CSA Legal Information Center Seminar

Maureen Young
Maureen A. Young is Managing Director and Associate General Counsel at MUFG Union Bank. She advises the Bank on a wide range of financial services regulatory and compliance matters and corporate strategy and policy issues. She serves as centerpost for the Bank’s Dodd-Frank implementation efforts and chairs the Bank’s Regulatory Working group.  She is also the lead lawyer supporting the Bank’s Privacy Office. 

Prior to joining MUFG Union Bank in 2012, Ms. Young was a partner at a large international law firm, where she was a member of the Financial Institutions Corporate and Regulatory and Commercial Technology groups and co-chair and co-founder of the firm’s Privacy and Security group. Before joining the firm in 2003, she was Assistant General Counsel in Bank of America’s Legal Department in the Regulatory and Corporate Services group. 

Ms. Young is the Chair of the Banking Law Committee of the American Bar Association Business Law Section.  She holds a J.D. from University of California, Berkeley School of Law (Boalt Hall), and a Ph.D. and Masters degree from University of California, Berkeley, Jurisprudence and Social Policy Program.

Joanne McNabb
Joanne McNabb is the Director of Privacy Education and Policy in the Privacy Enforcement and Protection Unit in the California Department of Justice. The Unit protects Californians' constitutionally guaranteed right to privacy, enforces state and federal privacy laws, educates consumers and businesses, and makes recommendations to the Attorney General on privacy matters.

McNabb is a Certified Information Privacy Professional, with specializations in Government and Information Technology. She serves on the Privacy Advisory Committee to the U.S. Department of Homeland Security and is a Fellow of the Ponemon Institute, a research center on privacy, data protection and information security policy.

From 2001 until 2012, McNabb directed the California Office of Privacy Protection, which was a resource and advocate on privacy issues. Before that she worked in public affairs and marketing, in both the public and private sectors, including five years with an international marketing company in France. She attended Occidental College; and holds a master's degree in Medieval Literature from the University of California, Davis.

Francoise Gilbert
Francoise Gilbert is the Founder and Managing Director of the IT Law Group, a niche law firm, based in Palo Alto California, which focuses on information privacy and security, cloud computing and data governance. She is also a founding member of the Cloud Security Alliance and is its General Counsel.

Francoise advises multi-national and global companies, as well as selected start-ups and non-profit organizations, on complex issues related to evaluating and strategically managing the privacy and security of personal data in various environments, such as cloud computing, big data, connected objects, internet of things, online marketing and transfer, and other emerging markets.

An expert in privacy and data protection law, Francoise is the primary author and editor of the legal treatise Global Privacy and Security Law, which provides a detailed analysis of the major drivers that influence data protection laws worldwide, and contains a thorough analysis of the privacy and data protection laws of 68 countries across all continents.

Francoise has been continuously recognized for her expertise in privacy and data protection matters. She was named Best Lawyers' "2014 San Francisco Lawyer of the Year for Information Technology Law". For several years, the prestigious Chambers USA and Chambers Global, the Best Lawyers in America, Who's Who in E-Commerce and Internet Law, and Who's Who in Technology, Media and Telecommunications, have recognized her as one of the leading lawyers in the field of information privacy and security.

A graduate from Loyola University of Chicago School of Law (Juris Doctor Degree) and the University of Paris School of Law (Maitrise en Droit), Francoise is accredited as a Certified Information Privacy Manager (CIPM) and a Certified Information Privacy Professional (CIPP) by the International Association of Privacy Professionals. She also holds undergraduate and graduate degrees in Mathematics and Education from the University of Montpellier and the University of Paris. Francoise is admitted to practice law in the United States (California Bar and Illinois Bar) and in France (Paris Bar).

Daniele Catteddu
Daniele Catteddu is the Managing Director, EMEA, at Cloud Security Alliance (CSA), where he is responsible for the definition and execution of the company strategy in EU, Middle East and Africa. He is also the Director of the CSA Open Certification Framework / STAR Program. Daniele leads the definition and implementation of the CSA research agenda in Europe and he manages relations with European public institutions. Daniele is also a member of the CSA International Standardization Council.

In the past, Daniele worked at ENISA (European Network and Information Security Agency), as an Expert in areas of Critical Information Infrastructure Protection (CIIP) and Emerging and Future Risks Management, and in particular, he played a leading role in developing EU cloud security research. Before joining ENISA, Daniele worked as an Information Security consultant in the banking and financial sector.

Daniele is the author of numerous studies and papers on Risk Management, Governance and Cyber Security, e.g.: "Security and Resilience in Governmental Clouds", "Cloud Computing: Benefits, risks and recommendations for information security" and "Cloud Computing: Information Assurance Framework".

He is a member of various national and international security expert groups on cyber-security security and privacy, and has been a keynote speaker at several conferences. Daniele graduated from the University of Parma (Italy) in Business Administration and Economics, and he is an ISACA Certified Information Security Manager and Certified Information Systems Auditor.

Dr. P.A. Subrahmanyam
Dr. P. A. Subrahmanyam has been a Consulting Professor at Stanford University. He is also engaged in Management/Strategy consulting for technology startups, international corporations & investment firms (Venture Capital & Private Equity), and has served in various executive roles including Chairman, CEO, CTO/CSO.

His current interests lie in mobility, security & Big Data/analytics. He has been instrumental in cross-national initiatives in the areas of Security, Wireless Technology & Applications, Energy, and Healthcare/BioMedical informatics.

