What to do When the Worst Happens: Responding to a Cybersecurity Breach
November 21, 2018 —
Scott L. Satkin & J. Kyle Janecek – Newmeyer Dillion LLPCybersecurity is a growing concern for today's businesses. While it's always advisable to take whatever action possible to avoid a cybersecurity breach, no security measures can be one hundred percent perfect, and malicious actors are always innovating and trying to find new security flaws. The implementation of new technology brings with it new opportunities, but also potentially new vulnerabilities. And hackers have one major advantage – those working to defend against cyber-attacks have to try to find and fix every potential exploit, whereas those on the other side only need to find one. As demonstrated by recent high-profile breaches at Google and Facebook, even massive tech companies with access to vast financial resources and top engineering talent can still fall prey to cyber-attacks. Therefore, understanding how to respond to a breach is just as critical to a company's cybersecurity plan as attempting to prevent one. Below are a few solid tips on how to react when an organization's cybersecurity has been compromised.
Plan in Advance
The best response to a cybersecurity breach begins before the breach ever happens. A written incident response plan is of paramount importance. In the immediate aftermath of a cybersecurity breach, people will be scared and stressed. In those circumstances, they will be more likely to be able to respond effectively if there is a plan laid out for them and they have received training on how to follow that plan. Make sure that employees are trained on the parts of the plan that are relevant to them. Most may only need to know who to report to if they suspect a breach may have occurred, while those who will be involved in the breach response will need more in-depth training. The plan should also be updated regularly to account for staffing changes, new technology, and the evolving legal landscape. The law may also require a plan for responding to cybersecurity breaches, depending on the jurisdiction.
Call Your Lawyer- Early and Often
At the risk of sounding self-aggrandizing, attorneys are critical in responding to a cybersecurity breach. The most obvious reason is to advise clients on their legal obligations and potential liability – and this is indeed an important function. The patchwork of federal and state regulations governing cybersecurity is something laypeople – and even non-specialized attorneys – should navigate with caution. Of equal importance is the preservation of confidential communication under the attorney-client privilege. The presence of an attorney helps to improve the security of information surrounding the response to the breach because correspondence with that attorney is privileged, allowing candid evaluation of the breach. The ability to assert attorney-client privilege regarding an internal investigation and response can be quite useful in the event of a later external investigation or litigation.
To Disclose or Not to Disclose?
An important question that needs to be asked in the wake of a cybersecurity breach is whether the incident must be disclosed, and if so, when, how, and to whom should such disclosures be made? While many understandably wish that their mistakes and failures will never see the light of day, there are also many people who will want to know when a company's cybersecurity has been breached. Shareholders want to know – and may have a right to know – if such a breach has harmed the business. Consumers want to know if their personal information has been compromised so that they can protect against identity theft. Furthermore, state breach notification laws may mandate certain disclosures to consumers depending on facts surrounding the breach. Legal requirements from states, the federal government, and even foreign entities may also require companies to provide notices to one or more regulatory agencies.
An attorney can advise on whether a company is legally required to provide any notice in the aftermath of a data breach, but even though notice may not be a legal requirement in a particular set of circumstances, it may still be prudent to give it anyway. Google decided not to disclose the recent breach of data from its Google+ service to avoid a PR and regulatory backlash, but the fact that it had happened eventually leaked out anyway. Even though legal experts have opined in the aftermath that Google likely was not obligated to disclose the breach, the fact that it did not caused exactly what Google attempted to avoid, but with magnified effect. "Google Experiences Consumer Data Breach" may not have been a good headline, but "Google Hides Consumer Data Breach" was a worse one.
Remember: Protection Is Key
No company wants a cybersecurity breach, but past experience has increasingly demonstrated that this is not a question of "if" but rather one of "when" and "how bad." Planning ahead and knowing what to do when a data breach does happen can ensure that an organization bounces back from a breach as smoothly and painlessly as possible.
