Legal Issues of Cybersecurity and Data Breach Response

Duke Law 550

Legal Issues of Cybersecurity and Data Breach Response

Fall 2021

Class-by-Class Course Schedule

Thursdays, 2:00 - 3:50 PM EST (Room 3000)

August 26th

Introduction

Paper Topic Discussion

Current Events

Incident Response, Law Enforcement and the Counsel as Quarterback

Materials

Yahoo’s Warning to GCs: Your Job Description Just Expanded (Big-Time), by David Fontaine and John Reed Stark (March 2017)

September 2nd

Schedule Review (Here’s Where We Are, Here’s Where You Ought to Be)

Paper Topic Discussion, Current Events

Incident Response, Law Enforcement and the Counsel as Quarterback (Continued)

Materials

The Equifax and SEC Data Breaches: Takeaways, Reminders & Caveats, by John Reed Stark (September 2017)

September 9th

Schedule Review (Here’s Where We Are, Here’s Where You Ought to Be)

Paper Topic Discussion, Current Events

Incident Response, Law Enforcement and the Counsel as Quarterback (Continued)

Materials

FinCEN Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments" U.S. Department of Treasury (October 1, 2020)

OFAC Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments (October 2020)

A Ransomware OFAC Due Diligence Checklist, by John Reed Stark (January, 2021)

Garmin Facing US Probe Over Payments To Terrorists Via Third Party After Cyber Attack (Channel News, August 5, 2020)

September 16th

Schedule Review (Here’s Where We Are, Here’s Where You Ought to Be)

Paper Topic Discussion, Current Events

Incident Response, Law Enforcement and the Counsel as Quarterback (Continued)

Materials

Data Breach Forensic Reports: Keeping a Grail Document Confidential, by John Reed Stark (July, 2020)

September 23rd

Schedule Review (Here’s Where We Are, Here’s Where You Ought to Be)

Current Events

Incident Response, Law Enforcement and the Counsel as Quarterback (Continued)

Materials

Is Amazon Liable for the Capital One Hack?  (John Reed Stark, 2019)

Capital One, Amazon Can't Escape Suit Over 2019 Data Breach Law 360 (November 2019)

September 30th

Schedule Review (Here’s Where We Are, Here’s Where You Ought to Be)

Current Events

Counsel as Quarterback and Data Breach Workflow (Continued)

Cyber Insurance

Financial Regulators, Law Enforcement and Data Breaches

Materials

What the Capital One Hack Means for Boards of Directors by John Reed Stark (The Harvard Law School Forum on Corporate Governance, 2019)

October 7th (Fall Break, No Class)

October14th

Schedule Review (Here’s Where We Are, Here’s Where You Ought to Be)

Current Events

Data Breaches, Cybersecurity and Boards of Directors

Cyber Insurance

Financial Regulators, Law Enforcement and Data Breaches

Materials

SEC "Outsider Trading"​ Enforcement: The Silence is Deafening, by John Reed Stark (October, 2018)

SEC Brings Charges in EDGAR Hacking Case (January, 2019)

Foreign National and American Trader Settle Fraud Charges in EDGAR Hacking Case, (April, 2020)

October 21st

Schedule Review (Here’s Where We Are, Here’s Where You Ought to Be)

Current Events

Data Breaches, Cybersecurity and Boards of Directors

Data Breach Call (Guest: Heather Sussman, Head of Orrick's Global Cyber, Privacy & Data Innovation Practice Group)

Materials

How to Move to Remote Work and Comply with U.S. Privacy and Cybersecurity Laws (Heather Sussman, Trust Anchor Blog, 2020)

Here’s What Went Wrong for Equifax in Those First 48 hours, by John Carlin and David Newman (September, 2017)

October 28th

Current Events

Complete Any Unfinished Topics

Intake from Digital Forensics Firm (Guest: Bret Padres, CEO, The Crypsis Group (Bought by Palo Alto Networks))

Materials

Interview With Bret Padres, CEO – Crypsis Group (March, 2020)

Don't Rush to Judgment on Election Cyber-Attack Attribution, Law 360 (October 21, 2020)

November 4th

Current Events

Complete any unfinished topics

Briefing with Insurance Company (Guest: Scott Godes, Co-Chair, Data Security & Privacy at Barnes & Thornburg)

Law Enforcement Briefing (Guest: Kimberly Kiefer Peretti, Co-Leader, Privacy, Cyber & Data Strategy Team, Alston & Bird)

Materials

After a Ransomware Attack, Does Property Insurance Cover Damaged Software and Hardware?, by Scott Godes (National Law Review, February, 2020)

November 11th

Current Events

Board Briefing (Guest: (Travis LeBlanc, Vice-Chair Cyber/Data/Privacy at Cooley)

Materials

Privilege Lessons From Clark Hill Cybersecurity Doc Ruling, by Doug Meal, Michelle Visor and David Cohen (January, 2021)

Wengui v. Clark Hill Plc, Civil Action No. 2019-3195 (D.D.C. 2020)

November 18th

SEC/FINRA Regulatory Interphase

(Guests: John Polise, Associate Director, U.S. Securities and Exchange Commission; Cameron Funkhouser, Former Executive Vice President, Financial Industry Regulatory Authority)

November 25th (No Class, Thanksgiving Break)

December 2nd

Vendor Briefing (Beckage Cloud Services and Triidelity) (Guest: Jennifer Beckage, Founder, Beckage PLLC)

Papers Due

Discussion of Simulation Presentations