Small Law Firms Must Take Action and Address Cybersecurity and Privacy Regulations

March 19, 2024/in Article, Cyber security/by Information Analyst

Small Law Firms Must Take Action and Address Cybersecurity and Privacy Regulations

Insights

ALM

Small Law Firms Must Take Action and Address Cybersecurity and Privacy Regulation

February 15, 2024

By Daniel Garrie, Esq., Peter A. Halprin, Esq., and Elsa Ramo, Esq.

Cybersecurity and privacy regulations have become increasingly important in recent years due to the exponential growth of technology and the internet. The legal industry, including small law firms, is not immune to these challenges. In fact, small law firms must prioritize cybersecurity and privacy regulations to protect their clients’ sensitive information and maintain their professional reputations. This article explores the reasons why small law firms need to care about cybersecurity and privacy regulations and provides recommended first steps.

Six Reasons Why Small Law Firms Should Be Concerned About Cybersecurity and Privacy Regulations

1. Ethical Obligations

As legal professionals, lawyers have an ethical obligation to protect their clients’ confidential information. Rules of professional conduct across various jurisdictions emphasize the importance of maintaining client confidentiality and safeguarding client data. Failing to uphold these ethical obligations can lead to disciplinary action.

From social media posts to a third-party vendor who is managing the website to a company processing a credit card payment on behalf of the firm, the lawyer has an ethical responsibility to ensure that all parties that interface with the law firm are operating under strict confidentiality and complying to prevent the disclosure of confidential information.

1. Legal Obligations

Small law firms may also be subject to privacy regulations, such as the California Consumer Privacy Act (CCPA). Non-compliance with these regulations can result in financially devastating consequences for small law firms.

As noted above, it is not simply a limited duty for the attorney to maintain confidentiality, but rather the attorney and law firm have a legal obligation to ensure that client information is stored in a way that protects privacy. More often than not, small law firms are paperless and store virtually all of their data electronically, so the law firm must ensure that how, where, and who is storing that data is in compliance with applicable law.

To read the full article, go to ALM

SEC new cybersecurity rules and protection of trade secrets

SEC’s New Cybersecurity Rules and Protection of Trade Secrets

August 28, 2023/in Article, Cyber security/by Information Analyst

SEC’s New Cybersecurity Rules and Protection of Trade Secrets

Insights

Law360

Between Disclosure and Discretion: The SEC’s New Cybersecurity Rules and The Protection of Trade Secretes

August 25, 2023

By Daniel Garrie and Bradford Newman

The prevailing wisdom among chief information security officers and cybersecurity professionals has long been that effective cyber preparedness requires shielding threat actors’ visibility into the technical defenses and strategies employed to protect corporate computer systems from unauthorized third-party attacks.

In July, the U.S. Securities and Exchange Commission adopted cybersecurity risk management rules that flip this proverbial script, threatening substantial fines, shareholder lawsuits and the full spectrum of other penalties for regulated companies that do not comply with the newly required broad public disclosures.

In fact, a stated intent of the SEC in promulgating the new rules is transparency that promotes a culture of accountability and vigilance.

The regulatory hope is that this proactive approach will not only lead to better visibility in the public markets but require companies to be more diligent in their cyber preparedness.

Mandates that include disclosure of material cybersecurity incidents — and public descriptions of the processes for assessing, identifying and managing risks from cybersecurity threats — now force companies to show the world, including the threat actors, the specific know-how, processes and methodologies that historically have been most effective in protecting companies from cyber intruders only when kept secret.

This is a paradigmatic shift in the world of cybersecurity.

While the SEC cybersecurity rules have garnered substantial media coverage, little to no attention has been given to how compliance necessarily affects the protection of trade secrets.

This article seeks to start the conversation by highlighting some of the key considerations concerning the intersection of SEC reporting compliance and trade secret protections.

The end goal is to assist the industry with processes that strengthen, rather than compromise, corporations’ abilities to safeguard valuable confidential information.

To read the full article, go to LAW360

Protecting Against State-Sponsored Cyber Hostilities

August 21, 2023/in Article, Cyber security/by Information Analyst

How the SEC is Transforming Corporate Cybersecurity Oversight

August 21, 2023/in Article, Cyber security/by Information Analyst

SEC Cybersecurity Regulations Impacting Corporate Governance

August 21, 2023/in Article, Cyber security/by Information Analyst

Navigating Vendor Cybersecurity Risks

June 12, 2023/in Article, Cyber security, Press Releases/by Information Analyst

In the face of a progressively interconnected digital landscape, successfully managing the cybersecurity risks posed by vendors is an escalating concern for all businesses.

Cybersecurity Tabletop Exercise for a Multinational Insurance Brokerage Company

May 15, 2023/in Cyber security, News, Press Releases/by Information Analyst

L&F has recently hosted a successful cybersecurity tabletop exercise for a multinational insurance brokerage company.

Proposed Amendments to Cybersecurity Regulation

New York DFS Proposed Cybersecurity Regulations

December 14, 2022/in Article, Cyber security/by Information Analyst

NYDFS issues Proposed Amendments to 2017 Cybersecurity Regulation 23 NYCRR 500, with a 60-day public comment period until Jan 9, 2023.

To Catch a Trade Secret Thief With Forensic Neutrals

November 9, 2022/in Article, Cyber security/by Information Analyst

Remediating the theft of a trade secret can be likened to a dried red wine stain on your favorite white shirt. While the stain is readily visible, removing the stain and restoring the shirt to its original condition is difficult, and sometimes impossible. Similarly, discovering the theft of a trade secret does not solve the underlying business issues created by the theft. Those business issues require the organization to identify the bad actor who stole its trade secret and then ensure all evidence of the trade secret is removed from the thief’s possession.

Cyberattacks in the Health Care Industry: The Way Forward

July 28, 2022/in Article, Cyber security, Cyber Warfare/by Information Analyst