What to do When the Worst Happens: Responding to a Cybersecurity Breach
November 21, 2018 —
Scott L. Satkin & J. Kyle Janecek – Newmeyer Dillion LLPCybersecurity is a growing concern for today's businesses. While it's always advisable to take whatever action possible to avoid a cybersecurity breach, no security measures can be one hundred percent perfect, and malicious actors are always innovating and trying to find new security flaws. The implementation of new technology brings with it new opportunities, but also potentially new vulnerabilities. And hackers have one major advantage – those working to defend against cyber-attacks have to try to find and fix every potential exploit, whereas those on the other side only need to find one. As demonstrated by recent high-profile breaches at Google and Facebook, even massive tech companies with access to vast financial resources and top engineering talent can still fall prey to cyber-attacks. Therefore, understanding how to respond to a breach is just as critical to a company's cybersecurity plan as attempting to prevent one. Below are a few solid tips on how to react when an organization's cybersecurity has been compromised.
Plan in Advance
The best response to a cybersecurity breach begins before the breach ever happens. A written incident response plan is of paramount importance. In the immediate aftermath of a cybersecurity breach, people will be scared and stressed. In those circumstances, they will be more likely to be able to respond effectively if there is a plan laid out for them and they have received training on how to follow that plan. Make sure that employees are trained on the parts of the plan that are relevant to them. Most may only need to know who to report to if they suspect a breach may have occurred, while those who will be involved in the breach response will need more in-depth training. The plan should also be updated regularly to account for staffing changes, new technology, and the evolving legal landscape. The law may also require a plan for responding to cybersecurity breaches, depending on the jurisdiction.
Call Your Lawyer- Early and Often
At the risk of sounding self-aggrandizing, attorneys are critical in responding to a cybersecurity breach. The most obvious reason is to advise clients on their legal obligations and potential liability – and this is indeed an important function. The patchwork of federal and state regulations governing cybersecurity is something laypeople – and even non-specialized attorneys – should navigate with caution. Of equal importance is the preservation of confidential communication under the attorney-client privilege. The presence of an attorney helps to improve the security of information surrounding the response to the breach because correspondence with that attorney is privileged, allowing candid evaluation of the breach. The ability to assert attorney-client privilege regarding an internal investigation and response can be quite useful in the event of a later external investigation or litigation.
To Disclose or Not to Disclose?
An important question that needs to be asked in the wake of a cybersecurity breach is whether the incident must be disclosed, and if so, when, how, and to whom should such disclosures be made? While many understandably wish that their mistakes and failures will never see the light of day, there are also many people who will want to know when a company's cybersecurity has been breached. Shareholders want to know – and may have a right to know – if such a breach has harmed the business. Consumers want to know if their personal information has been compromised so that they can protect against identity theft. Furthermore, state breach notification laws may mandate certain disclosures to consumers depending on facts surrounding the breach. Legal requirements from states, the federal government, and even foreign entities may also require companies to provide notices to one or more regulatory agencies.
An attorney can advise on whether a company is legally required to provide any notice in the aftermath of a data breach, but even though notice may not be a legal requirement in a particular set of circumstances, it may still be prudent to give it anyway. Google decided not to disclose the recent breach of data from its Google+ service to avoid a PR and regulatory backlash, but the fact that it had happened eventually leaked out anyway. Even though legal experts have opined in the aftermath that Google likely was not obligated to disclose the breach, the fact that it did not caused exactly what Google attempted to avoid, but with magnified effect. "Google Experiences Consumer Data Breach" may not have been a good headline, but "Google Hides Consumer Data Breach" was a worse one.
Remember: Protection Is Key
No company wants a cybersecurity breach, but past experience has increasingly demonstrated that this is not a question of "if" but rather one of "when" and "how bad." Planning ahead and knowing what to do when a data breach does happen can ensure that an organization bounces back from a breach as smoothly and painlessly as possible.
Scott Satkin and Kyle Janecek are associates in the Cybersecurity group of Newmeyer & Dillion. Focused on helping clients navigate the legal dispute implications of cybersecurity, they advise businesses on implementing and adopting proactive measures to prevent and neutralize cybersecurity threats. For questions on how they can help, contact Scott at scott.satkin@ndlf.com and Kyle at kyle.jancecek@ndlf.com.
About Newmeyer & Dillion
For more than 30 years, Newmeyer & Dillion has delivered creative and outstanding legal solutions and trial results for a wide array of clients. With over 70 attorneys practicing in all aspects of cybersecurity, business, employment, real estate, construction and insurance law, Newmeyer & Dillion delivers legal services tailored to meet each client's needs. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer & Dillion attorneys are recognized by The Best Lawyers in America© and Super Lawyers as top tier and some of the best lawyers in California, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949.854.7000 or visit www.ndlf.com.
