Sean B. Hoar

Partner

  • location icon Portland, OR
    888 SW Fifth Avenue
    Suite 900
    Portland, OR 97204

Sean Hoar is a partner in the Portland office of Lewis Brisbois and chair of the Data Privacy & Cyber Security Practice. Sean Hoar, CISSP, GISP, CIPP/US, has extensive experience managing responses to digital crises and effectively marshalling resources to contain and remediate information security incidents. He served as the lead cyber attorney for the U.S. Attorney’s Office in Oregon where he was the point of contact for the FBI, Secret Service, and Homeland Security in system intrusions and other digital crime emergencies. He now counsels businesses on best practices in information privacy and data security, and countering cyber security threats. He also facilitates incident response planning and risk assessments, and manages responses to data breaches.

As a veteran security and privacy attorney and an accomplished litigator prosecuting cybercrime, identity theft, Internet fraud, and other matters for the U.S. Department of Justice, Sean managed compliance with the Fourth Amendment, the Stored Communications Act, and other constitutional and regulatory frameworks for federal law enforcement. He trained federal investigators and prosecutors about the acquisition and use of digital evidence, and he trained foreign officials, on behalf of the U.S. Department of State, about anti-terrorism and cybercrime awareness. He currently teaches courses in cybercrime and privacy law and serves as the executive director of the Financial Crimes & Digital Evidence Foundation. A frequent author and speaker on privacy and security matters, Sean has received numerous accolades from the FBI, the Secret Service, the IRS, and the DEA throughout his career.

Legal Experience

General information security consulting

Counsels clients in all business sectors on commercially reasonable practices to enhance their enterprise security posture. This includes reviewing information security practices, facilitating self-assessments, and helping to identify and reduce system vulnerabilities to mitigate the risk and scale of a breach.

Incident response planning

Assists clients to develop and draft an incident response plan. This includes the identification and involvement of key stakeholders, the acquisition of cyber liability insurance, the facilitation and execution of Master Service Agreements with breach response service providers (digital forensics services, consumer notification/call center services, credit monitoring/identity protection  services, etc.), and introduction to appropriate law enforcement personnel.

Table top exercises

Assists clients test their incident response plan by facilitating enterprise wide digital crisis response exercises. These exercises involve key stakeholders and assist them identify and experience their roles and responsibilities in responding to a data security incident. The exercises also help identify and resolve gaps in incident response plans.

Incident response services

Manages responses to information security incidents. This includes access to Lewis Brisbois' 24/7 data breach hotline and project management of breach response; initial assessment of problem; facilitation of legal agreements and services to contain, analyze, investigate and remediate a data compromise (which may include digital forensics, crisis management and communications, consumer notification, credit monitoring and/or identity protection services); assessment of consumer and regulatory notification obligations; drafting of consumer and regulatory notification; and responding to inquiries from the media and regulatory officials.

Data breach-related defensive litigation

Assists clients who are subject to third party demands or class action complaints arising from data security incidents. As a former litigator for the U.S. Department of Justice, he works with Lewis Brisbois’ extensive litigation resources across 40 offices in 26 states to ensure clients are well represented in defensive litigation matters.  

Employee/Board/Senior Executive training

Assists clients to identify and prioritize employee training needs regarding network security awareness, develop customized training to educate employees about network security awareness, and develop customized presentations for Boards and Executives about information security threats and risks while addressing the business case for information security.

Information system vulnerability testing and penetration testing

Assists clients to identify an appropriate vendor, determine appropriate scope, facilitate and execute pertinent contracts, oversee vulnerability security scans and penetration testing, and review and edit preliminary reports to ensure accuracy and format acceptable for regulators should they ever need to be produced.

Digital forensics services

Assists clients to identify an appropriate vendor, determine appropriate scope, facilitate and execute pertinent contracts, oversee digital forensics investigation, and review and edit preliminary reports to ensure accuracy and format acceptable for regulators should they ever need to be produced.

