James A. Harvey. Partner

Transcription

1 James A. Harvey Partner Jim is a partner in the Technology, Privacy & IP Transactions Group and co-chairs the firm s Privacy & Security task force. His practice leverages both his experience in board level technology and outsourcing projects and his experience in sophisticated privacy, security and network intrusion issues. James A. Harvey Alston & Bird LLP One Atlantic Center 1201 West Peachtree Street Atlanta, GA jim.harvey@alston.com Services Intellectual Property IP and Technology Transactions Global Business Strategies Global Sourcing Health Information Technology HIT Task Force Investigations - Government and Special Payment Systems Privacy and Security Technology Technology and the Internet Alston & Bird Global Privacy and Security Network (ABPSN) Education University of North Carolina (J.D., 1988) University of Arkansas (B.A., 1983) Admitted to Practice Georgia Jim has worked on numerous transformative technology initiatives, including a range of IT, BPO, HR, F&A, facilities management, ERP, cloud, ecommerce/online, open source and social media engagements. Privacy and security are central issues in nearly every technology and data centric initiative in Jim s practice. Accordingly, he has worked extensively with clients on privacy and security issues and initiatives for a number of years, including having founded the firm s privacy task force in 1998, which was the same year he wrote one of the first U.S. articles on the EU Data Directive. This includes extensive work on behalf of financial services, health care, telecommunications and other regulated companies, retailers, online advertising issues and international data transfer issues. His practice also involves security breach management and response, including everything from notification of the affected individuals, to e- discovery and internal investigations and law enforcement issues. Jim worked with a number of partners to form the firm s Security Incident Management and Response Team, a unique team devoted to cyber and security crisis management and response. Representative Experience Privacy and Data Security: Represented a leading payment processing company in all phases of unauthorized intrusion into their network and all associated third party actions and proceedings. Assisting an international retailer in a comprehensive overhaul of its privacy, security, PCI and data management practices, while counseling the company in an FTC and multiple state attorneys general investigations. Advising one of the world s largest interactive marketing providers in an international criminal network intrusion involving records of more than 60 million individuals worldwide. Advising one of the world's largest Internet and concerns on its implementation of safe harbor compliance obligations with its worldwide network of edge network providers.

2 Assisting one of the world's largest investment banks in its implementation of the Red Flag Rules. Advising a major retailer in a breach involving more than 1 million names and social security numbers in all fifty states. Assisting an offshore multinational bank and financial services entity on its data gathering, use and transfer compliance program spanning 10 jurisdictions and three continents, including the EU. Assisting one of the world s largest private companies in design, development and compliance initiatives for a consolidated data base of employee information for more than 700 subsidiary companies in more than 20 countries. Sourcing/Technology Multiple comprehensive outsourcings and renegotiations of IT and processing infrastructure on behalf of Fortune 100/500 members, spanning multiple source and destination jurisdictions and continents. Representation of a UK private equity investment group in the acquisition of a U.S.-based outsourcing provider in the health care space and subsequent move of substantially the entire service delivery infrastructure offshore. Representation of one of the world's largest hybrid public-private banking concerns in the integration and license of a comprehensive Enterprise Resource Planning system involving operations in at least 23 countries. Representation of one of the world's largest money managers in the "transfer" portion of a Build/Operate/Transfer transaction, addressing tax, benefits, intellectual property and other issues arising in moving approximately 500 FTEs from a niche provider's facilities in a Software Technology Park in India to a newly created Special Economic Zone. Unique BPO transaction on behalf of a Fortune 200 insurer, sourcing novel and core aspects of regulated activities to an Indian service provider. Representation of a state agency in its acquisition of development and fiscal agent services in a Medicare/Medicaid implementation processing approximately $12 billion per year in health care related payments. Multiple comprehensive and single-process HR transactions,

3 including one transaction involving 43 client jurisdictions and two of the largest five HR transactions during 2009 and Multiple applications development and maintenance and business process transactions, including finance and administration, transaction processing, procurement and customer care transactions (onshore, offshore and near-shore, including jurisdictions as diverse as Canada, Ireland, Ghana, Guatemala, India, Philippines, Vietnam, China, Rumania and Poland). Memberships Recognized for a number of years as one of America's Leading Lawyers for information technology matters. Recognized for a number of years as one of America's leading lawyers in business process outsourcing by Chambers USA. Active participant in the Free Software Foundation's efforts to develop version 3.0 of the General Public License. Current vice chair and former chair of the Technology Section of the State Bar of Georgia Member of the Intellectual Property Section Recognized as one of Georgia s Super Lawyers for a number of years Recognized as one of Georgia s Best Lawyers Selected as an IP Star by Managing IP for 2013 Member, Phi Beta Kappa Member, Board of Trustees, Atlanta International School

