test #2

Sat, 30 May 2009 03:46:07 GMT

test 1

test 2

test 3

test 4
5
6

AM08 Video: Canadian Lawyer INHOUSE

kash@acc.com (Jonathan Kash) — Wed, 12 Nov 2008 16:19:40 GMT

Canadian Lawyer INHOUSE has posted video coverage of the Annual Meeting, including views of the Exhibit Hall and interviews with Fred Krebs, ACC President, and several of the exhibitors. This is now the third movie Fred has starred in... who can guess the other two? (Hint: IMDB.com has one)

Tuesday Evening Events

opkins@acc.com (Nichole Opkins) — Wed, 22 Oct 2008 15:23:51 GMT

A few more great events took place on Tuesday evening. I'd like to believe it was because it was my birthday, and I'm sure our awesome members wouldn't stop me from thinking that :)

The International Attendees Dinner was held at Canlis, an amazing restaurant here in Seattle.

ACC couldn't be more proud of it's presence in 80 countries, as we continue to strive for global growth. Next year, we hope to be in over 100 countries.

After attending dinner, we headed to the ACC Southern California Chapter annual event- Martini's 'til Midnight, which was held in the Mayflower Park Hotel. Everyone had a great time, as they got to reconnect with old friends and make new ones. It was a fun way to wrap up the evening events at this year's Annual Meeting. Make sure you're here to enjoy these fun times next year at Annual Meeting 2009- Boston.

Live Blog: "A Global Perspective on Data Security Breaches and Enforcement"

rob@lexblog.com (Rob La Gatta) — Tue, 21 Oct 2008 22:34:31 GMT

Just as I suspected in my last post, the event is starting to fill up. I'll be live blogging what happens from this point forward.

Take a look after the jump.

2:31 p.m. PT: TJ Svensson, Assistant General Counsel (Global Privacy) at Thomson Reuters, is introducing the panel.

2:33 p.m. PT: Svensson is noting that Dave Dunn of the Secret Service is also presenting on the panel, despite his name not being listed in program literature. First speaker is Pamela Jones Harbour of the FTC; she was sworn in in 2003 for a term that expires in 2009. She is a former antitrust lawyer who counseled clients on internet privacy/e-commerce/related matters. She also spent a good amount of time in the New Jersey Attorney General's Office, where she represented the state in what led to a variety of multi-million dollar settlements.

2:35 p.m. PT: After that, Lisa Sotto from the NY office of Hunton & Williams will be speaking. She has extensive experience on privacy/data security issues, and advises clients on GLB/HIPPA/other security requirements around the country. During the past 3 years, she has worked with clients on over 300 data security breaches. She has testified before Congress on privacy/data security issues and is routinely quoted in articles - more than 100 to date - about privacy-related issues.

2:37 p.m. PT: Joanne McNabb will be speaking next. McNabb is another privacy expert who is a frequent speaker at privacy conferences and seminars. She started the Office of Privacy Protection, and has a marketing background that gives her a unique understanding of personal information that could result in data breaches.

2:39 p.m. PT: Lastly, we'll hear from Dave Dunn from the Seattle Police Department - who works with forensic/electronic crimes - currently working for the Secret Service. He works primarily on organized crime and extortion-related cases.

2:40 p.m. PT: Pamela Jones Harbour has taken the stage, and is recounting an event she spoke at it in France last week. "The overall message [...] was that good privacy equals good business." Good data security practices are good for the bottom line in jurisdiction where data protection laws are enforced. Data breaches can be costly, she notes.

2:41 p.m. PT: The average data breach costs a business an average of $180 per customer, Harbour says. This number was reached after considering a number of factors related to the company and consumer trends. Forrester Research released a different study last year, that said a data breach can cost a company between $90 and $300 per piece of data lost. "Once companies have experienced a data breach, customers report that they are more likely to sever a relationship."

2:43 p.m. PT: "The FTC has brought, just within the last couple of years, 20 enforcement actions against companies that have failed to provide reasonable protections for sensitive customer data under their control," says Harbour. Currently there is no single data security law; rather, there are a variety of these in separate states and jurisdictions.

2:45 p.m. PT: Data protection laws enforced by the FTC include the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act, and Section 5 of the FTC Act.

2:46 p.m. PT: "Today, I would like to focus on enforcement of Section 5 of the FTC Act - the primary statute used in our recent data security cases," Harbour says.

