A Fortress or a Sieve: Cybersecurity and the Law
CBA Today June 24, 2016
“We’ve been hacked.”
These are the words every CEO fears. Increasingly, they are words every lawyer expects to hear from a client. Data breaches are now commonplace, and it is the rare individual or business who will not be affected by them in some way.
The consequences of a data breach range from embarrassing to crippling. Thanks to a massive 2015 data breach at Ashley Madison, the world now knows that Josh Duggar (of 19 Kids and Counting fame) maintained a paid account at a website created to offer individuals a discrete way to cheat on their spouses. But the Ashley Madison debacle is just the most garish in a spate of recent data breaches wreaking havoc for global businesses and their customers.
In the last few years, data breaches at Target, Sony Pictures, eBay, and JP Morgan Chase, have all made headlines. Breaches such as these, along with other cybersecurity issues, rightly strike fear into the hearts of lawyers, for at least two reasons.
First, we worry about a data breach affecting our clients, friends, and colleagues. The costs of containing and mitigating a data breach can be substantial, as can the reputational harm to the company that gets hacked. The Target data breach alone affected 40 million credit and debit card accounts, and 70 million customers. According to corporate filings, the breach cost Target $252 million through the end of 2014. In 2015, Anthem health care discovered a data breach that compromised 80 million patient and employee records. Some industry analysts have speculated that the breach could cost Anthem billions of dollars.
Second, lawyers and law firms routinely handle all sorts of confidential, protected, and sensitive information for clients. That information can be stored in hard files that are not susceptible to cyberattack, but more and more, such information is stored electronically.
The good news is that the increasing incidence of data breaches is forcing companies and their counsel to focus on security and prevention, adopt proper procedures for handling of breaches when they happen, and contain costs where possible. There’s also been an increase in CLE programming to help educate lawyers to cybersecurity risks and opportunities.
If you’d like to learn more about lawyers online, cybersecurity, and data breaches in a fun setting (for CLE credit, no less), consider attending the CBA’s upcoming CLE and cocktail event, “Al Gore Invented the Internet to Make Your Job Harder: Lawyers and Law Firms Online.” The event will take place on July 21, 2016 from 1:30 to 4:45 p.m., followed by a cocktail hour and speed networking event. Attendees earn 2.0 hours of CLE credit.