Login
Home  |  Events  |  2025 Cybersecurity Law Update
Webinar

2025 Cybersecurity Law Update

March 14, 2025 | 12:00 pm 2:00 pm EDT

Event Details

Access Recording

About this Event

Rapid advancements in technology provide tremendous opportunities but also carry significant risks to the mission-critical operations of colleges and universities. The vast amount of student, patient, and research data make higher education institutions increasingly attractive targets for criminals and bad actors, who are constantly improving their capabilities to carry out acts of intrusion, theft, and disruption. The ensuing security and data breaches carry significant legal and reputational risk for institutions. However, the preventive measures required to stay one step ahead of the bad actors and to comply with the expanding patchwork of data security and privacy laws and regulations carry notable costs and nuanced considerations of their own. In light of these substantial risks and evolving threat landscape, counsel must remain informed on the current state of cybersecurity law. 

Please join us for this two-hour webinar featuring expert presenters with deep knowledge and practical experience in the cybersecurity issues impacting higher education. The webinar will include: 

  • Overview of the current cyber threat landscape, including high-profile incidents and enforcement; 
  • Overview of the cybersecurity compliance framework, including new and emerging laws and regulations;  
  • Discussion of privilege considerations in cyber threat responses, investigations, and post-incident analysis; and 
  • Consideration of several practical cybersecurity challenges for higher education institutions including the top stressors and challenges for IT personnel and resources, as well as emerging trends and considerations in procurement, contracting, and cyber insurance. 

Who Should Attend? 

This webinar will be of interest to college and university counsel who advise on cybersecurity, data security, and/or compliance issues, as well as campus administrators with responsibilities in those areas such as compliance officers, procurement officers, risk managers, and IT and technology leaders. 

Speakers

Kevin E. Dolan

Partner

Mullen Coughlin

Kevin E. Dolan is a Partner at Mullen Coughlin and Co-Chair of the Firm’s Advisory Compliance practice group. As Co-Chair, he leads a team of attorneys in counseling organizations of all sizes and across all industry groups in proactive data privacy and information security risk management planning.  He is also an experienced data privacy and security incident response attorney.  

Kevin’s Advisory Compliance practice involves assisting organizations with the avoidance or mitigation of data privacy and security incidents’ impact, as well as providing guidance to them to improve their overall compliance posture with respect to pertinent legal and regulatory frameworks. This includes development of organization-specific Incident Response Plans (IRPs); review, modification and/or creation of data privacy policies relating to data collection and management; facilitation of tabletop exercises and other employee/Board trainings; and development of compliance and privacy programs related to various data privacy and information security laws and regulations, including, but not limited to the following:  

  • Comprehensive state privacy laws such as the:
  • California Consumer Privacy Act (CCPA), and its amendment the California Privacy Rights Act (CPRA);
  • Virginia Consumer Data Protection Act (VCDPA);
  • Utah Consumer Privacy Act (UCPA);
  • Colorado Privacy Act (CPA); and
  • Connecticut Personal Data Privacy and Online Monitoring Act (CDTPA);
  • Federal and state privacy laws and regulations including:
  • the Family Educational Rights and Privacy Act (FERPA);
  • the Health Insurance Portability and Accountability Act (HIPAA);
  • the Gramm-Leach-Bliley Act (GLBA);
  • New York’s Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) and Department of Financial Services (NYDFS) Cybersecurity Regulation;
  • the Massachusetts Information Security Standard;
  • the National Association of Insurance Commissioners (NAIC) standards; and
  • International privacy laws, in partnership with international counsel, like the European Union’s General Data Protection Regulation (GDPR) and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).

In addition to his Advisory Compliance practice, Kevin also counsels victim organizations in responding to, and investigating, data privacy and security incidents. He uses his Advisory Compliance knowledge to effectively and efficiently identify applicable state, federal and international legal and regulatory obligations as it relates to law enforcement reporting, individual and business partner notification and regulatory follow up or inquiries.   

Kevin’s expertise in data privacy and information security is supplemented by his prior experience serving in a variety of legal and executive roles in the education industry, most recently as Vice President of Strategy and General Counsel at a Philadelphia-based university. This experience informs the practical compliance strategies and recommendations Kevin provides to organizations prior to, during and after experiencing a data privacy and security incident. 

Sajjad Matin

Principal Counsel, Cybersecurity and Data Protection

University of California

Sajjad Matin is Principal Counsel, Cybersecurity and Data Protection at the University of California, where he joined the Office of General Counsel in May 2022. In his role in Cybersecurity and Data Protection, Sajjad counsels system-wide stakeholders through major cybersecurity incidents Sajjad serves as primary legal support to UCOP’s Office of Information Technology Services and Cybersecurity Audit Team, and advises UC Health, the Faculty Senate, and the UC campuses on a broad range of cybersecurity and technology matters.  

Prior to his arrival at UCOP, Sajjad served as a federal prosecutor in Miami, Florida, where he focused on investigating and prosecuting cybercrimes, including intrusions and ransomware attacks. Sajjad’s experience includes civil enforcement as an attorney with the Securities and Exchange Commission, where he investigated bribery, insider trading, and fraud against investors. Prior to public service, Sajjad worked in the Silicon Valley as an intellectual property attorney, including as inhouse counsel for a company specializing in virtualization technology. 

Program Schedule

TimeSession Topic
12:00 P.M.Welcome and Introductions
Overview of Cyber Threat Landscape  
Compliance Framework 
Q&A
Practical Challenges and Approaches for Higher Education 
Q&A
2:00 P.M.Conclusion

CLE

FAQs

Webinar Recording

Members who purchase the Live Webinar will receive access to the Post-Event Recording in the Online Learning Center at no additional charge. Non-members will not have post-event access to the recording or the materials and should plan to download materials during the live webinar.

If you are a member and couldn’t attend live, the event recording will be available for purchase in our Online Learning Center. The recording may be replayed at any time, but may not be copied, posted, or otherwise distributed within or outside of the institution, organization, or firm. The license entitles the purchaser to replay the recording at one campus or at one location of any organization or firm. You can purchase the Post-Event Recording here.

Access Recording
Purchase Recording

2024-2025 Webinars Sponsored by

NACUA Annual Conference

Join us in the Music City June 29 – July 2 to connect, learn, and lead alongside higher education attorneys shaping policy, practice, and impact nationwide together.

Register