• No results found

James A. Harvey. Partner

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "James A. Harvey. Partner"

Copied!
10
0
0

Loading.... (view fulltext now)

Download now ( 10 Page )

Full text

(1)

James A. Harvey Alston & Bird LLP One Atlantic Center 1201 West Peachtree Street Atlanta, GA 30309-3424 404-881-7328

[email protected] Services

Intellectual Property

IP and Technology Transactions Global Business Strategies Global Sourcing

Health Information Technology HIT Task Force

Investigations - Government and Special

Payment Systems Privacy and Security Technology

Technology and the Internet Alston & Bird Global Privacy and Security Network (ABPSN) Education

University of North Carolina (J.D., 1988) University of Arkansas (B.A., 1983) Admitted to Practice Georgia

James A. Harvey

Partner

Jim is a partner in the Technology, Privacy & IP Transactions Group and co-chairs the firm’s Privacy & Security task force. His practice leverages both his experience in board level technology and outsourcing projects and his experience in sophisticated privacy, security and network intrusion issues.

Jim has worked on numerous transformative technology initiatives, including a range of IT, BPO, HR, F&A, facilities management, ERP, cloud, ecommerce/online, open source and social media engagements. Privacy and security are central issues in nearly every technology and data centric initiative in Jim’s practice. Accordingly, he has worked extensively with clients on privacy and security issues and initiatives for a number of years, including having founded the firm’s privacy task force in 1998, which was the same year he wrote one of the first U.S. articles on the EU Data Directive. This includes extensive work on behalf of financial services, health care, telecommunications and other regulated companies, retailers, online advertising issues and international data transfer issues.

His practice also involves security breach management and response, including everything from notification of the affected individuals, to e-discovery and internal investigations and law enforcement issues. Jim worked with a number of partners to form the firm’s Security Incident Management and Response Team, a unique team devoted to cyber and security crisis management and response.

Representative Experience Privacy and Data Security:

• Represented a leading payment processing company in all phases of unauthorized intrusion into their network and all associated third party actions and proceedings.

• Assisting an international retailer in a comprehensive overhaul of its privacy, security, PCI and data management practices, while counseling the company in an FTC and multiple state attorneys general investigations.

• Advising one of the world’s largest interactive marketing providers in an international criminal network intrusion involving records of more than 60 million individuals worldwide.

• Advising one of the world's largest Internet and email concerns on its implementation of safe harbor compliance obligations with its worldwide network of edge network providers.

(2)

• Assisting one of the world's largest investment banks in its implementation of the Red Flag Rules.

• Advising a major retailer in a breach involving more than 1 million names and social security numbers in all fifty states.

• Assisting an offshore multinational bank and financial services entity on its data gathering, use and transfer compliance program spanning 10 jurisdictions and three continents, including the EU. • Assisting one of the world’s largest private companies in design,

development and compliance initiatives for a consolidated data base of employee information for more than 700 subsidiary companies in more than 20 countries.

Sourcing/Technology

• Multiple comprehensive outsourcings and renegotiations of IT and processing infrastructure on behalf of Fortune 100/500 members, spanning multiple source and destination jurisdictions and continents.

• Representation of a UK private equity investment group in the acquisition of a U.S.-based outsourcing provider in the health care space and subsequent move of substantially the entire service delivery infrastructure offshore.

• Representation of one of the world's largest hybrid public-private banking concerns in the integration and license of a comprehensive Enterprise Resource Planning system involving operations in at least 23 countries.

• Representation of one of the world's largest money managers in the "transfer" portion of a Build/Operate/Transfer transaction, addressing tax, benefits, intellectual property and other issues arising in moving approximately 500 FTEs from a niche provider's facilities in a Software Technology Park in India to a newly created Special Economic Zone.

• Unique BPO transaction on behalf of a Fortune 200 insurer, sourcing novel and core aspects of regulated activities to an Indian service provider.

• Representation of a state agency in its acquisition of development and fiscal agent services in a Medicare/Medicaid implementation processing approximately $12 billion per year in health care related payments.

(3)

including one transaction involving 43 client jurisdictions and two of the largest five HR transactions during 2009 and 2010.

• Multiple applications development and maintenance and business process transactions, including finance and administration, transaction processing, procurement and customer care transactions (onshore, offshore and near-shore, including jurisdictions as diverse as Canada, Ireland, Ghana, Guatemala, India, Philippines, Vietnam, China, Rumania and Poland).

Memberships

• Recognized for a number of years as one of “America's Leading Lawyers” for information technology matters.

