What to do When the Worst Happens: Responding to a Cybersecurity Breach
November 21, 2018 —
Scott L. Satkin & J. Kyle Janecek – Newmeyer Dillion LLPCybersecurity is a growing concern for today's businesses. While it's always advisable to take whatever action possible to avoid a cybersecurity breach, no security measures can be one hundred percent perfect, and malicious actors are always innovating and trying to find new security flaws. The implementation of new technology brings with it new opportunities, but also potentially new vulnerabilities. And hackers have one major advantage – those working to defend against cyber-attacks have to try to find and fix every potential exploit, whereas those on the other side only need to find one. As demonstrated by recent high-profile breaches at Google and Facebook, even massive tech companies with access to vast financial resources and top engineering talent can still fall prey to cyber-attacks. Therefore, understanding how to respond to a breach is just as critical to a company's cybersecurity plan as attempting to prevent one. Below are a few solid tips on how to react when an organization's cybersecurity has been compromised.
Plan in Advance
The best response to a cybersecurity breach begins before the breach ever happens. A written incident response plan is of paramount importance. In the immediate aftermath of a cybersecurity breach, people will be scared and stressed. In those circumstances, they will be more likely to be able to respond effectively if there is a plan laid out for them and they have received training on how to follow that plan. Make sure that employees are trained on the parts of the plan that are relevant to them. Most may only need to know who to report to if they suspect a breach may have occurred, while those who will be involved in the breach response will need more in-depth training. The plan should also be updated regularly to account for staffing changes, new technology, and the evolving legal landscape. The law may also require a plan for responding to cybersecurity breaches, depending on the jurisdiction.
Call Your Lawyer- Early and Often
At the risk of sounding self-aggrandizing, attorneys are critical in responding to a cybersecurity breach. The most obvious reason is to advise clients on their legal obligations and potential liability – and this is indeed an important function. The patchwork of federal and state regulations governing cybersecurity is something laypeople – and even non-specialized attorneys – should navigate with caution. Of equal importance is the preservation of confidential communication under the attorney-client privilege. The presence of an attorney helps to improve the security of information surrounding the response to the breach because correspondence with that attorney is privileged, allowing candid evaluation of the breach. The ability to assert attorney-client privilege regarding an internal investigation and response can be quite useful in the event of a later external investigation or litigation.
To Disclose or Not to Disclose?
An important question that needs to be asked in the wake of a cybersecurity breach is whether the incident must be disclosed, and if so, when, how, and to whom should such disclosures be made? While many understandably wish that their mistakes and failures will never see the light of day, there are also many people who will want to know when a company's cybersecurity has been breached. Shareholders want to know – and may have a right to know – if such a breach has harmed the business. Consumers want to know if their personal information has been compromised so that they can protect against identity theft. Furthermore, state breach notification laws may mandate certain disclosures to consumers depending on facts surrounding the breach. Legal requirements from states, the federal government, and even foreign entities may also require companies to provide notices to one or more regulatory agencies.
An attorney can advise on whether a company is legally required to provide any notice in the aftermath of a data breach, but even though notice may not be a legal requirement in a particular set of circumstances, it may still be prudent to give it anyway. Google decided not to disclose the recent breach of data from its Google+ service to avoid a PR and regulatory backlash, but the fact that it had happened eventually leaked out anyway. Even though legal experts have opined in the aftermath that Google likely was not obligated to disclose the breach, the fact that it did not caused exactly what Google attempted to avoid, but with magnified effect. "Google Experiences Consumer Data Breach" may not have been a good headline, but "Google Hides Consumer Data Breach" was a worse one.
Remember: Protection Is Key
No company wants a cybersecurity breach, but past experience has increasingly demonstrated that this is not a question of "if" but rather one of "when" and "how bad." Planning ahead and knowing what to do when a data breach does happen can ensure that an organization bounces back from a breach as smoothly and painlessly as possible.
