Privacy and Cybersecurity Litigation Trends and Survival Kit for Brand Owners
The trauma of a data breach, not to mention the hardships of litigation in the volatile areas of privacy and cybersecurity law, present challenges for even the most seasoned brand managers. While technology has enabled brand owners to exponentially expand their reach, it has also increased their exposure to liability, not only for data breaches but also for the mishandling of consumer data, which is regulated by an increasingly complex patchwork of privacy laws around the globe.
To dig into this topic that’s becoming more and more a part of our legal practice, INTA is delighted to provide a stellar panel of speakers: veteran IP and internet litigator Ian Ballon; Uber’s first Chief Privacy Officer and Associate General Counsel, Privacy & Cybersecurity, Ruby Zefo; and Airbnb’s Lead Counsel, Ann Staggs.
Mr. Ballon will provide a survey of trends in data breaches, privacy and cybersecurity class action litigation, including cases brought under the 2018 California Consumer Privacy Act (CCPA). Ms. Zefo and Ms. Staggs will share lessons learned, including the need to proactively protect brands from these threats to customer trust and brand loyalty.
Beyond dealing with sensational headlines and the court of public opinion, the program will provide strategies to help brands not only survive but thrive in the aftermath of a cybersecurity or privacy breach crisis.
Stephanie Sparks (Moderator)
Hoge, Fenton, Jones & Appel, Inc. (USA)
Stephanieis a shareholder at Hoge, Fenton, Jones & Appel, Inc., where she foundedthe Intellectual Property Group and now chairs the Privacy & Data SecurityGroup.
Inthe mid 2000s, not many lawyers were focusing on privacy and data securitylaw. But having litigated many IP andbusiness disputes involving complex computer forensics issues, Stephanie jumpedinto data breach crisis management for many company clients in California,which was the first to enact a data breach notification law in 2002.
WhileStephanie continues to quarterback large, multi-national data breach incidents,much of her time is spent helping her clients with privacy and data securitycompliance, including under the California Consumer Privacy Act of 2018 (CCPA)and the California Privacy Rights and Enforcement Act (CPRA), which goes intoeffect on January 1, 2023. She helpsclients develop and implement company policies, from information security plansto data breach incident response plans, as well as with data minimization andrecords retention schedules, data protection agreements, and privacy, datasecurity and data transfer impact assessments.
Greenberg Traurig, LLP (USA)
Ian Ballon is Co-Chair of Greenberg Traurig LLP’s Intellectual Property & Technology Practice Group and represents companies in intellectual property litigation (including copyright, trademark, trade secret, patent, right of publicity, DMCA, domain name, platform defense, fair use, CDA and database/screen scraping) and in the defense of data privacy, cybersecurity breach and TCPA class action suits..
Ian is also the author of the leading treatise on internet and mobile law, E-Commerce and Internet Law: Treatise with Forms 2d edition, the 5-volume set published by West (http://ianballon.net/) and available on Westlaw, which includes extensive coverage of data privacy and cybersecurity breach issues, including a novel transactional approach to handling security breaches and exhaustive treatment of trends in data privacy, security breach and TCPA class action suits. In addition, he serves as Executive Director of Stanford University Law School’s Center for the Digital Economy. He also chairs PLI's annual Advanced Defending Data Privacy, Security Breach and TCPA Class Action Litigation conference. Ian previously served as an Advisor to ALI’s Intellectual Property: Principles Governing Jurisdiction, Choice of Law, and Judgments in Transactional Disputes (ALI Principles of the Law 2007) and is a member of the consultative group for the Data Privacy Principles of Law project (ALI Principles of Law Tentative Draft 2019).
Ian was named the Lawyer of the Year for Information Technology Law in the 2021, 2020, 2019, 2018, 2016 and 2013 editions of Best Lawyers in America. In 2020, 2019 and 2018, he was recognized as one of the Top 1,000 trademark attorneys in the world for his litigation practice by World Trademark Review. In addition, in 2019 he was named one of the top 20 Cybersecurity lawyers in California and in 2018 one of the Top Cybersecurity/Artificial Intelligence lawyers in California by the Los Angeles and San Francisco Daily Journal.
He is listed in Legal 500 U.S. The Best Lawyers in America (in the areas of information technology and intellectual property) and Chambers and Partners USA Guide in the areas of privacy and data security and information technology.
Ian was also listed in Variety’s “Legal Impact Report: 50 Game-Changing Attorneys” (2012), was recognized as one of the top 100 lawyers in L.A. by the Los Angeles Business Journal and is both a Northern California and Southern California Super Lawyer.
Ian holds JD and LLM degrees and the CIPP/US certification from the International Association of Privacy Professionals (IAPP).
Ann currently serves as Airbnb’s Lead Counsel, responsible for privacy product, privacy compliance, privacy commercial, training, data use and cyber security initiatives. With over 15 years in both privacy practice and as in-house counsel combined, Ann has worked in financial services and in the tech space, from start ups to global organizations developing, implementing and building out privacy programs. She has a strong background and successful track record in providing practical solutions to complex issues. Further, Ann is passionate about diversity and pro bono, holding leadership positions at organizations such as the Minority Bar Coalition, Bar Association of San Francisco and internally at Airbnb.
Highlights: International privacy program (GDPR, e-Privacy, COPPA, PIPEDA, CASL, CAN-SPAM, FTC Act UDAAP, GLBA, TCPA, FCRA, HIPAA, NYDFS, CCPA, BIPA), AI, machine learning, facial recognition, authentication, validation, biometrics, big data, data governance, consumer protection, compliance, vendor management, commercial contracts, data protection agreements, partnerships, payments, cybersecurity, IoT, analytics, data science, anonymization, anti-spam/marketing, e-commerce, innovation, ride sharing, APIs, data technology products and services, start-ups, third party management, training, global privacy program management, risk assessments, privacy impact assessments, process/policy/procedure development, licensing, M&A, integration, data subject rights, subject access rights, international data transfers, SaaS, trade secrets, audits, regulatory examinations and investigations, authentication, fraud programs, risk mediation, intellectual property, litigation.
Chief Privacy Officer
Uber Technologies, Inc. (USA)
Ruby Zefo serves as Uber’s first Chief Privacy Officer and Associate General Counsel, Privacy & Cybersecurity. Her team's mission is to drive Uber’s efforts to be a trusted steward of users’ personal data in every market where Uber operates. She is also co-chair of the Women at Uber Employee Resource Group. Prior to joining Uber, Ruby was a Vice President at Intel Corporation where she served as Chief Privacy & Security Counsel, Group Counsel for the Artificial Intelligence Products Group, Group Counsel for Intel Security (McAfee), Legal Director of Trademarks & Brands, and a variety of other legal roles. Her career history also includes attorney roles at Sun Microsystems and litigation associate at Fenwick & West. Ruby has also served on the boards of directors for the INTA and the IAPP. Ruby holds a B.S. in business administration with highest honors from the University of California at Berkeley, and a J.D. from Stanford Law School.
Fun fact: Ruby's first post-college job was at Hawaiian Telephone where she worked her way onto the set of Magnum PI.