• Recognized for a number of years as one of America's leading lawyers in business process outsourcing by Chambers USA.

• Active participant in the Free Software Foundation's efforts to develop version 3.0 of the General Public License.

• Current vice chair and former chair of the Technology Section of the State Bar of Georgia

• Member of the Intellectual Property Section

• Recognized as one of Georgia’s “Super Lawyers” for a number of years

• Recognized as one of Georgia’s “Best Lawyers” • Selected as an “IP Star” by Managing IP for 2013 • Member, Phi Beta Kappa

(4)

Todd S. McClelland Alston & Bird LLP One Atlantic Center

1201 West Peachtree Street Atlanta, GA 30309-3424 404-881-4789

[email protected] Services

Security Incident Management and Response

Sourcing & Complex Procurement Intellectual Property

IP & Technology Transactions Mechanical Patents

Digital Commerce & the Internet Privacy & Security

Alston & Bird Global Privacy and Security Network (ABPSN) Government Contracts Education

Florida State University (J.D., 1998)

Georgia Institute of Technology (B.ME, 1994)

Admitted to Practice

U.S. Patent and Trademark Office Georgia

District of Columbia

Todd S. McClelland

Partner

Todd is a member of Alston & Bird's Security Incident Management and Response Team, advising clients in connection with incident response and other information security-related issues. Todd has particular experience with PCI/payment system compliance, HIPAA-related incidents, critical infrastructure security, global privacy compliance, risk assessments, and IP theft. Todd also represents clients in connection with outsourcing transactions, IP licensing and audits, and cloud transactions.

Todd is a frequent speaker at professional seminars (including the CISO Executive Network) and author of articles on topics such as cybersecurity, active defense, security incidents, global data privacy compliance, smart grid, cloud computing, and IP protection. Todd is featured in Chambers USA for his outsourcing practice. He is a past chair of the IP Section of the State Bar of Georgia.

Todd received his J.D. in 1998 from Florida State University where he was a member of the Law Review and was the executive editor of the Journal of Land Use and Environmental Law. He received a B.S. in mechanical engineering, with high honors, in 1994 from the Georgia Institute of Technology (Georgia Tech). Prior to law school, Todd worked as an engineer designing automation systems for companies such as Coca-Cola and the Ford Motor Company.

Representative Experience

• Advising entities (hospitals, payment processors, retailers, financial institutions, and others) in connection with data security incidents, both in response to incidents and proactive preparation. • Advising a global hospitality company on its data security strategy

and incident response.

• Representing a power distribution concern in a state-wide comprehensive smart grid initiative.

• Advising a top tier pharmaceutical company in connection with the outsourcing of its IT environment and its global privacy compliance.

(5)

components of its IT platform, international F&A functions, ADM functions, and other business functions.

• Advising an international payments processing company in the outsourcing of core IT functions.

• Representing one of the largest big-box home improvement stores in the outsourcing of infrastructure management services.

• Representing a large independent power producer in connection with the sourcing of multiple HR and IT processes.

Recent Publications and Events

• Innovative Smart Grid Projects (November 7, 2012 Seminar). • CISO Executive Network: Application and Third Party Security

(October 2012 Seminar).

• CISO Executive Network: Information Lifecycle Management (September 2012 Seminar).

• CISO Executive Network: Endpoint Security Management – Including Mobile Devices (June 2012 Seminar).

• CISO Executive Network: Virtualization and Cloud Computing Security (May 2012 Seminar).

• CISO Executive Network: Security Operations with a Special Focus on Event and Log Management (March 2012 Seminar).

• CISO Executive Network: Identity Management and Access Control (February 2012 Seminar).

• UCLA Anderson IS Associates Fall Meeting: The Cloud Through a Legal Lens (November 9, 2011 Seminar).

• “Exploring the Outsourcing Implications of India’s Recently Released Privacy Rules,”Outsourcing and Privacy & Security Advisory, June 21, 2011.

• Cloud Computing: Watch Out For the Lightning! (March 30, 2010 Seminar).

• What Else Should Keep You Up at Night – Trends in Data Security and Behavioral Marketing (September 17, 2009 Seminar).