2:50 p.m. PT: Section 5 of the FTC Act is really the "meat and potatoes" of the FTC's law enforcement program. But in certain cases, the FTC's usual monetary remedies are inadequate. As a result, Congress has been attempting to include fines as an additional enforcement tool that is encouraging companies to invest wisely in their data security processes.

2:51 p.m. PT: It is important to note that companies do not need to have perfect data security systems in place; they need only be deemed "reasonable". Reasonableness is not equal to perfection.

2:53 p.m. PT : FTC is doing what they can to educate companies on the importance of privacy protection, through published literature and events in cities across the country. Harbour's advice to companies - know your customer; know the information you collect; and know where the information you're collecting travels.

2:55 p.m. PT: Safeguard Rule - "What is reasonable will depend on the size/complexity of the business; nature/scope of activities; and sensitive of the information." Even for companies that are not financial institutions (and therefore not legally required to abide by Safeguard Rule), it still provides excellent guidance.

2:56 p.m. PT: 3 bits of advice from the FTC on data protection: 1) If you make data security claims, back them up. 2) Be aware of well known and common security threats. 3) Do not retain sensitive data unnecessarily. "Regardless of legal obligations that apply to you, protecting sensitive data is simply a good business practice," Harbour says in closing.

2:58 p.m PT: Lisa Sotto from Hunton & Williams has taken the stage, and is asking how many people have - as consumers - received data security breach notifications. Almost every hand in the room went up.

3:00 p.m. PT: Since 2005, according to Sotto, there have been over 1000 information security breaches from companies like ChoicePoint, Bank of America, Lexis Nexis and other big guns. "That number is the tip of the iceberg," Sotto says.

3:05 p.m. PT: "Section 5 of the FTC Act prohibits unfair or deceptive trade practices," Sotto notes. "[Other cases] were more about unfairness, which may be a harder standard for the FTC to meet in bringing its action."

3:07 p.m. PT: Someone asks about data breaches at the university level. Sotto defers this to the next speaker.

3:08 p.m. PT: Question - "If you sell a product to a farmer who uses that product for their business, is that a loss of business data or consumer data?" FTC Commissioner Harbour comes back to the microphone and notes that it is, in fact, both.

3:10 p.m. PT: "The FTC is very serious about its data security mission," Sotto notes. "Enforcement is absolutely on the up-take: we're seeing more and more investigations, and more enforcement actions coming out of these investigations. [...] Even the very small incidents are getting the interest of state regulators."

3:11 p.m. PT: Critical question to ask when a breach occurs, according to Sotto: "Does the event trigger notification to individuals?"

3:15 p.m. PT: Sotto notes that in the case of her firm, when clients have data breaches they actively alert the FTC about this breach (rather than letting the press frame it incorrectly).

3:22 p.m. PT: "It's better not to have a breach than have one, but if you do have one, be prepared," Sotto says. Concern and focus on data security must come from the top.

3:25 p.m. PT: Sotto has just wrapped up, and Joanne McNabb is up. "This is the key question that faces anybody when they're looking at a possible breach of personal information: 'Do I have to notify?' "

3:32 p.m. PT: Senate Bill 541 in California has a breach requirement, says McNabb. She jokes that it's sometimes called the "Punish UCLA Law."

3:38 p.m. PT: McNabb's company recommends health insurance providers to provide patients with regular explanations of benefit statements, and that these companies be prepared to give individuals a new member or subscriber number if their security is breached." She quickly rushes to finish so Dave Dunn can take over.

3:42 p.m. PT: Dunn's got an exciting story: on a Friday afternoon, financial institution receives call from a hacker who says that he's stolen all their pertinent client information. Company calls a data security company that afternoon, who flies in a computer forensic expert who comes to examine the company's server. Dunn notes that there are a lot of forensic investigators out there, of varying degrees of quality.

3:45 p.m. PT: Hackers had left a slight trail of where they'd been (routed information to a server in San Diego), but they had been very good what they did. "There is no network that is inpenetrable," Dunn says.

3:47 p.m. PT: Dunn explains how they tracked hackers trail to an online financial institution's website, but when he presented the company with his information - which showed that the company's data had been breached - they refused to accept this. He plans to go back and rub it in their face when the suspect is in custody, though.

