Entries by Information Analyst

Cybersecurity in Multidistrict Litigation

/in , /by

Cybersecurity in Multidistrict Litigation

Insights

Cybersecurity in Multidistrict Litigation





Read More

ALM

 

Cybersecurity in Multidistrict Litigation

 

June 17, 2024

 

By Daniel B. Garrie, Michael Mann and Leo M. Gordon

MDLs can pose unique challenges for cybersecurity litigators as MDLs often involve large volumes of data that may be consolidated from disparate sources. This article examines some key cybersecurity considerations for attorneys that are part of an MDL.

 

Cybersecurity is becoming more important for the legal industry as more and more lawsuits involve large volumes of sensitive data. This is particularly true for multidistrict litigations (MDLs), which have become increasingly common in recent years. It is estimated that there are approximately 457,000 civil actions pending on MDL dockets, which represents approximately 67% of all pending civil litigation, throughout the United States, as of Dec. 31, 2023 (this information was computed from statistical reports from Judicial Panel on Multidistrict Litigation and U.S. District Courts—Civil Statistics Tables for the Federal Judiciary).

MDLs can pose unique challenges for cybersecurity litigators as MDLs often involve large volumes of data that may be consolidated from disparate sources. This article examines some key cybersecurity considerations for attorneys that are part of an MDL.

 

What Makes MDLs Unique

MDLs are litigations in which multiple lawsuits filed in various jurisdictions are consolidated into a single case. MDLs are meant to streamline the litigation process for multiple cases arising from the same or similar events. MDLs commonly involve cases in which a single large-scale entity’s actions affect many people located in various parts of the country. This is commonly seen in cases related to things like defective products, unsafe drugs, intellectual property infringement, oil spills, employment practices and securities fraud.

The decision to consolidate or coordinate pre-trial proceedings in disparate cases in a MDL is made by a national panel known as the Judicial Panel on Multidistrict Litigation. Once a MDL is created, steering committees are established for the parties (plaintiffs or defendants) to the litigation, and lead counsel is chosen for each group of parties. Cases are referred for consolidation or coordination in a MDL for the purposes of pre-trial proceedings, such as discovery, case management, including often deciding Daubert and nondispositive and dispositive motions, and possibly settlement discussions.

JAMS Releases New Rules for AI Disputes

/in /by

JAMS Releases New Rules for AI Disputes

Insights

JAMS Releases New Rules for AI Disputes





Read More

ALM

 

JAMS Releases New Rules for AI Disputes

 

April 23, 2024

 

By Rhys Dipshan

On Tuesday, alternative dispute resolution service provider JAMS announced new rules around disputes involving artificial intelligence. These rules cover a range of issues, including the protection of proprietary training data and AI models, as well as the knowledge needed to arbitrate disputes concerning AI software.

In a news release, JAMS noted that the rules “refine and clarify procedures for cases involving AI systems” and help “equip legal professionals and parties engaged in dispute resolution with clear guidelines and procedures that address the unique challenges presented by AI, such as questions of liability, algorithmic transparency, and ethical considerations.”

In addition, the rules sets forth a definition of AI, specifically defining the term as “a machine-based system capable of completing tasks that would otherwise require cognition.” Throughout the legal industry, defining AI has been tricky, with many judges differing on how they describe the technology, and what it entails.

In an email, JAMS President Kimberly Taylor told Legaltech News that the impetus behind the new rules was an anticipation of “new litigation arising from the technology. We believe that resolving AI-driven disputes via arbitration will require tailored rules that account for the complexity of the technology and that introduce other novel factual and evidentiary issues.”