4 Todd S. McClelland Partner Todd is a member of Alston & Bird's Security Incident Management and Response Team, advising clients in connection with incident response and other information security-related issues. Todd has particular experience with PCI/payment system compliance, HIPAA-related incidents, critical infrastructure security, global privacy compliance, risk assessments, and IP theft. Todd also represents clients in connection with outsourcing transactions, IP licensing and audits, and cloud transactions. Todd S. McClelland Alston & Bird LLP One Atlantic Center 1201 West Peachtree Street Atlanta, GA todd.mcclelland@alston.com Services Security Incident Management and Response Sourcing & Complex Procurement Intellectual Property IP & Technology Transactions Mechanical Patents Digital Commerce & the Internet Privacy & Security Alston & Bird Global Privacy and Security Network (ABPSN) Government Contracts Education Florida State University (J.D., 1998) Georgia Institute of Technology (B.ME, 1994) Admitted to Practice U.S. Patent and Trademark Office Georgia District of Columbia Todd is a frequent speaker at professional seminars (including the CISO Executive Network) and author of articles on topics such as cybersecurity, active defense, security incidents, global data privacy compliance, smart grid, cloud computing, and IP protection. Todd is featured in Chambers USA for his outsourcing practice. He is a past chair of the IP Section of the State Bar of Georgia. Todd received his J.D. in 1998 from Florida State University where he was a member of the Law Review and was the executive editor of the Journal of Land Use and Environmental Law. He received a B.S. in mechanical engineering, with high honors, in 1994 from the Georgia Institute of Technology (Georgia Tech). Prior to law school, Todd worked as an engineer designing automation systems for companies such as Coca-Cola and the Ford Motor Company. Representative Experience Advising entities (hospitals, payment processors, retailers, financial institutions, and others) in connection with data security incidents, both in response to incidents and proactive preparation. Advising a global hospitality company on its data security strategy and incident response. Representing a power distribution concern in a state-wide comprehensive smart grid initiative. Advising a top tier pharmaceutical company in connection with the outsourcing of its IT environment and its global privacy compliance. Representing a global transportation company in outsourcing

5 components of its IT platform, international F&A functions, ADM functions, and other business functions. Advising an international payments processing company in the outsourcing of core IT functions. Representing one of the largest big-box home improvement stores in the outsourcing of infrastructure management services. Representing a large independent power producer in connection with the sourcing of multiple HR and IT processes. Recent Publications and Events Innovative Smart Grid Projects (November 7, 2012 Seminar). CISO Executive Network: Application and Third Party Security (October 2012 Seminar). CISO Executive Network: Information Lifecycle Management (September 2012 Seminar). CISO Executive Network: Endpoint Security Management Including Mobile Devices (June 2012 Seminar). CISO Executive Network: Virtualization and Cloud Computing Security (May 2012 Seminar). CISO Executive Network: Security Operations with a Special Focus on Event and Log Management (March 2012 Seminar). CISO Executive Network: Identity Management and Access Control (February 2012 Seminar). UCLA Anderson IS Associates Fall Meeting: The Cloud Through a Legal Lens (November 9, 2011 Seminar). Exploring the Outsourcing Implications of India s Recently Released Privacy Rules, Outsourcing and Privacy & Security Advisory, June 21, Cloud Computing: Watch Out For the Lightning! (March 30, 2010 Seminar). What Else Should Keep You Up at Night Trends in Data Security and Behavioral Marketing (September 17, 2009 Seminar). Memberships State Bar of Georgia

6 U.S. Patent and Trademark Office Founding member of the Atlanta chapter of the Cloud Security Alliance International Association of Privacy Professionals (IAPP) CISO Executive Network

7 Kimberly Kiefer Peretti Partner Kimberly Kiefer Peretti Alston & Bird LLP 950 F Street, NW Washington, DC kimberly.peretti@alston.com Services Privacy & Data Security Security Incident Management & Response Team Litigation Foreign Corrupt Practices Act (FCPA) Violations Government & Internal Investigations Payment Systems Education University of Munich, Germany (LL.M., 1997) Master's Thesis: Conflicts of interests of institutional investors in German stock corporations Georgetown University (J.D., 1996) Journal: Law & Policy in International Business, Magna cum laude University of Wisconsin (B.A., 1992) Major: Behavioral Science and Law, Phi beta kappa Admitted to Practice District of Columbia Illinois Kimberly (Kim) Kiefer Peretti is a partner in the firm s White Collar Crime Group and co-chair of our Security Incident Management and Response Team. Ms. Peretti is also a former director of PricewaterhouseCoopers cyber forensic service practice and a former senior litigator for the Department of Justice's Computer Crime and Intellectual Property Section. She focuses her practice on managing complex, technical electronic investigations and responses, often resulting from cyber intrusions and data breaches. She also services a wide range of clients in matters of cybersecurity; privacy; financial crime, fraud and regulation; payment systems compliance and risk mitigation; economic espionage; and intellectual property theft. While at the Department of Justice, Kim led several benchmark cybercrime investigations and prosecutions, including the prosecution of the infamous TJX hacker Albert Gonzalez, currently serving 20 years in prison for his role in the largest hacking and identity theft case ever prosecuted by the department. Kim is regularly quoted in the media and is a frequent keynote speaker and lecturer. She was featured in both a New York Times Magazine cover story and a CNBC documentary for her role in the prosecution of Gonzalez, appeared on MSNBC s Up with Chris Hayes, and has been recognized as an information security "industry pioneer" by SC Magazine. Top Secret clearance and SCI access (eligible). Representative Experience Represented a global payment processor in connection with a technical, complex computer crime investigation involving a sophisticated cyber threat actor. The crisis response effort included advising on a myriad of legal issues including securities law guidance, regulatory issues, class action defense governmental investigations, insurance coverage and issues. The effort also included supervising and managing a complex cyber forensic investigation that included a rapid response to a sophisticated intruder with deep and persistent access to the environment, development of containment, eradication, and remediation strategies, and coordination of the activities of multiple third parties including an independent forensic investigator,

