What to do When the Worst Happens: Responding to a Cybersecurity Breach
November 21, 2018 —
Scott L. Satkin & J. Kyle Janecek – Newmeyer Dillion LLPCybersecurity is a growing concern for today's businesses. While it's always advisable to take whatever action possible to avoid a cybersecurity breach, no security measures can be one hundred percent perfect, and malicious actors are always innovating and trying to find new security flaws. The implementation of new technology brings with it new opportunities, but also potentially new vulnerabilities. And hackers have one major advantage – those working to defend against cyber-attacks have to try to find and fix every potential exploit, whereas those on the other side only need to find one. As demonstrated by recent high-profile breaches at Google and Facebook, even massive tech companies with access to vast financial resources and top engineering talent can still fall prey to cyber-attacks. Therefore, understanding how to respond to a breach is just as critical to a company's cybersecurity plan as attempting to prevent one. Below are a few solid tips on how to react when an organization's cybersecurity has been compromised.
Plan in Advance
The best response to a cybersecurity breach begins before the breach ever happens. A written incident response plan is of paramount importance. In the immediate aftermath of a cybersecurity breach, people will be scared and stressed. In those circumstances, they will be more likely to be able to respond effectively if there is a plan laid out for them and they have received training on how to follow that plan. Make sure that employees are trained on the parts of the plan that are relevant to them. Most may only need to know who to report to if they suspect a breach may have occurred, while those who will be involved in the breach response will need more in-depth training. The plan should also be updated regularly to account for staffing changes, new technology, and the evolving legal landscape. The law may also require a plan for responding to cybersecurity breaches, depending on the jurisdiction.
Call Your Lawyer- Early and Often
At the risk of sounding self-aggrandizing, attorneys are critical in responding to a cybersecurity breach. The most obvious reason is to advise clients on their legal obligations and potential liability – and this is indeed an important function. The patchwork of federal and state regulations governing cybersecurity is something laypeople – and even non-specialized attorneys – should navigate with caution. Of equal importance is the preservation of confidential communication under the attorney-client privilege. The presence of an attorney helps to improve the security of information surrounding the response to the breach because correspondence with that attorney is privileged, allowing candid evaluation of the breach. The ability to assert attorney-client privilege regarding an internal investigation and response can be quite useful in the event of a later external investigation or litigation.
To Disclose or Not to Disclose?
An important question that needs to be asked in the wake of a cybersecurity breach is whether the incident must be disclosed, and if so, when, how, and to whom should such disclosures be made? While many understandably wish that their mistakes and failures will never see the light of day, there are also many people who will want to know when a company's cybersecurity has been breached. Shareholders want to know – and may have a right to know – if such a breach has harmed the business. Consumers want to know if their personal information has been compromised so that they can protect against identity theft. Furthermore, state breach notification laws may mandate certain disclosures to consumers depending on facts surrounding the breach. Legal requirements from states, the federal government, and even foreign entities may also require companies to provide notices to one or more regulatory agencies.
An attorney can advise on whether a company is legally required to provide any notice in the aftermath of a data breach, but even though notice may not be a legal requirement in a particular set of circumstances, it may still be prudent to give it anyway. Google decided not to disclose the recent breach of data from its Google+ service to avoid a PR and regulatory backlash, but the fact that it had happened eventually leaked out anyway. Even though legal experts have opined in the aftermath that Google likely was not obligated to disclose the breach, the fact that it did not caused exactly what Google attempted to avoid, but with magnified effect. "Google Experiences Consumer Data Breach" may not have been a good headline, but "Google Hides Consumer Data Breach" was a worse one.
Remember: Protection Is Key
No company wants a cybersecurity breach, but past experience has increasingly demonstrated that this is not a question of "if" but rather one of "when" and "how bad." Planning ahead and knowing what to do when a data breach does happen can ensure that an organization bounces back from a breach as smoothly and painlessly as possible.
Scott Satkin and Kyle Janecek are associates in the Cybersecurity group of Newmeyer & Dillion. Focused on helping clients navigate the legal dispute implications of cybersecurity, they advise businesses on implementing and adopting proactive measures to prevent and neutralize cybersecurity threats. For questions on how they can help, contact Scott at scott.satkin@ndlf.com and Kyle at kyle.jancecek@ndlf.com.