3:50 p.m. PT: Another case he explains - someone walks away with a hard drive with a significant dollar amount worth of information. Victim company called local law enforcement agency, who told them they would address the case in due time (which may have stemmed from the fact that they failed to tell the police how much the data was worth). After a few weeks, the company starts to panic and calls FBI - who ignores them - and then Secret Service.

3:51 p.m. PT: In the interim, company had notified one client (another company) that information had been stolen. The information on that drive was about company B's acquisition of company C, which created even more confusion. Ultimately, warrants were served but the drive was not recovered. Dunn believes they could have tracked it down if informed in a timely manner, but since company A feared the impact it would have on their image, they kept it under wraps longer than they should have.

3:55 p.m. PT: "Ultimately, what it comes down to is that law enforcement wants to put a stop to this," Dunn says. "We need cooperation from businesses, and we need it quickly. If you come to me 12 weeks after a breach has happened [...] the liklihood of me finding the suspect is very slim."

3:56 p.m. PT: That's it; Dunn is off the stage. Time for questions. First one: "With new laws that are coming out on encryption, how are companies going to comply with this? Do you expect us to start seeing 40 states coming up with encryption laws and requirements?" LIsa Soddo answers:"That is the question of the future."

3:57 p.m. PT: Next question, for Dave Dunn: "Is it reasonable for attorneys to assume we can send clients confidential information without encrypting it?" Dunn laughs. "If you're sending sensitive information, it should be encrypted."

And that's a wrap, folks. Thanks for reading.

Swag in Seattle: What they're giving away (part 3 of 3)

rob@lexblog.com (Rob La Gatta) — Tue, 21 Oct 2008 22:29:48 GMT

Also prominent on the exhibition hall floor is a widespread athletics theme: lawyers crowded around a virtual golf game in one corner, a pair of young women blowing up mini soccer and footballs in the other and conversations about who lost to who are heard in passing everywhere. Among the companies offering up swag to keep their consumers fit was Stored IQ.

Who they are: An Austin-based tech company specializing in information management and IT matters and offering a variety of information classification tools.

What they brought: Bright orange frisbees for the ultimate crowd.

Why they brought it: We bring them to everything," said one of the three account executives at the booth. But have they been going quickly? "Not really," said another. "They tend to go faster at other shows, to be honest. Particularly IT shows." Does this mean the IT crowd is more physically active than the legal profession? We'll have to get back to you on that one.

Swag in Seattle: What they're giving away (part 2 of 3)

rob@lexblog.com (Rob La Gatta) — Tue, 21 Oct 2008 22:28:35 GMT

A common theme among firms and companies representing themselves at the Annual Meeting this year are associating themselves with the theme of going green - biodegradable pens, reusable water bottles and other clever items have been seen all over the exhibition hall these past couple of days. Among the firms following the trend is Lindquist & Vennum.

Who they are: A 200 strong team of business attorneys, serving the country from offices in Colorado and Minnesota.

What they brought: Sturdy, reusable water bottles with a smooth finish that bear the firm's logo.

Why they brought it: "[We were looking at] because these are environmentally friendly," said a young representative at the firm's table. "And, they can be used around the office instead of plastic water bottles."

Swag in Seattle: What they're giving away (part 1 of 3)

rob@lexblog.com (Rob La Gatta) — Tue, 21 Oct 2008 22:21:20 GMT

I've been uploaded photos to the ACC's Flickr stream throughout the day of some of the interesting swag I've found here at the ACC's Annual Meeting 2008 - and boy, is there a lot of it. It seems like nearly every firm or company tabling the event brought some goodies for attendees to take away. In my first of a few updates on the most unique items I've found, I focus on Chubb Group of Insurance Companies.

Who they are: With more than 100 years in the insurance business under their belt, Chubb is a global insurance provider with more than 120 offices in 28 countries.

What they brought: Candles and hand lotion.

Why they brought it: What connection does an insurance company have to candles? "We've got this zen theme going," said Product Manager Andrea J. Wysocki (pictured, left), pointing at the very zen-like stack of rocks pictured on the wall behind her. "We wanted it to feel like if you're insured with Chubb, you can rest easy."

Preparing to blog from data security breaches panel

rob@lexblog.com (Rob La Gatta) — Tue, 21 Oct 2008 22:09:17 GMT

I'm sitting here in room 615 of the Washington State Convention Center, awaiting the start of the session, "A Global Perspective on Data Security Breaches and Enforcement." Right now I'm the only person in the room...but there's still 20 minutes to showtime. And judging by the impressive panel of speakers - FTC Commissioner Pamela Jones Harbour, Hunton & Williams Partner Lisa J. Sotto and Thomspon Reuters Assistant General Counsel for Global Privacy TJ Svensson - something tells me this room won't be empty for long.