8 Languages German several payment card brand networks, financial regulators and federal law enforcement. Represented one of the world s largest interactive marketing services providers in a massive network breach, involving more than 60 million individual records. Worked with a global energy company suspected of being compromised by Advanced Persistent Threat actors. The response including enhanced monitoring of critical systems, preventative forensics including a breach indicator assessment, a review of existing investigation and law enforcement information, and assisting management with briefings to executives. Representative Cyber Law and Cyber Security Worked with a global transportation company in developing cybersecurity policies and strategies. The project included ongoing monitoring of federal government initiatives with respect to critical infrastructure cybersecurity and development of appropriate responses, policies, and procedures related to cyber intelligence gathering, information sharing, and cybersecurity practices. Extensive work with a range of Fortune 250 companies on securities disclosure issues arising from cyber risks. These engagements included companies with particular cyber risks and those that have suffered network intrusions and then have to deal with related securities reporting issues. Consulting with a number of domestic and international banks on their response to and preparation for recent, highly-sophisticated and suspected state-sponsored DDoS attacks on their networks. Worked with an international monetary organization in connection with a multi-phased, comprehensive information security risk assessment based on the global information security standard ISO Our involvement included leading a threat-modeling workshop to assist the company in understanding the client s current threats and defenses and identify any known gaps in the information security infrastructure in particular with respect to sophisticated attacks, such as Advanced Persistent Threat. Worked with a multi-services organization in connection with a multiphased, enterprise security risk assessment in which we led an incident response workshop and cyber tabletop exercises to identify any known weaknesses in incident response process and procedures, in particular with scenarios related to sophisticated cyber attacks and intrusions.

9 Worked with a large global consulting firm in an assessment of the company s practices, controls, policies, and procedures with respect to the ease with which sensitive client data and company confidential data could leave the company s systems, whether by an inadvertent act by an employee or a malicious act by an insider or an outsider. Representative Privacy-related Regulatory Inquiry Represented a number of clients in relation to federal and state regulatory inquires involving Internet-based practices potentially violating federal and state unfair and deceptive trade practices acts, including a large online advertising company s practices with respect to the use of third party cookies, a mobile phone carrier s practices with respect to a user s browser s experience, and an automotive dealership s practices with respect to collecting user information and monitoring user behavior online. Memberships United States Supreme Court o o o United States Court of Appeals for the Ninth Circuit United States Court of Appeals for the District of Columbia Circuit United States District Court for the District of Columbia Certified Information Systems Security Professional (CISSP) ABA, Section of Science and Technology Law and Litigation Section Selected Publications "Evolving DDoS Attacks Provide the Driver for Financial Institutions to Enhance Response Capabilities," The Banking Law Journal, June Challenges in Conducting Breach Investigations: Part 2, Law360, April "Challenges in Conducting Breach Investigations: Part 1," Law360, March 25, Compliance with Payment Card Industry Data Security Standard, Proskauer on Privacy: A Guide to Privacy and Data Security Law in the Information Age, Practising Law Institute, February 2011 (co-author of chapter). Data Breach and Encryption Handbook, ABA Publishing, February 2011 (contributor).

10 Data Breaches: What the Underground World of Carding Reveals, Santa Clara Computer and High Technology Journal, Vol. 25, January 2009 (author) (this article resulted in a hearing before the U.S. House of Representatives Homeland Security Committee to consider vulnerabilities in the payment card industry). Prosecuting Computer Crimes, U.S. Department of Justice, February 2007 (contributor). Recent Speeches Presenter, "Women in Cyber Security, Why Women Don't Ask: The Challenges of Promotion and Is In-House Counsel 'Women's Work?'" Georgetown Women s Law Forum, June Presenter, The Cybersecurity Risks to Business, Governments and Individuals, Practising Law Institute s Seminar, Information Technology Law Institute 2013: Privacy and Cybersecurity, Mobile Advertising, Digital Distribution, Social Media and Third Industrial Revolution, April Presenter, The Cyber Threat Landscape: New Themes in Prevention, Detection and Response, RSA Conference 2013, February Presenter, Digital Forensics: Civil vs. Criminal, Fourth Annual Electronic Discovery and Digital Evidence (EDDE) Practitioner s Workshop, January Panelist, Senior Executive Panel: The Faces of Courage in Women's Leadership, Working Mother Media's Leadership Summit for Women in National Security Careers, May Presenter, Computer Hacking The Threat to Personal and Business Security, PLI's Information Technology Law Institute 2012, April Keynote, Cyber Criminals: Who are they? Why are they successful? How do we respond?, University of Michigan Information Security Conference, October 2011.