What to do When the Worst Happens: Responding to a Cybersecurity Breach
November 21, 2018 —
Scott L. Satkin & J. Kyle Janecek – Newmeyer Dillion LLPCybersecurity is a growing concern for today's businesses. While it's always advisable to take whatever action possible to avoid a cybersecurity breach, no security measures can be one hundred percent perfect, and malicious actors are always innovating and trying to find new security flaws. The implementation of new technology brings with it new opportunities, but also potentially new vulnerabilities. And hackers have one major advantage – those working to defend against cyber-attacks have to try to find and fix every potential exploit, whereas those on the other side only need to find one. As demonstrated by recent high-profile breaches at Google and Facebook, even massive tech companies with access to vast financial resources and top engineering talent can still fall prey to cyber-attacks. Therefore, understanding how to respond to a breach is just as critical to a company's cybersecurity plan as attempting to prevent one. Below are a few solid tips on how to react when an organization's cybersecurity has been compromised.
Plan in Advance
The best response to a cybersecurity breach begins before the breach ever happens. A written incident response plan is of paramount importance. In the immediate aftermath of a cybersecurity breach, people will be scared and stressed. In those circumstances, they will be more likely to be able to respond effectively if there is a plan laid out for them and they have received training on how to follow that plan. Make sure that employees are trained on the parts of the plan that are relevant to them. Most may only need to know who to report to if they suspect a breach may have occurred, while those who will be involved in the breach response will need more in-depth training. The plan should also be updated regularly to account for staffing changes, new technology, and the evolving legal landscape. The law may also require a plan for responding to cybersecurity breaches, depending on the jurisdiction.
Call Your Lawyer- Early and Often
At the risk of sounding self-aggrandizing, attorneys are critical in responding to a cybersecurity breach. The most obvious reason is to advise clients on their legal obligations and potential liability – and this is indeed an important function. The patchwork of federal and state regulations governing cybersecurity is something laypeople – and even non-specialized attorneys – should navigate with caution. Of equal importance is the preservation of confidential communication under the attorney-client privilege. The presence of an attorney helps to improve the security of information surrounding the response to the breach because correspondence with that attorney is privileged, allowing candid evaluation of the breach. The ability to assert attorney-client privilege regarding an internal investigation and response can be quite useful in the event of a later external investigation or litigation.
To Disclose or Not to Disclose?
An important question that needs to be asked in the wake of a cybersecurity breach is whether the incident must be disclosed, and if so, when, how, and to whom should such disclosures be made? While many understandably wish that their mistakes and failures will never see the light of day, there are also many people who will want to know when a company's cybersecurity has been breached. Shareholders want to know – and may have a right to know – if such a breach has harmed the business. Consumers want to know if their personal information has been compromised so that they can protect against identity theft. Furthermore, state breach notification laws may mandate certain disclosures to consumers depending on facts surrounding the breach. Legal requirements from states, the federal government, and even foreign entities may also require companies to provide notices to one or more regulatory agencies.
An attorney can advise on whether a company is legally required to provide any notice in the aftermath of a data breach, but even though notice may not be a legal requirement in a particular set of circumstances, it may still be prudent to give it anyway. Google decided not to disclose the recent breach of data from its Google+ service to avoid a PR and regulatory backlash, but the fact that it had happened eventually leaked out anyway. Even though legal experts have opined in the aftermath that Google likely was not obligated to disclose the breach, the fact that it did not caused exactly what Google attempted to avoid, but with magnified effect. "Google Experiences Consumer Data Breach" may not have been a good headline, but "Google Hides Consumer Data Breach" was a worse one.
Remember: Protection Is Key
No company wants a cybersecurity breach, but past experience has increasingly demonstrated that this is not a question of "if" but rather one of "when" and "how bad." Planning ahead and knowing what to do when a data breach does happen can ensure that an organization bounces back from a breach as smoothly and painlessly as possible.
Scott Satkin and Kyle Janecek are associates in the Cybersecurity group of Newmeyer & Dillion. Focused on helping clients navigate the legal dispute implications of cybersecurity, they advise businesses on implementing and adopting proactive measures to prevent and neutralize cybersecurity threats. For questions on how they can help, contact Scott at scott.satkin@ndlf.com and Kyle at kyle.jancecek@ndlf.com.
About Newmeyer & Dillion
For more than 30 years, Newmeyer & Dillion has delivered creative and outstanding legal solutions and trial results for a wide array of clients. With over 70 attorneys practicing in all aspects of cybersecurity, business, employment, real estate, construction and insurance law, Newmeyer & Dillion delivers legal services tailored to meet each client's needs. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer & Dillion attorneys are recognized by The Best Lawyers in America© and Super Lawyers as top tier and some of the best lawyers in California, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949.854.7000 or visit www.ndlf.com.