I'm hoping to catch up with at least one of the panelists after they've presented to get their take on the event so far. Meanwhile, I'll be blogging the event as it happens. Check back at 2:30 p.m. PT, when that will be getting started.

New to In-house Committee Party

opkins@acc.com (Nichole Opkins) — Tue, 21 Oct 2008 16:06:22 GMT

Last night, the New to In-house Committee was treated to a spectacular event at the Seattle Space Needle. Hosted by Thomson Reuters and Womble Carylye Sandridge & Rice, the NTI members enjoyed a great meal at the base of the Needle, followed by drinks and dessert in the observation tower. As I've mentioned in previous posts, NTI won the Committee of the Year award, which was only enhanced in excellence by Womble's win for Outstanding Committee Sponsor of the Year.

Can I get an "Amen!" -- Using the Pulpit of Public Opinion

stephanie@nacdl.org (Stephanie Martz) — Tue, 21 Oct 2008 14:20:00 GMT

The most buzz-y program that I've attended so far was the panel on Crisis Management, featuring Charles Babcock, renowned courtroom lawyer; John DeGroote, a GC at BearingPoint, and Richard Levick, CEO and President, Levick Strategic Communications. It was a very full house of 200 or so and I'd be surprised if Mr. Levick didn't come away with some serious business -- his presentation was dynamic, definitive, and persuasive. (Plus, it's hard to argue with the sympathy that he his firmed as helped to create for, of all, people, Gitmo detainees.)

All the speakers agreed that when a crisis erupts -- CFO indictment, toxic leak, plant fire -- you need to walk a fine line between "no comment" and spilling your guts in public. "No comment" is old school. It certainly is what criminal defense lawyers, as well as many civil defense lawyers, has relied on as the ethical and measured response to disasters. But now, "no comment" in a sea of comments from the other side means that you lose the 13 people who are going to come from a heavily poisoned jury pool (the 13th being the judge). However, trying to tell your story from once upon a time to unhappily ever after never works out. Even if you are telling the absolute truth, SOMETHING you say will be turned against you -- either in the literal legal sense or in the court of public opinion. So, (1) know and assemble your crisis management team well in advance of any hothouse situation; (2) when the disaster strikes, have a script and stick to it; (3) provide the press with what information you can.

Richard Fuld of Lehman was used as an example of what not to do. Don't annoy the press by being arrogant and aloof; don't blame the press when your disaster strikes (he did exactly this in Congressional testimony); control your image as a likable player and it's less likely that you'll come out a villain (or that your bosses or members the board or management team will look bad).

sam

Live from the floor at ACC's 2008 Annual Meeting

kevin@lexblog.com (Kevin O'Keefe) — Tue, 21 Oct 2008 00:39:22 GMT

There's a lot going on here at the ACC's Annual Meeting '08, which has brought together folks representing law firms and in-house counsel from all around the world. With educational sessions covering diverse topics ranging from getting the most out of a new business to handling your first wrongful termination complaint, the information being presented this afternoon is both informative and diverse.

The exhibit hall must have covered two football fields, with law firms and legal services providers discussing their services and networking with attendees.

Tomorrow, LexBlog's Rob La Gatta will be covering the event in-depth. His updates will begin around 9 a.m. and will continue throughout the afternoon.

005 Negotiating IP Provisions in Contracts

zavian@acc.com (Ellen Zavian) — Mon, 20 Oct 2008 20:10:29 GMT

Housed in the largest exhibit meeting room, the hall was packed! That did not stop the panelist from breaking up the attendees into smaller groups and getting direct feedback on the presentation.

This session on negotiating terms within software contracts was very enlightening. One section focused on the clause dealing with what you might get free, an 'update' vs. something you might have to pay for, an 'upgrade'.

One note of interest:

They discussed the difference between 'updates' (maintenance releases/fix) vs. 'upgrades' (which are usually at an additional costs and considered improvement/enhancements). It is important the Licensee defines both terms in detail.

