From data breach litigation to SEC reporting and corporate governance concerns, to compliance with the growing body of standards and regulatory requirements, it takes a cross disciplinary legal team to help today’s companies become and stay cybersecurity savvy. Dykema has that team.
Our cybersecurity team includes attorneys and public policy professionals from across the firm’s major practice areas who have the collective experience to solve even the most unique and complex challenges in the cyber-sphere. Our team includes both experienced transactional and litigation attorneys. We understand great opportunities and technological advancements come with new risks. We are prepared to help clients embrace the upside benefits while minimizing and managing the downside risks.
Today, cybersecurity is much more than a technology issue. It is a core business concern and one for which every business could use a partner in the know, like Dykema.
Data Breach Litigation
With corporate data breaches on the rise, it is critical to retain a law firm that is skilled in mitigating legal exposure to organizations that are victimized by cyber-attacks. Dykema’s multi-faceted litigation team is experienced in representing clients in all aspects of consumer and trade secret data breach litigation. Whether in the substantive area of cybersecurity and data privacy, with class actions, or investigations, to name a few, our team helps to protect clients from unwarranted lawsuits and to guide them through the process of prosecuting the cyber-criminals.
Nearly every business operating today accumulates and saves confidential information about employees, customers, consumers, clients, patients and/or third-parties. And every business which does so must take care to protect that confidential information.
There are an ever-increasing number of state and federal laws and regulations that address privacy requirements, from those concerned with individual privacy (e.g. patient, client, employee, etc.) to those concerned with matters of national security, crime prevention and civil rights. Chances are—without regard to the nature of a given organization—it is subject to numerous different sets of privacy laws and regulations.
Dykema’s privacy lawyers stay abreast of the many divergent privacy laws and regulations so they can help our clients comply with each privacy requirement that comes into play in their organization. We also closely monitor the laws and regulations that are in the pipeline so we can give our clients a head’s up when a new requirement is going to impact them.
Corporate governance plays an integral role in protecting companies from cyber-attacks, as well as in protecting corporate directors and management from liability for their actions or inactions in the event of an attack. Companies need to reconsider the structure of their Board of Directors, management reporting mechanisms, and daily operations in light of cybersecurity and its related legal concerns. In this environment, all businesses can benefit from a knowledgeable partner, such as Dykema, to help them rethink the way they operate—from the top down—so that their entire organization is cyber-safe.
In addition, corporate directors and managers must be mindful of their fiduciary duties in the context of cybersecurity. Does management have a sufficient compliance plan in place? An adequate cybersecurity leadership team? Incident response plan? What about physical security of informational assets? We help companies and leadership think through the operational, as well as legal and policy aspects of the new cyber-way business is conducted today.
While the SEC’s current guidance helps to illuminate when cyber-incidents or other cyber-related issues should be reported, exactly when this duty is triggered requires a detailed analysis of many factors. Our attorneys have the experience to weigh these factors and help public companies make these critical decisions.
Cybersecurity Compliance Programs and Risk Management
Cybersecurity compliance in the private sector is here to stay. Both state and federal governments have, or are creating, regulatory schemes, which are not only a challenge to navigate, but—for the foreseeable future—present moving targets. Dykema’s cyber-team stays abreast of these evolving laws and regulations, and helps clients develop, implement, test and update cyber compliance programs so that the C-suite can sleep at night. Dykema also assists clients with state and federal inquiries and investigations to make sure legal risks and vulnerabilities are mitigated.
Cyber-attacks and espionage, including theft of intellectual property and trade secrets, undoubtedly pose the biggest threat to many organizations, but they present only part of the picture. Companies are also at risk of litigation from third-parties if their information is breached, not to mention the damaging business disruption caused by a major breach.
Dykema counsels clients on the potential liabilities that flow from the breach itself, as well as those that arise from the inadvertent disclosure of private information. In the event of an actual breach, we work closely with forensic experts investigating the breach and help the client to analyze whether and, if so, how to prosecute the responsible parties and close the security gap through which the attack was made. We also provide counsel on the requirements for notice, reporting, remedial and other actions required or available in the event of a breach and work with public sector entities such as Department of Homeland Security’s (DHS) in connection with it voluntary information sharing program, which promotes information sharing in the event of a cyber-attack to help DHS’s crackdown efforts. And, our experienced litigators are ready and well prepared to represent clients in any subsequent litigation that arises as a consequence of any incident.
Cybersecurity in Transactions
We have substantial experience advising companies how to manage their cybersecurity-related risks in transactions ranging from mergers and acquisitions to outsourcing of information technology functions, as well as guiding clients through all other aspects of such transactions. In this work, we have been on both the vendor and the user sides of the equation and understand each party’s goals and viewpoints well—a key advantage for our clients. We draw on this extensive experience and the perspectives of our diverse team to develop an effective legal strategy that ensures the security of your critical data and advances your competitive position.
We have significant experience representing clients wanting to secure their important informational assets, including in:
- Assessing and mitigating cybersecurity-related risks in mergers, acquisitions, assets sales and purchases, including assessing existing cybersecurity plan, protecting information assets being transferred, performing due diligence to assess for prior comprise of data, and more
- Negotiating and drafting licenses, contracts, service contracts, supplier and other agreements, to include provision that safeguard confidential information and allocate risk
- Negotiating and drafting technology-related transactions, including software licenses and development contracts, website development and hosting agreements and U.S. and international software distribution agreements
- Represented national e-commerce and business services company on investigation and remediation efforts related to theft of consumer personal information via keystroke loggers by Chinese mafia. Representation included interacting and assisting the FBI and U.S. Attorney’s Office’s investigation.