About Newmeyer & Dillion
For more than 30 years, Newmeyer & Dillion has delivered creative and outstanding legal solutions and trial results for a wide array of clients. With over 70 attorneys practicing in all aspects of cybersecurity, business, employment, real estate, construction and insurance law, Newmeyer & Dillion delivers legal services tailored to meet each client's needs. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer & Dillion attorneys are recognized by The Best Lawyers in America© and Super Lawyers as top tier and some of the best lawyers in California, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949.854.7000 or visit www.ndlf.com.
Read the court decisionRead the full story...Reprinted courtesy of
Illinois Supreme Court Rules Labor Costs Not Depreciated to Determine Actual Cash Value
November 19, 2021 —
Tred R. Eyerly - Insurance Law HawaiiThe Illinois Supreme Court determined that a homeowner insurer may not depreciate labor costs in calculating actual cash value (ACV) after a loss under the policy. Sproull v. State Farm Fire and Casualty Co., 2021 Ill. LEXIS 619 (Ill. Sept. 23, 2021).
Plaintiff was insured under a homeowner's policy that provided replacement cost coverage for structural damage. Under the policy, the insured would initially receive an ACV payment but then could receive replacement cost value (RCV) if repairs or replacement were completed within two years and the insurer was timely notified. The policy did not define "actual cash value."
Plaintiff suffered wind damage to his residence and timely submitted a property damage claim to State Farm. The adjuster determined that the building sustained a loss with RCV of $1711.54. In calculating ACV, State Farm began with the RCV and then subtracted plaintiff's $1000 deductible and an additional $394.36, including taxes, for depreciation. Plaintiff thus received an ACV payment of $317.18. Plaintiff claimed that he was underpaid on his ACV claim because State Farm depreciated labor, which is intangible and thus not subject to wear, tear, and obsolescence. Further, labor should not have been depreciated because it was not susceptible to aging or wearing and its value did not diminish over time.
Read the court decisionRead the full story...Reprinted courtesy of
Tred R. Eyerly, Damon Key Leong Kupchak HastertMr. Eyerly may be contacted at
te@hawaiilawyer.com
The Prolonged Effects on Commercial Property From Extreme Weather
January 29, 2024 —
The Hartford Staff - The Hartford InsightsAs evidenced by the extraordinary heat in the Southwest, a string of tornadoes in South and Midwest, and heavy rains in California and Florida, 2023 was a banner year for extreme weather. However, 2024 may be no different, which means now is the time for businesses to rethink the way they approach volatile weather, as well as the frequency and severity of storms and natural disasters.
The risks and challenges that businesses face as extreme weather becomes stronger and causes more property damage, requires innovative technology with specialized insurance solutions. Through updated building codes, advancements in technology and meaningful infrastructure improvements, businesses can make a difference in protecting their property and reducing losses.
Stronger Building Codes To Withstand Storms
It is not uncommon to see the destruction that a hurricane or tornado leaves behind. However, stronger building codes are one of the best ways to make sure property can withstand catastrophes. Florida for example implemented changes to its building codes after Hurricane Andrew, and then again in 2007 after the Hurricanes of 2004 and 2005. New construction since then has made houses and buildings significantly more hurricane proof. Buildings constructed 30 years ago were likely built with codes that may have neglected the impact of strong winds from an extreme hurricane or significant rainfall that a storm can bring, especially along the Atlantic and Gulf coasts.
Read the court decisionRead the full story...Reprinted courtesy of
The Hartford Staff, The Hartford Insights
Private Project Payment Bonds and Pay if Paid in Virginia
January 05, 2017 —
Christopher G. Hill – Construction Law MusingsOne of the many items of construction law that has always been about as clear as mud has been the interaction between a contractual pay if paid clause and payment bond claims either under the Federal Miller Act or Virginia’s “Little Miller Act.” While properly drafted contractual “pay if paid” clauses are enforceable by their terms in Virginia, what has always been less clear is whether a bonding company can take advantage of such a clause when defending a payment bond claim. As always, these questions are very fact specific both under the Federal Act and the state statute. I wish that this post would answer this question, but alas, it will not.