 

Evolving AI and arbitration legal practices

/in /by

Evolving AI and arbitration legal practices

Insights

bank fraud defense





Read More

Evolving AI and arbitration legal practices

 
July 24, 2024
 
 

By Daniel B. Garrie and Ryan Abbott

The JAMS Artificial Intelligence Dispute Resolution Rules (AI Rules) are a crucial update of arbitration processes for modern technology. These rules streamline the resolution process and reduce the time and cost associated with resolving disputes. The impact of artificial intelligence (AI) on society is evident, yet the extent of its influence remains unclear. What is clear, however, is that AI-driven disputes will only increase in the coming years. These disputes will involve a wide range of conflicts from data privacy breaches, intellectual property infringement, unauthorized synthetic content, and trade secret misappropriation involving large language models (LLMs), to breach of contract. As it stands, alternative dispute resolution (ADR) today is largely ill-equipped to handle these types of disputes; in recognition of this, I, along with Dr. Ryan Abbott, worked closely with JAMS to develop JAMS Artificial Intelligence Dispute Resolution Rules (AI Rules). “JAMS Rules Governing Disputes Involving Artificial Intelligence Systems, effective April 15, 2024,” www. jamsadr.com/rules-clauses/ artificial-intelligence-disputes?clause-and-rules.

At a high level, the AI Rules establish that, unless otherwise agreed by the parties, JAMS will propose arbitrator candidates with AI knowledge (Rule 15(b)), mandate a protective order by default to secure sensitive information and stringent data handling during disputes (Rule 16.1(a)), and limit expert testimony to written reports and directed oral responses to maintain focus and confidentiality throughout the arbitration process (Rule 16.1(b)). The net effect of the AI Rules is that they streamline the resolution process and reduce the time and cost associated with resolving AI disputes.

ARBITRATOR SELECTION Rule 15(b) of the AI Rules provides that “JAMS shall propose, subject to availability, only panelists approved by JAMS for evaluating disputes involving technical subject matter with appropriate background and experience. JAMS shall also provide each party with a brief description of the background and experience of each Arbitrator candidate.” Id. at 15(b). This prerequisite helps to alleviate parties expending substantial resources educating the arbitrator on the technical aspects underpinning the dispute and that the arbitrator will be capable of adjudicating appropriately. For example, in a dispute concerning the execution of a funding agreement, the main issue is the alleged misrepresentation of a company’s machine learning algorithms’ capabilities and performance metrics, which were crucial in securing the funding. The Arbitrator should possess knowledge of AI to adequately understand the technical nuances of the case.

From Niche to Universal: The Broadened Application of NIST Cybersecurity Framework 2.0

/in /by

From Niche to Universal: The Broadened Application of NIST Cybersecurity Framework 2.0

Insights

NIST Cybersecurity Framework 2.0





Read More

ALM

 

From Niche to Universal: The Broadened Application of NIST Cybersecurity Framework 2.0

 

July 2, 2024

 

By Daniel B. Garrie, Esq., Yoav Griver

The National Institute of Standards and Technology (NIST) Cybersecurity Framework was created to provide a structured approach to managing cybersecurity risks and improving overall security measures. It serves as a guide for organizations to identify, protect, detect, respond to, and recover from cyberthreats effectively. The NIST recently unveiled the muchanticipated version 2.0 of its landmark Cybersecurity Framework. This update, as detailed in the NIST’s announcement, is designed to be more inclusive, extending its applicability across all sectors and industries, thereby reinforcing the importance of cybersecurity in the modern digital age. The expansion and refinement of the framework underscore the growing recognition of cybersecurity as a critical component of organizational integrity, regardless of the industry. This article explores the implications of the NIST Cybersecurity Framework 2.0 for organizations and elucidates why thirdparty cyber audits are instrumental in ensuring compliance and enhancing cybersecurity posture.

Understanding NIST Cybersecurity Framework 2.0

The NIST Cybersecurity Framework 2.0 is designed to be universally applicable, extending its reach beyond critical infrastructure sectors to encompass all industries. This inclusive approach is a response to the universal challenge of cybersecurity threats, which do not discriminate by sector. The framework’s expanded applicability means that organizations across various sectors, including those not traditionally considered part of critical infrastructure, such as education and retail, are now encouraged to adopt its guidelines to bolster their cybersecurity defenses. Moreover, the framework has been updated to offer enhanced flexibility, allowing organizations to tailor their cybersecurity strategies more effectively to their specific needs, risks, and contexts. This adaptability is crucial in a landscape where cyberthreats are constantly evolving, and one-size-fits-all solutions are often inadequate