Information security policies and procedures

Assists clients to identify and develop necessary information security policies and procedures. This includes reviewing existing information security policies and procedures, recommending revisions to existing policies and procedures, and drafting policies and procedures if none exist.

Prior Experience

  • Assistant United States Attorney, United States Department of Justice, District of Oregon, Portland, Ore., 1991-2014
  • Adjunct Professor, Cybercrime seminar, Lewis & Clark Law School, Portland, Ore., 2011-present; University of Oregon School of Law, Eugene, Ore., 2003-present
  • Assistant District Attorney, Lane County District Attorney’s Office, Eugene, Ore., 1987-1991

Publications

  • “Reducing the Risk of Cyber Extortion For Health Care Cos.,” Law360, 02.24.16
  • “Cyber Threats: Is the Sky Falling or Is the Threat Real?,” Power Magazine, 08.01.15
  • “Cybersecurity: A Conversation with your IT Team,” Association of Corporate Counsel Oregon Chapter Newsletter Q3, 09.18.14
  • “An Alluring Destination for Cyberthieves,” Law360, 06.30.14
  • “Identity Theft and Social Security Fraud,” (contributing author) USDOJ Office of Legal Education, May 2014
  • “Cybersecurity: The Urgent Challenge of Our Time,” United States Attorneys’ Bulletin, April 2014
  • “Identity Theft: Applicable Federal Statutes and Charging Decisions,” U.S. Attorney’s Bulletin, March 2008
  • “Oregon Identity Theft Fast Track Program,” U.S. Attorney’s Bulletin, March 2008
  • “Trends in Cybercrime: The Dark Side of the Internet,” ABA Criminal Justice Magazine, Fall 2005
  • “Identity Theft: The Crime of the New Millennium,” 80 Or.L.Rev. 4, 2001
  • “Identity Theft: The Crime of the New Millennium,” U.S. Attorney’s Bulletin, March 2001 
  • “District of Oregon Nets First Conviction for Copyright Infringement on the Internet,” The Federal Lawyer, July 2000

Certifications

  • Certified Information Systems Security Professional (CISSP)
  • Global Information Security Professional (GISP)
  • Certified Information Privacy Professional (CIPP/US)