A recent case from the City of Roanoke, Virginia looked at the interaction between a payment bond and a “condition precedent” pay if paid clause as it relates to a private project that is not subject to the Little Miller Act. In the case of IES Commercial, Inc v The Hanover Insurance Company, the Court examined a contractual clause between Thor Construction and IES Commercial in tandem with the bond language between Hanover Insurance Company and Thor as it related to a surprisingly familiar scenario. The general facts are these: IES performed, Thor demanded payment from the owner for the work that IES performed and the owner, for reasons that are left unstated in the opinion, refused to pay. IES sues Hanover pursuant to the payment bond and Hanover moves to dismiss the suit because Thor hadn’t been paid by the owner and therefore Hanover could take advantage of the pay if paid language.
Read the court decisionRead the full story...Reprinted courtesy of
Christopher G. Hill, The Law Office of Christopher G. HillMr. Hill may be contacted at
chrisghill@constructionlawva.com
Buffett’s $11 Million Beach House Is Still on the Market
February 28, 2018 —
Noah Buhayar – BloombergWarren Buffett auctions a lunch date for charity every year, and the winning bid usually stretches to seven figures. He twice sold his used cars to fans for multiples of their Kelly Blue Book value. Someone once even paid more than $200,000 to purchase his old wallet. (It had a stock tip inside.) For those who venerate one of the world’s best investors, money is usually no object when buying a piece of the legend.
A year ago, Buffett put his vacation home in Emerald Bay, a gated enclave next to Laguna Beach, Calif., up for sale. He bought the property in 1971 at the urging of his first wife, Susan, for $150,000—the equivalent of a bit less than $1 million today. At the time, he didn’t think of it much as an investment, he told the Wall Street Journal last year. Laguna was less developed back then, more surfer-and-hippie paradise than multimillionaire’s haunt. The couple and their family often spent summers at the home, as well as time around Christmas, when Buffett would hole up in the master bedroom working on his closely followed
annual letter to
Berkshire Hathaway Inc. shareholders.
Read the court decisionRead the full story...Reprinted courtesy of
Noah Buhayar, Bloomberg
ISO Proposes New Designated Premises Endorsement in Response to Hawaii Decision
October 27, 2016 —
Tred R. Eyerly – Insurance Law HawaiiThe Insurance Services Office (ISO) has issued a Circular advising it will submit to Insurance Departments in various states proposed changes to the Designated Premises Endorsement. The changes are due in part to the Hawaii Supreme Court's decision in C. Brewer & Co. v. Marine Indem. Ins., 135 Haw. 190, 347 P. 3d 163 (Haw. 2015). (Full Disclosure - our office represented C. Brewer before the Hawaii Supreme Court).
Read the court decisionRead the full story...Reprinted courtesy of
Tred R. Eyerly, Insurance Law HawaiiMr. Eyerly may be contacted at
te@hawaiilawyer.com
Wheaton to Require Sprinklers in New Homes
November 06, 2013 —
CDJ STAFFThe town of Wheaton, Illinois is considering a change to its building codes, based on the recommendations made in the 2012 building code, released by the International Code Council. Eighty-two towns in Illinois already require new homes to have fire sprinklers. Wheaton did not adopt any changes from the 2006 or 2009 building code; they are currently using the standards of the 2003 edition.
Read the court decisionRead the full story...Reprinted courtesy of
Thanks for Four Years of Recognition from JD Supra’s Readers’ Choice Awards
May 20, 2019 —
Garret Murai - California Construction Law BlogA big thank you to the folks at JD Supra and its readers for recognizing us in its Construction category for its 2019 Readers’ Choice Awards! We’re honored to be among the 228 authors recognize for their visibility, engagement and thought leadership out of more than 50,000 who have published articles on JD Supra this past year.
Congratulations as well to the other JD Supra 2019 Readers’ Choice Award recipients whose hard work encourages us to be better authors.
Read the court decisionRead the full story...Reprinted courtesy of
Garret Murai, Wendel, Rosen, Black & Dean LLPMr. Murai may be contacted at
gmurai@wendel.com