Memberships

(6)

• U.S. Patent and Trademark Office

• Founding member of the Atlanta chapter of the Cloud Security Alliance

• International Association of Privacy Professionals (IAPP) • CISO Executive Network

(7)

Kimberly Kiefer Peretti Alston & Bird LLP

950 F Street, NW Washington, DC 20004 202-239-3720

[email protected] Services

Privacy & Data Security

Security Incident Management & Response Team

Litigation

Foreign Corrupt Practices Act (FCPA) Violations

Government & Internal Investigations Payment Systems Education

University of Munich, Germany (LL.M., 1997)

Master's Thesis: Conflicts of interests of institutional investors in German stock corporations Georgetown University (J.D., 1996)

Journal: Law & Policy in International Business, Magna

cum laude

University of Wisconsin (B.A., 1992)

Major: Behavioral Science and Law, Phi beta kappa

Admitted to Practice District of Columbia Illinois

Kimberly Kiefer Peretti

Partner

Kimberly (Kim) Kiefer Peretti is a partner in the firm’s White Collar Crime Group and co-chair of our Security Incident Management and Response Team. Ms. Peretti is also a former director of PricewaterhouseCoopers’ cyber forensic service practice and a former senior litigator for the Department of Justice's Computer Crime and Intellectual Property Section. She focuses her practice on managing complex, technical electronic investigations and responses, often resulting from cyber intrusions and data breaches. She also services a wide range of clients in matters of cybersecurity; privacy; financial crime, fraud and regulation; payment systems compliance and risk mitigation; economic espionage; and intellectual property theft.

While at the Department of Justice, Kim led several benchmark cybercrime investigations and prosecutions, including the prosecution of the infamous TJX hacker Albert Gonzalez, currently serving 20 years in prison for his role in the largest hacking and identity theft case ever prosecuted by the department.

Kim is regularly quoted in the media and is a frequent keynote speaker and lecturer. She was featured in both a New York Times Magazine cover story and a CNBC documentary for her role in the prosecution of Gonzalez, appeared on MSNBC’s Up with Chris Hayes, and has been recognized as an information security "industry pioneer" by SC Magazine. Top Secret clearance and SCI access (eligible).

Representative Experience

• Represented a global payment processor in connection with a technical, complex computer crime investigation involving a sophisticated cyber threat actor. The crisis response effort included advising on a myriad of legal issues including securities law guidance, regulatory issues, class action defense governmental investigations, insurance coverage and issues. The effort also included supervising and managing a complex cyber forensic investigation that included a rapid response to a sophisticated intruder with deep and persistent access to the environment, development of containment, eradication, and remediation strategies, and coordination of the activities of multiple third parties including an independent forensic investigator,

(8)

Languages

German several payment card brand networks, financial regulators and federal law enforcement. • Represented one of the world’s largest interactive marketing services providers in a massive network breach, involving more than 60 million individual records.

• Worked with a global energy company suspected of being compromised by Advanced Persistent Threat actors. The response including enhanced monitoring of critical systems, preventative forensics including a breach indicator assessment, a review of existing investigation and law enforcement information, and assisting management with briefings to executives.

Representative Cyber Law and Cyber Security

• Worked with a global transportation company in developing cybersecurity policies and strategies. The project included ongoing monitoring of federal government initiatives with respect to critical infrastructure cybersecurity and development of appropriate responses, policies, and procedures related to cyber intelligence gathering, information sharing, and cybersecurity practices.

• Extensive work with a range of Fortune 250 companies on securities disclosure issues arising from cyber risks. These engagements included companies with particular cyber risks and those that have suffered network intrusions and then have to deal with related securities reporting issues.

• Consulting with a number of domestic and international banks on their response to and preparation for recent, highly-sophisticated and suspected state-sponsored DDoS attacks on their networks.

• Worked with an international monetary organization in connection with a multi-phased, comprehensive information security risk assessment based on the global information security standard ISO 27001. Our involvement included leading a “threat-modeling workshop” to assist the company in understanding the client’s current threats and defenses and identify any known gaps in the information security infrastructure in particular with respect to sophisticated attacks, such as Advanced Persistent Threat.

• Worked with a services organization in connection with a multi-phased, enterprise security risk assessment in which we led an incident response workshop and cyber “tabletop” exercises to identify any known weaknesses in incident response process and procedures, in particular with scenarios related to sophisticated cyber attacks and intrusions.

(9)

• Worked with a large global consulting firm in an assessment of the company’s practices, controls, policies, and procedures with respect to the ease with which sensitive client data and company confidential data could leave the company’s systems, whether by an inadvertent act by an employee or a malicious act by an insider or an outsider. Representative Privacy-related Regulatory Inquiry

• Represented a number of clients in relation to federal and state regulatory inquires involving Internet-based practices potentially violating federal and state unfair and deceptive trade practices acts, including a large online advertising company’s practices with respect to the use of third party cookies, a mobile phone carrier’s practices with respect to a user’s browser’s experience, and an automotive dealership’s practices with respect to collecting user information and monitoring user behavior online.

