Data Breach and Insider Trading

Attorneys practicing in mergers and acquisitions are familiar with the sensitive nature of their work and the potential for abuse of the information obtained. In addition to being restrained from trading on that information themselves, they must take extensive precautions to ensure that they do not allow that information to slip to friends, family members, or colleagues. Unfortunately, one cannot assume that others won't use that information to make trades that could ensnare both the attorney and firm in extensive criminal and civil litigation, regardless of intent. Accordingly, both formal and informal mechanisms are put in place to keep potential inside information from those who are not required to have it in their work.
Continue reading...

Standing Battles Rage on in Data Breach Litigation

One of the primary points of contention in data breach actions is when, and whether, sufficient damages exist to meet the standing requirements under Article III. Circuit courts across the country have come to different conclusions, with some requiring a showing of actual damage and others allowing the existence of the breach to essentially serve as confirmation that the data will be used illicitly. According to a recent brief in support of certiorari, the DC Circuit falls into the latter category and a review by the Supreme Court is necessary to resolve the current circuit split.
Continue reading...

Congress Considering Federal Cyber Breach Laws

Huge cybersecurity breaches at major retailers caught the attention of the public and have made headlines. Now, more recent breach at one of the major credit reporting agencies has the attention of Congress. 48 states and the District of Columbia already have some form of legislation governing security breaches. These statutes typically begin by laying out who is subject to the requirements, such as businesses and information brokers, and what information is considered protected “personal information.” The laws then outline what constitutes a breach, the requirements for providing notice, and exemptions to the law. What's next, Congress?
Continue reading...

It’s the Little Things That Count in Cybersecurity

Today it seems as though cyber-security protections are always a half-step behind hackers. For every patch that quietly protects from one type of ransomware, there’s another WannaCry infecting a major company or financial institution. Of course, cyber-security is an important concern for all businesses, including professionals, a point which is still gaining awareness across the country. As these less technologically sophisticated businesses learn more about the importance of cyber-security in the modern world, it can be easy to forget that there are many everyday protections that are just as valuable as the software that protects your data.
Continue reading...

IRS Warns CPAs: Beware of Phishing

Businesses are increasingly becoming the targets of sophisticated cyber-attacks, and professionals are no exception. When cyber-criminals breach a professional service firm, they not only may gain access to the firm’s corporate data, but also confidential information from the firm’s clients. Therefore, it is incumbent on all professionals to make data security a priority.
Continue reading...

Liability for Lax Data Security

Clients entrust professionals with personal information. As such, professionals have an ethical duty not to disclose confidential information in a manner not permitted by the client. However, in today’s electronic age, professionals are also expected to take proactive steps to ensure that third-parties do not access confidential client information without authorization. Professionals who fail to prioritize client data security could expose themselves to civil liability.
Continue reading...

Baseball’s Cyber Lesson: The Cyber Field of Dreams

Remember when you chose your first online login credentials? Perhaps it was for your brand new Hotmail account, or that lightning fast AOL dial-up internet. Like many people, it was probably the first time you ever had to choose a password and it was also probably some combination of your kids’ names, your spouse’s name or your mailing address. Like far too many people, your password in 2016 may not be much different from the one you made in 1996. Despite the best efforts of IT, most people are loath to complicate their lives with long and varying passwords. However, corporate espionage is a real threat in today’s computerized society and executives must realize that treating the privacy of your company account is a recipe for liability. While it may not be your job to keep the entire system safe, it is your job to keep your key to it safe.
Continue reading...

Liability for Failing to Prevent Cyber Risk

Cyber liability threats continue to pose a danger for companies and professionals. In order to help mitigate the damages of cyber breaches, businesses are becoming increasingly reliant on third-party security vendors to provide cyber consulting and to manage their data security risks. While prioritizing data security is an important step for firms to take to minimize their own exposure, it is not always possible to eliminate threats entirely. And when breaches do occur, businesses and their customers may look to hold these third-party data security companies accountable for failing to prevent attacks.
Continue reading...