Dr. Subrahmanyam is a strategic advisor to the Dean/CSE at NTU (Singapore); he has also been a Faculty collaborator at UC Berkeley & the Berkeley Wireless Research Center. He has earlier been a Fellow at Princeton University, and held Visiting Professor/Advisory roles at ISI & NTU.

Dr. Subrahmanyam has authored over 180 technical papers, authored/coauthored/edited 5 books, received numerous awards, and has 11 international awarded/pending patents. He was the Founding Editor-in-Chief of Formal Methods in System Design, a premier journal in its field. He has also presented keynotes, tutorials and colloquia at conferences, universities, & research laboratories worldwide.

Dr. Subrahmanyam has been a Chair/Co-Chair/member of several working groups, including Cloud Security Alliance Big Data WG; Cloud Infrastructure Security/Privacy & NIST SmartGrid working groups; the Wireless Innovation Forum (Handsets; Cognitive Radio); IFIP WG 10.2/10.5 on System Design & VLSI and is on the Board of Directors of the American Institute of Big Data Professionals.

He was the Chair of the IEEE Technical Committee on VLSI (92-97); a Distinguished Visitor of the IEEE Computer Society; and has served on several advisory boards, including the Princeton/New Jersey Center of Excellence for Embedded Systems and Systems-on-Chip design, IEEE, as well as boards of privately held corporations. Dr. Subrahmanyam is a Fellow of the IEEE.

Brian Russell
Brian Russell is a Chief Engineer focused on Cyber Security Solutions for Leidos (www.leidos.com). He oversees the design and development of security solutions and the implementation of privacy and trust controls for customers.

Brian leads efforts that include security engineering for Unmanned Aerial Vehicles (UAVs) and Connected Cars, the design of secure next- generation energy systems (microgrids) and the development of high assurance cryptographic key management systems.

Brian supports the Council on Cybersecurity as a member of the 20 Critical Controls Editorial Panel and he also serves as Chair of the CSA IoT Working Group.

Laura Berger
Laura Berger is an attorney in the Division of Privacy and Identity Protection at the Federal Trade Commission.  She enforces federal laws that protect consumer privacy. Recently, her law enforcement work has focused on the privacy and security standards applicable to social media and the Internet of Things.

Laura has also worked on the agency's efforts to educate app developers about privacy, including the recent guide "Marketing Your Mobile App: Get it Right from the Start." In addition, she was author of the Commission's Safeguards Rule. Laura works from the FTC's Regional Office in San Francisco. 

Laura received a B.A. from Tulane University and a J.D. from the University of Michigan Law School.

This exclusive event is free. Please forward invitation to interested colleagues.

This Program is eligible for 3.0 hours of CLE general credit.

The program is provided by the IT Law Group, an approved Multiple Activity Provider (#15599). It is eligible for 3 hours of MCLE general credit (no ethics, no elimination of bias, no substance abuse). If you attend this program and sign the Official Record of Attendance for California MCLE, your Certificate of Attendance will be available upon request. For CLE information, please email: [email protected].

Online Registration has now closed. If you are interested in attending, limited onsite registration may be available, as capacity allows.


Security and Privacy: An Ounce of Preparation is Better than a Pound of Damage Control

We’ve all experienced it; that gnawing feeling of dread as you struggle to contain the potential fallout from an unforeseen and unprepared for event. This program will help you prepare for some of the current hot legal issues by focusing on what’s important for you to know, and for you to do, about security breaches, forthcoming European data protection legislation, Big Data and the Internet of Things.

This program will provide you with:

  • Legal and regulatory perspectives on dealing with security breaches
  • An update on recent developments concerning the EU General Data Protection Regulation
  • An understanding of the regulator's position on Big Data and the Internet of Things
  • An overview of the current work of the CSA on European data protection measures, Big Data and the Internet of Things

Monday, April 20, 2015

1.15 – 2.00 pm Registration & Networking
2.00 – 2.15 pm Security and Privacy in the Cloud in 2015
  • Welcome Remarks
2.15 – 3.10 pm Be Prepared for a Security Breach
  • Due diligence; contractual protections; incident response planning
    • Maureen A. Young, Managing Director and Associate General Counsel, MUFG Americas Legal Department, MUFG Union Bank
  • Understanding the Regulator’s expectations
    • Joanne McNabb, Director of Privacy and Education Policy, Office of the Attorney General, California Department of Justice
  • Q&A
3.10 – 3.25 pm Networking Break
3.25- 4.20 pm Be Prepared for the Upcoming EU General Data Protection Regulation
  • Upcoming EU General Data Protection Regulation: Overview and Status
    • Francoise Gilbert, Managing Director, IT Law Group
  • Selling Cloud Services to EU Customers: PLA’s and Codes of Conduct
    • Daniele Catteddu, Managing Director, EMEA, Cloud Security Alliance
  • Q&A
4.20 – 5.15 pm Be Prepared for Big Data and Internet of Things
  • Technical Overview of Big Data and the Internet of Things
    • Dr. PA. Subrahmanyam, Co-Chair of the Cloud Security Alliance Working Group on Big Data
    • Brian Russell, Chair of the Cloud Security Alliance Working Group on Internet of Things
  • FTC position on Big Data and Internet of Things
    • Laura Berger, Attorney, Division of Privacy and Identity Protection, Federal Trade Commission
  • Q&A
5.15 pm Adjourn