About ActionCyberLaw.com
Action Cyber Law provides our viewers with resources for U.S. and international laws and regulations related to Data Privacy, Cybersecurity, Cybercrime, Risk Management, Intellectual Property, and emerging technologies including artificial intelligence, blockchain DLT and machine learning. Examples of data privacy or security laws include Section 5 of the US FTC Act, the US CANSPAM act of 2003, CCPA and CalOPPA from California, New York SHIELD Act, US HIPAA, EU GDPR, Brazil LGPD and Canadian CASL and PIPEDA.
The success of the ActionCyberLaw.com website covering the broad spectrum of cyber topics prompted us to start publishing blog posts at our companion site, ActionCyberTimes.com . Check it out!!
Timothy F. Mills
Profile Summary
Attorney Mills is admitted to practice law in the State of Connecticut and is a registered Patent Attorney admitted to practice before the United States Patent and Trademark Office. For ActionCyberLaw, he draws from his extensive experience over 20 years of representing national and international technology clients in Date Security and Privacy, Risk Management, and the Intellectual Property prosecution and litigation of emerging technologies, including PATENTS, TRADEMARKS, BRANDING, COPYRIGHTS, INFRINGEMENT, INTERNET COMMERCE, LICENSING, DATA and TRADE SECRET SECURITY and THEFT, UNFAIR COMPETITION, TRADE DISPARAGEMENT, COVENANTS NOT TO COMPETE, DUE DILIGENCE, MERGERS & ACQUISITIONS, VENTURE CAPITAL and more.
See the LINKEDIN profile at https://www.linkedin.com/in/attorney-timothy-f-mills-at-actioncyberlaw
Attorney Mills is a Registered U.S. Patent Attorney, No. 34,879, with broad experience representing start-ups, entrepreneurs, SMEs to Fortune 500 companies, regarding their Data Security and Intellectual Property management, prosecution, transaction, regulatory, compliance and litigation needs.
Representative Industry Sectors
- Corporate and Banking finance, products and services
- Insurance and Risk Management
- Raw Materials Processing and Manufacturing
- Automotive, Trucking and Motorcycle manufacturing
- Mass Transit, Marine and Shipping
- Pharmaceutical, Biopharmaceutical, Genetics and Chemical products
- Oil, Gas and Energy
- Mining & Minerals resources
- Computer, Data processing, Software and Internet businesses
- Construction Industry
- Agricultural industry
- Architectural, Engineering and Academic Professionals
- Medical and Health Science Professionals, Hospitals, Institutes and Health Services providers
- Media, Authors, Art and Entertainment individuals and businesses
- Non-Profit Educational, University and Corporate Institutions
Attorney Mills attends numerous CE courses and webinars annually in the areas of Data Privacy / Cybersecurity / International Regulation / Compliance / Data Breach Reporting / Artificial Intelligence / Machine Learning / Cyber Insurance and Risk Management / Blockchain DLT / Litigation / Intellectual Property / and more. Please note that the CE entries below are limited to the past few years of current developments, followed by the formal university education.
Title: Data Manipulation report
- Source: CSIAC® report
- Date: May 25, 2019
- Content: Discusses data theft vs data manipulation for an attack to promote a gain or effect. Data manipulation attacks can have serious consequences, causing disruptions to companies, governments and global data security.
Title: DoD Cybersecurity Policy Chart
- Source: CSIAC® Webinar
- Date: May 22, 2019
- Content: Review of the most recent update of the DoD Cybersecurity Policy Chart – a dense but comprehensive resource.
Cyber Insurance Policy Holder Engagement: Risk Reduction, Relevance, New Revenue Streams and Retention
- Source: Advisen® Webinar
- Date: April 4, 2019
- Content: Explained how the insurance industry can leverage technology and services in the fight against emerging cyber risks. The best offense is a strong defense. Engage your customers using the tech they want to use – which is their phone and ONLY their phone.
Title: Reducing Your Digital Footprint
- Source: CSIAC® Webinar
- Date: March 18, 2019
- Content: Review of scope of the California Consumer Privacy Act (CCPA), Data Privacy, Digital Footprint, EU General Data Protection Regulation (GDPR) and Personal direct action for Privacy Protection.
Title: Recent Developments in CyberLaw
- Source: CSIAC® Webinar
- Date: March 3, 2019
- Content: Review of scope of the third party doctrine re standing to sue, CFAA, Border Searches, Consent to search, Biometrics and search, private search doctrine, and cyber insurance .
Cyber Risk Trends for 2018 Wrap-up
- Source: Advisen® Webinar
- Date: January 25, 2019
- Content: (1) Explained that finance, insurance, healthcare and education continue to be the focus of the majority of attacks by increasingly sophisticated modes of entry with various attack vectors, (2) for insurance coverage buyers need to be proactive in understanding what is covered vs excluded, (3) the GDPR has become the gold standard for international information privacy regulation and is being used as a template for by other jurisdictions which will directly affect US companies, (4) the panel expected the upward trends of attacks and breaches in 2018 to continue in 2019, with the increased ease of access and sophistication of attack vectors.
