In 2018, 1,244 data breaches occurred in the U.S. with over 445.6 million records exposed with a cost of $654 billion. Lawyers make a promise to safeguard confidential client data when they enter into an attorney-client relationship. Today’s digital world means taking extra steps to ensure the security of data that lawyers text/email, save to the cloud, or otherwise electronically transmit. But what happens in the unfortunate event of a cyber-attack? Every state has a data breach notification statute that outlines when and how to notify individuals about compromised data. While this and other laws may apply, lawyers also have unique ethical duties to perform regarding data privacy. Failure to fulfill these ethical duties can result in disciplinary actions such as license suspension.
After a long silence since guidance was last issued a year ago, there’s now widespread expectation that the Securities and Exchange Commission will get much more specific this year about new cybersecurity disclosures for public companies. Recent actions also signal the commission is paying close attention not just to disclosures, but to weaknesses that create cybersecurity risks at companies.read more
In late 2018 the U.S. District Court of New Jersey indicted two Iranian men for allegedly running a hacking scheme that hit local and state governments as well as transportation agencies and hospitals across the U.S. The scheme involved infecting corporate networks with SamSam malware, which encrypted data on computers in the networks, then blackmailing the institutions by requiring a ransom payment in return for the decryption keys. read more
Australia has recently taken significant action in the realm of data security that will potentially have global impact. In December 2018, the Australian Competition and Consumer Commission (“ACCC”) released recommendations on ways big technology companies can improve data security.read more