Professional Activities
Law360 — Member, Cybersecurity & Privacy Editorial Advisory Board
American Bar Association – Member, Litigation, Criminal Justice and Business Law Sections, Communications Law Forum
Supreme Court of Delaware, Commission on Law & Technology – Co-Chair
Delaware Bankers Association, Cybersecurity Committee
The Catholic University of America – Member, Law School Alumni Council
Recognition & Accomplishments
The Legal 500 US, Finance - Financial Services: Regulatory, 2017
Cybersecurity and Data Privacy Trailblazer,The National Law Journal, 2015
Director's Special Recognition Award, Federal Bureau of Investigation, December 2015
Exemplary Partnership Award, U.S. Department of Homeland Security, U.S. Immigration and Customs Enforcement, Homeland Security Investigations, February 2015
Director’s Award, U.S. Department of Homeland Security, U.S. Immigration and Customs Enforcement, November 2013
Assistant Attorney General’s Award for Outstanding Advocacy in Protecting Citizens from Online Crime, U.S. Department of Justice, November 2008
Publications
Co-author, "Pennsylvania Supreme Court Recognizes Common Law Duty to Safeguard Employees' Personal Data," Ballard Spahr alert, November 27, 2018
Co-author, "SEC Special Report: Rampant Business Email Compromises Require Reassessment of Internal Accounting Controls," Ballard Spahr alert, October 22, 2018
Author, "You've Been Breached! Now What?" SCMagazine, September 18, 2018
"The Hacked & the Hacker-for-Hire: Lessons from the Yahoo Data Breaches (So Far)," Ballard Spahr article, May 11, 2018
Co-author, "Alabama Becomes 50th State to Enact Data Breach Notification Law," Ballard Spahr alert, April 2, 2018
"Welcome Back to America! Now Gimme Your Phone," ABA Journal of the Section of Litigation, Spring 2018
Co-author, "U.S. Supreme Court Rejects Second Bid for Review in Spokeo," Ballard Spahr alert, January 24, 2018
Co-author, "Washington A.G. Sues Uber in First Enforcement Action Under Revised Data Breach Law," Ballard Spahr alert, November 29, 2017
"Malware Everywhere – What's a Reasonable Lawyer to Do?" Delaware Lawyer, November 2017
Co-author, "FTC Provides Guidance to Social Media Influencers in Live Twitter Chat," Ballard Spahr alert, October 3, 2017
Co-author, "Worldwide Group of Data Privacy Regulators Issues Guidance on Connected-Car Technologies," Ballard Spahr alert, October 2, 2017
Co-author, "Eighth Circuit Issues Two Class Action Data Breach Rulings," Ballard Spahr alert, September 1, 2017
Co-author, "Delaware Amends Data Breach Statute," Ballard Spahr alert, August 17, 2017
Co-author, "Maryland Amends Data Breach Notification Law," Ballard Spahr alert, August 3, 2017
Co-author, "D.C. Circuit Reverses Data Breach Class Action Dismissal on Standing Grounds," Ballard Spahr alert, August 2, 2017
Co-author, "Nevada Becomes the Third State to Enact Website Privacy Notification Law," Ballard Spahr alert, August 1, 2017
"10 Critical Steps to Create a Culture of Cybersecurity," Dark Reading, July 26, 2017
Co-author, "Colorado District Court Dismisses Data Breach Class Action Against Noodles & Company," Ballard Spahr alert, July 26, 2017
Co-author, "NYDFS Updates FAQs to Clarify Cybersecurity Regulations," Ballard Spahr alert, July 14, 2017
Co-author, "Ponemon Institute Study on Costs of Data Breaches Highlights Improvement and New Risks for U.S. and Global Companies," Ballard Spahr alert, June 28, 2017
Co-author, "Colorado Division of Securities Publishes Final Cybersecurity Rules," Ballard Spahr alert, May 23, 2017
Co-author, "Companies Must Prepare for Future Filled with Ransomware Attacks," The Hill, May 20, 2017
Co-author, "White House Issues New Cybersecurity Executive Order," Ballard Spahr alert, May 17, 2017
Co-author, "Is Your Organization Ready for a Systemwide Ransomware Attack?" Ballard Spahr alert, May 16, 2017
Co-author, "New Mexico Becomes 48th State to Enact Data Breach Notification Law," Ballard Spahr alert, April 19, 2017
Co-author, "It’s ‘Ready, Set, Go’ – Cyber Threats to Lawyers Grow," Delaware Lawyer, March 1, 2017
