We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byCollin Lamb
Modified about 1 year ago
Ethical Issues in Data Security Breach Cases Presented by Robert J. Scott Scott & Scott, LLP
Ethical Issues in Data Security Breach Cases © 2007 Scott&Scott, LLP Potential Legal Implications of a Data Breach º Federal and State Statutory and Regulatory Issues HIPAA Privacy and Security Rules GLBA Safeguards Rules Data breach notification laws Data protection and destruction laws º Civil Liability Unfair Trade Practice Claims Negligence Breach of Contract Unlawful Trade Practices º Examples of pending, past, and potential cases TJX Radio Shack BJ’s Wholesale Club Choice Point DSW Monster
Ethical Issues in Data Security Breach Cases © 2007 Scott&Scott, LLP Business Impacts of Data Breach
Ethical Issues in Data Security Breach Cases © 2007 Scott&Scott, LLP Evidentiary Risks in the Investigation of a Data Breach? º Discovery of a network security incident investigation creates significant risk management concerns º Attorney client privilege can be lost by involving third parties º Internal investigations or investigations by outside IT professionals alone could be discoverable under the work product privilege º Internal investigations by in-house counsel must avoid problems associated with dual business and legal roles under the primary purpose test
Ethical Issues in Data Security Breach Cases © 2007 Scott&Scott, LLP Using Attorney-Client Privilege to Protect the Investigation º Attorney-client privilege protects communications between an attorney and the attorney’s client º Communication must be confidential and made for the purpose of obtaining legal advice from the attorney º Communications regarding investigation of data breach facts is protected by privilege º Privilege held by the client not by the lawyer º Supreme Court’s subject matter test º Less protection may be afforded to in-house counsel because of dual roles
Ethical Issues in Data Security Breach Cases © 2007 Scott&Scott, LLP Using the Work-Product Privilege to Protect the Investigation º FRCP 26(b)(3) protects work-product from discovery º Opinion work-product consists of mental impressions, opinions, conclusions, or legal theories of an attorney or other representative of a party º Ordinary work-product, including raw factual information, consists of preparation materials that do not disclose opinions or impressions º Ordinary work-product discoverable on showing a substantial need and inability to obtain the substantial equivalent by some other means º The primary purpose test for anticipation of litigation º Documents created for a business purpose are not protected even when the information developed may be helpful in legal proceedings
Ethical Issues in Data Security Breach Cases © 2007 Scott&Scott, LLP State Breach Notification Laws
Ethical Issues in Data Security Breach Cases © 2007 Scott&Scott, LLP Ethical Obligations With Respect to Statutory Notification º 39 states and the District of Columbia have data breach and/or identity theft statutory schemes and recently enacted federal statutes may apply º All the statutes have been enacted in the last few years, with little or no case law interpreting them º Interpretations must be based upon “good faith” and should involve review of legislative history and contain appropriate disclaimers regarding deference to regulatory agencies interpretation
Ethical Issues in Data Security Breach Cases © 2007 Scott&Scott, LLP The Problem of Over Reporting
Ethical Issues in Data Security Breach Cases © 2007 Scott&Scott, LLP Attorney-Client Privilege and Advice Regarding Statutory and Regulatory Notice Obligations º Attorney-client privilege should protect advice given by an attorney when assessing whether a company is required to give notice in each state where it does business, where a potential loss of data may have occurred, or under federal law º Attorney-client privilege should protect advice regarding how notice is required to be given, when notice should be given, the form notice should take, and what the contents of any notice should be º Privilege is important to shield this decision-making process from discovery in subsequent litigation where plaintiffs may allege claims based on inadequate notice
Ethical Issues in Data Security Breach Cases © 2007 Scott&Scott, LLP Preserving and Collecting Evidence º Ethical obligation of an attorney to avoid having the client get into a spoliation situation Litigants have an obligation to preserve relevant evidence Spoliation applies to electronic information as well as other documents Adverse inference instruction may be granted even where party did not intentionally destroy the evidence
Ethical Issues in Data Security Breach Cases © 2007 Scott&Scott, LLP Ethical Implications of Discovery Obligations in Data Breach Civil Litigation º Duty to supplement disclosures and discovery responses under FRCP 26(e) º New e-discovery rules Attorney with IT personnel on discovery team can make certain all information is collected and reviewed º Potential problems resulting from incomplete compliance with obligations Sanctions under the rules Client’s litigation position could be affected by failure to comply with discovery obligations
Ethical Issues in Data Security Breach Cases © 2007 Scott&Scott, LLP Contact Information Robert J. Scott Scott & Scott, LLP 2200 Ross Avenue, Suite 5350E Dallas, Texas Phone: Fax:
Hot Topics in Privacy & Security Law Presented by Robert J. Scott Managing Partner Scott & Scott, LLP
Data Privacy in the EU and How It Impacts Firms in the U.S. Presentation to ILTA Conference August 23, 2007 Debra L. Bromson, Esq. Jeff D. Isenberg Shalini.