Read the court decisionRead the full story...Reprinted courtesy of
Defective Stairways can be considered a Patent Construction Defect in California
September 24, 2014 —
William M. Kaufman – Construction Lawyers BlogStairs are not safe! At least the Court of Appeal in the Second Appellate District of California doesn’t think so.
A rail station in Los Angeles was completed by the Los Angeles County Metropolitan Transportation Authority (“MTA”) in 1993. The rail station was part of the development of the Southern California Rapid Transit District Metro Rail Project. In 2011, the plaintiff fell on a stairway at the station. In August 2012, Plaintiff sued the MTA for dangerous condition of public property, statutory liability, and negligence. Among other defects, plaintiff alleged the banister of the stairwell was “too low” and the stairwell “too small” given the number, age, and volume of people habitually entering and exiting the rail station. In addition, plaintiff alleged that MTA “failed to provide adequate safeguards against the known dangerous condition by, among other acts and omissions, failing to properly design, construct, supervise, inspect and repair the Premises causing the same to be unsafe and defective for its intended purposes.” MTA, in turn, cross-complained against Hampton- the entity that provided design and construction services at the station.
Hampton demurred to the first amended cross-complaint, asserting a four year statute of limitations defense pursuant to California Code of Civil Procedure section 337.1, claiming the alleged deficiencies were patent defects. On September 11, 2013, the trial court overruled the demurrer finding that the defect was not patent. Hampton appealed.
The appellate court overruled the trial court’s ruling and in fact, granted Hampton’s writ of mandate and even directed the trial court to sustain the demurrer without leave to amend! (Delon Hampton & Associates v. Sup. Ct. (Los Angeles County Metropolitan Transportation Authority) (Cal. App. Second Dist., Div. 3; June 23, 2014) 227 Cal.App.4th 250, [173 Cal.Rptr.3d 407].)
The appellate court found that the purpose of section 337.1 is to “provide a final point of termination, to proctect some groups from extended liability.” A “patent deficiency” has been defined as a deficiency which is apparent by reasonable inspection. See Tomko Woll Group Architects, Inc. v. Superior Court (1996) 46 Cal.App.4th 1326, 1336. The court found a patent defect can be discovery by the kind of inspection made in the exercise of ordinary care and prudence, whereas a latent defect is hidden and would not be discovered by a reasonably careful inspection. See Preston v. Goldman (1986) 42 Cal.3d 108, 123. The test to determine whether a construction defect is patent is an objective test that asks “whether the average consumer, during the course of a reasonable inspection, would discover the defect…” See Creekbridge Townhome Owners Assn., Inc. v. C. Scott Whitten, Inc. (2009) 177 Cal.App.4th 251, 256.
Mr. Kaufman may be contacted at wkaufman@lockhartpark.com, and you may visit the firm's website at www.lockhartpark.com
Read the court decisionRead the full story...Reprinted courtesy of
William M. Kaufman, Lockhart Park LP
City and Contractor Disclaim Responsibility for Construction Error that Lead to Blast
November 13, 2013 —
CDJ STAFFThe city of Grand Junction, Colorado and their contractor, Aperion Utility Construction, LLC, have both denied any wrongdoing in the construction accident that lead to the destruction of two homes. Aperion was drilling in order to repair traffic signals. Their drill damaged a gas line. In the subsequent explosion, three people were injured and two homes destroyed. Homes for 10 blocks were subsequently evacuated.
The three men who were injured have filed a lawsuit claiming negligence on the part of the contractor and the city. The city has released a report from their insurers that concluded that the city was not responsible.
Read the court decisionRead the full story...Reprinted courtesy of
Nine ACS Lawyers Recognized as Super Lawyers – Two Recognized as Rising Stars
August 26, 2024 —
Ahlers Cressman & Sleight PLLCGoing outside the norm of our blogs, which usually discuss construction related issues, Ahlers, Cressman, & Sleight is pleased to announce that nine members of our firm have been selected to the 2024 Washington Super Lawyers list.
Each year, a rigorous process that involves a nomination by peers and a third-party verification of honors, awards, verdicts, settlements, and other criteria relating to their work as an attorney, aims to select no more than five percent of the lawyers in Washington state from no more than seventy practice areas for this distinction. As mentioned, the first step in the process is to be evaluated on their work as an attorney, next candidates are evaluated by their peers and given ratings based on the information known about their work. Finally, candidates are grouped into four firm-size categories and final selections are made. The grouping process is done so that candidates are compared fairly to their peers by firm size, eliminating the potential unfairness that comes with comparing large and small firm outcomes and attorney practices.
