Effective Strategies for Managing Cybersecurity Breaches: How to Navigate State AG Investigations and Federal Agency Actions (Presented by Troutman Pepper Locke)

Sadia Mirza | Troutman Pepper Locke LLP

Sadia’s practice is dedicated to counseling clients on complex data security and privacy issues. Capitalizing on her extensive experience guiding clients through security incidents, she handles pre-incident planning and readiness, breach investigations, and litigation matters. Sadia leverages her 360-degree knowledge of the incident response lifecycle to ensure clients can present a positive and defensible narrative to plaintiffs or regulators.

Clients also turn to Sadia for best practices related to privacy compliance and novel data-use questions and concerns. An active and respected voice in the privacy and data security bar, she writes and speaks frequently on trends and developments affecting clients and consumers. Sadia has been a panelist on numerous privacy and cybersecurity panels across the U.S. and is a member of the Program Committee for the Law Track for the RSA Conference.

Sadia provides ongoing analysis and commentary on developments in the consumer financial services industry, with a focus on privacy law, through the Consumer Financial Services Law Monitor blog at cfslawmonitor.com. She frequently publishes in Bloomberg Law and Law360.

Sadia is a Certified Information Privacy Professional (CIPP/US) and Certified Information Privacy Manager (CIPM).

Gene Fishel | Troutman Pepper Locke LLP

Gene Fishel is a member of Troutman Pepper Locke’s Regulatory Investigations, Strategy + Enforcement (RISE) practice, based in the Richmond office. He brings extensive regulatory experience, having most recently served as senior assistant attorney general and chief of the Computer Crime Section in the Office of the Attorney General of Virginia, and as special assistant U.S. attorney in the Eastern District of Virginia for 20 years.

As a regulator, Gene has reviewed thousands of database breach incidents and investigated hundreds of cybersecurity, privacy, and consumer protection violations, including as part of multistate attorneys general teams. He has been a pillar in the charge for sweeping reforms to privacy and computer crime laws, having drafted and shepherded dozens of successful bills involving database breach notification, electronic records, identity theft, computer trespass, and child exploitation statutes, among others. In his supervisory capacities, he led the professional development of attorneys and computer forensic examiners, overseeing more than 1,000 prosecutions and computer forensic investigations for complex criminal cases in Virginia.

With an exemplary understanding of applying existing law to evolving cybersecurity and privacy problems, he guides clients navigating such issues and advises them at every stage of a matter.

Additionally, Gene frequently counsels clients and speaks on a wide range of artificial intelligence (AI) related regulatory, litigation, and ethical matters, including navigating state and federal compliance requirements; engaging with regulatory bodies; and addressing enforcement actions and policy developments that impact their operations.

Timothy J. St. George | Troutman Pepper Locke LLP

Tim represents clients in federal and state courts, at both the trial and appellate levels. He focuses his practice in the areas of complex litigation and business disputes, financial services litigation, and consumer litigation. Tim is a nationally recognized expert on issues relating to the Fair Credit Reporting Act and employment background screening, as well as class action litigation. He currently teaches the basic and advanced FCRA certification courses for the Professional Background Screening Association, which is the leading trade association for background screening companies and employers conducting screening. Tim further serves as outside general counsel for several background screening companies. Tim also has extensive experience in representing companies in multidistrict litigation arising out of data breaches, having handled several of the largest data breaches in recent U.S. history.

In 2018, Tim was one of only five attorneys nationwide to be designated as a Law360 Rising Star in the field of consumer law, which identified attorneys whose legal accomplishments “transcend” their age. From 2018-2022, Tim also was identified by Benchmark Litigation as one of the top attorneys under the age of 40 in the country. Tim has written and spoken nationally on issues relating to complex litigation, background screening, and consumer protection. He has led national compliance and litigation seminars/webinars on class actions, the Fair Credit Reporting Act (FCRA), data breach defense, class action litigation, and consumer protection.

Tim has experience in all phases of complex litigation, including serving as lead trial counsel in federal and state courts and in arbitration, where he has secured both jury verdicts and numerous defense judgments for his clients in both bench and jury trials. He also has substantial class action experience, having served as counsel in connection with more than 100 proposed class actions. Additionally, Tim has served as counsel on successful appeals before the Supreme Court of Virginia, the U.S. Court of Appeals for the Fourth Circuit, and the U.S. Court of Appeals for the Ninth Circuit. Tim recently served as president of the Richmond, Virginia Chapter of the Federal Bar Association. Tim also was selected by the judges of the United States District Court for the Eastern District of Virginia to serve on the last three committees to select magistrate judges in the Richmond Division. In 2023, Tim was appointed by the Chief Justice of the Supreme Court of Virginia to serve a three-year term on the faculty of Virginia’s mandatory course on professionalism and ethics. Tim also is an invited member of the Fourth Circuit Judicial Conference. Tim began his legal career by serving as a judicial law clerk to the Hon. Robert E. Payne, United States District Court for the Eastern District of Virginia.

I. Understanding the regulatory landscape and the roles of state AGs and federal agencies in cybersecurity investigations | 1:00pm – 1:30pm

II. Crafting strategies to minimize reputational damage and legal exposure in the event of a data breach incident | 1:30pm – 2:00pm

Break | 2:00pm – 2:10pm

III. Negotiating settlements with regulatory bodies to achieve favorable outcomes | 2:10pm – 2:30pm

IV. Handling private litigation, including in the context of concurrent regulatory actions | 2:30pm – 2:50pm

V. Implementing robust cybersecurity measures to prevent future breaches and mitigate legal risks | 2:50pm – 3:10pm