The Cybersecurity Law Report

Incisive intelligence on cybersecurity law and regulation

Articles By Topic

By Topic: Corporate Liability

  • From Vol. 3 No.2 (Jan. 25, 2017)

    Triaging Security Projects in the Current Legal Landscape

    Escalating cyber threats, liability risks and the numerous legal and regulatory standards make it difficult for a company to know how to plan and prioritize security projects. During a recent webcast, ZwillGen attorneys Amy Mushahwar and Marci Rozen offered their advice on top-priority security projects for mitigating corporate risk, and discussed how to determine and understand applicable data security regulations and guidelines, as well as the potential liabilities and business harms that can arise from inadequate security. See also “Demystifying the FTC’s Reasonableness Requirement in the Context of the NIST Cybersecurity Framework (Part One of Two)” (Oct. 19, 2016); Part Two (Nov. 2, 2016).

    Read Full Article …
  • From Vol. 2 No.8 (Apr. 13, 2016)

    Picking up the Pieces After a Cyber Attack and Understanding Sources of Liability

    The expanding range of cyber threats companies face are forcing them to consider how best to anticipate, prevent and manage cyber attacks. In a recent PLI program, Brian E. Finch, a partner at Pillsbury Winthrop Shaw Pittman, discussed the changing landscape of cyber threats, sources of liability for a company and strategies to manage cybersecurity risk and related litigation, including a list of post-breach do’s and don’ts. See also “After a Cyber Breach, What Laws Are in Play and Who Is Enforcing Them?” (May 20, 2015).

    Read Full Article …
  • From Vol. 2 No.3 (Feb. 3, 2016)

    How In-House Counsel, Management and the Board Can Collaborate to Manage Cyber Risks and Liability (Part Two of Two) 

    Through engagement, risk assessment, and continual review of cybersecurity risks and solutions, directors can both mitigate their own liability as well as the data security and litigation risks threatening the company. Part two of our two-part series on the board’s critical role in cybersecurity and data privacy issues addresses: how the board can follow up on management presentations; steps it should take after a breach; recent post-breach derivative suit caselaw; and how the board, in-house counsel and management can ensure a strong defense to such derivative actions. Part one provided best practices for management and in-house counsel to educate the board and keep the directors updated on cyber-related issues. See also “The Multifaceted Role of In-House Counsel in Cybersecurity” (Dec. 9, 2015).

    Read Full Article …
  • From Vol. 1 No.18 (Dec. 9, 2015)

    Building a Strong Cyber Insurance Policy to Weather the Potential Storm (Part Two of Two)

    The enormous liability and costs that cyber incidents generate make cyber insurance a new reality in corporate risk management plans across industries.  This article, the second article in the series, explores policy exclusions and pitfalls to watch out for, including lessons from recent cyber insurance coverage litigation and steps companies can take to increase the likelihood of insurance coverage under their cyber policy.  Part one in the series covered navigating the placement proces –  having the proper individuals involved, finding the right insurer and securing the best policy for your company.  See also “Analyzing the Cyber Insurance Market, Choosing the Right Policy and Avoiding Policy Traps,” The Cybersecurity Law Report, Vol. 1, No. 2 (Apr. 22, 2015).

    Read Full Article …
  • From Vol. 1 No.18 (Dec. 9, 2015)

    The Multifaceted Role of In-House Counsel in Cybersecurity 

    To effectively advise corporations on cybersecurity issues, in-house counsel must navigate myriad issues that can vary across industries, state and international jurisdictions as well as privacy and information security contexts.  A recent PLI program brought together privacy and information security counsel from various industries to share insights on the role of in-house counsel charged with securing business-critical and confidential data and technology.  They discussed the different responsibilities for data privacy and cybersecurity professionals, international data privacy and protection laws, and offered strategies for in-house counsel to prevent internal cybersecurity threats, develop breach prevention and response policies and handle vendors.  The panel was moderated by Lori E. Lesser, a partner at Simpson Thacher, and included top practitioners Rick Borden, chief privacy officer at the Depository Trust & Clearing Corporation; Nur-ul-Haq, U.S. privacy counsel at NBCUniversal Media; Michelle Ifill, senior vice president at Verizon and general counsel of Verizon Corporate Services; and Michelle Perez, assistant general counsel of privacy for Interpublic Group.  See “Analyzing and Complying with Cyber Law from Different Vantage Points (Part One of Two),” The Cybersecurity Law Report, Vol. 1, No. 8 (Jul. 15, 2015); and Part Two, Vol. 1, No. 9 (Jul. 29, 2015).