To read the full article, go to ALM

Weathering the Storm: Insights on the SolarWinds Wells Notice

/in /by

Weathering the Storm: Insights on the SolarWinds Wells Notice

Webinar

Strengthening Bank Fraud Defenses



Register

About This Webinar

The SolarWinds breach has represented a landmark event in its scope and technical complexity, as well as in the ensuing impact it has had on regulatory oversight and executive liability. This major cybersecurity event, which affected both private corporations and government agencies, has been followed by the signing of Executive Order 14028 and the adoption of the new SEC ‘Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies.’ The attack is also serving to highlight the increasing potential for executive liability in cybersecurity incidents. Indeed, a Wells Notice received by current and former executives of SolarWinds in June 2023 was the first instance of a CISO being directly named. As this latest event continues to shape the way organizations understand and address cyber risk management, join our panel of industry leaders for a dynamic conversation at the intersection of cybersecurity and the law. This seminar will serve as a useful resource for lawyers aiming to understand the consequences of these developments and gain insight into crafting strategies to mitigate risks.

What You Will Learn
In this seminar, our panel of industry leaders begin by reviewing the Solar Winds attack to highlight key facts, the technical complexity of the attack method, and the breadth of affected parties. Our speakers then review the response to the breach, and focus on the SEC’s June 2023 Wells Notice, to highlight its potential implications for executive liability. The panel concludes the discussion by highlighting best practices to safeguard organizations and avoid the pitfalls of digital threats.

Topics covered in this webinar:   

  1. The Solar Winds Cyber Attack
  2. Regulatory Response
  3. Wells Notice
  4. Looking Ahead and Best Practices

Speakers:

  • Daniel B. Garrie, Esq.
    • Founder, Law & Forensics
    • Neutral, JAMS
    • Faculty, Harvard University
  • Rick Borden
    • Partner, Frankfurt Kurnit
  • Craig Martin
    • Partner, Investigations + White Collar Defense Practice Group Co-Chair, Morrison Foerster
  • Lana Yang
    • Senior Counsel and Senior Manager of Information Governance, Security, and Privacy, Mitsubishi Corporation (Americas)

Attending the webinar

If you would like to attend the program, please click this link and add the program to your “Cart.” Please note you may need to click the link twice to reach the webinar’s page.

Data Defender: Insights on the FTC, Privacy, and Data Surveillance

/in /by

Data Defender: Insights on the FTC, Privacy, and Data Surveillance

Webinar

FTC



Register

About This Webinar

In a world where data breaches are becoming alarmingly common, understanding the cybersecurity regulatory landscape is not just beneficial, but vital to corporate risk management. Experience the fascinating intersection of law and technology in “Insights on the FTC, Privacy, and Data Surveillance,” a course that illuminates the intricacies of developing regulatory data privacy and security oversight. This seminar will help strengthen your command over the relevant FTC regulations, data privacy, and surveillance, solidifying your stand in the dynamically evolving cyber legal sphere.

What You Will Learn

Our panel of legal and technical experts begins the program by providing an overview of the FTC and its enforcement authority, followed by a discussion of the GLBA Safeguarding Rule and the FTC’s role in enforcing it. The speakers then discuss the FTC Rulemaking Process, highlighting through their diverse perspectives and experiences key considerations. Finally, our panelists discuss the Trade Regulation Rule on Commercial Surveillance and Data Security ANPR currently in process and conclude with a discussion of important recent cases that have helped shape the FTC’s rulemaking authority.

