SEC Recommendations to Protect Against Cybersecurity Threats
March 09, 2020 —
Shaia Araghi and Jeffrey Dennis – Newmeyer DillionWhat Happened?
The Securities and Exchange Commission's Office of Compliance Inspections and Examinations ("OCIE") issued a detailed
report on January 27, 2020 regarding various ways for organizations to safeguard data and protect against security and data breaches. Cyber threat actors are now invading data in a more sophisticated manner than ever before, and implementation of the SEC's recommended practices are essential in order to protect from outside vulnerabilities.
What is at Risk?
If market participants fail to implement these recommended policies, they will become more vulnerable to external attacks and data breaches. This can weaken an organization or firm if all employees are not properly trained and informed of the increasing dangers of cybersecurity breaches.
What Can You Do to Protect Yourself from a Cybersecurity Threat?
1.
Governance and Risk Management. Senior leaders should make efforts to improve the cyber safety at their organization. Some of these efforts may include:
- Devote attention to overseeing the organization's cybersecurity and resilience programs;
- Develop a risk assessment process to identify and mitigate cybersecurity risks to the organization;
- Adopt and implement policies and procedures regarding these risks;
- Promptly respond and adapt to changes by updating policies and procedures when necessary; and
- Establish communication policies and procedures to provide timely information to customers, employees, and others when needed.
2.
Access Rights and Controls. Implement updated controls to determine appropriate users for organization systems, limit access as appropriate to authorized users (including the set-up of multi-factor authentication) and monitor user access.
3.
Data Loss Prevention. OCIE has recommended various important data loss prevention measures for organizations:
- Establish a vulnerability management program;
- Implement capabilities that can monitor network traffic and detect threats on endpoints;
- Establish a patch management program covering all software and hardware;
- Maintain an inventory of hardware and software assets;
- Encrypt data and implement network segmentation;
- Create an insider threat program to monitor any suspicious behaviors; and
- Secure legacy systems and equipment through disposal of sensitive information from hardware and software and by reassessing vulnerability and risk assessments.
4.
Mobile Security. Establish policies and procedures for mobile device use, manage use of mobile devices through a mobile device management application, implement security measures for internal and external users, and train employees on mobile device policies and effective practices.
5.
Incident Response and Resiliency. Detect and disclose material information regarding incidents in a timely manner and assess appropriateness of corrective actions taken in response to incidents. Organizations should develop a plan if an incident occurs, address applicable reporting requirements, assign staff to execute specific areas of the plan, and test and assess the plan. In the event that a data breach occurs, an organization should improve its resiliency by maintaining an inventory of core business services and prioritizing business operations based on an assessment of risks.
6.
Vendor Management. Establish a vendor management program to ensure that vendors meet your organization's security requirements. Organizations should aim to understand all contract terms with vendors to ensure that all parties are in agreement regarding risk and security. Organizations should also monitor third-party vendors and ensure that the vendor continues to meet the organization's security requirements.
7.
Training and Awareness. Train staff to implement cybersecurity policies of the organization. Organizations should provide cybersecurity and resiliency training and re-evaluate the effectiveness of training procedures.
A Final Reminder for Organizations
Organizations should strive to implement as many of the SEC's recommended protection measures as possible. Ensuring that senior members of an organization are leading the initiative in increased awareness about cybersecurity threats through training of employees will lead to greater cyber safety for the overall organization. Although prevention of all breaches cannot be guaranteed, developing data loss prevention plans to keep the organization and its core businesses safe from attack will benefit the entire organization.
How We Can Help
If you feel that your business falls below the SEC's recommended security measures, our firm can assist with compliance. Contact us for a free initial consultation to determine a reasonable and practical way for your business to become compliant with these guidelines.
Shaia Araghi is an associate in the firm's Privacy & Data Security, and supports the team in advising clients on cyber-related matters, including compliance and prevention that can protect their day-to-day operations. For more information on how Shaia can help, contact her at shaia.araghi@ndlf.com.
Jeff Dennis (CIPP/US) is the Head of the firm's Privacy & Data Security practice. Jeff works with the firm's clients on cyber-related issues, including contractual and insurance opportunities to lessen their risk. For more information on how Jeff can help, contact him at jeff.dennis@ndlf.com.
About Newmeyer Dillion
For 35 years, Newmeyer Dillion has delivered creative and outstanding legal solutions and trial results that achieve client objectives in diverse industries. With over 70 attorneys working as a cohesive team to represent clients in all aspects of business, employment, real estate, environmental/land use, privacy & data security and insurance law, Newmeyer Dillion delivers holistic and integrated legal services tailored to propel each client's success and bottom line. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer Dillion attorneys are recognized by The Best Lawyers in America©, and Super Lawyers as top tier and some of the best lawyers in California and Nevada, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949.854.7000 or visit www.newmeyerdillion.com.
