Privacy + Security Forum Spring Academy: Hot Topics in State Privacy Laws Compliance and Advertising Challenges in the Healthcare Context

Speaking Engagement | May.10.2023 - May.12.2023

George Washington University Student Center, Washington, DC

Members of Orrick's Cyber, Privacy & Data Innovation team will lead panels on recent developments in U.S. privacy laws and advertising challenges in the healthcare context during the Privacy + Security Forum Spring Academy hosted by the Privacy + Security Academy.

Before the Next Wave: Hot Topics in State Privacy Laws Compliance
Thursday, May 11, 2023: 02:30 PM-03:30 PM EST

As the CPRA’s enforcement and other state laws’ effective dates draw near, this panel will walk through compliance “hot topics”, trends and predictions regarding the U.S. state comprehensive privacy laws that go into effect this year (with more likely to come).

Sulina Gabale, Partner, Orrick, Herrington & Sutcliffe
Lisa Barksdale, Director of Privacy Compliance, Zillow Group
Arlene Mu, Assistant General Counsel & Chief Privacy Officer, Lowe’s Companies
Jon Knight, Senior Corporate Counsel, Deltek

Advertising Challenges in the Healthcare Context
Friday, May 12, 2023: 10:10 AM-11:10 AM EST

Are you operating in the healthcare space and worried about recent FTC enforcement actions, OCR guidance, and class action litigation and demand letters arising from the use of online ad trackers, such as the Meta Pixel and Google Analytics? Come join our panel to learn about the recent developments in this space and how to manage the risks their use present.

Thora Johnson, Partner, Orrick, Herrington & Sutcliffe
Sundeep Kapur, Senior Associate, Orrick, Herrington & Sutcliffe
Andrew Shaxted, Managing Director, FTI Consulting

The Inside Job – Cyber Threats from Inside Your Own Organization
Friday, May 12, 2023: 11:30 AM-12:30 PM EST

Insider threats can have a significant impact because they involve actors who know where to locate and leverage sensitive data and how to cover their tracks in the process, even long after they’ve left the organization. In fact, the 2022 Unit 42 Incident Response Threat Report noted that 75% of insider threat cases were caused by disgruntled ex-employees who left with or destroyed company data or accessed company networks after their departure. This session will include tales of corporate espionage, how we track criminal activity through forensic investigations, the potential impact of an economic downturn on cybercriminal activity by insiders, how the usual suspect threat actors can leverage former employees and their credentials to conduct illicit activities, and steps to take now to reduce the risk of this evolving threat.

Joseph Santiesteban, Partner, Orrick, Herrington & Sutcliffe
Kevin Faulkner, Vice President, Unit 42 by Palo Alto Networks

セミナー・イベント

Contacts

Sulina Gabale パートナー, Cyber, Privacy & Data Innovation, Internet of Things

Washington, D.C.

See my bio

D:+1 202 339 8420
E: [email protected]

Practice:

Cyber, Privacy & Data Innovation
Internet of Things
Strategic Advisory & Government Enforcement (SAGE)

vCard

See full bio

Sulina Gabale パートナー

Washington, D.C.

As innovation pushes the limits of technology, those ideas challenge the boundaries of what is considered “personally identifiable information.” Sulina answers the question - how can we create tomorrow’s technology with yesterday’s privacy and consumer protection laws? Sulina works closely with innovators at all levels of a business – executives, engineers, marketing and product, HR and customer service teams – to gain a true understanding of their goals and the data they’re collecting, using and sharing. She places herself in her client’s shoes as well as in consumers’ mindset to devise creative privacy-by-design solutions, ensuring her client’s business and data innovation strategies withstand multi-national rules, government regulations, industry standards and consumer scrutiny.

With experience in both data privacy and consumer protection, Sulina utilizes a comprehensive approach to counsel clients on a myriad of issues affecting consumers and businesses. She routinely guides companies of all sizes through the existing patchwork of laws, self-regulatory standards and industry practice impacting data privacy and security. She advises clients subject to regulatory investigations and litigation involving a spectrum of federal and state laws, including:

California Online Privacy Protection Act (CalOPPA)
Children’s Online Privacy Protection Act (COPPA)
Family Educational Rights and Privacy Act (FERPA) and related state student data privacy laws
Fair Credit Reporting Act (FCRA)
Gramm-Leach-Bliley Act (GLBA)
Illinois’ Biometric Information Privacy Act (BIPA) and other biometric privacy laws
Section 5 of the Federal Trade Commission Act (FTC Act)
U.S. state privacy laws in California, Colorado, Connecticut, Utah and Virginia (CCPA, CPRA, CPA, CTDPA, UCPA, VCDPA)

Sulina advises companies of all sizes on the development and deployment of cutting-edge technologies and services, including ad-tech, AI and machine learning, biometric tools, social media, robotics and IoT devices, marketing and promotions and more. Sulina began her legal career focusing on consumer protection. She continues to counsel clients on marketing and promotional issues, including interest-based ads; sweepstakes and promotions; automatic renewal and subscriptions; advertising substantiation; influencer programs and social media; SMS text messaging and telemarketing (including matters involving the Telemarketing Sales Rule (TSR), the Telephone Consumer Protection Act (TCPA)); and other state and federal consumer protection laws.