Co-author, "Bank Whistleblower Litigation Highlights Limits of Employee Confidentiality Agreements to Curb Data Misappropriation," Ballard Spahr alert, February 23, 2017
Co-author, "IRS and Others Renew Warnings About Fraudulent Emails Targeting Employee Tax Information," Ballard Spahr alert, January 30, 2017
Co-author, "Data Breach Class Action Reinstated Against Horizon Healthcare Services Inc.," Ballard Spahr alert, January 23, 2017
Co-author, "EU e-Privacy Regulation Raises Stakes for Compliance," Ballard Spahr alert, January 12, 2017
Co-author, "NYDFS Revises Cybersecurity Regulation, Extends Effective Date to March 1, 2017," Ballard Spahr alert, December 28, 2016
Co-author, "FTC Settles with Targeted Digital Advertising Company over Supercookie Advertising Practices," Ballard Spahr alert, December 23, 2016
Co-author, "Prepare for Compliance with General Data Protection Regulation Checklist," Ballard Spahr alert, December 7, 2016
Co-author, "New York Regulators Drive Cyber Security Accountability for the Financial Sector," Payments & FinTech Lawyer, November 10, 2016
Co-author, "DOT Issues Proposed Cybersecurity Guidance to Automotive Industry," Ballard Spahr alert, October 27, 2016
Co-author, "Federal Banking Agencies Propose New Requirements for Managing Cyber Risk," Ballard Spahr alert, October 20, 2016
Co-author, "Dealing With the Aftermath of a Breach – a Checklist," Health Management Technology, September 27, 2016
Co-author, "FFIEC Provides Concrete Guidance on Setting Up Information Security Programs," Ballard Spahr alert, September 14, 2016
Co-author, "Fending Off and Fighting Cybercriminals," Law Week Colorado, September 12, 2016
Co-author, "Plaintiffs Cannot Bring Data Breach Lawsuits Without Evidence That Information Will Be Used To Harm," Ballard Spahr alert, August 17, 2016
Co-author, "Important Lessons for Businesses from FTC's Opinion on LabMD's Data Security Practices," Ballard Spahr alert, August 12, 2016
Co-author, "Court: Stored Communications Act Warrant Cannot Be Used to Seize Data Held Overseas," Ballard Spahr alert, July 19, 2016
Co-author, "Ninth Circuit Vastly Expands Scope of Criminal, Civil Liability for Computer Fraud," Ballard Spahr alert, July 15, 2016
Co-author, "International Regulators Issue Cybersecurity Guidance to the Financial Industry," Ballard Spahr alert, July, 6, 2016
Co-author, "Cybersecurity, Use of Internet of Things Technology Concern Manufacturers," Ballard Spahr alert, June 28, 2016
Co-author, "The Defend Trade Secrets Act Signed into Law," Ballard Spahr alert, May 11, 2016
Co-author, "President Obama Signs Defend Trade Secrets Act into Law," Ballard Spahr alert, May 11, 2016
Co-author, "Class Certification Improper in Data Breach Case, PA Appellate Court Finds," Ballard Spahr alert, May 4, 2016
Co-Author, "FTC Releases "Cheat Sheet" for Developing a Secure Mobile Health Application," Ballard Spahr alert, April 22, 2016
Co-author, "European Parliament Adopts EU General Data Protection Regulation; 12 Steps Businesses Should Take Now," Ballard Spahr alert, April 21, 2016
"How Companies Can Work with the U.S. Government on Cyber Threats," Bloomberg BNA Big Law, April 1, 2016
Co-author, "Federal Reserve Study Highlights Consumer Behavior with Mobile Financial Services," Ballard Spahr alert, April 1, 2016;
"Let's Be 'Reasonable' About Data Security," The Journal of the Delaware State Bar Association, April 2016
Co-author, "FTC Examines Process by which Companies Assess Compliance with PCI DSS," Ballard Spahr alert, March 9, 2016
Co-author, "EU-U.S. Privacy Shield Framework Text Published: Imposes New Obligations on U.S. Entities that Seek Data Transfers from the EU," Ballard Spahr alert, March 8, 2016
Co-author, "CFPB Initiates Its First Data Security Enforcement Action," Ballard Spahr alert, March 3, 2016
Co-author, "California Data Breach Report Defines 'Reasonableness' Standard for Data Protection," Ballard Spahr alert, March 2, 2016
