What to do When the Worst Happens: Responding to a Cybersecurity Breach
November 21, 2018 —
Scott L. Satkin & J. Kyle Janecek – Newmeyer Dillion LLPCybersecurity is a growing concern for today's businesses. While it's always advisable to take whatever action possible to avoid a cybersecurity breach, no security measures can be one hundred percent perfect, and malicious actors are always innovating and trying to find new security flaws. The implementation of new technology brings with it new opportunities, but also potentially new vulnerabilities. And hackers have one major advantage – those working to defend against cyber-attacks have to try to find and fix every potential exploit, whereas those on the other side only need to find one. As demonstrated by recent high-profile breaches at Google and Facebook, even massive tech companies with access to vast financial resources and top engineering talent can still fall prey to cyber-attacks. Therefore, understanding how to respond to a breach is just as critical to a company's cybersecurity plan as attempting to prevent one. Below are a few solid tips on how to react when an organization's cybersecurity has been compromised.
Plan in Advance
The best response to a cybersecurity breach begins before the breach ever happens. A written incident response plan is of paramount importance. In the immediate aftermath of a cybersecurity breach, people will be scared and stressed. In those circumstances, they will be more likely to be able to respond effectively if there is a plan laid out for them and they have received training on how to follow that plan. Make sure that employees are trained on the parts of the plan that are relevant to them. Most may only need to know who to report to if they suspect a breach may have occurred, while those who will be involved in the breach response will need more in-depth training. The plan should also be updated regularly to account for staffing changes, new technology, and the evolving legal landscape. The law may also require a plan for responding to cybersecurity breaches, depending on the jurisdiction.
Call Your Lawyer- Early and Often
At the risk of sounding self-aggrandizing, attorneys are critical in responding to a cybersecurity breach. The most obvious reason is to advise clients on their legal obligations and potential liability – and this is indeed an important function. The patchwork of federal and state regulations governing cybersecurity is something laypeople – and even non-specialized attorneys – should navigate with caution. Of equal importance is the preservation of confidential communication under the attorney-client privilege. The presence of an attorney helps to improve the security of information surrounding the response to the breach because correspondence with that attorney is privileged, allowing candid evaluation of the breach. The ability to assert attorney-client privilege regarding an internal investigation and response can be quite useful in the event of a later external investigation or litigation.
To Disclose or Not to Disclose?
An important question that needs to be asked in the wake of a cybersecurity breach is whether the incident must be disclosed, and if so, when, how, and to whom should such disclosures be made? While many understandably wish that their mistakes and failures will never see the light of day, there are also many people who will want to know when a company's cybersecurity has been breached. Shareholders want to know – and may have a right to know – if such a breach has harmed the business. Consumers want to know if their personal information has been compromised so that they can protect against identity theft. Furthermore, state breach notification laws may mandate certain disclosures to consumers depending on facts surrounding the breach. Legal requirements from states, the federal government, and even foreign entities may also require companies to provide notices to one or more regulatory agencies.
An attorney can advise on whether a company is legally required to provide any notice in the aftermath of a data breach, but even though notice may not be a legal requirement in a particular set of circumstances, it may still be prudent to give it anyway. Google decided not to disclose the recent breach of data from its Google+ service to avoid a PR and regulatory backlash, but the fact that it had happened eventually leaked out anyway. Even though legal experts have opined in the aftermath that Google likely was not obligated to disclose the breach, the fact that it did not caused exactly what Google attempted to avoid, but with magnified effect. "Google Experiences Consumer Data Breach" may not have been a good headline, but "Google Hides Consumer Data Breach" was a worse one.
Remember: Protection Is Key
No company wants a cybersecurity breach, but past experience has increasingly demonstrated that this is not a question of "if" but rather one of "when" and "how bad." Planning ahead and knowing what to do when a data breach does happen can ensure that an organization bounces back from a breach as smoothly and painlessly as possible.
Scott Satkin and Kyle Janecek are associates in the Cybersecurity group of Newmeyer & Dillion. Focused on helping clients navigate the legal dispute implications of cybersecurity, they advise businesses on implementing and adopting proactive measures to prevent and neutralize cybersecurity threats. For questions on how they can help, contact Scott at scott.satkin@ndlf.com and Kyle at kyle.jancecek@ndlf.com.