Make sure updates are not just what the Licensor wants to show you, but he/she is showing you the exact updates he/she is showing to third parties participating in the Licensor Service Program. One suggestion by the panelists to ensure you are seeing all the updates is to look into the version numbers the Licensor assigns to updates. For instance, updates might use 'y' or 'z' and upgrades might use 'x' or 'v'. Negotiate such 'letters' into the agreement as well.

Stay tuned for more.

Council of Committees

opkins@acc.com (Nichole Opkins) — Mon, 20 Oct 2008 16:46:42 GMT

Just got out of the Council of Committees meeting which was held this morning from 7am- 8:30am. Many topics were discussed, with great focus on the increase of committee leadership on the monthly teleconferences, as well as the addition of more roles for committee members to help in the production of more webcasts and InfoPaks. Talk of Annual Meeting 2009 (Boston) was already taking place, as well as discussion of the ACC Value Challenge.

The committee business lunches for the following committees will be taking place in the Grand Hyatt Seattle today from 12:45-2:15:

Corporate & Securities Law (Sealth, 6th Floor)
Environmental, Health and Safety (Douglas, 6th Floor)
IT, Privacy & eCommerce (Tolmie, 6th Floor)
Insurance Staff Counsel (Washington, 7th Floor)
International LEgal Affairs (Blewett, 7th Floor)
New to In-house (Menzies, 6th Floor)
Real Estate Law (Cayuse, 7th Floor)
Small Law Departments (Sherman, 7th Floor)

Sessions are about to start- get to class!

Hi! I'm your new roving blogger!

stephanie@nacdl.org (Stephanie Martz) — Mon, 20 Oct 2008 15:11:45 GMT

Greetings friends: My name is Stephanie Martz, and I am the Senior Director for White Collar Crime policy at the National Association of Criminal Defense Lawyers. Back in the other Washington, I do a lot of advocacy work with ACC on issues such as the federal government's charging policies (demanding waiver of attorney-client privilege, firing "culprits," cutting off lawyers' fees, etc.), vicarious corporate criminal liability, and sentencing. So I am very happy to be here to check out this amazingly huge meeting and offer some impressions and information.

But first things first: What shwag! Well done people! I have to say that the trout hot mits from Corporate Service Company seemed to be a big hit, and they were high-visibility. I also got an LED martini glass from Protiviti (my kids will like it for ice cream -- I never touch the stuff -- at least not after last night) , a t-shirt all folded up like a starfish from Steptoe & Johnson, and I won a $50 I-Tunes certificate by spinning the wheel thingie! That's almost enough scratch to make my I-Pod hip.

Because I can't get enough attorney-client privilege, I think I'm going to check out the "How to Respond to Your Financial Services Agency" panel this morning, and maybe the crisis management panel after that (criminal defense lawyers are nothing if not crisis managers). See you there!

Exhibit Hall - First Evening Preview

zavian@acc.com (Ellen Zavian) — Mon, 20 Oct 2008 14:20:32 GMT

The Exhibit Hall was buzzing with vendors and attendees, exchanging a welcome hello. Many were visiting vendors they met last year, that now have them as a client. Some were reconnecting with old friends. Either way, you can feel the energy and excitement in the air. Especially when the event officially ended at 7pm and most stayed around until 7:30pm.

Today, we will dive into sessions, committee meetings, and dinner parties. So, come join us!

Leadership Dinner

opkins@acc.com (Nichole Opkins) — Mon, 20 Oct 2008 06:16:29 GMT

Just got back from the Leadership Dinner which was held at the Experience Music Project- a beautiful venue. A great evening all around.
Here's a shot from the event.

Congratulations to the following award recipients recognized this evening for their great efforts and accomplishments:

COMMITTEES OF THE YEAR: Employment & Labor Law Committee and the New to In-house Committee

COMMITTEE MEMBERS OF THE YEAR: John DeGroote; Carol Rick Gibbons; and Kimberly W. White

COMMITTEE SPONSOR OF THE YEAR: Womble Carlyle Sandridge & Rice, PLLC

OUTSTANDING CHAPTERS: Austin Chapter; Colorado Chapter; Delaware Valley Area Chapter (DELVACCA); and San Diego Chapter

CHAPTER CHALLENGE: Austin Chapter; Central Ohio Chapter; San Francisco Area Chapter; Washington Metropolitan Area Chapter (WMACCA)

Looking forward to kicking off the sessions tomorrow.

Recent Articles tagged annual meeting 2008 from LexMonitor