Title: Artificial Intelligence and (the future of) Malware
- Source: ISACA® Webinar
- Date: January 24, 2019
- Content: What AI has done and what it can do; AI as a weapon; AI use in the automation of cybercrime; AI used to transform evidence and what is true; detecting AI powered malware; defenses against AI enhanced cyber hacking.
Title: Cybersecurity Arms Race – Modernizing the Arsenal
- Source: CSIAC® Webinar
- Date: January 16, 2019
- Content: Timeline of how initial mischief cyber attacks have evolved into sophisticated malware attacks for financial or political gain. Risks are low and gains are high. Viruses, botnets, DDOS attacks, polymorphic viruses, phishing attacks, ransomware, cryptocurrency ransoms, malicious scripting, and black listing vs white listing software and hardware were discussed.
Title: Blockchain – Foundations and Use Cases
- Source: From Coursera® and taught by the Consensys® Academy faculty
- Date: Five Week Graded Course September to October 2018
- Graded Modules: Blockchain and Decentralization, Application of Public Key Cryptography, Consensus Mechanisms and Trust Frameworks, Cryptocurrency, Token and Securities Law, Ownership and Governance, Final Grade by Drafting a Student Use Case > I profiled a use case for an off-shore energy production platform. Certificate of Completion.
Title: Cybersecurity Kill Chain
- Source: ISACA® Webinar
- Date: July 26, 2018
- Content: Advanced Persistent Threat analysis of various modes of attack. Use these resources to break the chain and the attacks: the Cyber Kill Chain® is a Lockheed Martin proprietary method for customizing organizational plans to improve computer security and prevent criminal activity; the ISACA Cybersecurity Nexus® program, and the European Union Agency for Network and Information Security information on cyber espionage.
Title: Continuing GDPR Compliance Challenges
- Source: ISACA® Webinar
- Date: July 19, 2018
- Content: Top challenges for continuing GDPR compliance > Executive buy-in and engagement; data discovery and mapping; prioritize GDPR compliance protocols and milestones; Educate to include whole organization in CS programs; departmental communication and buy-in; plan for data subject access or deletion requests; sustainable changes over time.
Title: Global Regulation of the ICO Market
- Source: CoinDesk® webinar
- Date: May 31, 2018
- Content: Since no federal regulatory plan, must look at state laws and various federal laws to research applicability; the Securities Act of 1933 and the Securities Exchange Act of 1934; in 1946 the Howie test defined how the courts should define a security under the law; Congress is too dysfunctional so expect the Securities and Exchange Commission to cobble together guidance in 2019 based upon the market experience to date. The Digital Chamber of Commerce located in Wyoming is pushing regulation at the state level, while everyone waits for the SEC to fill the gap.
Title: Change Agents for the Cybersecurity Era 2018
- Source: ISACA® Webinar
- Date: May 9, 2018
- Sessions included the following topics: GDPR: Are Your Data Privacy Processes Regulation-Ready; Security Operations Center(SOC): The New Threat Hunting; Modern Day Endpoint Protection; AI, Automation and Analytics for Operational Security Success.
Title: Training with Proof of Concept for Spectre and Meltdown
- Source: ISACA® Webinar
- Date: May 3, 2018
- Content: Used the Spectre and Meltdown proof of concepts to understand the offensive capabilities, and then reviewed the patching process to secure the defense of the systems.
Title: Recent Developments in CyberLaw
- Source: Harvard Office of the Vice Provost for Advances in Learning
- Source: CSIAC® Webinar
- Date: March 15, 2018
- Content: Review of Active Cyber Defense Security Act, FISA Sec 702 re warrantless surveillance outside the US, scope of the third party doctrine re standing, extraterritorial searches re cloud data, the CLOUD (Clarifying Lawful Overseas Use of Data) Act, encryption issues and court ordering passcode reveal, 4th amendment scope of search warrants for computer information, artificial intelligence used to predict risk of crime recidivism.
Title: Cybersecurity – Managing Risk in the Information Age by Harvard Univ.
- Source: Harvard Office of the Vice Provost for Advances in Learning
- Date: Eight Week Intensive Timed and Graded Online Course – December 2017 to March 2018; Certificate awarded.
- Content: Module 1-Cybersecurity Risk is business risk; Module 2-Identifying cyber threats; Module 3-Identifying important business systems and assets; Module 4-the role of leadership in managing cyberrisk; Module 5-understanding your technology; Module 6-cyber risk and the law; Module 7-incident response and accountability; Module 8-designing and implementing a strategy; final exam requirement to review of cyber attack case, discuss vulnerabilities that were exploited by the attackers, and design a CS response program.
