Law and Technology

Cybersecurity and Data Privacy Law Conference


Plano, Texas, USA

Past Event

MCLE Credit will be available

The Center for American and International Law
5201 Democracy Drive
Plano, Texas 75024

Online registration is closed. Please bring your completed registration form to the door.  Walk-in registrations will be accepted.

Registrar: +1.972.244.3404
ILT: +1.972.244.3410
Fax: +1.972.244.3401


Presented by the Institute for Law and Technology, this conference brings together cybersecurity professionals from the region and around the country to provide advice and guidance to in-house and private practice attorneys on cybersecurity legal issues.  Designed for the experienced cybersecurity attorney and those responsible for handling cybersecurity plans and responses, the conference will update attendees with the most current regulations and cybersecurity issues, address developments in the cybersecurity field, and provide techniques for addressing cyber risks and responses. 

Conference Co-Chairs

Ronald W. Breaux
Haynes and Boone LLP
Dallas, TX

Scott W. Breedlove
Carter Scholer Arnett & Mockler, PLLC
Dallas, TX

Stephen Timmins
Exxon Mobil Corporation
Spring, TX

Download the Brochure (pdf)

For more details, download the online brochure.


  • $445.00 - Regular Registration Fee
  • $355.00 - ILT or IEL Advisory Board Member
  • $355.00 - ILT or IEL Supporting or Sustaining Member Employee
  • $355.00 - IEL Young Energy Professional Member
  • $355.00 - CAIL Member or Member Employee
  • $355.00 - Government Employee
  • $75.00 - Full Time Student
  • $75.00 - Full Time Professor

Schedule and Faculty

About the Faculty (pdf)

Wednesday, January 25

7:30 am

Registration and Breakfast

8:15 am

Cybersecurity Law Primer: An Introduction to the Game, the Players, and the Rules!

In this interactive discussion for those new(ish) to the field, we will cover what the bad guys are doing and how (i.e., common "attack vectors"), and how the government, private litigants and companies have responded. And along the way, we will increase our cybersecurity vocabulary by explaining a variety of concepts, from "phishing" to "authentication controls" and many in between.

  • Richard J. (Jay) Johnson, Jones Day, Dallas, Texas

9:00 am

Break and Continued Registration

9:10 am

Welcome and Introductory Comments

9:25 am

Cybersecurity In Practice: What You Need to Know To Get It Right . . . Or At Least Not Totally Wrong

This presentation will build on a basic understanding of cybersecurity, and focus on the steps and activities a professional responsible for cyber security should be taking to mitigate enterprise cyber security risk. The discussion will cover cyber security from the standpoint of people, process, and technology, with an end-goal of more fully arming participants to execute proactive and reactive cyber security strategy within their organizations.

  • Chad Pinson, Stroz Friedberg, LLC, Dallas, Texas

10:10 am

Update: Staying on Top of Changes in Laws and Regulations and the Role of Government in Promoting Effective Cybersecurity

Cybersecurity standards are becoming more prescriptive and mandatory. Organizations are increasingly subject to multiple enforcers often with conflicting cybersecurity standards and obligations. In this heightened regulatory environment, is cybersecurity really or effectively being enhanced? This presentation will focus on this trend and the role of government to promote effective cybersecurity.

  • Mark L. Krotoski, Morgan, Lewis & Bockius LLP, Palo Alto, California

11:10 am


11:30 am

Cybersecurity Tabletop: Managing an Event

Join Lisa J. Sotto, head of Hunton & Williams LLP's Global Privacy and Cybersecurity practice, and Emily Stapf, head of PricewaterhouseCoopers' Cybersecurity Incident & Threat Management practice, as they walk you through a hypothetical cybersecurity incident. They will discuss how to prepare for and respond to a breach from the legal and forensic perspectives. The discussion will focus on implementing the actions that need to be taken after a cyber attack has occurred.

  • Brittany Bacon, Hunton & Williams LLP, New York, New York
  • Jeff Shaffer, PricewaterhouseCoopers, Dallas, Texas

12:30 pm

Luncheon Presentation: Defending Cyberspace: A National Priority

  • Dr. Frederick R. Chang, Director, Darwin Deason Institute for Cyber Security, Bobby B. Lyle Endowed Centennial Distinguished Chair in Cybersecurity, Professor, Department of Computer Science and Engineering, Southern Methodist University, Dallas, Texas

Concurrent Sessions

Room 1

1:45 pm

Emerging Trends in Cybersecurity Litigation and Regulatory Actions

This session will feature a discussion of emerging trends in litigation and regulatory actions arising from data security events.

  • Emily Westridge Black, Haynes and Boone, LLP, Dallas, Texas

2:45 pm

Making the Data Flow: Understanding the Regulations and Culture behind Data Protection regulations in the UK and throughout Europe.

This presentation will start by covering existing Data Protection regimes throughout Europe as well as the upcoming General Data Protection Act (GDPA) from the European Union and the status of the Security Shield regime for Companies sharing data from/to the US. Then it will look at the different Data Protection cultures and how that impacts international businesses. And finally, we will discuss some best practices for international businesses to comply with diverse Data Protection regulations.