Topics covered in this webinar:   

  1. The Federal Trade Commission: Overview
  2. The FTC and the GLBA Safeguarding Rule
  3. FTC Rulemaking Process
  4. Trade Regulation Rule on Commercial Surveillance and Data Security ANPR
  5. Recent Cases

Speakers:

  • Daniel B. Garrie, Esq.
    • Founder, Law & Forensics
    • Neutral, JAMS
    • Faculty, Harvard University
  • Aaron Tantleff
    • Partner, Foley & Lardner LLP
  • Tarique Collins
    • Chief Legal Officer, Click Therapeutics, Inc.
  • Tammy Klotz
    • Cybersecurity & IT Executive
  • Stewart Baker
    • Of Counsel, Steptoe & Johnson LLP

Attending the webinar

If you would like to attend the program, please click this link and add the program to your “Cart.” Please note you may need to click the link twice to reach the webinar’s page.

Software Patent Puzzle: Legal Protections in the Digital Age

/in /by

Software Patent Puzzle: Legal Protections in the Digital Age

Webinar

Software Patent



Register

About This Webinar

The digital era commands an understanding of software patents. They shape competitive landscapes, attract investment, offer defensive legal strategy, and respond to shifting legal norms. This seminar is aimed at providing a comprehensive understanding of software patents. By examining the specifics of software and patents, insights from SCOTUS on the “Physicality” of software, challenges in litigating software patents, software patent infringement, and future technology developments, this seminar offers a solid foundation and practical tools for legal professionals navigating the complexities of software patent law.

What You Will Learn

Participants will gain insights into the unique aspects of software patentability, including software “Physicality” and its implications as outlined by SCOTUS. The seminar will discuss common litigation challenges associated with software patents, delve into infringement issues, and offer a perspective on emerging technologies, such as AI, and their impact on patent law.

Who Should Take This Seminar

This seminar is intended for practicing attorneys, legal professionals in training, and patent agents who deal with, or are interested in, software patents. If your work involves managing intellectual property rights, specifically in the software industry, or you are involved in developing legal strategy for software-related matters, this seminar offers practical insights and tools to enhance your practice.

Topics covered in this webinar:   

  1. Overview of Software and Patents
  2. Patentability of Software “Physicality”: Insights from SCOTUS
  3. Challenges of Litigating Software Patents
  4. Infringement and Software Patent Litigation
  5. Looking Ahead and Technology Developments

Speakers:

  • Daniel B. Garrie, Esq.
    • Founder, Law & Forensics
    • Neutral, JAMS
    • Faculty, Harvard University
  • Hon. James Ware
    • Neutral, JAMS

Attending the webinar

If you would like to attend the program, please click this link and add the program to your “Cart.” Please note you may need to click the link twice to reach the webinar’s page.

Lessons for CISOs from the SolarWinds Breach and SEC Enforcement

/in /by

Lessons for CISOs from the SolarWinds Breach and SEC Enforcement

Insights

Lessons for CISOs





Read More

ALM

 

Lessons for CISOs from the SolarWinds Breach and SEC Enforcement

 

May 2024

 

By Daniel B. Garrie, Esq., David cass, and Jennifer Deutsch

In an era where digital threats loom large, the responsibilities of Chief Information Security Officers (CISOs) have expanded beyond traditional IT security to encompass a broader governance, risk management, and compliance role. The infamous SolarWinds Corp. attack, which compromised numerous public and private organizations globally, illustrates the complex cybersecurity landscape CISOs navigate. The subsequent legal and regulatory responses, including a complaint by the U.S. Securities and Exchange Commission (SEC), underscore the critical role of CISOs in not only safeguarding digital assets but also ensuring compliance with evolving cybersecurity disclosure requirements. This article examines the SolarWinds incident and the SEC’s actions to derive essential governance lessons for CISOs.  

In 2020, SolarWinds disclosed that it had been subject to a cyberattack, commonly referred to as “SUNBURST.” SUNBURST is believed to have been conducted by Russian state-sponsored hackers and affected over 18,000 customers, including government agencies and Fortune 500 companies.i Attackers compromised the infrastructure of SolarWinds, a leading provider of IT management software, to distribute malicious updates to the company’s Orion software.  

