By now, directors understand the need to focus attention and resources on data privacy and security. Yet many organizations remain unprepared for the growing risks posed by increasingly sophisticated attackers, the move to “connected” systems, more aggressive and global regulatory enforcement, and new privacy legislation. Join us for an intimate roundtable hosted by the NACD Northwest Chapter and Andreas Kaltsounis, a partner in BakerHostetler’s privacy and data security practice, to explore key issues critical to director-level oversight that go beyond the basics of assuring a cyber program exists. Drawing on real examples from Andreas’s diverse experience as a privacy and data protection attorney, former government cyber investigator, and information security consultant, this learning session will address changes in attackers’ tactics and techniques, the increasing threat landscape posed by always-on and connected systems, regulatory enforcement trends, and the state of domestic and international privacy and data security legislation.
Andreas Kaltsounis is a partner in BakerHostetler’s Privacy and Data Protection Practice and focuses exclusively on helping clients anticipate, manage, and respond to the growing legal, business, and reputational risk from data-processing activities. Andreas delivers practical, strategic advice by leveraging his unique perspective developed as an attorney advising clients on their most pressing privacy and data-security issues; as a certified information-security consultant at an international consultancy; and as a former federal agent investigating criminal, regulatory, and national-security cyber matters. Recognizing data protection is an enterprise-wide issue, and with the experience to operate in the trenches and the boardroom, Andreas advises key stakeholders across an organization, from its individual legal, security, and compliance teams to its executives, officers, and directors.
As a strategic advisor, Andreas helps clients anticipate, understand, and comply with current and emerging global data-protection obligations. More important than merely checking regulatory boxes, though, is his work with his clients to find and address their real legal, business, and reputational risks and prepare them to respond to the growing risk of security-related litigation and regulatory action.
Andreas has directed more than 100 privacy incident and data breach investigations, including some of the largest publicly reported breaches. His investigative experience and deep technical background make him a go-to advisor for incidents involving widespread network intrusions, technically complex issues, and potential insider threats. In the wake of these incidents, he has successfully defended clients in regulatory inquiries by the Federal Trade Commission, global supervisory authorities, and multi-state attorneys general, and he partners with BakerHostetler’s award-winning litigation team to defend against consumer class actions and shareholder actions.
Andreas speaks frequently to industry groups and boards of directors on privacy, data protection, and incident response, and he combines his extensive on-the-ground experience with leading industry credentials in information security (CISSP), critical controls auditing and implementation (GCCC), penetration testing (GPEN), and computer forensics (EnCE and SCERS). He is also a member of the Sedona Conference Working Group 11 on Data Security and Privacy Liability.