Read the court decisionRead the full story...Reprinted courtesy of
Constructive Changes – A Primer
October 02, 2018 —
Jonathan R. Mayo - Smith CurrieA “constructive change” occurs when an owner action or omission not formally acknowledged by the owner to be a change in the contact’s scope of work forces the contractor to perform additional work. Constructive changes are not formal change orders, but informal changes that could have been ordered under a contract’s changes clause if the change had been recognized by the owner. The constructive change doctrine recognizes that being informally required to do extra work is similar to a formal change order and should be governed by similar principles. Thus, if it is found that a constructive change order did occur, the contractor may be entitled to payment for additional costs incurred, and an extension to the contract performance period.
Constructive changes most often arise where there is a dispute regarding contract interpretation, defective plans and specifications, acceleration or suspension of work, interference or failure to cooperate with the contractor, misrepresentation or nondisclosure of superior knowledge or technical information, over inspection, or a delay in providing requested information crucial to the contractor’s ability to continue work.
Read the court decisionRead the full story...Reprinted courtesy of
Jonathan R. Mayo, Smith CurrieMr. Mayo may be contacted at
jrmayo@smithcurrie.com
Seller Cannot Compel Arbitration for Its Role in Construction Defect Case<
March 01, 2012 —
CDJ STAFFThe buyer of a leaky home in Venice, California cannot be compelled to arbitration with the seller in a construction defect lawsuit, according to a decision in Lindemann v. Hume, which was heard in the California Court of Appeals. Lindemann was the trustee of the Schlei Trust which bought the home and then sued the seller and the builder for construction defects.
�The initial owner was the Hancock Park Trust, a real estate trust for Nicholas Cage. Richard Hume was the trustee. In 2002, Cage agreed to buy the home which was being built by the Lee Group. Cage transferred the agreement to the Hancock Park Trust. Hancock had Richard Nazarin, a general contractor, conduct a pre-closing walk through. They also engaged an inspector. Before escrow closed, the Lee Group agreed to provide a ten-year warranty “to remedy and repair any and all damage resulting from water infiltration, intrusion, or flooding due to the fact that the door on the second and third floors of the residence at the Property were not originally installed at least one-half inch (1/2”) to one inch (1”) above the adjacent outside patio tile/floor on each of the second and third floors.”
�Cage moved in and experienced water intrusion and flooding. The Lee Group was unable to fix the problems. Hume listed the home for sale. The Kamienowiczs went as far as escrow before backing out of the purchase over concerns about water, after the seller’s agent disclosed “a problem with the drainage system that is currently being addressed by the Lee Group.”
�The house was subsequently bought by the Schlei Trust. The purchase agreement included an arbitration clause which included an agreement that “any dispute or claim in Law or equity arising between them out of this Agreement or any resulting transaction, which is not settled through mediation, shall be decided by neutral, binding arbitration.” The warranty the Lee Group had given to Hancock was transferred to the Schlei trust and Mr. Schlei moved into the home in May 2003.
�Lindemann enquired as to whether the work done would prevent future flooding. Nazarin sent Schlei a letter that said that measures had been taken “to prevent that situation from recurring.” In February, 2004, there was flooding and water intrusion. Lindemann filed a lawsuit against the Lee Group and then added the Hancock Park defendants.
�The Hancock Park defendants invoked the arbitration clause, arguing that Lindemann’s claims “were only tangentially related to her construction defect causes of action against the Lee Group.” On June 9, 2010, the trial court rejected this claim, ruling that there was a possibility of conflicting rulings on common issues of law. “With respect to both the developer defendants and the seller defendants, the threshold issue is whether there was a problem with the construction of the property in the first instance. If there was no problem with the construction of the property, then there was nothing to fail to disclose.” Later in the ruling, the trial court noted that “the jury could find there was no construction defect on the property, while the arbitration finds there was a construction defect, the sellers knew about it, and the sellers failed to disclose it.” The appeals court noted that while Hancock Park had disclosed the drainage problems to the Kamienowiczs, no such disclosure was made to Sclei.
�The appeals court described Hancock Park’s argument that there is no risk of inconsistent rulings as “without merit.” The appeals court said that the issue “is not whether inconsistent rulings are inevitable but whether they are possible if arbitration is ordered.” Further, the court noted that “the Hancock Park defendants and the Lee Group have filed cross-complaints for indemnification against each other, further increasing the risk of inconsistent rulings.”
�The court found for Lindemann, awarding her costs.
Read the court’s decision…
Read the court decisionRead the full story...Reprinted courtesy of
Georgia Court Reaffirms Construction Defect Decision
August 27, 2013 —
CDJ STAFFIn 2011, the Georgia Supreme Court ruled that construction defects could count as “occurrences” under a general liability policy. John Watkins, writing in Law360, notes that the ruling “has potentially broad implications for Georgia insureds.” He goes on to look at a later Georgia Supreme Court case, in which the court reaffirmed its decision in the 2011 Hathaway case.
In the 2013 case, Taylor Morrison Services Inc. v. HDI-Gerlins Ins., the court held that the property damage had to happen to something other than the work performed by the insured, and that a breaches of warranty without fraud claims may be covered. But Watkins notes that this points to “the continuing efforts of insurers to deny coverage for construction defects under CGL policies.”
