SEC Reminds Public Companies of the Importance of Cybersecurity


Last summer’s highly publicized Equifax breach prompted conversations (but inexplicably no action) by congressional lawmakers on a company’s legal responsibilities in lieu of a data breach. Of particular concern and outrage in the weeks after Equifax’s disclosure was news that company executives sold stock within mere days from the breach’s discovery. Although a special committee cleared the executives of any insider trading, the news of the coincidental stock sales was publicly panned. Similar suspicions were once again raised over news that Intel CEO Brian Krzanich sold $24 million worth of stock after his company learned of a major security vulnerability in its PC processors. As skepticism abounds over the legality of stock sales by public companies who suffer recent data and security incidents, the Securities and Exchange Commission has decided to join the discussion. Titled “Guidance on Public Company Cybersecurity Disclosures,” the SEC puts public companies on notice — Sellers […]

Continue Reading

The Dangers of Weak Cybersecurity in Network Marketing


A review of this past year’s news cycle illustrates the paramount importance of strong data security. Yahoo, Equifax, Uber, and the list could go on and on. These companies fell victim to data breaches. In turn, they all faced public relations nightmares not to mention ongoing congressional and regulatory investigations. Today’s cyber landscape is relatively straightforward — where any abundance of consumer information exists, cyber thievery is sure to follow. Enter network marketing companies. Primed with and in possession of valuable information attractive to hackers, data security should be of paramount concern to network marketing executives. So why isn’t it? In Part One of this two part series, I’ll explore the ramifications of a data breach for network marketing companies. In Part Two, I’ll give practical tips and advice on ways to both prevent and mitigate the legal consequences of a data breach. Big Money Behind Personal Information Stolen consumer […]

Continue Reading

Privilege: The Before and After of a Cyber Breach


Let’s start with a trivia question. Q: What do the companies Target, Genesco, and Experian all have in common? Is it (A) they all experienced data breaches which exposed sensitive consumer information; (B) they all found themselves the subject of lawsuit(s) over the loss of this information; (C) they all invoked the doctrine of privilege — specifically under attorney-client and work product– to protect a retained forensic firm’s investigative findings; or (D) all the above. If you chose D, then you, dear reader, can go on your merry way reading. Cyber attacks and the loss of sensitive information are at the forefront of nearly every corporate executive’s mind. According to a recent study by the Business Continuity Institute, cyber attacks represent the number one concern among business professionals. A proliferation of high-profile breaches over the past twelve months (e.g., HBO, Yahoo, Democratic National Committee, etc.) have left owners of businesses […]

Continue Reading

Equifax Cybersecurity Breach — What You Need To Know


By Thomas Ritter of Thompson Burton, PLLC The news that credit reporting agency Equifax suffered a data breach of sizable proportions (a projected 143 million people affected) set the information security community abuzz. The irony was not lost on anyone: One of the three main credit reporting agencies largely in charge of identity theft notification and prevention, Equifax’s loss of sensitive information now acts as a gateway into the future proliferation of widespread identity fraud. Although details continue to slowly emerge, here’s what we currently know, what’s important for you to know, and my suggestions on preventative measures and next steps. WHAT HAPPENED? Criminals gained access into Equifax’s internal system through a vulnerability in the company’s website software beginning in mid-May, and remained inside the system until late July. The perpetrators gained access to a variety of sensitive personally identifiable information, which includes (but may not be the entire scope […]

Continue Reading

What Can You Do After a HIPAA Breach?


Every so often, I pick up the phone to hear a distressed voice on the other end of the line. The circumstances of each caller slightly differ, but the overarching question remains the same: as a victim of a HIPAA breach, what can I do? As the bearer of bad news, the unfortunate answer is very little. VICTIM REMEDIES, OR LACK THEREOF, FOR HIPAA VIOLATIONS Congress enacted the Health Insurance Portability and Accountability Act (“HIPAA”) in large part to provide security and privacy for protected health information (or “PHI”[1]) in the possession of a “covered entity.”[2] Through its creation, Congress delegated enforcement of HIPAA to the Secretary of the Department of Health and Human Services (or “HHS”), and provided the Secretary with the power to impose penalties on violators. Unfortunately, noticeably absent from HIPAA is a victim’s right to sue. Although no language exists in the HIPAA statute which expressly prohibits the initiation of a lawsuit, courts have almost unanimously held […]

Continue Reading