Co-author, "President Obama Gives EU Citizens Judicial Redress for Privacy Violations," Ballard Spahr alert, March 1, 2016
Co-author, "President Creates Cybersecurity National Action Plan and Commission on Enhancing National Cybersecurity," Ballard Spahr alert, February 24, 2016
Co-author, "DOJ/DHS Issue Interim Guidance on Implementation of Cybersecurity Information Sharing Act," Ballard Spahr alert, February 23, 2016
Co-author, "Former Cardinals Scouting Director Pleads Guilty to Hacking Astros’ Computer Systems," Ballard Spahr alert, January 11, 2016
Co-author, "LifeLock to Pay $100 Million to Settle Charges It Violated 2010 Court Order," Ballard Spahr alert, December 28, 2015
Co-author, "FTC Takes Action against App Developers on COPPA Allegations Involving Persistent Identifiers," Ballard Spahr alert, December 23, 2015
"Organizations Should Focus on Data Sharing Post-Incident, Not Attribution," CSOonline.com, August 4, 2015
"How to Prepare for and Respond to a Cyberattack," Network World, July 8, 2015
"What the Sony Cyberattack Can Teach Lawyers About Data Security," The Journal of the Delaware State Bar Association, April 1, 2015
"The Data Security Imperative for Lawyers," Delaware Lawyer, October 27, 2014
"Leading Practices: Data Security," The Supreme Court of Delaware, Commission on Law and Technology, June 20, 2014
"From the P.R.C. to the F.C.I.—Cracking a Chinese Cybercrime Case," United States Attorneys’ Bulletin/United States Department of Justice, March 30, 2014
"Consensual Searches of Computers and Assumption of Online Identities," United States Attorneys’ Bulletin/United States Department of Justice, January 31, 2014
"Say Hello to My Little Friend: The New and Improved Cyberstalking Statute," United States Attorneys’ Bulletin/United States Department of Justice, January 31, 2014
Speaking Engagements
"The SEC's Special Report on Business Email Compromises: What It Means and What You Should Do," Ballard Spahr webinar, November 2018
"Recent Developments in Data Security and E-Discovery," Delaware State Bar Association CLE, November 2018
"The Weaponization of the Internet," Temple University Law School, Philadelphia, October 2018
"Mission Critical Cybersecurity: Navigating Data Privacy and Cybersecurity Threats from an In-House Perspective," ACC Annual Meeting, Austin, October 2018
"From Carpenter to the GDPR: 2018 Data Privacy and Protection Law Update," Relativity Fest, Chicago, October 2018
"The Internet of Things from a Legal and Regulatory Perspective," Relativity Fest, Chicago, October 2018
"Outside Our Borders: How New Laws Will Affect Businesses," Colorado Cybersecurity Summit, Denver, September 2018
"Technology facilitated Harassment and Stalking," Delaware Judges Conference, Wilmington, September 2018
"Current Issues in Cybercrime and Cybersecurity," Delaware Law School, Wilmington, August 2018
Panelist, "Key Takeaways from the 2018 ACC State of Cybersecurity Report: An In-House Perspective," ACC Mountain West Lunch and Learn, Salt Lake City, August 2018
"Working with Law Enforcement," American Bar Association's Third National Institute on Cybersecurity Law, New York, June 2018
"Requirements and Best Practices for Staying Ahead of and Responding to Cyber Threats," 13th Annual ABA/FCBA Privacy and Data Security Symposium, Washington, D.C., March 2018
"Shining a Light on Technology-Facilitated Exploitation," Archdiocese of New Orleans Human Trafficking Summit, March 2018
"Cybercrime & Cybersecurity Law in 2018," Washington & Lee University School of Law, February 2018
"From the Iron Rooster to Amazon Alexa: Mobile Discovery and the Internet of Things," LegalTech New York 2018, January 2018
"Navigating a Breach & Activating a Proven Incident Response Plan," OpenText webinar, January 2018
"The Two Sides of Cybersecurity: Proactive Planning & Incident Response," Delaware State Bar Association, Wilmington, DE, January 2018
Roundtable Discussion of Law Enforcement Interaction with Organizational Victims of Cybercrime, FBI/U.S. Department of Justice Regional Pharmaceutical Conference, Collegeville, PA, November 2017
