonably avoided by consumers, and it is not outweighed by countervailing benefits to consumers or to competition d. “deceptive” if: practice misleads, or is likely to mislead, consumers, consumers’ interpretation of it is reasonable under circumstances, and it is material i. Examples of deceptive: violating published privacy policies, downloading spyware or adware onto unsuspecting users’ computers, failing to verify identity of persons to whom confidential consumer information was disclosed ii. Examples of unfair: failing to implement reasonable safeguards to protect privacy of consumer information 29
  30. 30. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe FTC ACT (CON’T) e. FTC is the main federal regulator in charge of policing privacy and cybersecurity practices among U.S. companies generally. f. FTC pursues cases against companies for “unfair” or “deceptive” practices, where the company allegedly had inadequate cybersecurity practices, or overstated how comprehensive their privacy and cybersecurity practices were. g. Consent decrees and settlements often result in monetary damages, and requirements that companies establish rigorous privacy and data security practices (which would be overseen by the FTC). 30
  31. 31. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe CAN-SPAM ACT a. The Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM Act) regulates emails that companies send for primarily commercial purposes (e.g., advertisements). b. Bans false or misleading header information and prohibits deceptive subject lines. c. Requires that unsolicited commercial email be identified as advertising and allow recipients to opt out of receiving future emails. d. FTC enforces the CAN-SPAM Act. 31
  32. 32. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe THE TELEPHONE CONSUMER PROTECTION ACT (TCPA) a. Restricts the making of telemarketing calls and the use of automatic telephone dialing systems and artificial or pre-recorded voice messages. b. TCPA creates a private right of action for consumers, and has been a source of significant class action activity. c. Federal Communications Commission (FCC) and state attorneys general enforce the TCPA. 32
  33. 33. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe THE FAIR CREDIT REPORTING ACT (AS AMENDED BY THE FAIR AND ACCURATE CREDIT TRANSACTIONS ACT) APPLIES TO: a. Consumer reporting agencies (e.g., Equifax, Experian and TransUnion); b. Companies that use consumer reports (e.g., lenders); and c. Companies that provide consumer reporting information (e.g., credit card companies). 33
  34. 34. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe STATE LEVEL DATA BREACH LAWS a. All 50 states, the District of Columbia, and some U.S. territories have their own data breach notification laws b. These laws generally require notification of affected individuals and regulators when a company suffers a breach of the security of an individual’s personally identifiable information (PII). c. If a company suffers a data breach involving the PII of customers or employees who are resident in multiple states, it will need to comply with each applicable state’s laws. 34
  35. 35. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe WHAT IS A DATA BREACH? (THAT MAY TRIGGER STATE NOTIFICATION LAWS) a. Unauthorized acquisition of PII that compromises the security, confidentiality or integrity of PII… i. That results or could result in identity theft or fraud (OH) ii. Unless PII is not used or subject to further unauthorized disclosure (NE) iii. Unless no misuse of PII has occurred or is not reasonably likely to occur (NJ) iv. Unless no reasonable likelihood of harm to consumer whose PII was acquired has resulted or will result (CT) 35
  36. 36. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe WHAT IS A DATA BREACH? (THAT MAY TRIGGER STATE NOTIFICATION LAWS) (CON’T) b. Unauthorized acquisition of PII that compromises the security, confidentiality or integrity of PII… i. That has caused or is likely to cause loss or injury to resident (MI) ii. That causes or is reasonably likely to cause substantial economic loss to the individual (AZ) iii. Unless no reasonable likelihood of financial harm to consumer whose PII was acquired has resulted or will result (IA) 36
  37. 37. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe WHY WE SHOULD BE CAREFUL WITH THE WORD “BREACH” a. Using “breach” to describe a data-privacy related incident assumes the incident meets the definition of a security breach which triggers various notification requirements b. An “incident” does not always rise to the level of “breach” (i.e., encryption safe harbor) c. “Incident” is better received by the public than “breach” 37
  38. 38. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe BREACH NOTIFICATION LAWS a. State laws differ with respect to: i. Deadline for notifying (14, 30, 45 days; reasonable time) ii. Notification to Attorney General iii. Notification to other State agencies iv. Including Attorney General contact information v. Substitute notice (email, website, media) vi. Specific facts of incident and type of PII compromised vii. Maintaining records of incident (for 3-5 years) viii. Countries also differ with notice requirements 38
  39. 39. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe ABOUT THE FACULTY 39
  40. 40. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe Kathryn Nadro– knadro@sfgh.com Kathryn (“Katie”) Nadro advises clients on a diverse array of business matters, including commercial and business disputes, employment issues, and data security and privacy compliance. Katie works with individuals and businesses of all sizes to craft successful resolutions tailored to each individual matter. Katie has broad experience representing companies and individuals in contract, non-compete, discrimination, harassment, fiduciary duty, and trade secret litigation in state and federal court. With a background as both in-house and outside counsel, Katie understands that business objectives, time, and resources play an important role in reaching a favorable outcome for each client. Katie assists clients in navigating employment issues ranging from employee handbooks and FMLA policies to litigating discrimination and harassment claims, all while ensuring business needs and objectives are met. She also counsels clients on data security and privacy issues, including policy drafting and compliance with state, federal, and international law. 40
