ISSA-LA Feb 21 Dinner Meeting: Dollars and Cents, Not Bits and Bytes (SEC)

Come and network with your friends, make new friends, and hear a great talk about Cybersecurity. A buffet dinner will be served, and drinks will be available. Raffle prizes will be given away!

Please register and pay here:

ISSA-LA Feb 21 Dinner Meeting: Dollars and Cents, Not Bits and Bytes (SEC)

Topic: Dollars and Cents, Not Bits and Bytes: The New SEC Reporting Rule and the End of Cybersecurity as We Know It

Securities and Exchange Commission Chair Gary Gensler said, “Whether a company loses a factory in a fire, or millions of files in a cybersecurity incident, it may be material to investors” upon adopting a new SEC rule on July 26, 2023, on cybersecurity risk management, strategy, governance, and incident disclosure by public companies. This rule, referred to as the Sarbanes-Oxley for information security and data protection, will force cyber risk management from the server room to the board room and change the industry.

Cybersecurity has been an IT function for decades, often thought of in hindsight after a data security or cyber incident without financial impacts on publicly traded companies in the form of material losses that would have regulatory, legal, or financial repercussions for organizations and their leadership. The new SEC rule will force an approach to duty-of-care obligations on reasonable cybersecurity standards that currently exist for directors and officers in other areas of corporate governance. Failure to comply with these rules will have severe career and financial impacts on executives.

Speaker: Douglas Brush

Douglas Brush is a federally court-appointed Special Master, and Court Appointed Neutral expert in high-profile litigation matters involving privacy, security, and eDiscovery.

He is an information security executive with over 30 years of entrepreneurship and professional technology experience. He is a globally recognized expert in cybersecurity, incident response, digital forensics, and information governance. In addition to serving as a CISO and leading enterprise security assessments, he has conducted hundreds of investigations involving hacking, data breaches, trade secret theft, employee malfeasance, and various other legal and compliance issues.

He is the founder of Accel Consulting as well as the founder and host of Cyber Security Interviews, a popular information security podcast.

Douglas is also committed to raising awareness about mental health, self-care, neurodiversity, diversity, equity, and inclusion, in the information security industry.

Topic: Data & Systems Security & Management Beyond Cybersecurity: System and Data Management As A Tool For Promoting Legal Defensibility Of Organizational Data Use and Operations

While cyber defense garners more attention in today’s cyber-hazardous business environment, appropriate design and administration of an organization’s data and information systems also critically impact the overall defensibility of the organization and its component activities. An organization’s information and other data-creating and driven systems automatically create, track, capture and retain a plethora of data revealing the most intimate details of the organization and its operations. Recognizing and managing what data exists or is created and shaping how the organization and its systems create, access, protects, uses, and otherwise deals with this data materially impacts the legal risk and defensibility of the organization and its leaders in a broad range of operations and actions. Attorney Cynthia Marcotte Stamer will explain why and how strategic design and management of an organizations’ data, information systems and processes can either help or hurt the legal defensibility of critical operations. She also will share key opportunities for information security and systems leaders to facilitate and support the legal defensibility and goals of their organization through strategic systems and data management practices designed to protect and promote their organization’s interests. Ms. Stamer also will discuss how these concerns should be considered and can impact the incorporation and use of artificial intelligence and other tools into systems and operations.

Speaker: Cynthia Marcotte Stamer

Board Certified in Labor and Employment Law by the Texas Board of Legal Specialization, Cynthia Marcotte Stamer is a Martindale-Hubble “AV-Preeminent (Top 1%) rated practicing attorney and management consultant, health industry, data and workforce public policy advocate, and extensively published author and thought leader, recognized as a LexisNexis® Martindale-Hubbell® “LEGAL LEADERTM and “Top Rated Lawyer,” in Health Care Law and Labor and Employment Law; a Fellow in the American Bar Foundation, the Texas Bar Foundation and the American College of Employee Benefit Counsel; and a D Magazine “Best Lawyers In Dallas” in the fields of “Health Care,” “Labor & Employment,” “Tax: ERISA & Employee Benefits” and “Business and Commercial Law,” for her more than 35 years’ of cutting edge work, scholarship and thought leadership on health care, workforce, insurance, data and technology and other management, operations, compliance, risk management, public policy and regulatory affairs and other legal and operational concerns.

Best known for her work with health, employee benefits, insurance, financial and government organizations, Ms. Stamer has assisted a diverse array of U.S. and multinational business, government, and community organizations, their technology and other vendors, investors, creditors, trustees, and other organizations and their leaders to use the law, data and technology, process and other tools to manage people, operational performance, change, and other risk and compliance throughout her career defensibly and effectively.

Among this work, Ms. Stamer is most widely recognized for her work and leadership on health care and related data, technology and process. Scribe for the American Bar Association (“ABA”) Joint Committee on Employee Benefits annual agency meeting with the Office of Civil Rights and author of “HIPAA Privacy,” Chair of the ABA Intellectual Property Section Law Practice Management Committee, ABA Tort Trial & Insurance Section Medicine & Law Committee, and ABA International Section International Life Sciences Committee, Co-Chair and former Group Chair of the ABA RPTE Employee Benefits & Executive Compensation Group and the author of “Health Care Privacy,” “E-Health and Technology Other Torts,” and a multitude of other highly-regarded works and training programs on health care, insurance, financial and other publications on technology, data and other privacy and security, design and use under HIPAA, FACTA, PCI, IRC and other tax, Social Security, GLB, trade secret, physician and other medical confidentiality and privacy, federal and state data security and data breach and other information privacy and data security rules and concerns. published by Bloomberg-BNA, the ABA, the AHLA and other premier legal and industry publishers, Ms. Stamer’s experience includes extensive work domestically and internationally with public and private health care providers and organizations, managed care, insurance, workforce, data and technology, payroll, staffing, financial services, actuarial and other risk management, technology, life sciences and other research, marketing, education, defense, energy, accounting, elections, domestic and foreign governments and a diverse array of other organizations in relationship to development, use, risk management, implementation, regulation, and other concerns associated with Artificial Intelligence and other knowledge, data and information and information systems in their operations. From this work, Ms. Stamer has experience advising, representing, and defending health industry and other clients in relation to legal, operational, public policy and practical concerns involved in the development, ownership, collection, access, use, analysis, automation, administration, ownership, protection, contracting, licensing, analysis, sale, confidentiality, protection and security, marketing and a diverse range of other concerns associated with AI and other data and knowledge systems, uses, and processes. Her work includes design, establishment, documentation, implementation, audit and enforcement of policies, procedures, systems and safeguards, drafting and negotiation of data collection, analysis, automation, and other systems and processes; licensing, business associate, chain of custody, confidentiality, and other contracting; risk assessments, audits and other risk prevention and mitigation; investigation, reporting, mitigation and resolution of known or suspected breaches, violations or other incidents; public policy and regulatory affairs; and defending investigations or other actions by plaintiffs, OCR, FTC, state attorneys’ general and other federal or state agencies, other business partners, patients and others; reporting known or suspected violations; commenting or obtaining other clarification of guidance and other regulatory affairs, training and enforcement, and a host of other related concerns.

Ms. Stamer also regularly provides input and works with Congressional and state legislators; federal and state regulators; and other domestic and foreign governmental agencies, as well as publishes, conducts training and speaks extensively on GDPR, HIPAA, FACTA, PCI, and other data ownership, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for Los Angeles County Health Department, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.