Abstract: Laws, regulations, and contracts often require “reasonable security” to protect confidential data. The standard of “reasonable care” applies in negligence and professional liability litigation involving data breaches, cybersecurity, and technology services. These standards lack certainty and are often difficult to apply in practice. This session will explore developing legal standards in this area and how to best address them in comprehensive cybersecurity, privacy, and compliance programs. It will explore:
– An overview of federal and state cybersecurity and privacy laws and regulations
– The concepts of “reasonable care” and “reasonable security”
– The role of cybersecurity standards and frameworks
– Developing and implementing comprehensive programs
– Examples of court decisions on these topics
Bio: David G. Ries is Of Counsel in the Pittsburgh, PA Office of Clark Hill, PLC where he practices in the areas of environmental, technology, and data protection law and litigation. For over 20 years, he has increasingly focused on cybersecurity, privacy, and information governance. He has recently addressed in his practice such current issues as cybersecurity, privacy and information management programs and policies, contracting for privacy and security, response to security incidents and data breaches, digital forensics, admissibility of expert opinions, e-discovery, and defense of enforcement actions. Dave has been active in InfraGard-Pittsburgh (past board member) and the Pittsburgh Chapter of ISSA and is a member of the American Bar Association’s Cybersecurity Legal Task Force.
Dave is a co-author of Locked Down: Practical Information Security for Lawyers, Second Edition (American Bar Association 2016) and Encryption Made Simple for Lawyers (American Bar Association 2015), the editor of eDiscovery, Fourth Edition (PBI Press 2017) and a contributing author to Information Security and Privacy: A Legal, Business and Technical Handbook, Second Edition (American Bar Association 2011).