Cybersecurity: The Corporate Counsel's Agenda
17 December 2012Privacy & Security Law Report
Imagine this scenario:
The corporate IT director reports that malware has been discovered on your company’s computer systems, and it is likely that business plans and intellectual property of the company, as well as sensitive personal information, have been exposed. U.S. State data security breach notification laws have been triggered and, once the required notices go out, media inquiries and letters from the Federal Trade Commission and state attorneys general arrive, seeking information about the incident and the company’s cybersecurity practices. A letter comes from a prominent legislator asking questions about the incident. Corporate partners inquire about contractual data security and privacy obligations and the potential impact of the incident on their systems, data, and business. It is time for a regular Securities and Exchange Commission filing, which requires evaluating whether to report the incident as a material risk. Shareholder representatives and plaintiffs’ lawyers are organizing themselves to pursue actions related to the incident and its effect on the company, its operations and revenues, and individuals’ privacy. And the Board wants to know what steps the Office of General Counsel has taken to assess and mitigate the legal risks.
This not-so-improbable scenario, and others like it, makes it imperative for corporate counsel to focus (or refocus) on the issues surrounding cybersecurity.
To read the article, please click on the link above.