For any organization experiencing a data breach, the organization’s response to the incident remains one of the most important and yet one of the most challenging next steps. In the following guest post, Paul Ferrillo, a partner in the New York office of the Greenberg Traurig law firm, examines the ways that an organization can respond well to a cyber incident. I would like to thank Paul for his willingness to allow me to publish his article as a guest post on my site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Paul’s article.
Continue Reading

Stark Photo
John Reed Stark

There have been several very high profile news reports of significant law firm data breaches. It is not a mere coincidence that law firms increasingly are targeted in data breach attacks. Law firms have a trove of information that makes them highly attractive to cybercriminals. In the following guest post, John Reed Stark takes a look at the reasons for the rise in the number of cyber attacks as well as the steps that law firms can take to try to defend themselves and their clients. John is the President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement. A version of this article originally appeared on CybersecurityDocket.com. I would like to thank John for his willingness to publish his article on my site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is John’s article.
Continue Reading

Clabby_Jack (1)
John E. Clabby
Swanson_Joseph
Joseph W. Swanson

As I noted in a September 9, 2015 post (here), a Home Depot shareholder has filed a data breach-related derivative lawsuit against certain of the company’s directors and officers, in which the plaintiff contends that the defendants breached their fiduciary duties by failing to ensure that customer credit card information was secure and protected. A copy of the complaint can be found here.

In the following guest post, John E. Clabby and Joseph W. Swanson of the Carlton Fields Jorden Burt law firm take a look at the Home Depot data breach D&O lawsuit and provide their views on what the lawsuit may foreshadow for future D&O litigation. Jack and Joe also  review what they think are the lessons for corporate boards and managers from the lawsuit’s allegations, as well as the implications of the lawsuit for companies that experience a data breach in the future.

I would like to thank Jack and Joe for their willingness to publish their guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to readers of this blog. Please contact me directly if you would like to submit a guest post. Here is Jack and Joe’s guest post.

********************************************

 

Ending months of speculation, a shareholder has finally filed a derivative lawsuit against the directors and management of The Home Depot, Inc., in connection with the massive data breach the company suffered in 2014. The complaint, which alleges breach of fiduciary duty and corporate waste, fits the emerging template of shareholder derivative lawsuits after breaches at public companies. As such, it is worth a closer analysis for those whose jobs include protection of public companies and their boards from and during data breaches, both directly through more robust cybersecurity measures and indirectly through director and officer insurance and cyber-risk policies.
Continue Reading

minnI have frequently noted that among the many exposures a company experiencing a data breach could encounter is the possibility of a shareholder suit alleging that the company’s board breached their fiduciary duties by failing to take sufficient steps to protect the company from a breach and its consequences. This possibility has now been

Cyber security and related privacy issues increasingly dominate the headlines. And for good reason: according to statistics cited in a recent Wall Street Journal article, cyber attacks –ranging from malicious software to denial of service attacks – increased 42% in 2012. The trend has only accelerated in 2013. As the possibility and potential scope of