Professional Presentations

  • Moderator, “Emerging Security Threats,” DRI Cyber Security and Data Privacy Seminar, Chicago, Illinois, 09.08.17
  • Panelist, “Trends in Cyber Liability and Data Breaches,” Cyber Liability Symposium, PLUS Northwest Chapter, Seattle, Washington, 06.01.17
  • Moderator, “Health Care CISOs Speak: Recent Successes, Challenges, & What’s Top of Mind for 2017 Priorities,” 2017 Advisen Cyber Risk Insights Conference, Chicago, Illinois, May 16-17, 2017
  • Presenter, “Cyber Crime: The Urgent Need for Enterprise Risk Management,” Northwest Summit for Financial Professionals Annual Conference, Bellevue, Washington, May 10-12, 2017
  • Presenter, “Data Breaches – Online Trends and Strategies to Mitigate Growing Risks,” Oregon School Boards Association PACE Day: Safe and Secure Schools, Salem, Oregon, 04.27.17 
  • Panelist, “Cyber Insurance,” Academy of Hospitality Industry Attorneys, Colorado Springs, Colorado, 04.21.17
  • Panelist & Moderator, “The Changing Landscape of Cyber Liability Litigation: Data Misuse, Ransomware, Class Action Following Spokeo, and More.” Advanced Forum on Cyber & Data Risk Insurance, American Conference Institute, Chicago, Illinois, 03.31.17
  • Presenter, “European Privacy Laws: Worth Knowing Something About?,” U.S. Department of Justice, Computer Crime & Intellectual Property Section Annual Conference, National Advocacy Center, Columbia, South Carolina, 03.22.17
  • Presenter, “Cyber Security and Government Contractors,” Ethics & Compliance Section, Alaska Bar Association, Anchorage, Alaska, 02.22.17
  • Presenter, “Cyber Liability Prevention: Expectations & Best Practices for Information Technology Professionals, Webinar for Alliant Insurance Services, 02.03.17
  • Panelist, “IT and Cybersecurity,” Native American Contractors Association, 2016 B2B Conference & Expo, Tulsa, Oklahoma 11.02.16
  • Panelist, “Responding to Healthcare Data Breaches: The Need for Special Response Measures,” Privacy + Security Forum, Washington D.C. 10.26.16
  • Panelist, “Assessing Risks and Cyber Insurance Needs,” Privacy + Security Forum, Washington D.C. 10.24.16
  • Panelist, “Elevate Your Security,” YPO Oregon Chapter, Portland, Ore. 10.20.16
  • Panelist, “Nonprofits in the Digital Age,” Seminar, Seattle, Wa. 10.18.16
  • Presenter, “Cyber Liability Prevention: Expectations & Best Practices for IT Professionals,” Webinar, 10.14.16
  • Presenter, “CEO/CFO Leadership Breakfast: Data Breaches, Data Dams, and Extortion: Navigating Digital Landmines,” Technology Association of Oregon, Portland, Ore. 10.06.16
  • Panelist, “Breach Happens,” 26th Annual CBW Membership Convention & Tradeshow, Vancouver, Wa. 09.15.16
  • Presenter, “Halftime 2016: When Will You Be Hacked and Attacked?” Webinar, 06.22.16
  • Keynote speaker, “Data Breaches, Data Dams, and Extortion: Navigating the Digital Landscape,” Portland SecureWorld 2016, Portland, Ore. 06.09.16
  • Presenter, “Cyber Threats: How to Protect Your Clients and Your Business,” Accelerate 2016 Workshop, Portland, Ore. 06.09.16
  • Presenter, “Information Security: Trends, Ethical Obligations, and Risk Mitigation,” Business Law Section Midyear Seminar, Washington Bar Association, Seattle, Wa. 05.26.16
  • Panelist, “Cyber Liability: Data Breach Response,” 2nd Annual Cyber Liability Seminar, Seattle, Wa. 04.21.16
  • Panelist, “Hacked and Attacked: Lessons Learned from Recent Healthcare Breaches,” 20th Annual Compliance Institute, Health Care Compliance Association, Las Vegas, Nev. 04.17.16
  • Presenter, “Privacy Laws and Data Breaches,” Bristol Bay Native Corporation Petroleum and Oilfield Service Companies Compliance Training, Girdwood, Alaska, 03.30.16
  • Panelist, “Oh, the Information You’ll Collect, and How to Protect! A Privacy and Cybersecurity Primer for Non-Profits,” Seminar for Non-profits in the Digital Age, San Francisco, Ca. 03.24.16
  • Panelist, “Making the Business Case for Enhanced PHI Protection,” 2016 PHI Protection Network Conference, Philadelphia, Pa. 03.18.16
  • Panelist, “Mitigating Risk & Coordinating the Data Breach Response to a Criminal Cyber Attack,” 2016 PHI Protection Network Conference, Philadelphia, Pa. 03.17.16
  • Presenter, “Cybersecurity: What Can You do to Protect Your Business?” Construction Financial Management Association, South Sound Chapter, Tacoma, Wa. 03.10.16