    Read Full Article …
  • From Vol. 1 No.18 (Dec. 9, 2015)

    Proactive Steps to Protect Your Company in Anticipation of Future Data Security Litigation (Part Two of Two)

    There are several steps companies can take before and after a data breach to best position themselves for the litigation likely to follow.  In this second installment of our coverage of a recent Mintz Levin webinar, partners Kevin McGinty and Mark Robinson explore best practices for internal investigations and common defenses in data breach class actions.  The first article featured insight from partner Meredith Leary on how companies can put themselves in the best position now to defend their actions post-breach and Robinson’s list of threshold questions that companies can ask themselves at the outset of a data breach internal investigation.

    Read Full Article …
  • From Vol. 1 No.17 (Nov. 25, 2015)

    Building a Strong Cyber Insurance Policy to Weather the Potential Storm (Part One of Two)

    With cyber attacks continuing to strike companies of all sizes, cyber insurance has become an important component of corporate risk management strategies.  While cyber risk insurance can provide coverage for the litany of potential damages that a company may suffer in the wake of a data breach, it is wildly different from the usual insurance marketplace – it is nascent, changing and varied.  This, the first article in our two-part series on getting the right cyber coverage in place, provides guidance on navigating the insurance placement process, selecting the individuals who should be involved, finding the right insurer and securing the best policy for your company.  Part two will explore lessons from recent cyber insurance coverage litigation, including steps companies can take to increase the likelihood of insurance coverage under their cyber policy and what policy exclusions and pitfalls to watch out for.  See also “Transferring Risk Through the Right Cyber Insurance Policy,” The Cybersecurity Law Report, Vol. 1, No. 15 (Oct. 28, 2015).

    Read Full Article …
  • From Vol. 1 No.17 (Nov. 25, 2015)

    Proactive Steps to Protect Your Company in Anticipation of Future Data Security Litigation (Part One of Two)

    In addition to the direct consequences of a data security incident, many companies that suffer data breaches must face lawsuits.  In a recent webinar, Mintz Levin members Meredith Leary, Kevin McGinty and Mark Robinson discussed the various types of data security litigation and gave advice on how companies can best prepare for the likelihood of a lawsuit after a data breach.  This article, the first in a two-part series, features their insight on how companies can put themselves in the best position now to defend their actions later.  The panelists also identified threshold questions that companies can ask themselves during an internal investigation following a data breach.  In the second article, they further explore best practices for internal investigations and common defenses in data breach class actions.  See also “Liability Lessons from Data Breach Enforcement Actions,” The Cybersecurity Law Report, Vol. 1, No. 16 (Nov. 11, 2015).

    Read Full Article …
  • From Vol. 1 No.15 (Oct. 28, 2015)

    Transferring Risk Through the Right Cyber Insurance Coverage

    As companies recognize that they cannot ignore the risk of a significant cyber breach, they are looking to insurance policies to bear at least some of that risk.  Selecting the right cyber insurance, however, presents challenges in an ever-changing cyber insurance market.  In a guest article, BakerHostetler partner Judy Selby explains the cyber insurance options available, how to select the best insurance for your company and what to expect from the often-intrusive application process.  See also “Analyzing the Cyber Insurance Market, Choosing the Right Policy and Avoiding Policy Traps,” The Cybersecurity Law Report, Vol. 1, No. 2 (Apr. 22, 2015).

    Read Full Article …
  • From Vol. 1 No.9 (Jul. 29, 2015)

    Analyzing and Complying with Cyber Law from Different Vantage Points (Part Two of Two)

    As breaches proliferate, civil litigations related to breaches have too – and some of them can become “bet the company” cases.  In our continued coverage of a recent conference hosted by Georgetown Law’s Cybersecurity Law Institute, panelists discuss the compliance lessons from shareholder derivative suits and class actions that have followed breaches, as well as how companies should use government cybersecurity guidance in their programs.  The moderator and panelists come to cybersecurity and data privacy with different perspectives – the panel included plaintiffs’ counsel from Edelson PC; principal for reliability and cybersecurity for Southern California Edison; in-house counsel at IT company CACI International; and defense counsel from Alston & Bird.  The first article of this two-part series contained the panelists’ insights on the sources of liability for companies, best practices when collecting personal data and takeaways from government enforcement actions.

    Read Full Article …