Scott Satkin and Kyle Janecek are associates in the Cybersecurity group of Newmeyer & Dillion. Focused on helping clients navigate the legal dispute implications of cybersecurity, they advise businesses on implementing and adopting proactive measures to prevent and neutralize cybersecurity threats. For questions on how they can help, contact Scott at scott.satkin@ndlf.com and Kyle at kyle.jancecek@ndlf.com.
About Newmeyer & Dillion
For more than 30 years, Newmeyer & Dillion has delivered creative and outstanding legal solutions and trial results for a wide array of clients. With over 70 attorneys practicing in all aspects of cybersecurity, business, employment, real estate, construction and insurance law, Newmeyer & Dillion delivers legal services tailored to meet each client's needs. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer & Dillion attorneys are recognized by The Best Lawyers in America© and Super Lawyers as top tier and some of the best lawyers in California, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949.854.7000 or visit www.ndlf.com.
Read the court decisionRead the full story...Reprinted courtesy of
No Occurrence Found for Damage to Home Caused by Settling
October 22, 2014 —
Tred R. Eyerly – Insurance Law HawaiiThe Nebraska Supreme Court found the insurer properly denied coverage to the general contractor for damage to a home caused by settlement. Cizek Homes, Inc. v. Columbia Nat. Ins. Co., 2014 Neb. LEXIS 152 (Neb. Sept. 9, 2014).
The general contractor built and then sold the residence. Subsequently, the homeowners complained that the soil beneath their residence was settling and causing damage to their home. The homeowners presented a draft complaint to the general contractor, alleging that negligence and faulty workmanship had caused damage to the home.
The general contractor notified its carrier, Columbia. Coverage was denied.
Read the court decisionRead the full story...Reprinted courtesy of
Tred R. Eyerly, Insurance Law HawaiiMr. Eyerly may be contacted at
te@hawaiilawyer.com
2017 California Employment Law Update
January 13, 2017 —
Evelin Y. Bailey - California Construction Law BlogBelow are some of the new laws going into effect this year that affect the construction industry. Unless otherwise noted, the laws go into effect on January 1, 2017.
Public Works and Prevailing Wages
You can read more about the new laws—AB 326, AB 1926 and SB 954—relating to public works and prevailing wages in an earlier blog post.
Employment Contracts
Choice of Forum and Choice of Law. Under SB 1241, an employer cannot require an employee who primarily works and resides in California to agree to file a lawsuit or bring a claim in another state when the claim arises in California. This is usually referred to as the choice of forum clause.
Read the court decisionRead the full story...Reprinted courtesy of
Evelin Y. Bailey, Wendel Rosen Black & Dean LLP Ms. Bailey may be contacted at
ebailey@wendel.com
Red Tape Is Holding Up a Greener Future
March 13, 2023 —
The Editors - BloombergSeven months on, Democrats are still celebrating the Inflation Reduction Act, even though a crucial determinant of its success — permitting reform for energy projects — remains undone. Recent data shows just how imperative it is for them to stop dragging their feet.
What’s now called the IRA had little to do with inflation. It was a climate bill, and a big one: It provided $370 billion to improve energy efficiency, reduce emissions and smooth the path to a clean-power economy. It came on top of a 70% surge in private investment since 2017.
But the biggest impediment to the US energy transition isn’t financing: It’s building.
A decade ago, between 25% and 30% of proposed wind and solar projects moved from the drawing boards to completion. But as new projects and new funding have soared, utilities have been unable to keep up, leading to an immense backlog. A recent report by BloombergNEF found that over just six years, global clean-energy investment has gone from half the level of fossil-fuel investment to near parity, an extraordinary leap that reflects the market’s appetite for clean power. Yet America’s dysfunctional regulation is preventing many needed projects from even breaking ground.
Read the court decisionRead the full story...Reprinted courtesy of
The Editors, Bloomberg
A Construction Stitch in Time
October 28, 2015 —
Christopher G. Hill – Construction Law MusingsIt’s a cliche for a reason that “A Stitch in Time Saves Nine.” Why? Because it is almost always cheaper and more efficient in the long run to get something right the first time than to fix it later. This old adage is true in life, and particularly true in the world of construction.
