Monday, December 11 | 2:00 p.m. ET
In today’s world, companies cannot afford to take a reactive approach when it comes to cybersecurity. This is particularly true for the rail sector — a part of our nation’s critical infrastructure system — which has recently become a focus of the Department of Homeland Security’s Transportation Security Administration (TSA). In October 2023, the TSA updated three of its cybersecurity directives regulating passenger and freight railroad owners and operators. These security directives — the (1) “Enhancing Rail Cybersecurity”, (2) “Enhancing Public Transportation and Passenger Railroad Cybersecurity” and (3) “Rail Cybersecurity Mitigation Actions and Testing” – are intended to enhance the cybersecurity of passenger and freight railroad systems and associated infrastructure. These security directives impose new obligations on railroad owners and operators, many of which are likely to impact service providers, suppliers, and others in the railway supply chain.
Join RSI’s upcoming webinar, taking place on Monday, December 11 at 2:00 p.m. ET, to learn more about the enhanced security directives for the rail industry and how you may be impacted as a supplier.
Our Presenters
Sophie Baum
Sophie Baum guides clients through preparing for and responding to a wide range of privacy, security, and data protection issues. Through strategic, practical advice, Sophie counsels clients to find a path forward through product development challenges, compliance goals, and policy initiatives.
Sophie advises clients ranging in size from startups to international organizations on complex global regulatory compliance efforts, data breach response, and state and federal investigations. Her clients span a broad range of industries, including automotive, retail, information technology, media, and healthcare. She advises on compliance with the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR), and the Children’s Online Privacy Protection Act (COPPA), among other privacy and security laws. Sophie has experience with a variety of legal issues related to privacy and data security, including online behavioral advertising, data subject rights requests, artificial intelligence, e-commerce, data breach response, and incident response planning.
While in law school, Sophie served as the Editor-in-Chief of the Michigan Technology Law Review and as a student lawyer for the University of Michigan Human Trafficking Clinic. Prior to law school, she worked as a consultant advising on best business practices for chief privacy officers of large companies and helped run the privacy incident response team at a federal government agency.
Emily E. Kimball
Emily Kimball counsels and advocates for clients on environmental matters, with a focus on the transportation industry. Emily’s experience on environmental issues includes regulatory compliance counseling, enforcement defense, and advocacy before courts and federal agencies. She regularly advises clients on complex environmental matters arising under the Clean Air Act (CAA), both in the mobile source and stationary source context. She also has experience responding to Environmental Protection Agency (EPA) enforcement actions and with environmental self-audits and internal compliance reviews as well as voluntary self-disclosures under state and EPA audit policies and programs.
Emily has worked extensively with railroads, rail car manufacturers and lessors, freight and tank car service companies, component suppliers, and other major players in the rail industry, on regulatory compliance matters, including those related to the transportation of crude oil and other hazardous materials. Emily also counsels and helps lead the Commercial Drone Alliance, an independent non-profit organization focused on moving the commercial drone industry forward. Emily represents corporations and trade associations before administrative agencies and quasi-regulatory bodies, including the EPA; the U.S. Department of Transportation (DOT) and its agencies, the Federal Railroad Administration, the Pipeline and Hazardous Materials Safety Administration (PHMSA), and the Federal Aviation Administration; and the Association of American Railroads. Emily is a member of the leadership team for the firm’s Transport and Logistics sector focused on emerging transportation technologies and mobility services.
Prior to joining Hogan Lovells, Emily served as a judicial clerk to the Honorable Wiley Y. Daniel, former Chief of the U.S. District Court for the District of Colorado and as a judicial intern for the Honorable Nancy E. Rice, Chief Justice of the Colorado Supreme Court.
Paul Otto
Paul Otto understands the regulatory environment surrounding cybersecurity risk management and incident response. Leveraging his technical background and capabilities in computer science and engineering, Paul brings insight to clients as a compliance counselor who understands hardware, software, and technological innovation.
Paul has coordinated and managed hundreds of cybersecurity assessments and data incident responses, as well as associated enhancement/remediation plans.
Paul works with legal counsel and security officers throughout the lifecycle of cybersecurity risk management and incident response. Because many organizations have limited in-house cybersecurity legal capacity, Paul embraces the role of outside counsel by working alongside executive and information security teams to manage risk, oversee corporate governance, and help identify and capitalize on risk-reducing opportunities for enhanced data protection.
Paul regularly advises clients on security-related risks in mergers and acquisitions and governance matters, as well as advising on appropriate contractual language for safeguarding sensitive data such as health and financial information. Paul also assists clients in evaluating the data security practices of vendors and other strategic partners.
Paul’s cybersecurity legal representation includes organizations across a wide range of industries, including the technology, life sciences and health care, mobility and transportation, energy, education, and financial sectors. Whether it is cloud computing, mobile technology, critical infrastructure, the Internet of Things, or any number of technology-related areas, Paul regularly advises clients on compliance with various data security laws, regulations, and standards.
Paul has a master’s degree in computer science and a bachelor’s degree in electrical and computer engineering. He clerked for Chief Justice Christine M. Durham of the Utah Supreme Court.