Close
Enter your
text here

Security

New Survey Says 75 Percent of Respondents Unfamiliar with China’s New Cybersecurity Law: eDiscovery Trends

Are you familiar with it?

According to a survey conducted by Consilio and released earlier this week, 75 percent of legal technology professionals responding to the survey indicated that they are not familiar with China’s new Cybersecurity Law, which was passed by the Standing Committee of the National People’s Congress, China’s top legislature, in November 2016.  The new law is set to go into effect on June 1.

China’s new Cybersecurity Law will require foreign companies conducting business in the country to localize their data within mainland China which may contain sensitive privacy data or state secrets. Organizations that do not adhere to this provision will face potential financial penalties, including the possible loss of their ability to conduct business in mainland China. Individuals can face civil and criminal penalties, up to and including imprisonment and the death penalty for particularly egregious cases.

For more on China’s Cybersecurity Law, you can read Understanding China’s Cybersecurity Law, by Chris Mirasola on the LawFare blog here.  An unofficial translation of the law can be found on the China Law Translate site here.

Consilio’s survey of 118 legal technology professionals, from in-house law departments, law firms and government affiliated entities, was conducted at the Legalweek | Legaltech® New York 2017 conference held January 31 – February 2.  Some key findings of the survey include:

  • 75 percent of legal technology professionals cited that they are not familiar with China’s new Cybersecurity Law;
  • Only 14 percent of respondents indicated that they are “very concerned” about the new law;
  • Yet, 57 percent of respondents indicated having at least one legal matter that touched China within the last two years (i.e. internal or government investigations, litigation, M&A, etc.), with 27 percent indicating that they knew of at least ten Chinese legal matters that their organizations were involved in during that time.

“China is now the world’s second largest economy, and for global corporations and those that aspire to be global, it is critical for them to have a full understanding of the data requirements and regulatory landscape of that region,” said Dan Whitaker, Managing Director of Consilio’s China operations, headquartered in Shanghai. “Since 2012, cyber walls have been going up in multiple regions around the world, and as countries continue to create new regulations, organizations must continually educate themselves on the quickly evolving nuances of data privacy laws in every jurisdiction, specifically as it relates to the ability to move data in and out of the countries in question.”

In addition to China’s new Cybersecurity Law, when polled about other international compliance laws their organizations are most concerned about, respondents identified the Foreign Corrupt Practices Act, or FCPA as the most concerning (40 percent), with the General Data Protection Regulation, or GDPR (22 percent) and the UK Bribery Act (8 percent) as other regulations respondents are concerned about.

Consilio has prepared a summary infographic to illustrate the results, which can be found here.

So, what do you think?  Are you familiar with China’s new Cybersecurity Law?  Are you concerned about it?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Looking Back at Predictions That I Made Three Years Ago, Part 2: eDiscovery Predictions Revisited

Yesterday, I took a look back at two posts that comprised six eDiscovery predictions for 2014 that I wrote three years ago.  I thought it might be fun to look back at those posts to see how those predictions fared.  I covered the first three predictions yesterday, so today I’ll cover the last three.

Prediction 4: Data security will be more of an emphasis than ever, yet we will continue to see more data breach stories than ever.

If you follow our blog regularly, you know that we assign categories to each blog post to make it easier to find posts related to specific topics (that’s how you can quickly find all 500+ case law posts we have published since the inception of the blog back in September 2010).  In January of 2014, we hadn’t yet even created a “Security” category – that’s how little the topic was being discussed.  Now, we not only have a category, we currently have over 40 posts that have discussed data security and cybersecurity.  In addition to increased coverage on our blog, there are several other blogs and resources either dedicated to cybersecurity issues in the legal arena or at least covering them extensively.  So, there is plenty of discussion to go around.

Are we seeing more data breach stories than ever?  We’ve covered several breach stories on our blog, including this one about my hometown baseball team, this one about a website dedicated to cheating spouses (ok, maybe they had it coming) and this one about a Panamanian law firm that exposed (alleged) illicit offshore holdings of global political leaders and celebrities.  Not to mention the data breach associated with our recent presidential election.  Clearly, despite increased focus on protection from cybersecurity breaches, they still happen and happen frequently.