The Rising Star list involves an even narrower criteria than the Super Lawyers list. The initial process is the same, however, candidates for the Rising Stars list must be under the age of forty or have less than ten years of experience. For this category less the two and a half percent of lawyers in Washington are selected, making this quite a feat for those who have accomplished the honor.
Read the court decisionRead the full story...Reprinted courtesy of
Ahlers Cressman & Sleight PLLC
Over a Hundred Thousand Superstorm Sandy Cases Re-Opened
March 12, 2015 —
Beverley BevenFlorez-CDJ STAFFThe Federal Emergency Management Agency (FEMA) announced yesterday that they will be reopening 144,000 flood insurance claims, reported the New Jersey Law Journal.
The announcement comes weeks after reports that “some insurance companies denied thousands of claims after fraudulently altering engineering reports, as well as complaints that insurance companies systematically underpay on claims because they fear a backlash from FEMA.”
Read the court decisionRead the full story...Reprinted courtesy of
Licensing Mistakes That Can Continue to Haunt You
November 28, 2022 —
Alexa Stephenson & Rick Seely - Kahana FeldToday there are nearly 290,000 contractors licensed in California. This number continues to grow as California law requires businesses or individuals who alter any road or structure to be licensed contractors if the total cost of the project is $500 or more (including labor and materials). Complaints about improper and defective work performed by contractors are constantly filed with the California Contractors State License Board (“CSLB”) and any violations by those contractors could result in a license suspension. A contractor whose license is suspended by the CSLB or otherwise becomes unlicensed jeopardizes a contractor’s livelihood, compromises current insurance policies, and curtails an ability to obtain future insurance coverage. Moreover, being unlicensed could force a contractor to disgorge all money received on a project per California Business & Professions Code § 7031. What can contractors do to stay vigilant and avoid these scary outcomes? Stay tuned for a few suggestions.
1. Stay Qualified
Contractors must make sure the correct person and/or entity is holding the contractor’s license. Contractors can obtain licenses as a sole owner, partnership, corporation, joint venture, or limited liability company. For any form of the business entity, one individual must act as qualifier to meet the CLSB license requirements. This qualifying individual must have the knowledge, experience, and skills to manage the daily activities of a construction business (including field supervision) or be represented by someone else with at least four years of experience within the past ten years as an unsupervised journeyperson, foreperson, supervising employee, or contractor in the trade being applied for.
Reprinted courtesy of
Alexa Stephenson, Kahana Feld and
Rick Seely, Kahana Feld
Ms. Stephenson may be contacted at astephenson@kahanafeld.com
Mr. Seely may be contacted at rseely@kahanafeld.com
Read the court decisionRead the full story...Reprinted courtesy of
Construction Litigation Roundup: “The New Empty Chair.”
June 04, 2024 —
Daniel Lund III - LexologyIn a unanimous opinion, the United States Supreme Court ruled that cases in litigation in federal court but which are determined to be governed by the Federal Arbitration Act should be stayed pending arbitration, not dismissed.
Traditionally, some federal circuits treated the text of 9 U.S.C. §3 – which speaks in terms of a stay of a matter filed in court but referred to arbitration (“…shall on application of one of the parties stay the trial of the action until such arbitration has been had in accordance with the terms of the agreement…”) – as discretionary, dismissing suits when all of the claims brought in the court were referred to arbitration.
In the case, the plaintiffs sued in Arizona state court on labor law violations, and the case was removed to federal court. When the defendant moved to compel arbitration and to dismiss, the plaintiffs “conceded that all of their claims were arbitrable.” Nonetheless, the plaintiffs requested a stay of the case, which the district court refused, dismissing the case without prejudice.
Read the court decisionRead the full story...Reprinted courtesy of
Daniel Lund III, PhelpsMr. Lund may be contacted at
daniel.lund@phelps.com
Partner John Toohey is Nominated for West Coast Casualty’s Jerrold S. Oliver Award of Excellence!
March 11, 2024 —
Dolores Montoya - Bremer Whyte Brown & O'Meara LLPBremer Whyte Brown & O’Meara, LLP is honored to share that Newport Beach Partner John Toohey is nominated for West Coast Casualty’s 2024 Jerrold S. Oliver Award of Excellence!
Every year, West Coast Casualty recognizes an individual who is committed, trustworthy, and has contributed years to the betterment of the construction defect community. The award is named after the late Judge Jerrold S. Oliver who is considered a “founding father” in the alternate resolution process in construction claims and litigation. Each year, members of the construction community are asked to nominate individuals who invoke the same spirit as Judge Oliver.
Read the court decisionRead the full story...Reprinted courtesy of
Dolores Montoya, Bremer Whyte Brown & O'Meara LLP
