Data Breach and Insider Trading
Attorneys practicing in mergers and acquisitions are familiar with the sensitive nature of their work and the potential for abuse of the information obtained. In addition to being restrained from trading on that information themselves, they must take extensive precautions to ensure that they do not allow that information to slip to friends, family members, or colleagues. Unfortunately, one cannot assume that others won’t use that information to make trades that could ensnare both the attorney and firm in extensive criminal and civil litigation, regardless of intent. Accordingly, both formal and informal mechanisms are put in place to keep potential inside information from those who are not required to have it in their work.
Considering the speed at which data breaches are increasing, any law firm that handles corporate transactions should act to put into place similar policies and procedures to avoid identical risks. Although we have yet to see any attorneys attempt to trade on data breach information, an executive member of a well-known cybersecurity team was recently charged with trading the company’s stock as soon as he discovered that a breach had occurred. Furthermore, interrelated companies may find out that other public entities have experienced a breach before the public. Any of these situations creates a risk, and whenever a firm is retained to investigate and handle a data breach, another potential inside trader is born.
Law firms that handle data breach cybersecurity work should therefore be sure to create the necessary walls and restrictions on information that are often instituted by firms handling confidential corporate work. Matters relating to the case should be discussed behind closed doors, only necessary employees should be given access to any information related to the breach, and those staff should be continuously reminded that it should not be discussed in any way outside of the firm. While we have not yet seen any law firms accused of trading on inside data breach information, it is surely only a matter of time before we do. The best way to keep your firm from such a charge is to make sure steps are taken to minimize these risks through the appropriate confidentiality policies.