Memberships

• United States Supreme Court

o United States Court of Appeals for the Ninth Circuit

o United States Court of Appeals for the District of Columbia Circuit

o United States District Court for the District of Columbia • Certified Information Systems Security Professional (CISSP) • ABA, Section of Science and Technology Law and Litigation Section

Selected Publications

• "Evolving DDoS Attacks Provide the Driver for Financial Institutions to Enhance Response Capabilities," The Banking Law Journal, June 2013. “Challenges in Conducting Breach Investigations: Part 2,” Law360,

April 2013.

"Challenges in Conducting Breach Investigations: Part 1," Law360, March 25, 2013.

• “Compliance with Payment Card Industry Data Security Standard, Proskauer on Privacy: A Guide to Privacy and Data Security Law in the Information Age,” Practising Law Institute, February 2011 (co-author of chapter).

Data Breach and Encryption Handbook, ABA Publishing, February 2011 (contributor).

(10)

• “Data Breaches: What the Underground World of “Carding” Reveals,” Santa Clara Computer and High Technology Journal, Vol. 25, January 2009 (author) (this article resulted in a hearing before the U.S. House of Representatives Homeland Security Committee to consider vulnerabilities in the payment card industry).

• “Prosecuting Computer Crimes,” U.S. Department of Justice, February 2007 (contributor).

Recent Speeches

• Presenter, "Women in Cyber Security, Why Women Don't Ask: The Challenges of Promotion and Is In-House Counsel 'Women's Work?'" Georgetown Women’s Law Forum, June 2013.

• Presenter, The Cybersecurity Risks to Business, Governments and Individuals, Practising Law Institute’s Seminar, Information Technology Law Institute 2013: Privacy and Cybersecurity, Mobile Advertising, Digital Distribution, Social Media and Third Industrial Revolution, April 2013.

• Presenter, The Cyber Threat Landscape: New Themes in Prevention, Detection and Response, RSA Conference 2013, February 2013.

Presenter, Digital Forensics: Civil vs. Criminal, Fourth Annual Electronic Discovery and Digital Evidence (EDDE) Practitioner’s Workshop, January 2013.

• Panelist, Senior Executive Panel: The Faces of Courage in Women's Leadership, Working Mother Media's Leadership Summit for Women in National Security Careers, May 2012.

• Presenter, Computer Hacking – The Threat to Personal and Business Security, PLI's Information Technology Law Institute 2012, April 2012. • Keynote, Cyber Criminals: Who are they? Why are they successful?

How do we respond?, University of Michigan Information Security Conference, October 2011.

References

Download now ( PDF - 10 Page - 131.70 KB )

Related documents

ELECTROTECHNOLOGY INDUSTRY TRAINING PACKAGE CERTIFICATE III ELECTROTECHNOLOGY REFRIGERATION AND AIR CONDITIONING USER GUIDE.

Tools, equipment and testing devices needed to carry out the installation work are obtained in accordance with established procedures and checked for correct operation and

Pharmacogenomics of Drug Metabolizing Enzymes and Transporters: Relevance to Precision Medicine

The diagram depicts the influence of genetic polymorphisms on the drug transport activities of ABC transporters. ABC transporter, ATP-binding cassette transporter; MDR1,

Pensions, Labor, and Individual Choice

Despite the progressivity of the social security benefit formula and relatively low average lifetime earnings, blacks according t o Hurd and Shoven receive a smaller

Efforts to Produce Siamese Citrus Fruit Out of Season and Fruit Quality Improvement Through Application of Potassium Nitrate and Agrodyke Fertilizer

Efforts to produce Siamese citrus fruit out of The variables observed in this study include: number of shots per tree, number of flowers per tree, percentage

Ways of Enhancing Postsecondary Persistence and Success

Teachers enhance student success by using their expertise with regard to their course’s learning objects to help students set realistic goals adapted to their situations and get

Is There Such a Thing as Internet Privacy?

 Does the organization have a contact responsible for privacy and access/amendment to my personal information. What to Look for in Website Privacy

October 24, Mitigating Legal and Business Risks of Cyber Breaches

As a recognized domain expert and Certified Information Privacy Professional (CIPP), Jason is a frequent speaker and author on topics relating to data privacy, cyber security,

Programme In Information Security Management

Officer, Assurance Professional & Risk Manager, IS Auditor, BCP & DR Manager, CISO, CTO or Specializations like Network Security Administrator, Application Security