"Incident Response on the Down Low," IAPP 3rd Annual Florida Privacy & Cybersecurity Law Symposium, Jacksonville, November 2017
U.S. Department of Justice, National Security Specialists Conference, Washington, D.C., October 2017
"Internet of Things: Law, Technology & Practice," Relativity Fest, Chicago, October 2017
"Game Planning for Cyber Incidents: Practicing and Executing Effective Cyber Incident Response," Delaware Trust Conference, Wilmington, DE, October 2017
"Cybercrime – Engaging with Law Enforcement," Colorado Cybersecurity Summit, Denver, October 2017
"Cybersecurity: What You Still Need to Know," Georgia Intellectual Property Law Institute, Jacksonville, FL, September 2017
"Cyber Risk Management as an Ongoing Process," Education Finance Council, Washington, D.C., September 2017
"Current Issues in Cybercrime and Cybersecurity," Delaware Law School, Wilmington, August 2017
"Hack Yeah! Cybersecurity @ the Ball Park!," Hispanic Bar Association of Pennsylvania, Philadelphia, June, 2017
"Privacy & Data Security: A Simulated Breach & Response Plan," Enfuse Conference, Las Vegas, May, 2017
"From the Lab to the Courtroom: Harnessing Digital Evidence to Win Cases," Keynote Address, Access Data User Summit, San Diego, May, 2017
"Current Issues in Cybercrime and Cybersecurity," Temple University School of Law, Philadelphia, April, 2017
"Learning Lab: Investigating and Prosecuting Cybercrime – Enter the Law Enforcement Trenches," RSA Conference, San Francisco, February, 2017
"Hot Topics on the Internet and Data Privacy," ABA Forum on Communications Law, New Orleans, February, 2017
"E-Discovery for Investigations and Criminal Matters," Legaltech New York, New York City, February, 2017
"An Exercise in Cyber Incident Response," ACC Cybersecurity Summit, Washington, D.C., January, 2017
"General Counsel Issues in Higher Education," Ballard Spahr webinar, January, 2017
"Assessing Cyber Risks in Regulated Industries," Ballard Spahr event, Las Vegas, January, 2017
"Cybersecurity in an Evolving Threat Landscape," PBI Real Estate Institute, Philadelphia, December, 2016
"Cybersecurity Leadership Panel," Life Sciences PA, Valley Forge, PA, December, 2016
"Best Practices for Responding to a Cyberattack and Working with Law Enforcement in the Aftermath," 2016 ISSA International Conference, Information Systems Security Association, Dallas, Texas, November 2016
"United States v. Matusiewicz: A Case Study in Cyberstalking," Conference on the Investigation & Prosecution of Crimes of Stalking, Dover, Delaware, October 2016
"Brexit and Beyond: International Issues and Cross-border e-Discovery," Relativity Fest 2016, Chicago, October 2016
"Cybersecurity: What Every Attorney Needs to Know and Why," Intellectual Property Law Institute, Amelia Island, Florida, September 2016
"Recent Cases in Cyber Liability," ABA Legal Malpractice Conference, Chicago, September 2016
"The Government's Role in Your Cyber Incident: Friend, Foe or Both?," ABA Business Law Section Annual Meeting, Boston, September 2016
"The Law and Business of Social, Mobile and Emerging Technologies," ILTACON 2016, Washington, D.C., August 2016
"Navigating Interactions with Governments in an Evolving Cyber Threat Landscape," American Banker's CyberSec 2016, New York, July 2016
"The Evolving Cybercrime Epidemic," Drexel University School of Law, Philadelphia, June 2016
"Addressing Evolving Cybersecurity Threats," Colorado Health Facilities Authority Conference, Denver, June 2016
"Raising the Stakes – Individual Liability for Corporate Conduct," Ballard Spahr webinar, June 2016
"Working with the U.S. Government on Data Security," CGOC Conference, Washington, D.C., June 2016
"How You (and the Bank of Bangladesh) Get Hacked: Cybercrime Vulnerabilities and Responses in a Risky World," ACFCS Financial Crime Conference, New York, June 2016
"
Judicial Perspectives on Current E-Discovery Issues" and "Time Is Not On Your Side When It Comes To Data Security," Enfuse 2016, Guidance Software, Las Vegas, Nevada, May 2016