In response to the breach, on October 30, 2023, the SEC sued SolarWinds and its CISO, Timothy G. Brown, in connection with the SEC Division of Enforcement’s investigation of the cyberattack.ii The SEC alleges that from October 2018, when SolarWinds went public, to January 2021, SolarWinds and Brown “defrauded SolarWinds” investors by overstating SolarWinds’ cybersecurity practices and understating or failing to disclose known risks.iii In its filings with the SEC, SolarWinds allegedly misled investors by disclosing only generic and hypothetical risks at a time when SolarWinds and Brown knew of specific deficiencies in SolarWinds’ cybersecurity practices as well as the increasingly elevated risks the company faced at the same time.iv Recently, the SEC filed an amended complaint that lays out the same claims it made against the company last fall, only in greater detail.v

To read the full article, go to ALM

Using AI to Predict Outcomes in Class Action Litigation

/in /by

Using AI to Predict Outcomes in Class Action Litigation

Insights

AI in Class Action Litigation





Read More

ALM

 

Using AI to Predict Outcomes in Class Action Litigation

 

May 3, 2024

 

By Daniel B. Garrie, Esq. and Michael Mann

In evaluating whether to take on a potential class action case, attorneys have to consider many things. How many other people have been harmed in the same way as the prospective plaintiff? How likely is it that their claims will succeed? How likely is it to get class certification? Have other lawsuits asserting the same claims already been filed? It can be a challenging analysis to undertake even before getting involved in the actual case. The development of legal artificial intelligence (AI) tools in recent years is starting to have an impact on this type of analysis for class actions. This article explores how using AI can impact class action lawsuits and change the legal landscape.

But first, what does AI mean in this context? The term AI within the legal technology field refers, at a basic level, to software designed to perform fairly routine language-related tasks, such as reading court rulings, very quickly over a large data set. It generally involves machine learning, which enables the software to improve its performance according to human direction and feedback. Legal AI tools use natural language processing (NLP) software that can understand written or spoken commands, enabling lawyers to easily give direction and feedback to the AI without needing to use computer programming.

One use of AI in the legal field is to predict court rulings on potential litigation issues. AI tools can analyze extremely large volumes of court rulings to determine the decisions reached by the judge in relation to the facts of each case. This analysis can be used to identify trends in fact patterns corresponding with favorable or unfavorable rulings as well as other types of trends such as those pertaining to jurisdiction, specific judges, specific types of plaintiffs, specific defendants, etc.

To read the full article, go to ALM

Navigating personal liability: post data-breach recommendations for CISOs

/in , /by

Navigating personal liability: post data-breach recommendations for CISOs

Insights

data-breach recommendations for CISOs





Read More

CSO Online

 

Navigating personal liability: post data-breach recommendations for CISOs

 

April 29, 2024

 

By Daniel B. Garrie, Esq. and Richard A Kramer

CISOs can avoid being liable for data breaches by following legal advice, communicating effectively with internal and external stakeholders, and demonstrating commitment to avoid future incidents.

The key to minimize personal liability for CSOs and CISOs after a data breach is to act responsibly and reasonably. The current state of the law is that those involved in an organization that is threatened or affected by a data breach are expected to react reasonably under the circumstances. To meet this standard, one should engage and follow legal advice, communicate effectively, and demonstrate a commitment to addressing the breach and preventing future incidents. By following these recommendations, CSOs, and CISOs can navigate the challenging terrain of a data breach while minimizing their own risk of personal liability.

A data breach can have significant financial, reputational, legal, and emotional implications for an organization, its personnel, clients, and a wide range of others. When a data occurs, affected persons become concerned with what may have happened and how it could negatively impact them. Not only is there a real threat to their financial well-being, but there is also a perceived disquieting attack on personal privacy. And beyond those reactions, government regulators as well as politicians often spring into action for a wide range of purposes.

For chief security officers (CSOs) and chief information security officers (CISOs), a breach presents unique challenges, including potential personal liability. While it is rare, personal liability for CSOs and CISOs is not entirely out of the question. In cases where it can be demonstrated that the CSO or CISO acted negligently or failed in their duties, they could potentially be held personally liable. This could result in financial penalties, disqualification from holding director or officer positions, and, in extreme cases, criminal charges.

To read the full article, go to CSO Online