ATLANTA – David B. Dove, a partner in Troutman Pepper Locke’s Regulatory Investigations, Strategy and Enforcement Practice Group, has been elected chair by the Board of Regents of the University System of Georgia (USG). Dove, who is currently serving as vice chair, will begin a one-year term on Jan. 1, 2026.
AUSTIN – Robert Miller, principal at Troutman Strategies, has been named to USLege’s Lobby Legends of the Year list for 2025. The list recognizes individuals who have demonstrated consistent influence and credibility across multiple legislative sessions, possess deep institutional knowledge, and maintain trusted relationships across the political spectrum. Additionally, honorees are acknowledged for their role in mentoring and elevating the next generation of Texas lobbyists.
Former US Army Judge Advocate General’s Corps Attorney Will Accelerate Growth in Federal Government Contracts and National Security Sectors Across Key Industries and Geographic Markets
We are pleased to announce that RISE Partners Ashley Taylor and Jean Gonnell have been selected to serve on Law360‘s editorial advisory boards this year. Ashley will contribute his expertise to the Consumer Protection Advisory Board, while Jean will lend her insights to the Cannabis Advisory Board. We congratulate them, along with the other
Dear Mary,
Our company experienced a cybersecurity incident. It seemed pretty minor — just a few suspicious emails and an employee’s account being locked. To my dismay, we’re now hearing from our IT team that the issue is more serious. We have cyber insurance, but we didn’t notify our carrier right away. Did we make a mistake? When should I reach out to our insurance provider?
– Unsure Insured of San Francisco
Dear Mary,
I work for a public company that recently experienced a ransomware attack. Fortunately, we were able to restore our business operations quickly by obtaining a decryption key from the threat actor. Given that we managed to get back up and running so swiftly, do we still need to determine whether the incident is material and report it?
Sincerely,
– Concerned Executive
Dear Mary,
I recently experienced a security incident at my company and am considering whether to report it to law enforcement. While I want to cooperate and help catch the cybercriminals responsible, I am worried that law enforcement might come after my company for… I am not exactly sure what.
What should I do?
– Not Guilty
Dear Mary,
I’m the general counsel of an organization and have recently started getting involved in the cybersecurity side of things. As I’m getting my bearings, I’ve noticed that our security team doesn’t always involve the legal department when an incident is suspected. While I understand that not every incident requires our involvement, I’m concerned that we’re being left out of matters that do need legal oversight, and when we are involved, it’s often too late. What can I do to help address this?
– Living in FOMO
Dear Mary,
Which states now have statutory laws prohibiting payment of ransom following a data security breach? Are there others working on such legislation, to your knowledge?
– Dick Clarke (But Not the New Year’s Eve Guy)
Dear Mary,
Each of the 50 states has its own definition of what constitutes a reportable data breach. For some, it requires “unauthorized access” to personal information. For others, it requires “unauthorized acquisition.” And then, some states have further qualifications to their definition, such as whether that unauthorized access or acquisition “compromises” or “materially compromises” the integrity, security, or confidentiality of the data. No states (apart from New York) define access or acquisition, and no state defines compromise vs. material compromise. How would you suggest analyzing all these varying terms?
– Patchwork