"Ethical Implications of Technology for Corporations and Law Firms," District of Delaware Bench & Bar Conference, Delaware Chapter of the Federal Bar Association, Wilmington, Delaware, May 2016
"Worst Case Scenario – The State of Cybersecurity and Lessons Learned," ACC Mid-Year Conference, New York City, April 12, 2016
"Social Media, Technology & Data Security," DSBA Small Firms and Solo Practitioners Conference, Rehoboth Beach, April 1, 2016
"HIPAA-Ventilate – New Privacy and Information Security Concerns in Healthcare in the U.S. and Beyond," Philadelphia, March 29, 2016
"Cybersecurity for the Future: Breaking the Mold," TechJunction, Tucson, Arizona, March 16, 2016
"The Aftermath of a Breach: Best Practices for Working with Law Enforcement," RSA Conference 2016, San Francisco, March 4, 2016
"Navigating the Digital World in an Evolving Cyber-threat Landscape," University of Delaware Cybersecurity Initiative and the Institute for Public Administration, Newark, Delaware, February 10, 2016
"The Law of Mobile, Social, and Emerging Technologies," LegalTech New York 2016, February 3, 2016
"Translating Cybersecurity Preparedness into a Business Requirement," and "Crystal Ball: What Do You Think the Next Big Cybercrime Will Be?" cyberSecure, New York City, December 2015
"Reducing the Costs and Damage Associated with Data Breaches," Compliance, Governance & Oversight Council, London, December 2015
"Confidentiality in the Age of Cyber(In)Security," Delaware State Bar Association, December 2015
"The Dark Web: The Digital Street Corner of a Global Cybercrime Marketplace," National Association of Attorneys General, Eastern Region Conference, New York City, October 2015
"Cybersecurity and e-Discovery: The Downstream Effects of Upstream Security Decisions," Relativity Fest, Chicago, October 2015
"Mapping the Threat Landscape—Organized Crime, State Actors, Hacktivists and More" and "Investigating a Cyber Attack—Internal and Law Enforcement Perspectives," Association of Certified Financial Crime Specialists, Cyber Financial Crime Summit, October 2015, Washington, D.C.
"Gender and Cyber-based Violence," National Association of Attorneys General, Midwestern Region Meeting, Chicago, October 2015
"You’ve Been Hacked, Now What? Guidance on Data Breach Mitigation, Response and Ethical Conundrums," ACEDS 6th Annual E-Discovery Conference, September 2015
"Jailing Foreign Hackers and Crackers: Case Studies of the First U.S. Convictions of China-based and Other Foreign Cybercriminals" and "The Intersection of Privacy, Security and E-Discovery," CEIC 2015, Las Vegas, May 2015
"Tales from the Front Line in the Fight Against Cybercrime,” Guidance Software CISO/CLO Summit, Las Vegas, May 2015
"Cybersecurity: Risk Management and Incident Response in an Evolving Threat Landscape," Federal Bar Association, District of Delaware Inaugural Bench & Bar Conference, May 2015
"Cybersecurity for Law Firms," Association of Legal Administrators, Seventh Annual Legal Leadership Forum, May 2015
"Protecting Children in a Digital World," Protecting Delaware’s Children Conference, March 2015
"Investigating and Prosecuting Trade Secret Theft by Computer Hackers," National Advocacy Center, February 2015
"Post Breach: Navigating Interactions with the Government as Cyber Victim and Enforcement Target" and "Is There an Ethical Duty to Protect Client Data?" ALM 1st Annual Cybersecurity and Data Protection Legal Summit, New York, December 2014
"Proving Your Case Using Mobile Forensics," National Advocacy Center, June 2014
"The Technology of Today and the Issues of Tomorrow," Delaware Bench & Bar Conference 2014, June 2014
"Why Legal Should Care About Cybersecurity" and "The Intersection of Privacy, Security & E-Discovery," CEIC 2014, Las Vegas, May 2014
"Proactive Threat & Risk Intelligence" and "Cyber Attacks from the Legal Frontlines," Guidance Software CISO/CLO Summit, Las Vegas, May 2014
"A Risk-based Approach to Cybersecurity Threats," Legal Tech 2014, New York, February 2014