Title: NEACS Northeast Annual Cybersecurity Summit, Trumbull Marriott, CT
- Source: ISACA®
- Date: October 17, 2017, 8 hours live in person attended
- Presentations: GDPR Compliance, Cyber Risk Oversight in the Boardroom, Blockchain Impact on Business.
Title: Essential Cybersecurity Law Continuing Legal Education
- Source: University of Texas Continuing Legal Education
- Date: July 27, 2017, attended live in Dallas, Texas; CLE 8 hours plus 2 hours ethics
- Content: Civil Litigation Update; Covered Entities and Business Associates; Internal Controls and Compliance; The In-House Perspective on Managing Cybersecurity; Privacy and Data Security in an Increasingly Globalized World; Incident Response and Breach Disclosure; Cybersecurity Insurance; Cybersecurity Regulation and Enforcement.
Title: Cyber Siege of Small to Medium Businesses (SMB)
- Source: KeyMedia® Webinar presented by Symantec® and Travelers®
- Date: July 20, 2017
- Content: The summary of this webinar is the recommendation to use a cloud based third party to manage all internet security including email scanning, to avoid the costs associated with dedicated personnel, infrastructure, and culture resistance. Common SMB vulnerabilities include: direct attack at a software gap, Email, Web attacks through browsing, hijacking credentials and then re-using the passwords because that is a common human error. Solution: use cloud based services to protect all levels and all devices everywhere.
Title: GDPR Compliance – EU General Data Protection Regulation
- Source: ISACA® Webinar
- Date: July 13, 2017
- Content: Classify GDPR data and risk profile, and track data flows internally; budgeting and costs of implementing GDPR; establishing security and privacy controls and formulating mitigation strategies; testing the response plan; continuous training of personnel to identify risks; data identification is amenable to automatic processes using AI; concluded with a discussion of the requirement of GDPR reporting.
Title: Cybersecurity 2017
- Source: ISACA® Webinar
- Date: July 11, 2017
- Content: Importance of Cybersecurity to the CISO, CSuite & Board; CS Innovation Governance; CS Risk Management framework starts in the boardroom; the threat of IoT devices especially wearable devices as CS must be embedded in development cycle; inadequate supply of CISO educated professionals; must train and build CS into skillsets of workers; in 5 years CS will be ubiquitous and part of the audit function.
Title: Cybersecurity Risk Management CLE
- Source: LawLine® CLE
- Date: February 24, 2017 Webinar
- Content: Governance and Internal Program Documentation, Data/System Classification, Cyber Security Risk Governance, Risk Assessments, Analysis and Management Strategies, Weigh Litigation and Regulatory Risk, Oversee Incident Response Preparation and Practice, Investigating a Breach and Working with Law Enforcement, International Considerations, Vendor Risk Management Strategies, Notification Requirements, Sophisticated Oversight Questions, Breach Litigation, Expenses and Insurance.
Formal Education
University of New Hampshire, Franklin Pierce School of Law, Concord, NH
- Degree of Juris Doctor (J.D.) with a study concentration in the Intellectual Property Law of Patents, Trademarks and Copyrights, and International Commercial Transactions.
- Law Review Editor.
- Awarded Federal Court Law Internship – researched and drafted opinions as assigned.
- 3 semesters in the Civil Litigation Clinic.
University of San Diego School of Law, San Diego, CA
- Institute on International and Comparative Law of International Business.
- Superior Academic Achievement with Honors in Undergraduate and Graduate science degrees, Law Review and Federal Court Internship.
- Attorney Mills codes in Python, HTML5, CSS and JavaScript
- Exceptional analytical organizational and communication skills, including presentation, interpersonal, and conflict resolution in complex situations.
- Ability to confidently interact with both scientific and business management leaders, and outside counsel.
- Ability to think critically and creatively, and be pro-active in contributing to organizational growth promoting innovation and motivation of the team.
- Excellent legal and persuasive writing skills.
- Ability to independently oversee numerous matters, manage the use of outside legal counsel, work collaboratively with teams and other organization personnel at all levels.
- Ability to manage deadlines, handle multiple complex legal matters and see projects through to conclusion.
- Ability to make sound judgments in assessing risks and benefits in difficult or ambiguous situations.
- Able to balance competing priorities, multiple tasks, flexible and self-directed.
- Strong technical and analytical skills combined with a practical approach to business and legal problem solving.
- Excellent legal and persuasive writing skills.
Pro Bono Legal Representation – the ‘Liberal Arts’ of Law Practice
- Extensive Pro Bono training started in law school by completing three semesters in the civil litigation Clinic.
- Indigent clients were directed to the Clinic from around the state for civil matters involving rental housing, foreclosure, domestic conflicts, bankruptcy, probate, guardianship, disability, etc.