Scott Satkin and Kyle Janecek are associates in the Cybersecurity group of Newmeyer & Dillion. Focused on helping clients navigate the legal dispute implications of cybersecurity, they advise businesses on implementing and adopting proactive measures to prevent and neutralize cybersecurity threats. For questions on how they can help, contact Scott at scott.satkin@ndlf.com and Kyle at kyle.jancecek@ndlf.com.
About Newmeyer & Dillion
For more than 30 years, Newmeyer & Dillion has delivered creative and outstanding legal solutions and trial results for a wide array of clients. With over 70 attorneys practicing in all aspects of cybersecurity, business, employment, real estate, construction and insurance law, Newmeyer & Dillion delivers legal services tailored to meet each client's needs. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer & Dillion attorneys are recognized by The Best Lawyers in America© and Super Lawyers as top tier and some of the best lawyers in California, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949.854.7000 or visit www.ndlf.com.
Read the court decisionRead the full story...Reprinted courtesy of
Benford’s Law: A Seldom Used Weapon in Forensic Accounting
March 05, 2015 —
Roger Hughes – California Construction Law BlogWhat is Digit Analysis and Why it Should be of Interest to Construction Attorneys?
Benford’s Law was named after Frank Benford, a General Electric physicist. Mr. Benford was the first to discover that “leading digits” do not follow a uniform distribution pattern as suggested by intuition. If you are like me, the response to such a statement is “huh”? But stick with me because this is important stuff to anyone who suspects a claim presentation may have been rigged, a bit here or a bit there, or maybe all over. It turns out that calculations purportedly based upon naturally, randomly occurring numbers may have been contrived. By “randomly occurring” we mean numbers that occur naturally without human interference as opposed to a contrived selection. Said another way, it is now accepted as a mathematical truth that the pattern of numbers randomly generated can be distinguished from numbers influenced by human intervention. Yikes, glad you told me that before I prepared my taxes.
Read the court decisionRead the full story...Reprinted courtesy of
Roger Hughes, Wendel Rosen Black & Dean LLPMr. Hughes may be contacted at
rhughes@wendel.com
JPMorgan Blamed for ‘Zombie’ Properties in Miami Lawsuit
June 18, 2014 —
Christie Smythe – BloombergJPMorgan Chase & Co. (JPM) engaged in a “pattern of discriminatory” lending that led to foreclosures, the city of Miami said in a lawsuit filed last week in federal court, the latest in a series of similar claims against the nation’s largest banks.
Last month, Banco Santander SA’s (SAN) U.S. unit was sued by the city of Providence, Rhode Island, over claims it stopped issuing mortgages in minority neighborhoods after the housing bubble burst. Santander Bank, previously named Sovereign Bank, pulled out of the neighborhoods and focused on white communities after being acquired by the Madrid-based lender in 2009, the city alleged.
Miami and Los Angeles are among cities to have filed similar lawsuits against Bank of America Corp., Citigroup Inc. (C) and Wells Fargo & Co. (WFC) for allegedly “red-lining” black and Hispanic areas as no-loan zones, and then “reverse red-lining,” flooding the areas with predatory mortgages even when minorities qualified for better terms.
Read the court decisionRead the full story...Reprinted courtesy of
Christie Smythe, BloombergMs. Smythe may be contacted at
csmythe1@bloomberg.net
Manhattan Condo Lists for Record $150 Million
February 18, 2015 —
Oshrat Carmiel – Bloomberg(Bloomberg) -- Manhattan’s ultra-luxury condo market has a new high-water mark: $150 million.
That’s the price set by developer Chetrit Group for a 21,500-square-foot (2,000-square-meter) triplex at the former Sony Building in Midtown, according to documents filed with the New York State attorney general’s office. It would be a record for a residential listing, topping a $130 million offering planned at Zeckendorf Development Co.’s 520 Park Ave.
