IN THE PROFESSION data security and privacy law , practical considerations for selecting vendors , tips for effectively working with vendors , issues that can arise when working with vendors , and strategies for mitigating risks arising from such issues .
The next two panels focused on data security incident preparedness and response . Shannon Sprinkle ( Stites & Harbison PLLC ) moderated a discussion amongst Edward Alden ( Alden & Associates Inc .), Jon Powell ( Moore Colson CPAs and Advisors ) and Sarah Spurlock ( Stites & Harbison PLLC ) on developing an incident response program . The panelists covered a variety of topics , including the need for businesses to assess vulnerabilities and capabilities of , their information technology systems and operations , legal obligations that may arise from security incidents , planning an incident response program , and issues related to cyber insurance .
The incident preparedness and response panel was followed by a panel on testing cyber-attack readiness and responsiveness through table-top exercises . Scott Hilsen ( Cox Automotive ) led a discussion between Sam Casey ( Cox Automotive ) and Nick Jones ( Cox Automotive ), covering a variety of topics , including the types of cyber-attacks , the benefits of conducting cyber tabletop exercises , and planning and conducting tabletop exercises . The panelists concluded with best practices for conducting table-top exercises , such as involving multiple and key stakeholders , leveraging resources from outside counsel and consultants to enhance the incident scenarios and provide feedback , and making the scenarios as real as possible .
The last panel featured a conversation about conducting data security and privacy due diligence in mergers and acquisitions between Stephen Bush ( O & A PC ), Michael Jones ( Riskonnect Inc .) and Michael Young ( Morris Manner & Martin LLP ). The panelists walked through a comprehensive guide for engaging in M & A transactions and discussed transaction structures , due diligence , considerations for revising merger agreements , and actions to take post-merger to mitigate data security and privacy risks .
The symposium concluded with a happy hour and networking session during which attendees had the opportunity to meet and reflect on the symposium . Given the success of the first annual data security and privacy symposium and the rapid development of data privacy and security law , the Privacy and Cybersecurity Law Section looks forward to the second annual symposium next year .
www . atlantabar . org THE ATLANTA LAWYER 13