Read the court decisionRead the full story...Reprinted courtesy of
Pre-Covid Construction Contracts Unworkable as Costs Surge, Webuild Says
October 17, 2022 —
Angus Whitley - BloombergInfrastructure construction contracts signed before the pandemic have become widely unworkable because of the surging cost of labor and materials, supply-chain blockages and difficulties in securing manpower, according to builder Webuild SpA.
Milan-based Webuild is wrestling with a 2019 agreement with the Australian government to construct the country’s largest hydroelectric power station for A$5.1 billion ($3.2 billion). It’s meant to be completed by 2026. The Snowy 2.0 project, in the Snowy mountains about six hours’ drive south of Sydney, has come to highlight the challenges of completing large-scale projects on terms that were struck before Covid-19, and before Russia invaded Ukraine.
Webuild’s Asia-Pacific director, Marco Assorati, said the value of the Snowy contract, as well as certain other parameters, need to be changed to reflect the current market. He declined to comment specifically on media reports that the consortium has asked the Australian government for an extra A$2.2 billion to complete the work and that the project is 18 months behind schedule. “It is challenging,” Assorati said.
“I think clients understand this conversation must happen and there must be a way to cope with unforeseen increases in cost,” Assorati said. “It’s not needed only on the Snowy project. It’s affecting projects everywhere globally.”
Read the court decisionRead the full story...Reprinted courtesy of
Angus Whitley, Bloomberg
NY Is Set To Sue US EPA Over ‘Completion’ of PCB Removal
June 25, 2019 —
Mary B. Powers - Engineering News-RecordNew York state intends to sue the U.S. Environmental Protection Agency for issuing a certificate to General Electric Co. affirming the company completed its $1.7-billion cleanup of about 40 miles of the upper Hudson River, contaminated with PCBs from two former factories. State Attorney General Letitia James said April 11 that a December state study showed elevated PCB levels in river sediment and concentrations in fish, which were not recovering at the rate EPA anticipated.
Read the court decisionRead the full story...Reprinted courtesy of
Mary B. Powers, ENRENR may be contacted at
ENR.com@bnpmedia.com
The Practical Distinction Between Anticipatory Breach and Repudiation and How to Deal with Both on Construction Projects
June 10, 2024 —
Devon Griger - ConsensusDocsWhen a multilevel construction project is underway and a contractor or subcontractor isn’t performing as expected, it can be difficult to know how to address the low performance without putting the parties’ contract and good working relationship at risk. However, there may come a time when poor performance lapses into a something much worse: an anticipatory breach or repudiation of the subject contract.
Imagine Scenario One: You are a general contractor managing a large-scale construction project and one of your subcontractors is falling behind on their work. The project manager for the subcontractor calls you and says, “Look, I don’t think we’re going to be able to hit our next milestone, and probably not the next one after that.” A conversation like this would generally trigger concern for most general contractors, but it would not necessarily invoke panic. These types of delay conversations are not uncommon on large scale projects.
Compare that example, however, with Scenario Two, where the subcontractor instead says, “We received an offer to work another job for much more money, so we’re leaving the project site today and will not be returning.” This is obviously different (and potentially worse) than Scenario One, and likely cause for much greater concern.
Read the court decisionRead the full story...Reprinted courtesy of
Devon Griger, Jones WalkerMs. Griger may be contacted at
dgriger@joneswalker.com
Keep it Simple with Nunn-Agreements in Colorado
June 28, 2021 —
Jean Meyer - Colorado Construction LitigationOn May 24, 2021, the Colorado Supreme Court published its decision in Auto-Owners Ins. Co. v. Bolt Factory Lofts Owners Ass'n.[1] There, the Colorado Supreme Court was tasked with answering whether an insurer, who is defending its insured under a reservation of rights, is entitled to intervene as of right under C.R.C.P. 24(a)(2) where the insured enters into a Nunn agreement with a third-party claimant, but rather than entering into a stipulated judgment, agrees with the third party to proceed via an uncontested trial to determine liability and damages. Interestingly, however, while the Court ultimately answered the above question in the negative, the real lesson from the Colorado Supreme Court’s decision is that Colorado litigants should not seek a trial court’s blessing as to liability and damages through non-adversarial proceedings when using Nunn-Agreements. Or, as articulated in Justice Carlos Samour’s vociferous dissenting opinion, Colorado litigants desiring to enter into a Nunn-Agreement should not proceed with a non-adversarial hearing, as doing so is “offensive to the dignity of the courts,” constitutes a “bogus,” “faux,” “sham” and “counterfeit” proceeding, and the hearing provides “zero benefit.”