Prediction 5: Small to medium sized law firms will need to leverage virtual resources more than ever to compete.

Three years ago, it seemed clear to me that small to medium sized law firms would need to outsource more to compete with the big firms that could afford to insource eDiscovery services.  And, I wasn’t the only one advocating the benefits of outsourcing as people like eDiscovery thought leader Ralph Losey (author of the excellent e-Discovery Team® blog and member of big firm Jackson Lewis) were asking questions like “Why should you own and operate a nonlegal e-discovery business within your walls under the guise of a litigation support department?”

I’m not sure that I’ve seen much change in this area, with one exception.  More firms – small, medium and large – have embraced self-service SaaS automation eDiscovery platforms than ever before (and providers are taking note as many of the “big boy” providers are changing their business models to offer that option).  In my opinion, SaaS automation has definitely revolutionized eDiscovery for solo and small firms, giving them access (for the first time) to full-featured eDiscovery solutions that fit within their budget.  So, in that regard, they are able to compete with the big firms.

Prediction 6: Educating attorneys on eDiscovery best practices will continue to be a slow, painful process.

Year after year, I’ve asked various eDiscovery thought leaders at LegalTech New York (our seventh annual interview series is coming up next month!) if attorneys are beginning to “get” eDiscovery.  And, year after year, most of them say that we have a long way to go in that area.  Up to now, I agree.

But, things may finally be changing.  In 2015, California adopted Formal Opinion No. 2015-193, which discussed an attorney’s ethical duties in the handling of discovery of electronically stored information.  As of the beginning of 2017, more than half of all states – 26 in all – have some sort of ethical guidance with regard to understanding technology.  And, late last year, Florida mandated three hours of technology CLE for attorneys over a three year period, starting January 1 of this year (which is one reason why Florida is one of the states where we have approved CLE for our webcast next week).

It appears that more state bars are beginning to understand the importance for attorneys to understand the technology.  And, that technology is continuing to become easier to use.  That’s why we may finally be entering an age of technical competence for attorneys.  The prediction (that educating attorneys will continue to be slow and painful) is one prediction that I would be happy to be wrong about.

So, what do you think?  Has eDiscovery evolved like you thought it would?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

“Primed” to Read about Data Privacy? The Sedona Conference Has a New Primer for You: eDiscovery Best Practices

The proliferation of data in our society today makes the task of protecting sensitive and private data more challenging than ever.  Without a doubt, privacy and data protection laws have evolved quite a bit over the past several years, especially internationally, with the striking down of the 15 year old Safe Harbor agreement back in 2015 over privacy concerns and subsequent adoption of the EU-US Privacy Shield last year.  To help legal practitioners to have a better understanding of various data privacy issues and guidelines, The Sedona Conference® (TSC) has created a new primer to help with this growing issue.

The Sedona Conference and its Working Group 11 on Data Security and Privacy Liability (WG11) has just rolled out the public comment version of its new Data Privacy Primer, which is the Working Group’s first publication for public comment.  In the announcement for the new primer, the TSC states that it is “the first of a number of WG11 publications that are intended to provide immediate, practical benefit to (1) practitioners involved in data security and privacy litigation, and (2) organizations confronting the ever-increasing threat of data breaches and resulting liability.”

This particular Primer is “intended to provide a practical framework and guide to basic privacy issues in the United States and to identify key considerations and resources, including key privacy concepts in federal and state law, regulations, and guidance.”  The TSC notes that it focuses on privacy laws in the U.S. in this Primer and that global privacy laws are outside the scope of its coverage. It also focuses primarily on privacy issues arising under civil rather than criminal law (though criminal law implications are addressed “at various points” in the Primer).

Nonetheless, the PDF file for the Primer checks in at a whopping 115 pages (data security is a weighty topic, after all) and even the Table of Contents stretches on for nearly 3 1/2 pages.  The Primer covers topics ranging from Common Law of Privacy to Federal and State Government Laws and Act regarding privacy policies and protections to discussions of general consumer protection, health (including HIPAA) and financial protections.  It also discusses Workplace and Student privacy considerations which ranges from discussions about use of company equipment and email and bring your own device (BYOD) policies in the workplace and privacy protections for educational records.