  • Heather Anson, DigitalLaw, United Kingdom

3:30 pm


3:45 pm

Planning Ahead: Provisions Your Response Plan Should Have

Cybersecurity breaches are more common than ever. Effective planning to address a company’s response to cybersecurity issues (before a breach occurs) is key to successfully weathering a crisis. Companies that plan ahead demonstrate their commitment to their customers and to a culture of compliance with regulatory obligations. This session will focus on practical ideas for anticipating methods of possible breach and likely targets within the company, and for preparing strong breach response plans.

  • Rebecca Bates Manno, Steptoe & Johnson PLLC, Louisville, Kentucky
  • Shawn A. Morgan, Steptoe & Johnson PLLC, Bridgeport, West Virginia

4:45 pm

Understanding the Tech of Cybersecurity and Forensics

Discussed will be technologies and processes that should be implemented in an organization to protect and defend against cyber threats. Additionally, we will look at tools and techniques that can be used in the event of a breach to mitigate risk and provide the firm with an effective and efficient response to data loss.

  • Art Ehuan, Alvarez & Marsal, New York, New York 

Room 2

1:45 pm

Are Your Employees the Weakest Link in your Cyber Defense Program?

This program will discuss the role of the work force in cyber security defense and how companies can transform employees and independent contractors from cyber risks to cyber defense allies through effective implementation of policies and training programs.

  • Gerald J. Ferguson, Baker & Hostetler LLP, New York, New York
  • Paul Horn, Chief Information Security Officer, HD Vest Financial Services, Dallas, Texas

2:45 pm

Let’s get this Third Party Started!

The regulatory framework for cybersecurity compliance continues to mature with new federal and state requirements for information security policies, procedures and programs across industry. Many of these new frameworks extend to vendors and third party service providers. Elizabeth Rogers and Shawn Tuma will discuss the most significant requirements and practical to-dos to make sure that companies who are vendors, or those who serve as third parties with access to regulated data, are in compliance.

  • Elizabeth C. Rogers, Greenberg Traurig LLP, Austin, Texas
  • Shawn Tuma, Scheef & Stone, L.L.P., Frisco, Texas

3:30 pm


3:45 pm

Communicating with and Protecting Senior Corporate Leadership from Cyber and Privacy Risks

As cyber and privacy incidents become increasingly common, corporate officers and directors are required to be more knowledgeable of and to oversee corporate cybersecurity practices and protocols. This session will provide insight regarding the responsibilities of officers and directors and guidance on how counsel may assist them in fulfilling their responsibilities.

  • Gerald Bessette, Associate Director, Navigant Consulting, Inc., Washington, D.C.
  • Bart W. Huffman, Locke Lord LLP, Dallas, Texas
  • Dena Denooyer Stroh, General Counsel, North Texas Tollway Authority, Plano, Texas

4:45 pm

Insuring Against Cybersecurity Risks and Privacy Perils: The Role of Insurance in Enterprise-Wide Risk Management

Cybersecurity risks continue to escalate in frequency, sophistication and scale, spanning industries and borders. No network is impenetrable, and every organization is at risk. In addition to a seemingly endless stream of data breaches and other serious cybersecurity and data protection related incidents, the past several years have seen significantly amplified legal liability surrounding cybersecurity and data privacy, a remarkable proliferation and expansion of cybersecurity and privacy-related laws, and increasingly heightened regulatory scrutiny Cybersecurity insurance can play a vital role in an organization’s overall strategy to address, mitigate, and maximize protection against the legal and other exposures flowing from data breaches and other serious cybersecurity, privacy, and data protection-related incidents. Organizations of all types are advised to carefully evaluate their current insurance program and consider purchasing cutting edge cybersecurity insurance.

  • Micah E. Skidmore, Haynes and Boone, LLP, Dallas, Texas

5:30 pm


Thursday, January 26

8:25 am

Intro Comments

8:30 am

Working with Law Enforcement and Government Agencies: A Q&A with DOJ, FBI, and SEC.

The panelists will provide a broad introduction to civil regulatory investigations and enforcement actions, as well as criminal investigations and prosecutions. In an open and interactive Q&A led by the moderator but involving the audience, the panel will then review best corporate practices for handling both.


  • Richard J. (Jay) Johnson, Jones Day, Dallas, Texas


  • Candy Heath, Assistant US Attorney, Northern District of Texas, Dallas, Texas
  • Joe D. Serrano, Special Agent, Federal Bureau of Investigation Dallas – Cyber Task Force, Dallas, Texas
  • Shamoil Shipchandler, U.S. Securities & Exchange Commission, Fort Worth, Texas

9:30 am

A View From Inside: Perspectives of In-House Counsel Responsible for Addressing Cyber and Data Privacy Issues

This panel of in-house counsel responsible for handling cyber or data privacy matters will discuss the latest challenges and issues they are dealing with in this area of law. The panel will provide tips and information that assist them in protecting their clients and will also provide guidance on working with in-house technology professionals, members of the incident response team, and outside counsel and other third parties.