Recent Pro Bono cases
- Probate Estate of Deceased Mother of Two Small Children – The deceased was allegedly murdered by her drug-dealer husband in their apartment while their one child was present. I was successful in enabling the maternal grandmother to be appointed as the guardian with sole custody of the minor children, and the administrator of her daughter’s intestate probate estate. There were issues with the marital union, life insurance benefits, auto loans, rental obligations, medical bills, credit cards, funeral and burial expenses, state benefits reimbursements, etc, that had to be processed through the Probate Court to determine rights, debts and ownership of all the parties. After numerous probate hearings, and negotiations with several creditors, the Probate case was finally completed with a small trust fund established for the education of the minor children.
- Homestead Foreclosure Against Elderly Widow – Her retired husband had deceased the year before from lung cancer leaving her with no means of support except Social Security. The mortgage company would not re-negotiate the loan at a substantial discount to permit her to pay and stay. She had no where to go. After court hearings and negotiations, they agreed to let her remain in occupancy anyway post-foreclosure. Better to have the house occupied than empty subject to vandals. Two years later she, too, died from cancer at home with hospice care. The house was then torn down for commercial development.
- Bipolar, Depression, Anxiety, Developmentally disabled, Cognitively challenged, Suicidal Ideations, young male – represented in appeal to the Social Security Administration for disability and health care benefits and was successful after formal hearing with presentation of years of medical records and additional evidence, and was awarded a Fully Favorable decision by the Administrative Law Judge, providing this young man with some financial stability, although meager, while he tries part-time employment within his limitations.
Chairman of the Board of Trustees of a National Non-profit Organization
- Served two terms in the volunteer position as Chair of the Board of Trustees of the local affiliate, for a total of seven years.
- The Board of Trustees was comprised of seven members of diverse backgrounds.
- Duties of the Chair included:
- periodic reporting to the Board and CEO,
- convening monthly Trustee meetings,
- oversight and budgeting of personnel expenses,
- hands-on building and grounds maintenance,
- insurance coverages and risk management,
- managing and mentoring personnel,
- presenting annual budgets,
- Secretary to the Corporation, and
- presided over the annual meeting of the membership.
- Additional duties of the position included planning and oversight of a $2,000,000.00 building expansion over a period of three years to completion. The planning comprised:
- selection and retention of an architect,
- numerous design meetings with the membership,
- representing the organization before the City Planning and Zoning Commission and thereafter successfully obtaining a zoning variance for the building expansion following a very contentious public hearing,
- securing project financing,
- putting the project out to bid,
- interviewing general contractors,
- signing the construction contracts,
- periodic status meetings with the general contractor, architect and Board/CEO as the construction progressed,
- problem solving the numerous issues and construction delays that arose due to the site conditions,
- troubleshooting repeated subcontractor problems,
- determining contractor compliance with the build-out specifications,
- approving periodic payments pursuant to the construction schedule,
- finalizing the project by accepting the as-built blueprints and
- receiving the final Certificate of Occupancy permit from the city Building Inspector.
- Also volunteered at Food Share warehouse packing boxes and at homeless shelters cooking on the stove, assisting with the food service, and clean up.
- That is the abbreviated version!
Scientific Organizatuion, Connecticut Chapter
- Eight years a member Board Of Directors and Counsel to the Association, and Secretary to the organization.
- Drafted the initial Articles of Organization and Bylaws which were adopted by the Board,
- Assisted in planning and attended the monthly meetings, and annual Northeast US regional meetings.
State University Advisory Appointment
- Appointed by the President of the University for four years as the non-faculty member of the Institutional Animal Care and Use Council (IACUC), comprising the Chair of the Department of Biological Sciences, associate professors and investigators, and a licensed veterinarian,
- provided review of protocols and oversight of CCSU research programs involving animal experimentation, as required by federal law,
- attended meetings of the Council at least four times per year at the University campus,
- reviewed procedures and facilities, and
- provided opinions on compliance with protocols and regulations.
Member of the Bar of the State of Connecticut
Member of the Bar of the Federal District Court for the District of Connecticut
Registered Patent Attorney by the US Patent and Trademark Office
Member of the Bar of the Court of Appeals for the Federal Circuit
National Registry of Certified Chemists (NRCC), Certified Chemist
Our Commitment
“It takes 20 years to build a reputation and a few minutes of a cyber-incident to ruin it.”
Related History
- 2020 – ActionCyberTimes.com blog of related current events
- 2019 – California Consumer Protection Act (CCPA)
- 2018 – EU General Data Protection Regulation (GDPR)
- 2004 – Canadian Personal Information Protection and Electronic Documents Act (PEPIDA)
- 1996 – US Health Insurance Portability and Accountability Act (HIPPA)