The Data Privacy Primer is open for public comment through April 16. Questions and comments can be sent to comments@sedonaconference.org. According to the TSC announcement, the drafting team will “carefully consider all comments received, and determine what edits are appropriate for the final version”.  TSC also plans to schedule a webinar in February for those who may want a more condensed overview of the topic, or can’t get enough of it, depending on your point of view.

BTW, this isn’t the first time that TSC has provided guidance on the issues of privacy and security.  Here is a link to a previous post covering their Commentary release in November 2015 on the subject.

So, what do you think?  How does your organization address data privacy?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Can Pokémon GO Right Into Your Organization’s Data?: eDiscovery Trends

Unless you’ve been living under a rock for the past month, you’ve undoubtedly heard about Pokémon GO, the new location-based augmented reality smartphone game, which has been downloaded by more than 130 million people worldwide in a little over a month.  Believe me, my kids have clamored for it.  But, if you have it installed on a BYOD device for the workplace, could you be putting your organization’s data at risk?

That’s a question raised by this article in Inside Counsel by Amanda Ciccatelli (Pokémon GO exposes the risks of BYOD policies).  In the article, Ciccatelli cites a recent blog post on Data Security Law Blog (of Patterson Belknap Webb & Tyler LLP) which notes that the app poses issues for businesses with bring-your-own-device (BYOD) policies, where employees use their own devices for work purposes.  Those policies, while enhancing employee productivity and satisfaction, can open up potential security risks if not structured – and followed – correctly.

“Because Pokemon GO has been so enormously popular – reportedly the most downloaded mobile game ever, with more than 25 million users playing each day – the security concerns of the game have received wide publicity,” Michael Whitener with VLP Law Group told Inside Counsel in a recent interview.

As a result, some security organizations, including the International Association of IT Asset Managers (IAITAM), have called on corporations to ban the use of Pokémon GO. In fact, IAITAM has described the game as “a nightmare for companies that want to keep their email and cloud-based information secure.”

Whenever a third-party mobile app is downloaded, there are two potential data security concerns, according to Whitener. First, the mobile app customer may be allowing the mobile app vendor access to certain of the customer’s personal information, which the customer may be agreeing to via the vendor’s terms of use.

Second, the mobile app, due to security flaws, may provide a handy backdoor for hackers into the customer’s mobile network – not just on the customer’s phone, but potentially to the servers of the customer’s employer too.

The original terms of use of Pokémon GO allowed the game’s creator, Niantic Labs, to access the entire Google profile of the user, including their history, past searches and anything else associated with their Google login ID.  Niantic later corrected this, but it’s unclear how Niantic may have used the information collected and whether it’s been destroyed.  And, of course, imitation Pokémon GO applications have sprung up with malware that could allow hackers to access users’ personal correspondence and other information or even remotely gain full control of the victim’s phone.

Ciccatelli’s article notes that “a realistic BYOD policy will address such issues as employee obligations to implement device security software, employee expectations of privacy when using devices for business purposes, prohibitions on device use by friends and family, and permissible and impermissible apps”.  In other words, sorry Kiley and Carter, Pokémon GO won’t be coming to my iPhone for the foreseeable future.

So, what do you think?  Does your organization have a BYOD policy that regulates the installation of third-party apps?  Please share any comments you might have or if you’d like to know more about a particular topic.

Time is running out to participate in the quarterly eDiscovery Business Confidence Survey being conducted by Complex Discovery and ACEDS!  It’s a simple nine question survey that literally takes about a minute to complete.  The more respondents there are, the more useful the results will be!  Click here to take the survey yourself.  Deadline is August 31.  Don’t forget!

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Thanks to EDRM, There Will Be a Way to Assess the Data Security of Your Providers: eDiscovery Best Practices

Do you ever wonder or worry about how securely your providers and partners handle your sensitive data during the discovery process?  Then, this latest project from EDRM will help address those worries.

As they announced earlier this week, EDRM has established a new project to develop and provide a security survey. A team of experienced and qualified EDRM members will be working to develop and publish a “straightforward and easy tool for evaluating the security capabilities of corporations, law firms, cloud providers and third parties offering electronic discovery or managed services”.