The Federal Civil Rules & Electronic Discovery: What's It to Me? 2007 Legal Breakfast Briefing Presented to Employers Resource Association by Robert Reid,
1 Amendments to the Federal Rules Electronic Discovery Dino Tsibouris (614)
© 2010 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. The Insiders View On E-Discovery In North Carolina Robert R. Marcus Jon Berkelhammer Smith Moore.
Evidence Act 2008: Implications for Recordkeeping and Document Management Julie Savoie Public Record Office Victoria.
Mark Radford, Partner, Colin Biggers & Paisley, Australia Conflicts of interest faced by reinsurance brokers and duties owed by producing and placing brokers.
Williams v. Sprint/United Management Co. 230 F.R.D. 640 (D. Kan. 2005) District Court of Kansas.
A Legal and Practical Primer on Development & Maintenance of Social Media Policies and Related Issues Richard I. Greenberg Jackson Lewis LLP 666 Third.
Protecting Patient Privacy: HIPAA Guidelines for Health Care Providers.
Ethics for Alaskas Executive Branch A Self-Guided Training Tool.
PRESS “F5” ON YOUR KEY BOARD TO PROPERLY START THIS TRAINING MODULE. Then, click the arrow at the bottom right of this slide to begin the training module.
PLANNING THE AUDIT Individual audits must be properly planned to ensure: Appropriate and sufficient evidence is obtained to support the auditors opinion;
1 HIPAA Privacy Standards Health Insurance Portability and Accountability Act – HIPAA Privacy Standards Healthcare Provider Training Module Copyright 2003.
Managing Risk Under the New APA Ethics Code Gerald P. Koocher, Ph.D., ABPP.
Recovering,Examining and Presenting Computer Forensic Evidence in Court By malack Amenya.
Powered by SmartPros Powered by: SmartPros Title Slide ADP LUNCH & LEARN CPE PROGRAM Protecting Your Data Is More than a Good Idea - It's the Law Authored.
ENERGY AUDIT & RETROFIT CONTRACT LEGALITIES & PITTFALLS HYATT & WEBER, P.A. By: Stephen B. Stern (410)
Considerations for Records and Information Management Programs in Light of the Pension Committee and Rimkus Consulting 2010 Decisions.
The New Notice, and Old Consent, under HIPAA Interpretational and Administrative Issues Beth DeLair Michael F. Brown University of Wisconsin Hospital and.
Successful Subrogation By: Doris T. Bobadilla, Esq. Presented to CEU Institute.
Data Protection Update 15 May 2014 Mairead O’Reilly Joanna Stokes.
Freedom of Information Act 2000 Sarah Hanson Partner CMS Cameron McKenna LLP Tel: +44 (0) 20.
Best Practices for In House Counsel Andrea C. Okun General Counsel Merit Management Group LP.
1 Toronto Head Office: 350 Bay Street Suite 1000 Toronto, Ontario M5H 2S6 Mississauga Office: 2 Robert Speck Pkwy. Suite 750 Mississauga, Ontario L4Z 1H8.
Insurance Defense Ethical Pitfalls for Counsel and Claims Professionals
1 Chapter Two Important Aspects of the American Criminal Justice System Important Aspects of the American Criminal Justice System.
Ethics in Mediation Sandy Garrett, Chief Disciplinary Council, TBPR Richard Murrell, Moderator.
Quick Quiz Identity Theft Protection and Your Law Firm.
1 DATA PROTECTION FREEDOM OF INFORMATION AND CONTRACTS training for GOLDSMITHS COLLEGE by Sue Cullen Amberhawk Training Limited July 2010
© 2016 SlidePlayer.com Inc. All rights reserved.