- Reviewed client’s existing cybersecurity preparedness and response plan to mitigate legal and operational risks.
- Assisted numerous clients in responding to data breaches by advising on and making required legal disclosures pursuant to state, federal and international law.
- Negotiated fines with processing bank and credit card company related to security breach.
- Guided clients through state and federal inquiries and investigations.
- Audited client’s cyber-compliance in the areas of employee training and policies, privacy, governance, cyber incident preparedness and response, and vendor contracts.
- Been involved actively in federal cybersecurity compliance and legislative initiatives and have provided substantive input about how the new compliance area will best serve the private sector and clients.
- Provided advice to clients regarding legal implications of the Cybersecurity Executive Order and provided input on behalf of our clients on the soon to be released federal cybersecurity standards.
- August 2, 2016
- July 17, 2016
- April 27, 2016
- March 15, 2016
- January 21, 2016
- May 17, 2015
- April 9, 2015
- December 3, 2014
- October 1, 2014
- Sherrie L. Farrell Authors Article for Metropolitan Corporate Counsel about the Role of General Counsel When It Comes to CybersecuritySeptember 25, 2014
- September 25, 2014
- Susan E. Asam Co-Presents on Cybersecurity Risks at the Annual Meeting for the State Bar of Michigan Insurance SectionSeptember 24, 2014
- August 22, 2014
- May 14, 2014
- Steve Tupper to Lead Panel Discussion on Worldwide Data Privacy at Crain’s General and In-House Counsel SummitMay 1, 2014
- April 21, 2014
- S. Christopher (Kit) Winter Authors Inside Counsel Article on Australia’s New Privacy Protection LawsMarch 24, 2014
- March 7, 2014
- February 25, 2014
- S. Christopher (Kit) Winter Authors Series of Inside Counsel Articles on Information Privacy, Data SecurityFebruary 24, 2014
- December 27, 2013
- June 10, 2016
- March 12, 2015
- February 26, 2015
- BloombergBNA Privacy and Security Law ReportMarch 6, 2017
- State Bar of Michigan Litigation JournalSummer 2016
- "Ten Steps to Minimize Data Privacy and Security Risk and Maximize Compliance"The Cybersecurity Law Report Vol. 2, No. 8April 13, 2016
- "How companies can defend against cyberattacks in the courtroom," Kramer's CornerChicago Daily Law BulletinMarch 5, 2015
- "The Weak Link: Suppliers and Vendors"The National Law JournalNovember 24, 2014
- "GCs As Firewalls: Three Familiar Roles That Place General Counsel Squarely At The Cybersecurity Table"Metropolitan Corporate CounselAugust 22, 2014
- "GC And CCO Collaboration Critical To Mitigate Cybersecurity Risks"Metropolitan Corporate CounselAugust 22, 2014
- "Pointers to Prevent Departing Employees From Taking Confidential Information"Inside CounselApril 4, 2014
- "Don't Underestimate Australia's New Privacy Protection Laws"Inside CounselMarch 21, 2014
- "Technology: Dissecting the First Version of the NIST's Cybersecurity Framework"Inside CounselMarch 7, 2014
- "Technology: The Demise of the Reasonable Person"Inside CounselFebruary 21, 2014
- May 5, 2017
- March 7, 2017
- February 21, 2017
- Why Data Privacy Matters: Guarding Against Unwanted Intruders, Carousel of Panels, IASB/IASA/IASBO Joint Annual Conference, Chicago, IllinoisNovember 19, 2016
- Privacy & Security 101, Co-Presenter, Pre-Conference Workshop, ACI Cybersecurity and Data Privacy Conference, Chicago, IllinoisJune 23, 2016
- Protect and Defend: Why Cybersecurity Matters and What You Can Do to Protect Your Organization and Board from Data Breach RisksApril 28, 2016
- Best Practices for Vendor Management, Panelist, American Conference Institute's Advanced Global Legal & Compliance Forum on Cyber Security and Data Privacy & Protection, Washington, D.C.January 29, 2016
- Protect and Defend: Why Cybersecurity Matters, Moderator, Dykema, InvestCloud and Stroz Friedberg sponsored seminar, Los Angeles, CaliforniaOctober 2014
- Managing a Data Breach, Panelist, Corporate Counsel Women of ColorOctober 2014
- Cyber Liability: Will Your Client—or Your Firm—be the Next Target?, Co-Presenter, State Bar of Michigan Insurance Section Annual MeetingSeptember 18, 2014
- Who's Minding Your Supply Chain? Network of Trial Law Firms—Cybersecurity PanelApril 24, 2014
- Data Privacy—Is Your Company Prepared?, Panelist, Network of Trial Law FirmsApril 2014
Articles & Alerts
- Recent Home Depot Settlement a Reminder of Data Breach Ramifications and Importance of Risk Mitigation Policies and ProceduresMarch 31, 2017
- March 2, 2017
- September 9, 2016
- June 1, 2016
- March 2, 2016
- January 26, 2016
- Hard Lessons From the Wyndham Decision: What Businesses Must Know About the FTC’s Authority to Regulate Data SecuritySeptember 1, 2015
- April 15, 2015
- Court clarifies proofs under CFAA and twice constrains E-Discovery sanctionsFebruary 26, 2015
- February 16, 2015
- President Obama Unveils Cybersecurity Proposal Creating a Federal Standard for Consumer NotificationJanuary 15, 2015
- January 5, 2015
- December 12, 2014
- December 10, 2014
- November 5, 2014
- Standing or No Standing: Recent Dismissals Demonstrate the Divide Regarding Proof of Injury in Data Breach CasesSeptember 19, 2014
- July 24, 2014
- July 11, 2014
- April 11, 2014
- February 18, 2014