The goal of the security survey project is to provide organizations with an overview of the critical questions to ask when assessing the data security of an eDiscovery vendor or partner. The overview includes specific sections on risk management, asset security, communications and networking security and identity and access management. The evaluation allows the assessor to determine the level of risk the organization may be assuming by engaging the vendor or partner and to make suggestions to improve security practices and enhance the service provided.

Once created, the security survey will be intended to evaluate an organization’s data security and practices, allowing potential customers to assess the risk of entrusting their sensitive data to the vendor. The tool will also be able to be used to assess data protection from destruction or unauthorized access, as well as to assure regulatory compliance with data-related legislation such as HIPAA, the Sarbanes-Oxley Act and security breach notification laws.

Project leads for this new EDRM project are Julie Hackler, regional sales manager at Avansic, and Amy Sellars, senior litigation attorney with The Williams Companies. As you can guess, project deliverables are in the development stage. If you’re a professional in eDiscovery, data management or security and interested in joining and contributing to the project, you can direct questions or volunteer interest by email to Tom Gelbmann: mail@edrm.net.

So, what do you think?  Do you worry about how securely your providers and partners handle your sensitive data during the discovery process?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Less Than Half of Cloud Users Have a Proactive Approach to Security: eDiscovery Trends

How many blog posts in a row can start with the phrase “less than half”?  At least two… :o)

We’ve covered the growth of cloud adoption several times, especially in eDiscovery, including here and here.  However, according to a new survey from Ponemon, organizations apparently aren’t adopting appropriate governance and security measures to protect sensitive data in the cloud.

In the article Ponemon: Cloud Adoption Grows as Security Lags (written by Tara Seals), 73% of respondents to the survey indicated that cloud-based services and platforms are important to their organization’s operations, and 81% of respondents said they will be more so over the next two years.  Not only that, but 36% of respondents said their companies’ total IT and data processing needs were met using cloud resources today and that number is expected to rise to 45% over the next two years!

Unfortunately, 54% of the respondents said their companies do not have a proactive approach to managing security and complying with privacy and data protection regulations in cloud environments, indicating that their organizations are not careful about sharing sensitive information in the cloud with third parties such as business partners, contractors and vendors.  Challenges identified by survey respondents include:

  • Difficulty in controlling or restricting end-user access, which increased from 48% in 2014 to 53% of respondents in 2016;
  • Inability to apply conventional information security in cloud environments (70% of respondents);
  • Inability to directly inspect cloud providers for security compliance (69% of respondents);
  • Shadow IT is also a problem – nearly half (49%) of cloud services are deployed by departments other than corporate IT and an average of 47% of corporate data stored in cloud environments is not managed or controlled by the IT department.

“Cloud security continues to be a challenge for companies, especially in dealing with the complexity of privacy and data protection regulations,” said Larry Ponemon, chairman and founder, Ponemon Institute.

At least there is intent: 65% of respondents said their organizations are committed to protecting confidential or sensitive information in the cloud.

This isn’t the first study we’ve covered by the Ponemon Institute – click here and here for others.  Go Ponemon Go! (see what I did there?)… :o)

By the way, not all cloud solutions are created equal when it comes to security.  Here’s how we do it.

So, what do you think?  How does your organization handle security for cloud based solutions?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Even in Baseball, Hacking Can Get You Prison Time: eDiscovery Trends
 Just because it’s “just a game” doesn’t mean you can’t go to prison for computer hacking…


Last June, we covered this story about the St. Louis Cardinals, one of the most successful teams in baseball over the past two decades, as under investigation by the F.B.I. and Justice Department prosecutors, accused of hacking into an internal network of my hometown team, the Houston Astros, to steal internal discussions about trades, proprietary statistics and scouting reports, among other competitive information.  As a result of the investigation, the former scouting director of the Cardinals, Christopher Correa (not to be confused with Astros star shortstop Carlos Correa), was sentenced to nearly four years in prison Monday for hacking the Astros’ player-personnel database and email system.

Correa had pled guilty in January to five counts of unauthorized access of a protected computer from 2013 to at least 2014, the same year he was promoted to director of baseball development in St. Louis. He was fired last summer and now faces 46 months behind bars and a court order to pay $279,038 in restitution.