  • Panelist, “The Federal Government, Cyber Security and Insurance,” 2016 Advisen Cyber Risk Insights Conference, San Francisco, Ca. 03.03.16
  • Presenter, “Protecting your Intellectual Property in the Supply Chain: Identifying Key Risks and Best Practices,” Lorman Education Services, Webinar, 02.29.16
  • Presenter, “Privacy and Data Security Harms and Standing: Opening the Doors to Class Actions?” Willamette University School of Law Privacy and Security Forum, Salem, Ore. 02.26.16
  • Presenter, “2016 Health Care Regulatory and Compliance Update,” Los Angeles, Ca. 02.24.16
  • Presenter, “Criminal Access to Healthcare Information: What Can Be Done to Better Protect PHI?” ID Experts, Webinar, 01.19.16
  • Presenter, “Incident Response: Planning for the Digital Crisis,” ISACA Willamette Valley Chapter, Portland, Ore. 01.14.16
  • Presenter, “Practical Tips for Managing Litigation and Dealing with the Regulators,” Law Seminars International: Data Breaches and Cybersecurity, Seattle, Wa. 01.11.16
  • Panelist, “Federal Investigations,” Annual Business to Business Conference and Expo, Native American Contractors Association, San Diego, Ca. 11.18.15
  • Keynote speaker, “Information Security: Best Practices/Fewer Breaches,” Native American Contractors Association Annual Business to Business Conference and Expo, San Diego, Ca. 11.17.15
  • Presenter, “Information Security: Add Value to Every Client Relationship,” Webinar, 11.11.15
  • Presenter, “DoD Cybersecurity Rules, Privacy Laws & Data Breaches: Compliance Guide for Federal Contractors,” Corporate Compliance Training Conference, Bristol Bay Native Corporation, Seattle, Wa. 11.09.15
  • Panelist, “Data Breaches: Industry and Law Enforcement Perspectives on Best Practices,” Oregon Bar Association CLE, Portland, Ore. 11.04.15
  • Panelist, “Cyber Insurance: How It Works, How to Select a Policy, and Emerging Trends and Practices,” Privacy + Security Forum, Washington, D.C. 10.23.15
  • Presenter, “CyberWatch for Health Care Organizations,” Physicians Insurance, Seattle, Wa. 10.22.15
  • Presenter, “PCI Compliance – Version 3.1: What is it? Will it prevent a breach? How is it affected by EMV Technology?” The Hartford, Webinar, 10.16.15
  • Presenter, “Cybersecurity: What Can You Do to Protect Your Company?” Construction Financial Management Association, Puget Sound Chapter, Seattle, Wa. 10.13.15
  • Presenter, “Data Breaches: Mitigating Enterprise Risk,” Oregon Bar Association, Health Law Section, Portland, Ore. 10.09.15
  • Presenter, “Cybersecurity: How It May Affect Your Business Model,” Exploring Excellence Study Club, Eugene, Ore. 10.08.15
  • Presenter, “Is Payment Card Industry (PCI) Compliance Worth It?” Axis Pro, Webinar, 09.30.15
  • Panelist, “Cyber Liability: Is Your Company Ready for a Data Breach?” 2015 Community Bankers of Washington Annual Convention, Spokane, Wa. 09.24.15
  • Presenter, “Cybersecurity: Strategies to Manage Enterprise Risk & Liability,” 2015 Chi/Optima Biennial Owners’ Retreat, Carlsbad, Ca. 09.11.15
  • Presenter, “Lessons from Federal Regulatory Enforcement Actions” and “Cyber Insurance Coverage: Ensuring That You Have What You Think You Have,” 2015 Cybersecurity: Technology and the Law Conference, Portland, Ore. 08.14.15
  • Presenter, “Data Breach: The Frightening New Reality,” Oregon Association of School Business Officials 2015 Annual Summer Conference, Bend, Ore. 07.30.15
  • Presenter, “Anatomy of a Data Breach,” Oregon Chapter of the Association of Certified Fraud Examiners, Annual Conference, Portland, Ore. 05.28.15
  • Keynote Speaker, “Cyber Security: The Evolving Threat Landscape,” California Association for Health Services at Home, 2015 Annual Conference & Home Care Expo, Palm Springs, Ca. 05.20.15
  • Presenter, “Cybersecurity & Your Business Model,” CPE for Accounting Firms, Portland, Ore. 05.18.15
  • Panelist, “Cyber Liability Symposium,” CPCU, PLUS Northwest Chapter, and RIMS, Seattle, Wa. 05.14.15
  • Presenter, “Cyber Security: What You Can Do To Combat Cyber Crime,” Columbia Bank Quarterly Speaker Series, Seattle, Wa. 05.13.15
  • Panelist, “Cyber Liability Claims,” Oregon Association of Defense Counsel, Commercial Practice Seminar, Portland, Ore. 05.12.15
  • Presenter, “Cyber Liability – Are You Prepared? Anatomy of a Data Breach,” Operations Day, Nonprofit Network Southwest Washington, Vancouver, Wa. 04.24.15
