Defining “Reasonable Security” Standards: Understanding Current Cybersecurity Threats, Data Transfers Rules, and AI Compliance with Data Privacy Laws

Rachel V. Rose | Rachel V. Rose – Attorney at Law, PLLC

Rachel V. Rose, JD, MBA is a Principal with Rachel V. Rose – Attorney at Law, P.L.L.C. (Houston, TX)

Ms. Rose has a unique background, having worked in many different facets of healthcare, securities, cybersecurity, as well as international law and business throughout her career. For nearly a decade, her practice has focused transactional, compliance, and litigation matters related to cybersecurity, health care, securities, and Dodd-Frank/False Claims Act whistleblower claims. Ms. Rose worked on Capitol Hill when HIPAA passed in 1996 and worked at HHS in 2009 when the HITECH Act was being implemented.

In addition to being extensively published and a sought-after presenter and quoted expert, Ms. Rose holds an MBA with minors in healthcare and entrepreneurship from Vanderbilt University, and a law degree from Stetson University College of Law, where she graduated with various honors, including the National Scribes Award and The William F. Blews Pro Bono Service Award.

Ms. Rose is licensed in Texas and is a Fellow of the Federal Bar Association. Currently, she is the Chair of the Federal Bar Association’s Government Relations Committee, a board member of the Federal Bar Association’s Qui Tam Section, the co-editor of the American Health Lawyers Association’s Enterprise Risk Management Handbook for Healthcare Entities (2nd Edition), as well as a co-author of the ABA’s books The ABCs of ACOs and What Are International HIPAA Considerations?

She has been named consecutively to the Texas Bar College, the National Women Trial Lawyers Association’s Top 25, Houstonia Magazine’s Top Lawyers (healthcare), the National Trial Lawyers Association’s Top 100, as well as 1st Healthcare Compliance’s 2019 Top Presenter. Ms. Rose is also an Affiliated Member with the Baylor College of Medicine’s Center for Medical Ethics and Health Policy, where she teaches bioethics.

Federal Court Admissions: Supreme Court of the United States, CO, DC, SDTX, NDTX, EDTX and WDTX.

Maeve Malik | Hunton Andrews Kurth LLP

Maeve’s practice focuses on privacy and cybersecurity law. Maeve regularly advises clients across various industry sectors on developing or enhancing existing global privacy compliance and records management programs to help manage privacy risks. She also has extensive experience advising clients on cybersecurity incident response, including for several large-scale, high-profile cybersecurity incidents. In addition, Maeve regularly assists clients with proactive cyber incident readiness activities, such as tabletop exercises and incident response procedures.

Maeve is a co-chair of the firm’s veteran’s pro bono program and serves on the pro bono committee of Hunton Andrews Kurth’s New York office. Her active pro bono practice includes providing legal services to veterans, focusing on recovering disability benefits for physical and mental conditions incurred in military service. In addition, Maeve has represented undocumented children in immigration court matters, and has volunteered with the New York City Bar Justice Center’s Legal Clinic for the Homeless, advocating for clients facing denials and reductions of public benefits.

Dhara Shah | InfoLawGroup LLP

Dhara joined InfoLawGroup in 2022 from Sheppard Mullin LLP’s data privacy team. Dhara focuses her practice on data privacy and emerging technology law, with an emphasis on comprehensive data privacy laws and AI, including state-specific laws and international laws including the EU AI Act and the GDPR. Dhara’s proficiency with a wide range of programming languages allows her to engage with clients’ in-house legal and operational teams to identify and handle the legal aspects of highly technical issues – while simultaneously meeting business objectives and protecting consumer privacy interests. She is the lead of the International Association of Privacy Professionals (“IAPP”) AI Governance Affinity Group, a working group member of the EU AI Act Code of Practice, and is a certified Artificial Intelligence Governance Professional (AIGP). She also publishes a daily column, AI Governance, which you can find here: https://www.linkedin.com/newsletters/7293773682009640960/.

Julia B. Jacobson | Squire Patton Boggs

Julia B. Jacobson is a partner in the Data Privacy, Cybersecurity & Digital Assets Practice. Julia offers practical and tactical counsel on privacy and cybersecurity compliance strategies, data breach response, technology transactions and marketing initiatives for national and multinational organizations.

A significant portion of Julia’s practice is devoted to advising clients on an array of privacy, cybersecurity, data breach and data governance matters. She assists clients with the design and development of privacy-sensitive policies for the collection and use of personal data. Julia regularly advises businesses on the privacy and cybersecurity aspects of environmental, social and governance (ESG) programs, ethical data use, machine learning and artificial intelligence, vendor contracting and management and business sales, combinations and acquisitions. She has helped her clients design, develop and implement compliance programs to meet the challenges of the evolving privacy and cybersecurity law landscape, including the California Consumer Privacy Act and other US state privacy and cybersecurity laws, the EU’s General Data Protection Regulation, the UK Data Protection Act 2018, cross-border personal data transfers and New York Department of Financial Services Cybersecurity Regulations, as well as to align with industry standards, including the National Institute of Standards and Technology (NIST) cybersecurity and privacy frameworks, and ESG standards and frameworks. Julia also serves as the data breach coach for several national and international clients.

Julia helps clients maximize the value of their strategic relationships by drafting and negotiating a wide range of commercial contracts, particularly technology-centric agreements and the deployment of machine learning and artificial intelligence. For both product and service providers and users, she structures and negotiates contracts and develops customized template agreements and tools for vendor screening and assessments.

Julia’s practice spans a wide array of issues associated with consumer marketing and promotional campaigns. She is skilled at establishing effective compliance programs and regularly counsels clients on the risks surrounding mobile marketing and text messaging, email marketing and telemarketing, social media, and sweepstakes and contests. Her work also includes helping clients navigate the digital advertising ecosystem and deploy emerging technologies. Increasingly, her practice focuses on supporting clients in designing data practices that consider stakeholder expectations and data ethics. On behalf of brands, agencies and marketing technology providers, she routinely structures and negotiates co-branding, sponsorships, and commercial co-venture and other agreements associated with the marketing and promotion of products and services.

Session I – Managing Risks in Today’s Cybersecurity Landscape | 12:00pm – 1:00pm

• Examine the current cybersecurity threat environment
• Trends in the cybersecurity landscape
• Learn best practices for data breaches
• Notification obligations and regulatory reporting timelines
• Prepare for the inevitable by taking proactive steps to minimize risks

Break | 1:00pm – 1:10pm

Session II – Cybersecurity Expert: What Reasonable Security Looks Like and Why Breaches Still Happen | 1:10pm – 2:10pm

• Defining “reasonable security” standards
• Common causes of data breaches despite security programs
• Cyber risk assessment in transactions and vendor management

Break | 2:10pm – 2:20pm

Session III – The Sensitive Bulk Data Transfer Rules | 2:20pm – 3:20pm

• Determining when data and a data transaction are in scope for the DOJ Rule
• Evaluating covered data transactions as prohibited or restricted
• Assessing vendors and vendor contracts for covered data transactions
• Assessing and uplifting current compliance policies and procedures to meet the October 6th deadline

Break | 3:20pm – 3:30pm

Session IV – Operationalizing AI Laws: Governance, Privacy, and Enforcement Trends for In-House Teams | 3:30pm – 4:30pm

• How AI laws translate into internal AI governance requirements
• Privacy compliance as the foundation for AI governance programs
• Enforcement hotspots and early signals from regulators
• Common governance failure modes regulators are targeting
• Practical compliance steps for tracking laws and implementing controls in large organizations