Class-by-Class Schedule: Legal Issues of Cybersecurity and Data Breach Response

Legal Issues of Cybersecurity and Data Breach Response

Legal Issues of Cybersecu…

Duke Law 550

Legal Issues of Cybersecurity and Data Breach Response

Fall 2021

Class-by-Class

Course Schedule

Thursdays

2:00 - 3:50 PM EST

August 26th

Introduction

Paper Topic Discussion

Current Events

Incident Response, Law Enforcement and the Counsel as Quarterback

Materials

Yahoo’s Warning to GCs: Your Job Description Just Expanded (Big-Time), by David Fontaine and John Reed Stark (March 2017)

September 2nd

Schedule Review (Here’s Where We Are, Here’s Where You Ought to Be)

Paper Topic Discussion, Current Events

Incident Response, Law Enforcement and the Counsel as Quarterback (Continued)

Materials

Is Amazon Liable for the Capital One Hack?  (John Reed Stark, 2019)

The Equifax and SEC Data Breaches: Takeaways, Reminders & Caveats, by John Reed Stark (September 2017)

September 9th

Schedule Review (Here’s Where We Are, Here’s Where You Ought to Be)

Paper Topic Discussion, Current Events

Incident Response, Law Enforcement and the Counsel as Quarterback (Continued)

Materials

Here’s What Went Wrong for Equifax in Those First 48 hours, by John Carlin and David Newman (September, 2017)

Ensuring Best Practices in the Investigation of an Incident, by David Fagan, Ashden Fein and David Bender (March, 2016)

September 16th

Schedule Review (Here’s Where We Are, Here’s Where You Ought to Be)

Paper Topic Discussion, Current Events

Incident Response, Law Enforcement and the Counsel as Quarterback (Continued)

Materials

Ransomware's Dirty Little Secret: Most Victims Pay (John Reed Stark, 2019)

A Ransomware OFAC Due Diligence Checklist, by John Reed Stark (January, 2021)

OFAC Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments (October 2020)

September 23rd

Schedule Review (Here’s Where We Are, Here’s Where You Ought to Be)

Current Events

Incident Response, Law Enforcement and the Counsel as Quarterback (Continued)

Materials

Privilege Lessons From Clark Hill Cybersecurity Doc Ruling, by Doug Meal, Michelle visor and David Cohen (January, 2021)

Wengui v. Clark Hill Plc, Civil Action No. 2019-3195 (D.D.C. 2020)

September 30th

Schedule Review (Here’s Where We Are, Here’s Where You Ought to Be)

Current Events

Counsel as Quarterback and Data Breach Workflow (Continued)

Cyber Insurance

Financial Regulators, Law Enforcement and Data Breaches

Materials

What the Capital One Hack Means for Boards of Directors by John Reed Stark (The Harvard Law School Forum on Corporate Governance, 2019)

After a Ransomware Attack, Does Property Insurance Cover Damaged Software and Hardware? by Scott Godes (2020)

October 7th (Fall Break, No Class)

October14th

Schedule Review (Here’s Where We Are, Here’s Where You Ought to Be)

Current Events

Data Breaches, Cybersecurity and Boards of Directors

Cyber Insurance

Financial Regulators, Law Enforcement and Data Breaches

Materials

Think the SEC EDGAR Data Breach Involved Insider Trading? Think Again. By John Reed Stark (D&O Diary, Law 360) (October 2017)

October 21st

Schedule Review (Here’s Where We Are, Here’s Where You Ought to Be)

Current Events

Data Breaches, Cybersecurity and Boards of Directors

Data Breach Call (Guest: Heather Sussman, Head of Orrick's Global Cyber, Privacy & Data Innovation Practice Group)

Materials

How to Move to Remote Work and Comply with U.S. Privacy and Cybersecurity Laws (Heather Sussman, Trust Anchor Blog, 2020)

October 28th

Current Events

Complete Any Unfinished Topics

Intake from Digital Forensics Firm (Guest: Bret Padres, CEO, Crypsis)

Materials

Interview With Bret Padres, CEO – Crypsis Group (March, 2020)

November 4th

Current Events

Complete any unfinished topics

Briefing with Insurance Company (Scott Godes, Barnes & Thornburg)

Law Enforcement Briefing (Guest: Jason Smolanoff, Senior Managing Director and Global Head of Cyber Risk
Cyber Risk)

Materials

Who gets Coverage? by Scott Godes (BTLaw Cybersecurity Blog, 2017)

November 11th

Current Events

Board Briefing (Guest: (David Fontaine, Former CEO, Kroll)

Materials

Cybersecurity: The SEC’s Wake-up Call to Corporate Directors, by John Reed Stark and David Fontaine (March 2018)

November 18th

SEC/FINRA Regulatory Interphase

(Guests: John Polise, Associate Director, U.S. Securities and Exchange Commission; Cameron Funkhouser, Executive Vice President, Financial Industry Regulatory Authority)

November 25th (No Class, Thanksgiving Break)

December 12th

Vendor Briefing (Beckage Cloud Services and Triidelity) (Guest: Jennifer Beckage, Founder, Becckage PLLC)

Papers Due

Discussion of Simulation Presentations

About John Reed Stark

John Reed Stark's Profile Image John Reed Stark President of John Reed Consulting LLC. Served for 15 years as an SEC enforcement attorney leading cyber-related projects, investigations and enforcement actions; For 11 years as Founder/Chief of SEC Office of Internet Enforcement; For 15 years as Adjunct Professor at Georgetown University Law School teaching cyber law; For 10 years as a Guest Instructor at the FBI Academy; For 5+ years as Managing Director (three as head of the Washington, D.C. office) of Stroz, Friedberg, a global digital risk management firm, leading cybersecurity, incident response and digital compliance engagements for corporations. Appointed since 2017 as Senior Lecturing Fellow at Duke University Law School teaching law of cybersecurity and data breach response. Author of The Cybersecurity Due Diligence Handbook.