The data breach was reported in June 2014 when Astros general manager Jeff Luhnow told reporters the team had been the victim of hackers who accessed servers and proceeded to publish online months of internal trade talks. Luhnow had previously worked for the Cardinals.  The FBI said Correa was able to gain access using a password similar to that used by a Cardinals employee who “had to turn over his Cardinals-owned laptop to Correa along with the laptop’s password” when he was leaving for a job with the Astros in 2011. The employee was not identified, though Luhnow left St. Louis for Houston in December of that year to become general manager of the Astros.

So, not only can accessing your former company’s data with a shared password make you a hacker, using a variation of a departed employee’s old password to access data at his new employer can also make you a hacker.  You could even face jail time for deleting employer files before leaving your job.  A few more decisions like this might actually cut down on cybersecurity breaches within organizations.  Then again, it might not.

So, what do you think?  Do you expect to see more breaches like this between competitors in various industries?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

EU-US Privacy Shield Formally Adopted by the European Commission: eDiscovery Trends

As we discussed back in February, the EU-US Privacy Shield, an important new agreement governing the transfer of data between Europe and the United States, was announced on February 2.  Within the same month, the European Commission released details on the new trans-Atlantic data transfer arrangement.  Now, the European Commission has formally adopted the new agreement, only nine months after the old “Safe Harbor” agreement was struck down.

As discussed in The Verge (EU-US Privacy Shield agreement goes into effect, written by Amar Toor), the new data transfer pact went into effect two days ago (July 12), and US companies will be able to certify their compliance as of August 1st.

EU member states formally signed on to the agreement last week, but The Guardian reported that Austria, Slovenia, Bulgaria, and Croatia abstained from the vote. The paper reported that representatives of Austria and Slovenia still had doubts over whether the deal would protect their citizens’ data from US surveillance.

Under the agreement, US companies will have to self-certify that they meet higher data protection standards, and the US Department of Commerce will be charged with conducting “regular reviews” to ensure compliance. The US has also assured EU member states that there will be “clear limitations, safeguards and oversight mechanisms” governing how law enforcement and federal agencies access the data of Europeans, and that bulk data collection would only be carried out “under specific preconditions and needs to be as targeted and focused as possible,” according to the European Commission.

“We have worked hard with all our partners in Europe and in the US to get this deal right and to have it done as soon as possible,” Andrus Ansip, vice president for the European Commission’s Digital Single Market initiative, said in a statement Tuesday. “Data flows between our two continents are essential to our society and economy – we now have a robust framework ensuring these transfers take place in the best and safest conditions.”

But some civil liberties groups are wary of Privacy Shield, questioning whether it will have any meaningful impact on consumer privacy. Privacy International, a London-based watchdog, expressed concerns over the new deal after a leaked version was published online last week, describing it in a post as “an opaque document that will be a field day for law firms.”  “In short: new ‘Shield’, old problems,” Tomaso Falchetta, legal officer at Privacy International, said in an email on Tuesday. “Given the flawed premises – trying to fix data protection deficit in the US by means of government’s assurances as opposed to meaningful legislative reform – it is not surprising that the new Privacy Shield remains full of holes and hence offers limited protection to personal data,” Falchetta added.

Rob Robinson’s Complex Discovery site includes a reference to the story here, which also includes a handy one-page PDF file that summarizes the new EU-US Privacy Shield.

So, what do you think?  Will the new “Privacy Shield” be an effective replacement to the old “Safe Harbor”?  Or will it be doomed to failure as well?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Accessing Your Former Company’s Data with a Shared Password Could Make You a Hacker: Cybersecurity Trends

Can you spot what’s different about today’s post?  See below…  :o)

According to the Ninth U.S. Circuit Court of Appeals, if you leave your company and then use a former co-worker’s credentials to access your former company’s computer systems, you could be a hacker.

In The Wall Street Journal Law Blog (Appeals Court: Using Shared Password to Steal Company Secrets is Hacking, written by Jacob Gershman), the appellate court affirmed the computer-hacking conviction of a former executive (David Nosal) at a recruiting firm accused of using a shared password to steal headhunting leads from the company’s internal network after he left his job to launch a rival business, ruling that he violated the Computer Fraud and Abuse Act (CFAA).