  • Presenter, “Cyber and Data Breach: Risks and How to Mitigate Them,” Webinar, 3.18.15
  • Presenter, “Cybersecurity: Practical Considerations for Petroleum Marketers,” SIGMA Executive Leadership Conference 2015, Aspen, Colo. 02.10.15
  • Presenter, “You’ve Been Hacked … Now What? The Anatomy of a Data Breach,” Outdoor University at Outdoor Retailer Winter Market, Salt Lake City, Utah 01.22.15
  • Presenter, “Cybersecurity: Data Breaches in Health Care,” Lane County Medical Society, Eugene, Ore. 01.13.15
  • Presenter, “Cybersecurity Law: Critical Issues & Risk Management Strategies for Attorneys, Executives & Agency Officials,” Update on Legal Developments for Cybersecurity Law, Law Seminars International, Seattle, Wa. 01.12.15
  • Presenter, “Data Breaches: HIPAA and Beyond,” Bloomberg BNA, Webinar, 12.04.14
  • Panelist, “Cybersecurity and Privacy Law Considerations: From the IT Department to the Boardroom (the Anatomy of a Breach: Lessons from IT and Law Enforcement),” CLE for Business Law Section, Oregon State Bar, Portland, Ore. 11.07.14
  • Presenter, Cybersecurity and the Energy Sector: Gauging the Landscape,” CLE for Energy Sector, Portland, Ore. 11.07.14
  • Panelist, “The Internet of Things: Your Toaster Said What to Your Refrigerator?” Download Conference, New York, N.Y. 10.08.14
  • Presenter, “Trends in Online Fraud,” CLE for Financial Institutions, Portland, Ore. 09.22.14
  • Presenter, “Trends In Online Fraud: Targets, Threats and Solutions,” iovation Fraud Force Summit, Portland, Ore. 09.16.14
  • Presenter, “Data Breach Response: An Emerging Role for Law Enforcement,” Financial Crimes & Digital Evidence Conference, Salem, Ore. 09.09.14
  • Presenter, “Data Breach: HIPAA and Beyond,” Reinventing the Hospital, Webinar Series, 07.23.14
  • Presenter, “Flash Webinar: Managing Risk in a Challenging Environment,” Webinar, 06.26.14
  • Panelist, “When Data Breaches Happen, How Can We Protect Oregonians from Harm?” Protecting Oregon Consumers and Children in the Age of Big Data, Tigard, Ore. 06.25.14
  • Panelist, “The Best Defense is a Good Data Breach Fence: Necessary Steps to Protect Your Network,” Association of Corporate Counsel, Washington Chapter, Microsoft Campus, Redmond, Wa. 06.02.14
  • Presenter, “An Overview of the Stored Communications Act, the Wiretap Act, and National Security Letters,” Data Protection and Security Conference, The Seminar Group, Portland, Ore. February 2014
  • Presenter, “Digital Evidence Boot Camp, Financial Crimes & Digital Evidence Conference,” USDOJ and Oregon DOJ, Salem, Ore. September 2013
  • Presenter, “Criminal Copyright Infringement, Trafficking in Counterfeit Goods, Economic Espionage & Trade Secret Theft,” Intellectual Property Rights Training, Adidas U.S. Headquarters, Portland, Ore. August 2013
  • Presenter, “Cybercrime … The Dark Side of the Internet – A glimpse at cybercrime and why it will continue to affect us …,” 2013 Pacific Northwest Land Title Convention, Portland, Ore. August 2013
  • Presenter, “Digital Evidence for Prosecutors: The Fourth Amendment, Rule 41, the Stored Communications Act, and other issues ...,” United States Attorney’s Office, Eugene, Medford, and Portland, Ore. April 2013
  • Presenter, “Digital Evidence Boot Camp,” United States Attorney’s Office, Eugene, Medford, and Portland, Ore. March 2013
  • Presenter, “Digital Forensic Evidence: Understanding the Value of Digital Forensic Evidence and Forensic Experts, American Bar Association Rule of Law Initiative,” Cybercrime Course, Istanbul, Turkey December 2012
  • Presenter, “Trends in Cybercrime: The Dark Side of the Internet; American Bar Association Rule of Law Initiative,” Cybercrime Course, Istanbul, Turkey December 2012
  • Presenter, “Search Warrants in White Collar Investigations,” United States Attorney’s Office, Portland, Ore. November 2012
  • Presenter, “Trends in Cybercrime: The Dark Side of the Internet,” Pacific Northwest Paralegal Association Annual Seminar, Portland, Ore. June 2012
  • Presenter, “Current Legal Issues in Wireless Phone Location, Tracking Devices & Digital Evidence,” United States Attorney’s Office, Portland, Ore. November 2011
  • Presenter, “Trends in Cybercrime: The Dark Side of the Internet,” Oregon State Bar Association, Computer and Internet Law Section, Portland, Ore. May 2011