  41. 41. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe Daniel Farris – Daniel.Farris@KLGates.com Daniel is Chair of the firm’s Technology Group, and focuses his practice on technology, privacy, data security, and infrastructure matters. Daniel understands how technology enables a company’s operations and creates competitive advantage, and he appreciates the central role data plays in driving strategic decision-making. His practice is founded upon understanding how technology can strengthen and expand upon the core missions of his clients’ businesses. Daniel is a trusted adviser to technology and telecommunication companies, healthcare providers, financial institutions, national retail and apparel companies, and manufacturing clients, as well as startup, embryonic and emerging growth companies. As a former software engineer and network administrator, Daniel brings real-world experience to bear in counseling on a wide range of issues, including fiber optic networking, cloud computing, mobile app development, information management, privacy, and data security. He also regularly advises and represents clients on “traditional” intellectual property matters, including patent protection and enforcement, inbound/outbound licensing, trademark prosecution, brand extension, digital rights management, and large transactions, such as mergers and acquisitions. Daniel has experience in four primary areas: Technology Transactions, Privacy & Data Security, Data Center & Infrastructure, and Intellectual Property and Corporate. Before joining Fox Rothschild, Daniel was a shareholder at an Am Law 100 firm, where he co-chaired the Data Center & Infrastructure and Data Privacy & Security teams and served on the Startup Ventures team. Daniel previously worked as an associate in the Chicago offices of two international law firms. Daniel is a former software engineer and network administrator in telecommunications. 41
  42. 42. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe Cassandra Porter – Cassandra.Porter@cognizant.com Cassandra M. Porter is the Americas/APAC data privacy lead attorney for a Fortune 100 Tech company working to transform clients’ businesses, operations and technology models for the digital era. She counsels internal clients on privacy-related matters such as data collection practices, online advertising, mobile commerce, along with the development and acquisition of new technology, data incidents and management. Cassandra is a member of the inaugural class of Privacy Law Specialists, a new specialty recognized by the American Bar Association, and a Fellow of Information Privacy by the International Association of Privacy Professionals (IAPP). Her IAPP credentials as a Certified Information Privacy Professional and Certified Information Privacy Manager designate her as thought leader in the field. She is a former co-chair of the IAPP’s New Jersey Chapter and member of the Bankruptcy Lawyers Advisory Committee for the District of New Jersey. As a member of the United States Trustee’s Consumer Privacy Ombudsman (CPO) panel, she served as the CPO in the Golfsmith International chapter 11 cases. Previously she was counsel at Lowenstein Sandler LLP where, in addition to assisting clients with data privacy-related issues, she also regularly represented debtors in possession and creditors in chapter 11 matters along with indigents in chapter 7 proceedings in association with the Volunteer Lawyers for Justice. Prior to joining Lowenstein, she clerked for the Honorable Cecelia Morris, United States Bankruptcy Judge for the Southern District of New York and was the Assistant Managing Attorney at Kaye Scholer LLP. Before practicing law, she built a foundation for her career in data privacy as a senior reference librarian and acquired a master’s degree from Pratt Institute. Cassandra obtained her law degree from Brooklyn Law School and a certificate in Pharmaceutical & Medical Device Law from Seton Hall University Law School. To read more, go to https://www.financialpoise.com/financialpoisewebinars/faculty/cassandra-m-porter/ 42
  43. 43. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe Alexander Bilus – alexander.bilus@saul.com Alexander (Sandy) R. Bilus assists clients who are facing complex commercial litigation or who need legal advice on issues involving cybersecurity and data privacy, particularly in the higher education and financial services industries. Sandy’s litigation experience includes arguing cases before the U.S. Court of Appeals for the Third Circuit and assisting with cases before the U.S. Supreme Court and the Supreme Court of Pennsylvania. His cybersecurity and data privacy experience includes responding to potential data breaches and providing advice on compliance with the European Union’s General Data Protection Regulation (GDPR). The International Association of Privacy Professionals recognizes Sandy as a Certified Information Privacy Professional (CIPP/US). Sandy’s work for institutions of higher education includes providing advice and conducting internal investigations connected to their compliance concerns, as well as responding to private lawsuits and government enforcement activity. He also counsels colleges and universities on cybersecurity and data privacy matters. Because of the depth of his experience representing higher education institutions, he understands the unique challenges that this industry faces in planning for cyber-attacks and data breaches, to managing these crises, to proceeding after one or both occur. Sandy also advises clients on First Amendment and defamation matters. Through his work with the American Civil Liberties Union of Pennsylvania, Sandy has represented clients bringing First Amendment and other constitutional claims. He also represented on a pro bono basis a group of same-sex couples who brought a constitutional challenge to Pennsylvania’s ban on same-sex marriage. Before joining Saul Ewing Arnstein & Lehr, he practiced for six years at an international law firm in Philadelphia and worked as a law clerk for two federal judges. 43
  44. 44. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe QUESTIONS OR COMMENTS? If you have any questions about this webinar that you did not get to ask during the live premiere, or if you are watching this webinar On Demand, please do not hesitate to email us at info@financialpoise.com with any questions or comments you may have. Please include the name of the webinar in your email and we will do our best to provide a timely response. IMPORTANT NOTE: The material in this presentation is for general educational purposes only. It has been prepared primarily for attorneys and accountants for use in the pursuit of their continuing legal education and continuing professional education. 44
  45. 45. Copyright © 2019 by DailyDAC, LLC d/b/a Financial Poise Webinars™ Receive our free weekly newsletter at www.financialpoise.com/subscribe ABOUT FINANCIAL POISE DailyDAC LLC, d/b/a Financial Poise™ provides continuing education to attorneys, accountants, business owners and executives, and investors. Its websites, webinars, and books provide Plain English, entertaining, explanations about legal, financial, and other subjects of interest to these audiences. Visit us at www.financialpoise.com. 45 Our free weekly newsletter, Financial Poise Weekly, educates readers about business, business law, finance, and investing. To receive it simply add yourself by going to: https://www.financialpoise.com/newsletter/ Email addresses are never sold to or shared with third parties.

×