About Newmeyer & Dillion
For more than 30 years, Newmeyer & Dillion has delivered creative and outstanding legal solutions and trial results for a wide array of clients. With over 70 attorneys practicing in all aspects of cybersecurity, business, employment, real estate, construction and insurance law, Newmeyer & Dillion delivers legal services tailored to meet each client's needs. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer & Dillion attorneys are recognized by The Best Lawyers in America© and Super Lawyers as top tier and some of the best lawyers in California, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949.854.7000 or visit www.ndlf.com.
Read the court decisionRead the full story...Reprinted courtesy of
HOA Group Speaking Out Against Draft of Colorado’s Construction Defects Bill
April 30, 2014 —
Beverley BevenFlorez-CDJ STAFFEd Sealover of the Denver Business Journal reported on a homeowner association group that has spoken out against the recent draft of Colorado’s Construction Defects bill. According to Sealover’s article, Senator Jessie Ulibarri claimed that the “proposed bill…would mandate that homeowners alleging that owner-occupied multi-family structures have major construction defects go through mediation or arbitration before a lawsuit can be filed.” Furthermore, the bill would require “written consent from a majority of unit owners” before the “executive board of a homeowners association files such a lawsuit.”
The bill originated due to findings that “[l]ess than 2 percent of new housing stock being built in Colorado is in the form of condos, an anomaly that developers attribute to state laws that allow condo owners to file multi-million-dollar class-action lawsuits even if only a few of them want to move forward with the legal action.”
However, Molly Foley-Healy, chairwoman of the Community Associations Institute (CLAC), spoke out against the bill: “Senator Ulibarri’s stated goal is to create more affordable housing, but this bill has nothing to do with affordable housing. Instead, it hurts the very people he said he wanted to help. It effectively blocks homeowners from holding builders responsible for their shoddy construction and leaves homeowners living in HOAs to pick up the tab for repairing the defects.”
Read the court decisionRead the full story...Reprinted courtesy of
$24 Million Verdict Against Material Supplier Overturned Where Plaintiff Failed to Prove Supplier’s Negligence or Breach of Contract Caused an SB800 Violation
March 16, 2017 —
Jon A. Turigliatto, Esq. & Chelsea L. Zwart, Esq. – Chapman Glucksman Dean Roeb & Barger BulletinAcqua Vista Homeowners Assoc. v. MWL Inc. (2017) 2017 WL 371379
COURT OF APPEAL EXTENDS GREYSTONE HOMES, INC. v. MIDTEC, INC., HOLDING THAT CIVIL CODE §936 CREATES A NEGLIGENCE STANDARD FOR CLAIMS AGAINST MATERIAL SUPPLIERS BROUGHT UNDER SB800.
The Fourth District California Court of Appeal recently published its decision Acqua Vista Homeowners Assoc. v. MWI, Inc. (2017) 2017 WL 371379, holding that claims against a material supplier under SB800 (Civil Code §895 and §936) require proof that the SB800 violation was caused by the supplier's negligence or breach of contract.
Civil Code §936 states in relevant part, that it applies "to general contractors, subcontractors, material suppliers, individual product manufacturers, and design professionals to the extent that the general contractors, subcontractors, material suppliers, individual product manufacturers, and design professionals caused, in whole or in part, a violation of a particular standard as the result of a negligent act or omission or a breach of contract .... [T]he negligence standard in this section does not apply to any general contractor, subcontractor, material supplier, individual product manufacturer, or design professional with respect to claims for which strict liability would apply."
Acqua Vista Homeowners Association (the "HOA") sued MWI, a supplier of Chinese pipe used in the construction of the Acqua Vista condominium development. The HOA's complaint asserted a single cause of action for violation of SB800 standards, and alleged that defective cast iron pipe was used throughout the building. After trial, the trial court entered a judgment against MWI in the amount of $23,955,796.28, reflecting the jury's finding that MWI was 92% responsible for the HOA's damages.
MWI filed a motion for a directed verdict and motion for judgment notwithstanding the verdict on the grounds that the HOA had failed to present any evidence that MWI had caused an SB800 violation as a result of its negligence or breach of contract, and had therefore failed to prove negligence and causation as required by SB800, citing to Greystone Homes, Inc. v. Midtec, Inc.(2008) 168 Cal.App.4th 1194. The trial court denied both motions, relying on the last sentence of Civil Code §936, which states in part, "[T]he negligence standard in this section does not apply to any ... material supplier ... with respect to claims for which strict liability would apply."