Whether it’s measuring twice before making your bid, checking with your subcontractors and suppliers to be sure they haven’t missed anything when giving you a price, or yes (and you knew this was coming), being sure that your contracts are written as they should be and cover the bases. To use another construction related analogy, these types of basic practices create a great foundation for your construction project(s) that will (hopefully) see you through to a successful and profitable construction project.
Aside from the last of my examples, how can adding a knowledgeable construction attorney help with laying this foundation? We construction lawyers spend our days either dealing with problems that have occurred (not ideal), anticipating risks that could occur (better, though can lead to a relatively cynical world view), and advising clients before the fact of the potential risks and how to best avoid them (best). Speaking from experience, I would much rather spend my time keeping my construction clients making money and avoiding the pitfalls of the “Murphy’s Law” governed world of construction than spend time with them in court.
Read the court decisionRead the full story...Reprinted courtesy of
Christopher G. Hill, Law Office of Christopher G. Hill, PCMr. Hill may be contacted at
chrisghill@constructionlawva.com
NEW DEFECT WARRANTY LAWS – Now Applicable to Condominiums and HOAs transitioning from Developer to Homeowner Control. Is Your Community Aware of its Rights Under the New Laws?
February 07, 2014 —
Nicholas D. Cowie – Maryland Condo Construction Defect Law BlogAll condominium associations and homeowners associations (“HOAs”) created in Maryland 0n or after October 1, 2010 are subject to new laws pertaining to statutory warranties for construction defects in workmanship and materials.
Most associations that have recently transitioned, or that are about to transition, from developer to homeowner control were created on after October 1, 2010. It is now time for these Associations to become familiar with the new laws to ensure they protect and preserve their warranty rights. Below is an Article I wrote regarding these new laws, which I helped create. See Blog Post: “Maryland Construction Defect Lawyers Enforcing Warranty Claims for Condominiums.”
Too often our firm is contacted by condominium associations who never knew what there warranty and other legal rights were until it was too late to seek developer repairs and reimbursement for construction defects. There is no reason for community associations to remain uniformed.
Read the court decisionRead the full story...Reprinted courtesy of
Nicholas D. Cowie, Maryland Condo Construction Defect Law BlogMr. Cowie may be contacted at
ndc@cowiemott.com
Hawaii Appellate Court Finds Duty to Defend Group Builders Case
May 10, 2013 —
Tred EyerlyOn May 19, 2010, the Hawaii Intermediate Court of Appeals determined construction defect claims did not constitute an occurrence under a CGL policy.Group Builders, Inc. v. Admiral Ins. Co., 123 Haw. 142, 231 P.3d 67 (Haw. Ct. App. 2010) ("Group Builders I"). The appeal in Group Builders I, however, only addressed the duty to indemnify. The ICA has now issued a second decision (unpublished), holding that there is was duty to defend Group Builders on the construction defect claims under Hawaii law, based upon the policy language and the allegations in the underlying complaint. Group Builders, Inc. v. Admiral Ins. Co., 2013 Haw.App. LEXIS 207 (Haw. Ct. App. April 15, 2013).
The underlying suit involved allegations by Hilton Hotels Corp. that Group Builders, a subcontractor working on an addition to the hotel, was responsible for mold found after completion of the project. Hilton alleged that the "design, construction, installation, and/or selection of the . . . building exterior wall finish . . . did not provide an adequate air and/or moisture barriers." The counts alleged against Group Builders included breach of contract and negligence.
Read the court decisionRead the full story...Reprinted courtesy of
Tred EyerlyMr. Eyerly can be contacted at
te@hawaiilawyer.com
Monitoring Building Moisture with RFID – Interview with Jarmo Tuppurainen
February 22, 2018 —
Aarni Heiskanen – aec businessI met Jarmo, the Technology Manager at Helsinki Metropolia University of Applied Sciences, at the leading event for housing markets in Helsinki (
Asuntomarkkinat). He and his team had set up an impressive display of devices and structures in the KIRA-digi showroom.
Read the court decisionRead the full story...Reprinted courtesy of
Aarni Heiskanen, aec businessMr. Heiskanen may be contacted at
aec-business@aepartners.fi