By way of background, the case arrived in front of the Colorado Supreme Court based on the following fact pattern. A homeowner association (Bolt Factory Lofts Owners Association, Inc.) (“Association”) brought construction defect claims against a variety of prime contractors and those contractors subsequently brought third-party construction defect claims against subcontractors. One of the prime contractors assigned their claims against a subcontractor by the name Sierra Glass Co., Inc. (“Sierra”) to the Association. The other claims between the additional parties settled. On the eve of trial involving only the Association’s assigned claims against Sierra, the Association made a settlement demand to Sierra for $1.9 million. Sierra asked its insurance carrier, Auto-Owners Insurance, Co. (“AOIC”), which had been defending Sierra under a reservation of rights letter, to settle the case for that amount, but AOIC refused. This prompted Sierra to enter into a “Nunn-Agreement” with the Association whereby the case would proceed to trial, Sierra would refrain from offering a defense at trial, the Association would not pursue any recovery against Sierra for the judgment, and Sierra would assign any insurance bad faith claims it may have had against AOIC to the Association.
Read the court decisionRead the full story...Reprinted courtesy of
Jean Meyer, Higgins, Hopkins, McLain & Roswell, LLCMr. Meyer may be contacted at
meyer@hhmrlaw.com
California Cracking down on Phony Qualifiers
July 23, 2014 —
Beverley BevenFlorez-CDJ STAFFGarret Murai in his California Construction Law Blog stated that “California’s Senate Bill 862, and amended Business and Professions Code 7068.1” has given the California Contractors State License Board (CSLB) “additional enforcement authority to crack down on phony qualifiers by allowing the CLSB to take disciplinary action against a qualifier and a licensee if the qualifier is not actively involved in the construction activities of the licensee’s business.”
Murai explained that “[r]enting a qualifier means that you pay an individual who holds a California contractor’s license to act as the Responsible Managing Officer (RMO) or Responsible Managing Employee (RMO) of a construction company when they have no actual involvement in the day-to-day operations of the company.”
Read the court decisionRead the full story...Reprinted courtesy of
For Whom Additional Insured Coverage Applies in New York
November 11, 2024 —
Bill Wilson - Construction Law ZoneSimply including a requirement in a contract to add certain parties as additional insureds under a commercial general liability insurance (CGL) policy may not be enough to ensure such coverage is provided in New York. In New York City Hous. Auth. v. Harleysville Worcester Ins. Co., 226 A.D.3d 804 (2024), the New York Supreme Court Appellate Division – Second Department ruled that the language in an insurance endorsement required privity of contract with the insured party subcontractor to obtain additional insured status and denied coverage to others despite a provision in a subcontract requiring such additional insured coverage.
In this case, an owner entered into a contract with a general contractor for construction services. The general contractor entered into a subcontract with a subcontractor. The subcontractor agreed to procure and maintain a CGL policy naming the owner, the general contractor, and another related party as additional insureds thereunder. An employee of the subcontractor was injured on the project and sued the three additional insureds and several other parties. Subcontractor’s insurance company refused to defend and indemnify any party other than the general contractor. All the parties sued by the subcontractor’s employee brought an action against the subcontractor’s insurance company, seeking coverage for defense and indemnification as additional insureds under the subcontractor’s CGL policy.
Read the court decisionRead the full story...Reprinted courtesy of
Bill Wilson, Robinson & Cole LLPMr. Wilson may be contacted at
wwilson@rc.com
Payne & Fears LLP Recognized by U.S. News & World Report and Best Lawyers in 2023 “Best Law Firms” Rankings
November 28, 2022 —
Payne & Fears LLPPayne & Fears LLP is pleased to announce that the firm has been recognized by U.S. News & World Report and Best Lawyers 2023 “Best Law Firms” list. Firms included in the 2023 edition of U.S. News – Best Lawyers “Best Law Firms” are recognized for professional excellence with consistently impressive ratings from clients and peers. This includes the top 5% of private practicing lawyers in the United States.
Payne & Fears LLP has been ranked in the following practice areas:
- Commercial Litigation
- Employment Law – Management
- Insurance Law
- Labor Law – Management
- Litigation – Labor & Employment
- Litigation – Real Estate
- Litigation – Intellectual Property
Additionally, on August 15, 2022, 11 of our attorneys were selected for inclusion in
The Best Lawyers in America® 2023. Collectively bringing decades of experience and dedication to their practice, Jeffrey K. Brown, Daniel F. Fears, Daniel M. Livingston, Thomas L. Vincent, Benjamin A. Nix, James L. Payne, Scott S. Thomas, and Kelby Van Patten received this respected achievement. Additionally, Leilani E. Jones, Sarah J. Odia, and Matthew C. Lewis were included in Best Lawyers: Ones to Watch 2023.
Read the court decisionRead the full story...Reprinted courtesy of
Payne & Fears LLP