As luxury apartments proliferate in Manhattan, builders are offering their premier units at ever-higher prices as a way of standing out from the crowd, said Jonathan Miller, president of New York appraiser Miller Samuel Inc. So far, the highest price ever paid for a condominium in the city is $100.5 million, a deal completed in December for a duplex penthouse at the One57 tower.
Read the court decisionRead the full story...Reprinted courtesy of
Oshrat Carmiel, BloombergMs. Carmiel may be contacted at
ocarmiel1@bloomberg.net
Governor Brown Signs Legislation Aimed at Curbing ADA Accessibility Abuses in California
June 02, 2016 —
Garret Murai – California Construction Law BlogThis past week Governor Jerry Brown signed
Senate Bill 269. The new law is the latest attempt to curb lawsuits brought under the Americans with Disabilities Act of 1990 (“ADA”) and related states laws which many businesses and governmental entities have called unfair and predatory. Others, have used more
colorful descriptions.
The ADA Debate
At the heart of the debate is a small but growing number of ADA plaintiffs who regularly sue businesses and governmental entities alleging that their properties do not provide equal access to disabled individuals. These ADA plaintiffs and their attorneys, including other members of the disabled community, argue that these lawsuits improve access to places of public accommodation by disabled individuals, are permitted under the law, and that the businesses and government agencies they sue can’t be heard to complain since the ADA has been on the books for over twenty-five years.
Read the court decisionRead the full story...Reprinted courtesy of
Garret Murai, Wendel Rosen Black & Dean LLPMr. Murai may be contacted at
gmurai@wendel.com
Want to Use Drones in Your Construction Project? FAA Has Just Made It Easier.
March 01, 2017 —
Masaki J. Yamada – Ahlers & Cressman PLLCThe new Part 107 FAA Rules took effect on Monday, August 29, 2016. Unlike the previous requirements for flying a drone commercially, the new rules are much more simplistic and permissive of a broad amount of commercial drone usage.
The following is the basic knowledge you need to legally use a drone on your future projects. To fly a drone commercially, there are now four major requirements:
- You must be at least sixteen years old;
- You must register your drone online;
- You must pass an aviation knowledge test administered at an FAA-approved testing center; and
- You must pass review by the Transportation Security Administration.
Read the court decisionRead the full story...Reprinted courtesy of
Masaki J. Yamada, Ahlers & Cressman PLLCMr. Yamada may be contacted at
myamada@ac-lawyers.com
Couple Claims ADA Renovation Lead to Construction Defects
December 30, 2013 —
CDJ STAFFA couple in Mercer County, West Virginia have claimed that the renovations done to their home not only failed to meet the requested ADA standards, but lead to construction defects, as reported by The West Virginia Record. Ray and Sherry Price are suing Lamberts Construction Company of Bluefield, West Virginia, claiming breach of contract and infliction of emotional distress. The couple hired to company to construct a bathroom addition, a bedroom addition, and a new driveway. In addition to other damages, they are also seeking the cost to repair the renovations.
Read the court decisionRead the full story...Reprinted courtesy of
Solar Power Inc. to Build 30-Megawatt Project in Inner Mongolia
October 15, 2014 —
Justin Doom – BloombergSolar Power Inc. (SOPW), a renewable-energy developer backed by China’s LDK Solar Co., has agreed to build a solar farm with 30 megawatts of capacity in Inner Mongolia.
Solar Power’s Xinyu Xinwei New Energy unit signed a construction agreement with Alxa League ZhiWei PV Power Co., the Roseville, California-based company said today in a statement. The project is expected to connect to the power grid by the end of March. Financial terms weren’t disclosed.
It’s Solar Power’s second accord this month to build a project in China’s Inner Mongolia Region. Solar Power also is building a 20-megawatt power plant in Wulaichabu City.
Read the court decisionRead the full story...Reprinted courtesy of
Justin Doom, BloombergMr. Doom may be contacted at
jdoom1@bloomberg.net
