What will be the top issues for in-house counsel in 2016? From data breaches to securities laws, there will be no shortage of interesting legal questions to confront in the coming months.
Data Security and Data Breaches!
No surprises here. We’re getting a little fed up with spectacular stories about compromised personal data, but there is no doubt 2016 will show us more, and companies are adapting and focusing on it more than ever.
Just this week we hosted a panel discussion in our Boston office with the ACC Northeast Chapterentitled, “Data Breach: NOW What Do You Do?” Please go to the ACC Northeast Chapter website for the relevant materials from this program. The panel was made up of our lead data security partner Gerry Silver as moderator, along with the assistant attorney general for Massachusetts in charge of data security, assistant GC from Capgemini, a cyber insurance expert, and the GC from an incident response software provider. The panelists ran through a hypothetical data breach scenario and guided the audience through the recommended response. There are still so many questions in this area, but the panelists provided some guidance. Top items for discussion:
- Data risk assessments should be done periodically, due to the ever-shifting nature of company data and our ability to protect it with various electronic and human resources.
- Make sure you understand all of your contractual obligations related to your data. Tracking this can be complex without keeping a database of the various (and differing) contract language related to your data.
- Check in with your insurer about cyber insurance. You may have gotten coverage due to a contract provision, but it may not be nearly enough to cover a major data breach.
- It’s important to make sure that your company’s leadership understands and buys in to your company’s data breach plan. In other words, communicating internally about your plan can be as important as communicating externally.
- The panelists had differing views on notification timelines and strategies in the event of a data breach, and we will likely offer a blog post on this soon.
- If there was a clear takeaway for us, as outside counsel, it was that our clients and in-house colleagues are carefully considering their incident response plans, and we will post about that soon, too.
- One excellent piece of advice: breathe, stay calm. Yes, easier said than done, but panic will not make anything better in any crisis situation.
- Overheard among the attendees: Some were anticipating the new EU Data Privacy guidelines, which are slated to be announced on February 2.
Don't miss Gerry's post on what to do after a data breach occurs:
Click here to read the post.
Will 2016 be the Year . . .
that we understand whether information divulged on social media is privileged?
The answer to this question is about as certain as oil prices right now (we’ll get to that later), but there have been some recent decisions that may point toward social media losing a little bit of its protective luster. It is, however, still complicated. If you’d like a nuanced look, our partner Andrew Solomonexplores this topic. The one certainty is that courts will continue to look at whether social media postings are discoverable because there is just so much potentially relevant information there.
And this just in . . . another interesting related wrinkle: There was a ruling last week in federal court in New York that a plaintiff could use Facebook to notify a defendant of a lawsuit. Perhaps this is an isolated case or a change in thinking about the utility of social media in lawsuits.
2016 May be a Busy Year at the SEC
In 2015, the SEC did a lot of rulemaking for both the JOBS Act and Dodd-Frank. In addition, Congress enacted the FAST Act, which impacted certain federal securities laws. For background on the JOBS Act, Dodd-Frank and the FAST Act, as well as 2016 updates, check out our new Blog, The SEC Pulse. We’ll update you in both long and short form on the essential SEC announcements in 2016.