The Court of Appeal reversed and ordered the trial court to enter judgment in favor of MWI. The Court of Appeal relied on the legislative history of S8800 and Greystone, which held that the first sentence of Civil Code §936 contains an "explicit adoption of a negligence standard" for S8800 claims against product manufacturers. The Court of Appeal reasoned that since §936 treats product manufacturers and material suppliers identically, the holding of Greystone must equally apply to material suppliers.
Because the complaint did not state a common law cause of action for strict liability, the HOA was required to prove that the damages were caused by MWI' s negligence or breach of contract. Although, the Court of Appeal found that while the HOA's evidence may have supported a finding that the manufacturer of the leaking pipes was negligent, the HOA had not provided any evidence that MWI, the supplier, had failed to supply the type of pipe ordered, acted unreasonably in failing to detect any manufacturing defects present in the pipe, or damaged it during transportation. Accordingly, the HOA could not prove that the alleged S8800 violation was caused, in whole or in part, by MWI' s negligence, omission, or breach of contract.
In light of the decision, homeowner and associations that allege only violations of SB800 standards without asserting a common law cause of action for strict liability cannot prevail by simply producing evidence of a violation, and are required to prove that violation was caused by the negligent act or omission, or breach of contract, of the defendant contractor, material supplier, and/or product manufacturer.
Reprinted courtesy of
Jon A. Turigliatto, Esq, Chapman Glucksman Dean Roeb & Barger and
Chelsea L. Zwart, Esq., Chapman Glucksman Dean Roeb & Barger
Mr. Turigliatto may be contacted at jturigliatto@cgdrblaw.com
Ms. Zwart may be contacted at czwart@cgdrblaw.com
Read the court decisionRead the full story...Reprinted courtesy of
Washington Court Denies Subcontractor’s Claim Based on Contractual Change and Notice Provisions
January 29, 2024 —
Wendy Rosenstein - Ahlers Cressman & Sleight PLLCThe recent unpublished case, Cascade Civil Construction, LLC v. Jackson Dean Construction, Inc., et al.,[1] provides a legal justification for contractors to require a directive or change order in advance of performing changed work—thereby preventing the party who requested the changed work from later arguing that notice provisions were not complied with.
In the case, Jackson Dean, the prime contractor, hired Cascade to perform excavation work on a project to build a new Costco Corporate headquarters. Due to the Covid-19 pandemic and other issues, Jackson Dean directed resequencing, which required Cascade to perform excavation concurrent to dewatering. Jackson Dean also required deeper-than-planned excavation under one of the buildings.
Read the court decisionRead the full story...Reprinted courtesy of
Wendy Rosenstein, Ahlers Cressman & Sleight PLLCMs. Rosenstein may be contacted at
wendy.rosenstein@acslawyers.com
Justin Clark Joins Newmeyer & Dillion’s Walnut Creek Branch as its Newest Associate
May 03, 2017 —
Newmeyer & Dillion LLPWALNUT CREEK, Calif. – APR. 28, 2017 – Up and coming associate and insurance attorney
Justin Clark is the newest associate to join the ever-growing litigation practice at Newmeyer & Dillion LLP’s Walnut Creek office. Clark brings experience in the areas of insurance litigation, construction defect litigation, and business transactions.
Walnut Creek’s managing partner Brian Morrow explained why he is so excited by the addition of Clark: “We are thrilled to have Clark on board, as his emphasis on insurance coverage will assist in a key area for our clients, and further expand our capabilities in our northern California office.”
Clark has a background in a variety of practice areas, including insurance coverage, products liability, and asbestos litigation. He advocates for manufacturers, suppliers, distributers, and contractors in all phases of litigation. Clark represents developers, builders, and general contractors in construction and insurance disputes. He also helps small business clients draft commercial contracts to better serve their growing business needs. Clark can be reached at justin.clark@ndlf.com or 925-988-3263.
About Newmeyer & Dillion
For more than 30 years, Newmeyer & Dillion has delivered creative and outstanding legal solutions and trial results for a wide array of clients. With over 70 attorneys practicing in all aspects of business, employment, real estate, construction and insurance law, Newmeyer & Dillion delivers legal services tailored to meet each client’s needs. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer & Dillion attorneys are recognized by The Best Lawyers in America©, and Super Lawyers as top tier and some of the best lawyers in California, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949-854-7000 or visit www.ndlf.com.
