Recent Issue Headlines
Vol. 3, No. 5 (Mar. 8, 2017)
Print This Issue
-
Forensic Firms: Key Contract Considerations and Terms (Part Two of Three)
Companies are increasingly turning to outside forensic firms for assistance with both proactive cybersecurity measures as well as incident response. To optimize the relationship, companies must carefully choose a firm, negotiate the right contract terms, and effectively collaborate with the chosen forensic service provider. With advice from in-house and outside cybersecurity counsel as well as forensic and security experts, our three-part article series on forensic firms addresses these considerations. This second part examines contract considerations, key terms and what companies should expect in deliverables. Part one explained the expertise of forensic firms, why they are used, and their role before and after an incident. Part three will provide advice on evaluating the forensic firm to determine if it has the right expertise and how to communicate and collaborate with these experts once they are brought on board. See also “Key Strategies to Manage the First 72 Hours Following an Incident” (Feb. 8, 2017).
Read full article … -
Preparing For Ransomware Attacks As Part of the Board’s Fiduciary Duty
Managing enterprise cybersecurity risk is a key obligation of a company’s general counsel and board of directors. The rapidly increasing frequency and sophistication of ransomware attacks in particular have made them a pervasive and challenging part of that enterprise risk. Debevoise partner Jim Pastore spoke with The Cybersecurity Law Report about what GCs and boards need to know about ransomware and how those stakeholders can effectively fulfill the board’s cyber-related fiduciary duty to the company. Pastore will be a panelist at Skytop Strategies’ Cyber Risk Governance conference on March 16, 2017 in New York. An event discount registration link is available to CSLR subscribers inside this article. See also “How In-House Counsel, Management and the Board Can Collaborate to Manage Cyber Risks and Liability (Part One of Two)” (Jan. 20, 2016); Part Two (Feb. 3, 2016).
Read full article … -
What Covered Financial Entities Need to Know About New York’s New Cybersecurity Regulations
Cybersecurity regulations from the New York State Department of Financial Services took effect on March 1, 2017. The scope of the regulations, which apply to financial institutions, insurance companies, and other financial services firms licensed by the State of New York, was narrowed to a degree following numerous industry comments on the proposed draft. This guest article by James Kaplan and Moein Khawaja, partner and associate at Quarles & Brady, explains the new requirements and changes from previous versions, and provides guidance regarding the implementation of the regulations and best cybersecurity practices related to the current regulatory environment. They also predict what future regulation might look like in this area. See also “Preparing to Meet the Deadlines of DFS’ Revised New York Cybersecurity Regulation” (Jan. 25, 2017).
Read full article … -
A Real-Life Scenario Offers Lessons on How to Handle a Breach From the Inside
Picture this data breach scenario: A company’s customers discover that their online account details have changed. They later realize that their bank account details had also been changed, and refunds due to them were fraudulently transferred to another bank account. What is the best way to proceed with the investigation, especially after law enforcement’s trail has gone cold? How can the company enhance its cybersecurity going forward? This scenario, which involved an employee stealing data, was analyzed in the 2017 Verizon Data Breach Report. We discuss how the company handled the scenario and the lessons it learned, with input from BDO managing director Eric Chuang. See “Strategies for Preventing and Handling Cybersecurity Threats From Employees” (Apr. 8, 2015).
Read full article … -
Protecting Attorney-Client Privilege and Attorney Work Product While Cooperating With the Government: Implications for Collateral Litigation (Part Three of Three)
Collateral litigation can arise when a company is conducting an internal investigation and cooperating with the government. Litigants seeking internal investigation documents in discovery may argue, among other things, that the privilege and work product protection were waived, perhaps as a result of the company’s cooperation with the government. Parts one and two of this three-part guest article series by Eric J. Gorman and Brooke A. Winterhalter, Skadden partner and associate, respectively, addressed ways for investigating companies to establish and preserve the attorney-client privilege and attorney work product protection during internal investigations and government cooperation. This third and final installment in the series analyzes strategies and legal arguments that companies may wish to consider as they seek to shield investigation materials shared with the government from third-party discovery requests in collateral litigation. See also “Attorney-Consultant Privilege? Key Considerations for Invoking the Kovel Doctrine (Part One of Two)” (Nov. 16, 2016); Part Two (Nov. 30, 2016); “Target Privilege Decision Delivers Guidance for Post-Data Breach Internal Investigations” (Nov. 11, 2015); and “Preserving Privilege Before and After a Cybersecurity Incident (Part One of Two)” (Jun. 17, 2015); Part Two (Jul. 1, 2015).
Read full article … -
Defense and Plaintiff Perspectives on How to Survive Data Privacy Collateral Litigation
While the risks of data privacy and data breach litigation are substantial, the legal standards are in flux and may depend on the court and jurisdiction in which the case lies. Lawyers are struggling to keep up, with courts issuing potentially disruptive decisions on a near-monthly basis. During a recent PLI panel, plaintiffs’ lawyer Daniel Girard of Girard Gibbs, discussed the evolving landscape and its strategic implications with Robert Herrington, a Greenberg Traurig shareholder. The types of successful data privacy cases are shifting and each stage of litigation presents companies with strategic choices. The contrasting perspectives provide guidance to both plaintiffs and defendants as they weigh such choices throughout collateral data breach litigation. See also “Minimizing Class Action Risk in Breach Response” (Jun. 8, 2016).
Read full article … -
Retired Navy Commander Joins McGuireWoods As Cybersecurity Partner
McGuireWoods recently announced that retired Navy Commander Michael J. Adams has joined as a partner in the firm’s data privacy and security practice in the Charlotte, NC office.
Read full article … -
Cybersecurity Attorney Bart Huffman Joins As Partner in Reed Smith’s Houston Office
Bart Huffman, the former chair of the privacy and cybersecurity practice at Locke Lord, has joined Reed Smith as a partner in its global intellectual property, information & innovation group. He is based in Houston. For more from Reed Smith see “Essential Cyber Due Diligence Considerations in M&A Deals Raised by Yahoo Breach” (Oct. 16, 2016).
Read full article …