Category: Legal Ethics
As we previously detailed, the coronavirus pandemic has expanded opportunities for nefarious actors to exploit the digital vulnerabilities of individuals, local governments, industries, organizations, and essential services as they rapidly adapt to the public health crisis. Recent reports have confirmed that attacks and cyber scams associated with the pandemic are in fact on the rise.
Lawyers don’t get a free pass when it comes to data security. In fact, ethical rules impose a series of obligations on lawyers when they or their firms are subject to a data breach.
In a significant ethics opinion issued last month, Formal Opinion 483, Lawyers’ Obligations After an Electronic Data Breach or Cyberattack, the American Bar Association’s Standing Committee on Ethics and Professional Responsibility provides a detailed roadmap to a lawyer’s obligations to current and former clients when they learn that they – or their firm – have been the subject of a data breach.
In the most recent object lesson in a data breach privilege case, a federal appeals court has ordered a Michigan-based mortgage lender to turn over privileged forensic investigatory documents after the investigator’s conclusions were revealed in discovery.
While courts and the Federal Rules of Evidence take an increasingly pragmatic approach to the question of when inadvertent disclosure of privileged information results in waiver, a recent federal magistrate’s ruling serves as a potent warning that use of a file-sharing site—without sufficient safeguards—may constitute a waiver. Harleysville Insurance Co. v. Holding Funeral Home, Inc., No. 1:15-cv-00057 (W.D. Va. Feb. 9, 2017) is the first published decision to find that the use of a file-sharing site to exchange potentially privileged information constituted a waiver of the attorney-client privilege and work product protection—because the company failed to password protect its transmission.
In what New York’s top federal prosecutor called a “wake-up call for law firms around the world,” three Chinese citizens have been charged with hacking into the servers of two prominent – but unidentified – international law firms to steal confidential client information in connection with pending M&A deals
This is our final installment in a three-part series examining the New York State Department of Financial Services (“DFS”) new cybersecurity regulation. In this installment, we provide an overview of the regulation’s impact on third-party vendors and business partners, including law firms.
This is our second installment in a three-part series examining the New York State Department of Financial Services (“DFS”) new cybersecurity regulation. In this installment, we provide an overview of the regulation’s impact on corporate governance and the scope of liability for corporate boards.
This is the first installment in a three-part series examining the New York State Department of Financial Services (“DFS”) new cybersecurity regulation. The Patterson Belknap Privacy and Data Security Team has studied the regulation, its legislative and regulatory underpinnings, and practical consequences.
On July 21st, Patterson Belknap and Berkeley Research Group hosted a Practising Law Institute (PLI) briefing on law firm cybersecurity.
Self-defense is a natural, almost reflexive human instinct. But it has a complicated history in American law, full of contradiction and compromise. Many jurisdictions have long recognized that an otherwise illegal act—such as taking a swing at a purse-snatcher—may be justifiable (and therefore legally permissible) in the context of fending off a physical threat or attack. But victims of cyber-attacks—who may be tempted to “hack back”—have yet to enjoy such a privilege. In fact, following through on this natural instinct in cyberspace could lead to criminal and civil liability.
We are pleased to announce the launch of Data Security Law Blog, Patterson Belknap’s newest resource for the latest news, analysis and thought leadership in the critical area of privacy and cybersecurity law.