Read the court decisionRead the full story...Reprinted courtesy of
Colorado Trench Collapse Kills Two
July 30, 2019 —
Engineering News-RecordFederal safety officials are investigating the April 16 collapse of a trench that killed two construction workers in northern Colorado. The two men—Cristopher Lee Ramirez, 26, and Jorge Baez Valadez, 41—were installing utilities at a site being developed by D.R. Horton Express Homes in Windsor, Colo., when they were trapped by soil and rocks in the 15-ft-deep trench. The rescue attempt lasted seven hours and involved small shovels because of fears of a second collapse.
Read the court decisionRead the full story...Reprinted courtesy of
Engineering News-RecordENR may be contacted at
ENR.com@bnpmedia.com
Value in Recording Lien within Effective Notice of Commencement
August 03, 2020 —
David Adelstein - Florida Construction Legal UpdatesConstruction lien priority is no joke! This is why a lienor wants to record its construction lien within an effective notice of commencement. A lien recorded within an effective notice of commencement relates back in time from a priority standpoint to the date the notice of commencement was recorded. A lienor that records a lien wants to ensure its lien is superior, and not inferior, to other encumbrances. An inferior lien or encumbrance may not provide much value if there is not sufficient equity in the property. Plus, an inferior lien or encumbrance can be foreclosed.
An example of the importance of lien priority can be found in the recent decision of Edward Taylor Corp. v. Mortgage Electronic Registration Systems, Inc., 45 Fla.L.Weekly D1447b (Fla. 2d DCA 2020). In this case, a contractor recorded a notice of commencement for an owner. While an owner is required to sign the notice of commencement that the contractor usually records, in this case, the owner did not sign the notice of commencement. Shortly after, the owner’s lender recorded a mortgage and then had the owner sign a notice of commencement and this notice of commencement was also recorded. When there is a construction lender, the lender always wants to make sure its mortgage is recorded first—before any notice of commencement—for purposes of priority and has the responsibility to ensure the notice of commencement is recorded. Here, the lender apparently did not realize the contractor had already recorded a notice of commencement at the time it recorded its mortgage.
Read the court decisionRead the full story...Reprinted courtesy of
David Adelstein, Kirwin Norris, P.A.Mr. Adelstein may be contacted at
dma@kirwinnorris.com
When “Substantially Similar” Means “Fundamentally Identical”: Delaware Court Enforces Related Claim Provision to Deny D&O Coverage for Securities Class Action
August 10, 2021 —
Geoffrey B. Fehling, Lawrence J. Bracken II & Lorelie S. Masters - Hunton Andrews KurthA company faces two class action lawsuits—filed by different plaintiffs, complaining of different allegedly wrongful conduct, asserting different causes of action subject to different burdens of proof, and seeking different relief based on different time periods for the alleged harm. Those facts suggest the suits are not “fundamentally identical,” but that is what a Delaware Superior Court recently concluded in barring coverage for a policyholder seeking to recover for a suit the court deemed “related” to an earlier lawsuit first made outside the policy’s coverage period. First Solar Inc. v. National Union Fire Ins. Co. of Pittsburgh, Pa., No. N20C-10-156 MMJ CCLD (Del. Super. Ct. June 23, 2021). The decision, which is not on all fours with some of the authority upon which it relies, underscores the inherent unpredictability of “related” claim disputes and need for careful analysis of the policy language against the factual and legal bases of the underlying claims.
Underlying Shareholder Class Actions and D&O Claims
Shareholders of solar panel manufacturer First Solar sued the company and its directors and officers in a class action lawsuit (the “Smilovits Action”) for the class period April 2008 to February 2012. The Smilovits Action asserted federal securities violations arising from First Solar’s alleged misrepresentations about the company’s business strategies, product design, financial strength, and ability to offer solar electricity at comparable rates to conventional energy producers (i.e., achieving “grid parity”), artificially inflated stock price, insider trading, manipulation of solar power metrics, and violations of GAAP accounting standards. First Solar submitted a claim to its D&O insurer, National Union, which provided coverage for the Smilovits Action and exhausted the policy.
Reprinted courtesy of
Geoffrey B. Fehling, Hunton Andrews Kurth,
Lawrence J. Bracken II, Hunton Andrews Kurth and
Lorelie S. Masters, Hunton Andrews Kurth
Mr. Fehling may be contacted at gfehling@HuntonAK.com
Mr. Bracken may be contacted at lbracken@HuntonAK.com
Ms. Masters may be contacted at lmasters@HuntonAK.com
Read the court decisionRead the full story...Reprinted courtesy of