  • Bart W. Huffman, Locke Lord LLP, Dallas, Texas


  • Altresha Q. Burchett-Williams, AT&T Services, Inc., Dallas, Texas
  • Seth Jaffe, Technology Attorney, Southwest Airlines, Dallas, Texas
  • Ryan Lobato, Counsel, Exxon Mobil Corporation, Houston, Texas

10:45 am



The Deal with Cybersecurity: Cybersecurity Issues in M&A

Cybersecurity issues in M&A transactions are no longer reserved for “tech companies.” Every company has (or should have) an approach to managing its cybersecurity and data privacy obligations under law and industry standards. This presentation will discuss the importance of understanding that approach in M&A, including a look at the effect of information security (or the lack thereof) on the bottom-line and valuation of a target. It will also equip you to ask the right questions in due diligence and provide strategies for addressing the reality of a target that has no information security program. Finally, it will include avenues for allocating cybersecurity and data privacy risks through the transaction documents.

  • Devika Kornbacher, Vinson & Elkins LLP, Houston, Texas

12:00 pm

Safeguarding Client Data in a Breach-a-Day World (Ethics)

The headlines are filled with reports of data breaches – including breaches of law firms! Security is a particular concern for attorneys because of their ethical duties of competence in technology and confidentiality. This session will explore recent breaches, current threats, and attorneys’ ethical and legal duties to safeguard information. It will then review measures for compliance with these duties and with increasing client demands for security.

  • David G. Ries, Clark Hill PLC, Pittsburgh, PA

1:00 pm


CLE Credit

MCLE Credit

This program is approved by the State Bar of Texas for a total of 11.25 hours, including 1.0 hour of ethics. Course ID Number: 901366025. Credit hours for other states will vary and are subject to each state’s approval and credit rounding rules.

For this conference, ILT will directly apply (if requested) for course accreditation in the following states: California, Minnesota, New Mexico, Ohio, Oklahoma, Pennsylvania, Texas and Virginia. Some of these states may not approve a program for credit hours before the program occurs. Attorneys may be eligible to receive CLE credit through reciprocity or attorney self-submission in other states. ILT conferences are typically accredited by all mandatory CLE states.

Sponsorship Opportunities

General Conference Sponsor - $3,000 each

  • Recognition in the conference brochure, which will be mailed and emailed to thousands of interested counsel and business leaders
  • Company/firm logo prominently displayed in the conference program
  • Recognition on the conference website, with link back to company/firm website
  • Recognition at the conference, including oral recognition and signage
  • 2 complimentary registrants at the conference
  • Up to 3 guests at the reception
  • Recognition at the conference
  • An opportunity to display company/firm materials at the Conference

Faculty Dinner (Exclusive) - $2,500

  • Recognition in the conference brochure, which will be mailed and emailed to thousands of interested counsel and business leaders
  • Company/firm logo prominently displayed in the conference program
  • Recognition on the conference website, with link back to company/firm website
  • Recognition at the conference, including at main program and via a sign at the dinner
  • 1 complimentary registrant at the conference
  • Up to 3 complimentary guests for the dinner
  • An opportunity to display company/firm materials at the conference

Conference Reception - $2,000 each

  • Recognition in the conference brochure, which will be mailed and emailed to thousands of interested counsel and business leaders
  • Company/firm logo prominently displayed in the conference program
  • Recognition on the conference website, with link back to company/firm website
  • Recognition at the conference, including oral recognition and signage
  • 1 complimentary registrant at the conference
  • Up to 3 guests at the reception
  • Recognition at the reception
  • An opportunity to display company/firm materials at the conference

Exhibitor - $1,500 each
(Non-law Firms only)

  • Space to display company/firm materials at the conference
  • Name/logo on conference website with link to company page

Overnight Accommodations

The cost of housing is not included in tuition. However, rooms (in limited number) have been reserved at Dallas/Plano Marriott at Legacy Town Center, 7121 Bishop Road, Plano, Texas 75024. Guests may call Marriott Reservations directly at 1-800-228-9290 and mention "ILT Cybersecurity" to receive the reduced room rate of $198 + tax. The last day to obtain this special rate is January 3, 2017.

Start date: 1/24/17
End date: 1/27/17


Other Information

Press Policy

This conference is held under the Chatham House Rule. Participants, including journalists, are free to use any information received, but comments may not be attributed to any speaker identified by name or affiliation.

Nondiscriminatory Policy

The Center for American and International Law does not discriminate on the basis of race, color, sex, religion, national origin, age, disability, veteran status or any other protected status in educational activities, scholarship programs or admissions.

Privacy Policy

We do not sell or rent information to any outside parties. By providing your information, you will receive postal and electronic communications from the Institute for Law and Technology (ILT) of The Center for American and International Law (CAIL) in accordance with CAIL's Privacy Policy. If we co-sponsor a program with another organization, information may be shared between the parties. All such co-sponsors will be identified on the event details and registration page. At any point, you can opt-out or unsubscribe by selecting either link at the bottom of each email or call us at 972.244.3400.

Sponsor an Event

Supported by

General Conference Sponsors