This overruled some of the past decisions of the United States District Court for the Northern District of Georgia. Watkins noted that the Eleventh Circuit seemed to wonder about the scope of Hathaway, but with Taylor Morrison, “the Georgia Supreme Court provided a clearly stated response.”
Looking at the implications, he gives an example in which if a window installer work causes a window to leak and the water intrusion damages a floor, the floor, but not the window would be covered. But he cautions, “the result may turn on the policy language and the particular facts.” In any case, he assures us that “coverage disputes regarding construction defects are sure to continue.”
Read the court decisionRead the full story...Reprinted courtesy of
New Case Law Alert: Licensed General Contractors Cannot Sue Owners to Recover Funds for Work Performed by An Unlicensed Subcontractor
May 30, 2022 —
Michele A. Ellison & Samantha R. Riggen - Gibbs GidenThe opinion in Kim v. TWA Construction, Inc. (2022 Cal. App. LEXIS 412) issued by the Court of Appeal of California Sixth Appellate District, on May 13, 2022, makes it clear that a properly licensed general contractor cannot bring an action for compensation from an owner for work performed by an unlicensed subcontractor.
California licensing law has long made explicit that an unlicensed contractor cannot bring or maintain any action to collect or recover compensation for work that contractor performed unless they were duly licensed at all times during the performance of that work. This new ruling extends the scope of this restriction to licensed contractors who hired unlicensed subcontractors.
The Underlying Dispute
The case involved a dispute between property owners and their former general contractor and its principal (collectively “TWA”). The property owners hired TWA to construct a home, and during the early stages of the project, TWA hired an unlicensed subcontractor to perform tree trimming services and to remove a large eucalyptus tree. The subcontractor partially removed the eucalyptus tree, but was stopped by a neighbor, and it was discovered that the tree was partly located on the neighbor’s property. The neighbor brought suit against the property owners, and eventually TWA, for the damage. The property owners subsequently filed a cross-complaint against TWA, and TWA in turn filed a cross-complaint against the property owners.
Reprinted courtesy of
Michele A. Ellison, Gibbs Giden and
Samantha R. Riggen, Gibbs Giden
Ms. Ellison may be contacted at mellison@gibbsgiden.com
Ms. Riggen may be contacted at sriggen@gibbsgiden.com
Read the court decisionRead the full story...Reprinted courtesy of
Fifth Circuit Asks Texas Supreme Court to Clarify Construction Defect Decision
November 07, 2012 —
CDJ STAFFThe Fifth Circuit Court has withdrawn its decision in Ewing Construction Company v. Amerisure Insurance Company, pending clarification from the Texas Supreme Court of its decision in Gilbert Texas Construction, L.P. v. Underwriters at Lloyd’s London. The Fifth Circuit had applied the Gilbert case in determining that a contractual liability exclusion barred coverage for faulty workmanship. The Insurance Journal reports that this decision was both applauded and criticized, with a concern noted that “an insurer would now have its pick of either the ‘your work’ exclusion or the contractual liability exclusion without the exception for subcontracted work.”
The Fifth Circuit is now asking the Texas Supreme Court two questions to clarify Gilbert, which Brian S. Martin and Suzanne M. Patrick see as a sign that the Court has realized that it overly expanded the scope of the earlier ruling. A response is expected from the Texas Supreme Court by spring 2013.
Read the court decisionRead the full story...Reprinted courtesy of
Real Estate & Construction News Round-Up 04/13/22
April 25, 2022 —
Pillsbury's Construction & Real Estate Law Team - Gravel2Gavel Construction & Real Estate Law BlogPhishing schemes target the mortgage industry, housing prices rise in Europe as Ukrainian refugees flee from their home country, the SEC announces new climate change regulations that will impact commercial real estate, and more.
Read the court decisionRead the full story...Reprinted courtesy of
Pillsbury's Construction & Real Estate Law Team
Pollution Exclusion Bars Coverage for Inverse Condemnation Action
June 02, 2016 —
Tred R. Eyerly – Insurance Law HawaiiThe South Carolina Court of Appeals found there was no coverage for an inverse condemnation action based upon the policy's pollution exclusion. South Carolina Ins. Reserve Fund v. E. Richland County Public Service District, 2016 S. C. App. LEXIS 32 (S.C. Ct. App. March 23, 2016).
In 2010, Coley Brown filed a complaint against the East Richland County Public Service District ("District") for inverse condemnation, trespass, and negligence. The complaint alleged that the District had installed a sewage force main line and an air relief valve on Brown's street, and the valve released offensive odors on his property many times a day. The stench caused Brown to buy a new piece of property and move, but he was unable to sell the old property. The district tendered the complaint to the South Carolina Insurance Reserve Fund ("Fund"), but coverage was denied.
Read the court decisionRead the full story...Reprinted courtesy of
Tred R. Eyerly, Insurance Law HawaiiMr. Eyerly may be contacted at
te@hawaiilawyer.com