Admissions

Oregon, 1987

Washington, 2015

District of Columbia, 2015

U.S. Supreme Court, 1997

U.S. Court of Appeals 9th Circuit, 1991

U.S. District Court District of Oregon, 1991

Associations

  • International Information System Security Certification Consortium (ISC2)
  • Information Systems and Audit Control Association (ISACA)
  • International Association of Privacy Professionals (IAPP)

Awards & Honors

  • Outstanding Support, Dedication, and Contribution to Federal Law Enforcement in the District of Oregon, Federal Law Enforcement Officers Association, Portland, Ore., 2014
  • Outstanding Prosecutive Skills and Assistance to the FBI, FBI Director James B. Comey, 2014
  • Outstanding Assistance and Support on Behalf of the Investigative and Protective Responsibilities of the Secret Service, United States Secret Service Director Julia A. Pierson, 2014
  • Exemplary Efforts on Defense Criminal Investigative Service Investigations, Defense Criminal Investigative Service Office of Inspector General, 2014
  • Outstanding Efforts In Support of the U.S. Postal Inspection Service’s Mission of Protecting the U.S. Mails from Criminal Activity, United States Postal Inspection Service, 2014
  • Appreciation for Protecting the Integrity of the Social Security Number, Social Security Administration Office of Inspector General, 2014
  • Outstanding Dedication and Exemplary Service to the United States Attorney’s Office, District of Oregon, 2014
  • Outstanding Prosecutive Skills and Assistance to the FBI, FBI Director Robert S. Mueller, III, 2010
  • Assistant Attorney General’s Award for Intra-Departmental Cooperation, Assistant Attorney General Matthew Friedrich, 2008
  • Superior Contributions to the Law Enforcement Responsibilities of the United States Secret Service, United States Secret Service, 2007
  • Dedication and Commitment to the Prosecution of Complex Financial Crimes, Internal Revenue Service Criminal Investigation Division, Portland Field Office, 2005
  • Director’s Award, Executive Office for United States Attorneys (EOUSA), 2004
  • Outstanding Assistance to the FBI, FBI Director Robert S. Mueller, III, 2002
  • Outstanding Prosecutive Skills and Assistance to the FBI, FBI Director Louis J. Freeh, 2001
  • Achievements and Contributions to the Department of Justice, Attorney General Janet Reno, 2000
  • Director’s Award, EOUSA,1997
  • Outstanding Contributions in the Field of Drug Law Enforcement, DEA, 1997

Education

University of Oregon School of Law

Juris Doctor, 1987

  • Moot Court Board
  • National Mock Trial Team
  • President, Student Bar Association
  • Centurion Award

Florida State University

Master of Science, Higher Education Administration, 1981

Linfield College

Bachelor of Arts, English and Psychology, 1980

  • President, Associated Students of Linfield College

arrow Back to Attorneys