Legal Issues of Cybersecurity and Data Breach Response
Duke Law 550
Legal Issues of Cybersecurity and Data Breach Response
Fall 2021
Class-by-Class Course Schedule
Thursdays, 2:00 - 3:50 PM EST (Room 3000)
August 26th
Introduction
Paper Topic Discussion
Current Events
Incident Response, Law Enforcement and the Counsel as Quarterback
Materials
Yahoo’s Warning to GCs: Your Job Description Just Expanded (Big-Time), by David Fontaine and John Reed Stark (March 2017)
September 2nd
Schedule Review (Here’s Where We Are, Here’s Where You Ought to Be)
Paper Topic Discussion, Current Events
Incident Response, Law Enforcement and the Counsel as Quarterback (Continued)
Materials
The Equifax and SEC Data Breaches: Takeaways, Reminders & Caveats, by John Reed Stark (September 2017)
September 9th
Schedule Review (Here’s Where We Are, Here’s Where You Ought to Be)
Paper Topic Discussion, Current Events
Incident Response, Law Enforcement and the Counsel as Quarterback (Continued)
Materials
OFAC Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments (October 2020)
A Ransomware OFAC Due Diligence Checklist, by John Reed Stark (January, 2021)
Garmin Facing US Probe Over Payments To Terrorists Via Third Party After Cyber Attack (Channel News, August 5, 2020)
September 16th
Schedule Review (Here’s Where We Are, Here’s Where You Ought to Be)
Paper Topic Discussion, Current Events
Incident Response, Law Enforcement and the Counsel as Quarterback (Continued)
Materials
Data Breach Forensic Reports: Keeping a Grail Document Confidential, by John Reed Stark (July, 2020)
September 23rd
Schedule Review (Here’s Where We Are, Here’s Where You Ought to Be)
Current Events
Incident Response, Law Enforcement and the Counsel as Quarterback (Continued)
Materials
Is Amazon Liable for the Capital One Hack? (John Reed Stark, 2019)
Capital One, Amazon Can't Escape Suit Over 2019 Data Breach Law 360 (November 2019)
September 30th
Schedule Review (Here’s Where We Are, Here’s Where You Ought to Be)
Current Events
Counsel as Quarterback and Data Breach Workflow (Continued)
Cyber Insurance
Financial Regulators, Law Enforcement and Data Breaches
Materials
What the Capital One Hack Means for Boards of Directors by John Reed Stark (The Harvard Law School Forum on Corporate Governance, 2019)
October 7th (Fall Break, No Class)
October14th
Schedule Review (Here’s Where We Are, Here’s Where You Ought to Be)
Current Events
Data Breaches, Cybersecurity and Boards of Directors
Cyber Insurance
Financial Regulators, Law Enforcement and Data Breaches
Materials
SEC "Outsider Trading" Enforcement: The Silence is Deafening, by John Reed Stark (October, 2018)
SEC Brings Charges in EDGAR Hacking Case (January, 2019)
Foreign National and American Trader Settle Fraud Charges in EDGAR Hacking Case, (April, 2020)
October 21st
Schedule Review (Here’s Where We Are, Here’s Where You Ought to Be)
Current Events
Data Breaches, Cybersecurity and Boards of Directors
Data Breach Call (Guest: Heather Sussman, Head of Orrick's Global Cyber, Privacy & Data Innovation Practice Group)
Materials
How to Move to Remote Work and Comply with U.S. Privacy and Cybersecurity Laws (Heather Sussman, Trust Anchor Blog, 2020)
October 28th
Current Events
Complete Any Unfinished Topics
Intake from Digital Forensics Firm (Guest: Bret Padres, CEO, The Crypsis Group (Bought by Palo Alto Networks))
Materials
Interview With Bret Padres, CEO – Crypsis Group (March, 2020)
Don't Rush to Judgment on Election Cyber-Attack Attribution, Law 360 (October 21, 2020)
November 4th
Current Events
Complete any unfinished topics
Briefing with Insurance Company (Guest: Scott Godes, Co-Chair, Data Security & Privacy at Barnes & Thornburg)
Law Enforcement Briefing (Guest: Kimberly Kiefer Peretti, Co-Leader, Privacy, Cyber & Data Strategy Team, Alston & Bird)
Materials
After a Ransomware Attack, Does Property Insurance Cover Damaged Software and Hardware?, by Scott Godes (National Law Review, February, 2020)
November 11th
Current Events
Board Briefing (Guest: (Travis LeBlanc, Vice-Chair Cyber/Data/Privacy at Cooley)
Materials
Privilege Lessons From Clark Hill Cybersecurity Doc Ruling, by Doug Meal, Michelle Visor and David Cohen (January, 2021)
Wengui v. Clark Hill Plc, Civil Action No. 2019-3195 (D.D.C. 2020)
November 18th
SEC/FINRA Regulatory Interphase
(Guests: John Polise, Associate Director, U.S. Securities and Exchange Commission; Cameron Funkhouser, Former Executive Vice President, Financial Industry Regulatory Authority)
November 25th (No Class, Thanksgiving Break)
December 2nd
Vendor Briefing (Beckage Cloud Services and Triidelity) (Guest: Jennifer Beckage, Founder, Beckage PLLC)
Papers Due
Discussion of Simulation Presentations
About John Reed Stark
John Reed Stark President of John Reed Consulting LLC. Served for 15 years as an SEC enforcement attorney leading cyber-related projects, investigations and enforcement actions; For 11 years as Founder/Chief of SEC Office of Internet Enforcement; For 15 years as Adjunct Professor at Georgetown University Law School teaching cyber law; For 10 years as a Guest Instructor at the FBI Academy; For 5+ years as Managing Director (three as head of the Washington, D.C. office) of Stroz, Friedberg, a global digital risk management firm, leading cybersecurity, incident response and digital compliance engagements for corporations. Appointed since 2017 as Senior Lecturing Fellow at Duke University Law School teaching law of cybersecurity and data breach response. Author of The Cybersecurity Due Diligence Handbook. 