Reuters reported that Nosal and two friends, who had also left Korn/Ferry, used an employee’s password in 2005 to access the recruiting firm’s computers and obtain information to help start a new firm.

In a 2-1 decision written by Judge M. Margaret McKeown, the majority held that Mr. Nosal acted “without authorization” in violation of the CFAA when he used login credentials shared by his assistant to gain access to the company’s network after his own credentials had been revoked.  The dissenting judge, Judge Stephen Reinhardt, expressed his concerns over the ruling, stating:

“People frequently share their passwords, notwithstanding the fact that websites and employers have policies prohibiting it. In my view, the Computer Fraud and Abuse Act does not make the millions of people who engage in this ubiquitous, useful, and generally harmless conduct into unwitting federal criminals…”

However, Judge McKeown, in her opinion, indicated that the circumstances at issue couldn’t be applied to innocuous scenarios, like “asking a spouse to log in to an email account to print a boarding pass.”  Judge McKeown also noted that, without enforcement, “an employee could willy nilly give out passwords to anyone outside the company – former employees whose access had been revoked, competitors, industrious hackers, or bank robbers who find it less risky and more convenient to access accounts via the Internet rather than through armed robbery.”

The appellate court did rule that the more than $800,000 in restitution (about $600,000 of that in attorney’s fees) that Nosal was ordered to pay his old employer was unreasonable and asked a lower court to recalculate it.

So, what do you think?  Have you ever used a shared password to access a system to which you previously had credentials?  Please share any comments you might have or if you’d like to know more about a particular topic.

What’s different about this post?  It doesn’t have the word “eDiscovery” in the title… :o)

New Time!  Just a reminder that I will be moderating a panel at The Masters Conference New York City 2016 IoT, Cybersecurity and Social Media Conference this coming Monday, July 11 (we covered it here) as part of a full day of educational sessions covering a wide range of topics.  CloudNine will be sponsoring that session, titled Faster, Cheaper, Better: How Automation is Revolutionizing eDiscovery at 8:30am, not 4:15pm.  The early bird catches the knowledge.  :o)  Click here to register for the conference.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Cybersecurity Concerns Serve as Impetus for Law Firm Acquisition: eDiscovery Trends

We all know that data breaches and cybersecurity are more of a concern than ever.  In at least one case, those concerns were part of the decision for two law firms to announce their decision to merge last week.

As covered by Bloomberg Law (L.A. Divorce Lawyer to Join Big Law: Her Cybersecurity Worries and More, written by Casey Sullivan) and other outlets, celebrity divorce attorney Stacy Phillips and her four-lawyer boutique law firm, Phillips Lerner, decided to be acquired by Blank Rome last week and joined the firm last Friday.

Over the years, Phillips has represented Bobby Brown in his divorce from Whitney Houston, Corina Villaraigosa in her divorce from Los Angeles Mayor Antonio Villaraigosa and Darcy LaPier in her child custody battle with Jean Claude Van Damme.

When interviewed by Bloomberg Law, Phillips indicated that cybersecurity concerns were part of the reason for the decision to join Blank Rome.

“I wanted to be part of a larger institution. I made that decision as the world gets far more complicated. I wasn’t sleeping at night because I was worried about cybersecurity”, said Phillips.  “I wanted to practice law and develop business. Running the business isn’t my interest and isn’t my strength.”

Asked about her specific concerns about cybersecurity, Phillips responded: “Divorce is a contentious process and people do bad things and people in other cases can be resentful and make efforts to hack into our computers. And what we have of our clients is extremely personal. It’s everything from their emotions, to their finances, and their kids. It’s very scary. The law firms can be hacked and infiltrated. It’s not a question of ‘if,’ it’s a question of ‘when?’ Each law firm and many law firms are going to be hit. [Blank Rome is] a bigger platform and you don’t have to worry about things like that. I don’t want to worry about that at the level that I have been. Other people know and understand it better than I do. I am grateful that others will take care of it. For me, to learn how to do all the computer stuff is a challenge. My son is an engineer and I didn’t get that brain chip.”

Perhaps stories like this will cause other firms to consider similar moves to join larger firms with a more secure infrastructure.  We’ll see.

So, what do you think?  Is this acquisition part of a growing trend?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.