Sadia Mirza | Troutman Pepper Locke LLP

Sadia’s practice is dedicated to counseling clients on complex data security and privacy issues. Capitalizing on her extensive experience guiding clients through security incidents, she handles pre-incident planning and readiness, breach investigations, and litigation matters. Sadia leverages her 360-degree knowledge of the incident response lifecycle to ensure clients can present a positive and defensible narrative to plaintiffs or regulators.

Clients also turn to Sadia for best practices related to privacy compliance and novel data-use questions and concerns. An active and respected voice in the privacy and data security bar, she writes and speaks frequently on trends and developments affecting clients and consumers. Sadia has been a panelist on numerous privacy and cybersecurity panels across the U.S. and is a member of the Program Committee for the Law Track for the RSA Conference.

Sadia provides ongoing analysis and commentary on developments in the consumer financial services industry, with a focus on privacy law, through the Consumer Financial Services Law Monitor blog at cfslawmonitor.com. She frequently publishes in Bloomberg Law and Law360.

Sadia is a Certified Information Privacy Professional (CIPP/US) and Certified Information Privacy Manager (CIPM).

Stephen C. Piepgrass | Troutman Pepper Locke LLP

Stephen leads the firm’s Regulatory Investigations, Strategy + Enforcement (RISE) Practice Group, representing clients in single and multistate enforcement actions, including inquiries and investigations involving state attorneys general and other state and federal governmental enforcement bodies including the CFPB and FTC. He regularly represents clients in highly regulated sectors such as financial services, emerging technologies, health care, insurance, and education.

Stephen also leverages his extensive regulatory experience to assist clients in the gaming industry. He provides strategic guidance on navigating complex regulatory and permitting processes, developing new projects, and managing potential litigation. Stephen applies a thorough understanding of the rapidly-changing regulatory environment to his work with clients in the gaming space, helping clients with their compliance and fostering successful interactions with state and federal regulators.

As co-leader of the Incidents + Investigations team, Stephen advises clients on government actions and litigation arising from data breaches and other cybersecurity incidents. He combines first-hand knowledge of the government’s priorities and processes with cyber experience to guide clients on all aspects of regulatory investigations into data incidents. Clients also facing parallel litigation involving the collection, security, use, and dissemination of consumer data regularly work with Stephen and his team for comprehensive solutions and risk mitigation strategies.

Stephen applies his wide-ranging experience with matters before government entities to counsel Troutman Strategies’ clients on public policy, advocacy, and government relations issues. He is a recognized thought leader who provides ongoing analysis and commentary on regulatory developments on the firm’s regulatory blog, Regulatory Oversight.

Timothy J. St. George | Troutman Pepper Locke LLP

Tim represents clients in federal and state courts, at both the trial and appellate levels. He focuses his practice in the areas of complex litigation and business disputes, financial services litigation, and consumer litigation. Tim is a nationally recognized expert on issues relating to the Fair Credit Reporting Act and employment background screening, as well as class action litigation. He currently teaches the basic and advanced FCRA certification courses for the Professional Background Screening Association, which is the leading trade association for background screening companies and employers conducting screening. Tim further serves as outside general counsel for several background screening companies. Tim also has extensive experience in representing companies in multidistrict litigation arising out of data breaches, having handled several of the largest data breaches in recent U.S. history.

In 2018, Tim was one of only five attorneys nationwide to be designated as a Law360 Rising Star in the field of consumer law, which identified attorneys whose legal accomplishments “transcend” their age. From 2018-2022, Tim also was identified by Benchmark Litigation as one of the top attorneys under the age of 40 in the country. Tim has written and spoken nationally on issues relating to complex litigation, background screening, and consumer protection. He has led national compliance and litigation seminars/webinars on class actions, the Fair Credit Reporting Act (FCRA), data breach defense, class action litigation, and consumer protection.

Tim has experience in all phases of complex litigation, including serving as lead trial counsel in federal and state courts and in arbitration, where he has secured both jury verdicts and numerous defense judgments for his clients in both bench and jury trials. He also has substantial class action experience, having served as counsel in connection with more than 100 proposed class actions. Additionally, Tim has served as counsel on successful appeals before the Supreme Court of Virginia, the U.S. Court of Appeals for the Fourth Circuit, and the U.S. Court of Appeals for the Ninth Circuit. Tim recently served as president of the Richmond, Virginia Chapter of the Federal Bar Association. Tim also was selected by the judges of the United States District Court for the Eastern District of Virginia to serve on the last three committees to select magistrate judges in the Richmond Division. In 2023, Tim was appointed by the Chief Justice of the Supreme Court of Virginia to serve a three-year term on the faculty of Virginia’s mandatory course on professionalism and ethics. Tim also is an invited member of the Fourth Circuit Judicial Conference. Tim began his legal career by serving as a judicial law clerk to the Hon. Robert E. Payne, United States District Court for the Eastern District of Virginia.

I. Understanding the regulatory landscape and the roles of state AGs and federal agencies in cybersecurity investigations | 1:00pm – 1:30pm

II. Crafting strategies to minimize reputational damage and legal exposure in the event of a data breach incident | 1:30pm – 2:00pm

Break | 2:00pm – 2:10pm

III. Negotiating settlements with regulatory bodies to achieve favorable outcomes | 2:10pm – 2:30pm

IV. Handling private litigation, including in the context of concurrent regulatory actions | 2:30pm – 2:50pm

V. Implementing robust cybersecurity measures to prevent future breaches and mitigate legal risks | 2:50pm – 3:10pm