Sulina’s practice is industry-agnostic. She has represented clients ranging from start-ups to Fortune 500s, non-profits, academic institutions and city governments across a range of industries from fashion and ecommerce, financial services, retail, food and beverage and technology services. Prior to law school, Sulina worked in the highly interactive fields of journalism, entertainment and digital media. This well-rounded background helps her connect with clients on a personal level, and ensure her advice integrates legal solutions with business practicality.

Before joining Orrick, Sulina was a member of the Privacy & Data Security Group; Entertainment & Media Group; and IP, Information & Innovation Group at Reed Smith, LLP in New York and Washington, D.C.

Thora Johnson パートナー, Cyber, Privacy & Data Innovation, Strategic Advisory & Government Enforcement (SAGE)

Washington, D.C.

See my bio

Practice:

Technology & Innovation Sector
Cyber, Privacy & Data Innovation
Strategic Advisory & Government Enforcement (SAGE)

vCard

See full bio

Thora Johnson パートナー

Washington, D.C.

Thora has extensive experience counseling clients on the Health Insurance Portability and Accountability Act (HIPAA) and other state and federal health privacy and regulatory compliance regimes including:

Office of the National Coordinator for Health Information Technology’s interoperability and information blocking regulations
Centers for Medicare & Medicaid Service’s (CMS’s) interoperability and patient access regulations
Part 2 confidentiality requirements applicable to substance abuse records
State health information privacy laws
Medicare/Medicaid compliance
Mental Health Parity and Addiction Equity Act (MHPAEA)
Genetic Information Nondiscrimination Act (GINA)
Affordable Care Act (ACA) compliance
Regulatory requirements of the Employer Retirement Income Security Act (ERISA), the Internal Revenue Code, HIPAA, and the ACA as they apply to employer health and wellness plans
Price transparency and surprise billing rules applicable to hospitals and health plans

Sundeep Kapur シニア・アソシエイト

Washington, D.C.

See my bio

D:+1 202 339 8402
E: [email protected]

Practice:

Technology & Innovation Sector

vCard

See full bio

Sundeep Kapur シニア・アソシエイト

Washington, D.C.

Sundeep also possesses an in-depth technical and legal understanding of the advertising technology (adtech) ecosystem (e.g., connected TV, linear TV, over-the-top media, desktop, mobile). He participates in adtech working groups and is a key contributor to the development of industry-wide privacy compliance solutions. He advises on compliance with self-regulatory regimes developed by the Network Advertising Initiative (NAI), the Interactive Advertising Bureau (IAB), and the Digital Advertising Alliance (DAA).

Sundeep is accredited by the International Association of Privacy Professionals (IAPP) as a Certified Information Privacy Professional in the United States (CIPP/US).

Joseph C Santiesteban パートナー, Cyber, Privacy & Data Innovation, California Consumer Privacy Act

シアトル

See my bio

D:+1 206 839 4352
E: [email protected]

Practice:

Technology & Innovation Sector
Cyber, Privacy & Data Innovation
California Consumer Privacy Act
Strategic Advisory & Government Enforcement (SAGE)

vCard

See full bio

Joseph C Santiesteban パートナー

シアトル

He brings significant experience advising companies – from one of the largest telecommunications providers to leading entertainment companies to startups on the cutting-edge of AI and more – on the full cycle of an incident. He also advises clients regarding regulatory investigations, class actions, and contract disputes that frequently flow from privacy and cybersecurity incidents.

His goal is to help clients respond quickly and with integrity to protect their brand, build trust and mitigate legal risk. He is highly adept at directing incident investigations, analyzing potential claims and defenses, examining potential notification obligations and advising on communications strategies that build trust and engagement.

Joe is committed to using these experiences to finding creative and engaging strategies to help companies proactively prepare for an incident and mitigate cybersecurity legal risk. This includes helping to build and improve incident response programs through incident response plans, simulated incidents, threat workshops, and training. It also includes assisting clients to practically evaluate legal risk of security decisions in a variety of transactions and across the product lifecycle. He is driven by a desire to evolve what it means to be a cybersecurity lawyer in the face of rapidly evolving technologies and laws. As a leader, he strives to create spaces where people are valued and solve problems creatively and collaboratively.

He also provides strategic advice to cybersecurity companies, including those looking to push technological and defense boundaries in cyber defense, incident response, and threat intelligence. This includes helping companies maximize their security offerings by navigating the Computer Fraud and Abuse Act (CFAA), the Electronic Communications Privacy Act (ECPA), and the Federal Wiretap Act, as well as state law analogs.

Joe serves on the Orrick’s Finance and Audit Committee and Pro Bono Committee. A leader and advocate for diversity and inclusion initiatives, Joseph is the co-head of the Latinx affinity group at Orrick and served as a fellow for the Leadership Counsel on Legal Diversity. He is also a member of the Washington Latino Bar Association and the Hispanic National Bar Association.