Card image cap

Managing, Transferring and Absorbing Risk with Third Party Breaches

Level: Intermediate
Runtime: 62 minutes
Recorded Date: November 17, 2021
Click here to share this program
Download PDF
Closed Caption


  • What are the Risks?
  • Understanding the Players
  • Controlling Risk in the Third-Party Breach
  • Facilitating the Breach Response
  • Q & A
Runtime: 1 hour, 2 minutes
Recorded: November 17, 2021

For NY - Difficulty Level: For both newly admitted & experienced attorneys


Managing the notification process for thousands of business clients and their end users can be incredibly complex. Our accomplished panelists will share their experiences and approach in managing multiple layers of notification, information gathering, and data review during the breach notification process following a cyber event. Reflecting upon their work with tens of thousands of third parties, the speakers will discuss the significant challenges that clients face, the legal challenges that can arise and, then, demonstrate ways that technology, project management and crisp communication can simplify and organize communication during long-running events.

This program was recorded on November 17th, 2021.

Provided By

American Bar Association
Card image cap


Card image cap

Heather Williams

Associate Managing Director, Cyber Risk

Heather Williams is an associate managing director in the Cyber Risk practice of Kroll, based in the Nashville office. Heather’s nearly 15 years of industry knowledge is leveraged to guide advancements within our breach notification, identity theft and cyber risk product offerings as she helps to position and grow our capabilities across the globe.

Able to see the immediate and long-term implications of a decision, Heather excels at positioning a product as a resource for her clients now and as the market evolves. She understands business needs and how best to balance them with market requirements, while delivering a solution to fit the unique scenario or crisis that a client is facing.

Card image cap

Chris Ballod

Associate Managing Director, Cyber Risk

Christopher Ballod is an associate managing director in the Cyber Risk practice of Kroll, based in Philadelphia. He leverages over 15 years of experience in data privacy and cyber security, counseling clients in the preparation for a cyber incident, and during the response and notification process after an incident occurs. Chris’ expertise negotiating and drafting agreements, counseling clients during the assessment of risk and placement of cyber liability coverage, coordinating breach response services and supporting clients in litigation can greatly reduce legal, financial, and reputational risks in the event of a cyber incident.

At Kroll, Chris leverages his expertise to provide clients appropriate response protection in the event of a data breach incident, and he will also assist clients preparing for, or going through, CFIUS audits. He brings years of experience in digital forensics and incident response, particularly as it relates to PII/PHI exposure. He also helps clients identify trends and actors that may impact their systems and assess potential exposure post-incident to avoid data leaking via dark web forums.

Having guided hundreds of clients through complex cyber security incidents, Chris brings extensive experience in conducting tabletop exercises practicing breach response procedures, and multi-day stakeholder "boot camps" training key personnel in all aspects of risk management and response.

Before joining Kroll, Chris was a partner and vice chair of the Data Privacy & Cybersecurity practice at Lewis Brisbois Bisgaard & Smith LLP, which received the Advisen Cyber Risk Award for Best Legal Practice in 2019 and 2020. He also served as a member of the firm’s Corporate and Complex Business and Commercial Litigation practices. His experience included leading the coordination of over 500 breach responses for clients across multiple sectors, including defense, construction, energy generation, financial services, healthcare, hospitality, school districts, universities and retail.

He has spearheaded compliance and security programs for publicly traded traditional market companies and cutting-edge companies, including cryptocurrency exchanges and machine-learning data analytics firms. He has conducted a risk assessment analysis for a nuclear and traditional fuel energy generation company in the acquisition of new generation assets. Christopher has also coordinated breach response services for clients of all sizes and across varied sectors including construction, energy generation, ?nancial services, healthcare, hospitality, municipal government, and retail.

Christopher’s regulatory compliance counseling experience includes compliance with CCPA, HIPAA, payment card industry standards (PCI-DSS), NYS Department of Financial Services compliance and GDPR. In addition to litigating the first "virtual property" case in the U.S., Bragg vs. Linden Labs, he counseled multi-national vendors of goods and services in a virtual world game about their participation in virtual currency exchange, and the legality of their gaming businesses under state and federal gambling laws.

He is frequently invited to speak on data privacy and cyber security, and he has been featured in various publications. During his previous legal practice, he won the Pennsylvania Super Lawyers Rising Star awards in 2016 and 2008.

Christopher holds a Juris Doctor from the Delaware Law School. Additionally, he is a Certified Information Privacy Professional/U.S. (CIPP/U.S.) and Certified Information Privacy Professional/Europe (CIPP/E).

Card image cap

Similar Courses

Card image cap
64 minutes
"I Am Not a Cat" Proceedings in a Virtual World
Besides becoming a pop-culture catchphrase, how has the shift to a virtual environment impacted proceedings over the last year, and what changes do you believe are here to stay? Our panel of experts will examine some of the greatest challenges, faux pas, and successes in virtual proceedings over the course of this transformative time.

Women, Influence & Power in Law Conference


Add to Cart
Card image cap
60 minutes
2019 HIPAA Update: Enforcing Privacy & Security Standards
In this session, we will discuss the most critical issues in the HIPAA update and best practices for enforcing privacy & security standards in your company.



Add to Cart
Card image cap
97 minutes
26 Words that Created the Internet - Basics of the Communications Decency Act Section 230 Safe Harbor
This program will examine the basics of CDA 230 and its day to day affect for those who advise internet businesses as well as those who litigate against them. It will give practical guidance as to what extend internet companies can or should edit or censor the information their users contribute to their sites and to what extent those users will actually be liable.

New Media Rights


Add to Cart
Card image cap
63 minutes
360-Degree View on How to Navigate a Crisis
During this session, our panel of experts will explore the following topics to arm you with a plan to protect the company and minimize long-term problems: - Building a crisis management team and understanding each person’s unique role -Preparedness – advance planning and assessing potential risk areas - First Response – responding in the critical first hours and days to minimize the long-term impact - Resolution Strategy – managing various actions stemming from the crisis to enable the best resolution for the company.

Women, Influence & Power in Law Conference


Add to Cart
Previous Next