Data breaches have been an everyday occurrence in the past decade. The news media are filled with stories about the impact of security breaches on individual consumers, with some causing the compromise of millions of payment card numbers. The 2017 Equifax data breach compromised records of about half the population of the United States.
Nonetheless, data breaches aren’t always about hackers stealing information for identity theft purposes. Sometimes the goal of an attack is stealing trade secrets and confidential information. Perhaps the most frequent scenario we see in our practice is one or more employees stealing company data right before departing an employer and either starting their own competing business or taking the stolen data to an existing competitor.
Even worse is the economic and political espionage occurring every day in Silicon Valley. State-sponsored groups and non-state actors are trying to steal intellectual property developed by California companies to aid competitive companies, terrorist or organized crime groups, or foreign governments for profit, competitive purposes, or as a short cut to development. Attacks by hacktivists and terrorist groups aim to damage and disrupt US businesses.
Data breaches and espionage cost Silicon Valley, California, and the United States enormous sums in response costs, legal fees, opportunity costs, and lost sales to domestic and foreign competitors. For larger breaches, companies have to set aside tens of millions of dollars in reserves to pay for just the out of pocket expenses. Companies sustaining data breaches also take a hit to their reputations, driving away customers and resulting in lost profits and lowered stock values.
In response to data breaches and earlier concerns, the federal government and states like California have enacted various laws to protect individuals from data security breaches. Moreover, federal espionage and trade secret laws seek to deter thefts of data from businesses. Companies handling personal data may have obligations under international, foreign, federal, state, and local laws to protect the security of personal information and to report any personal data breaches. Examples include:
Companies processing personal information face compliance challenges to make sure they meet the requirements of these laws. In addition to these compliance challenges, companies face additional data security challenges such as these:
Our law firm helps companies with all of these challenges. Our lawyers assist our clients to comply with security requirements in international, federal, state, and local laws. SVLG attorneys help protect companies’ intellectual property from theft. They draft and negotiate security exhibits and data processing addendums and agreements that are part of larger agreements. We advocate for our clients when they encounter security-related disputes. Our attorneys help clients respond to data breaches and provide appropriate notifications. Finally, we help clients create security programs to manage the risk of security breaches.
For a more thorough discussion of our data security services, see our information security guide in the Resources section of our website. Our security practice is an outgrowth of Shareholder Stephen Wu’s over twenty years of experience in the data security field. From 1997 to 2001, he worked as the second in-house lawyer at information security giant VeriSign, drafting sophisticated security policies and procedures for its public key infrastructure (PKI) business line for providing customers digital certificates used for Secure Sockets Layer authentication, digital signatures, and confidentiality encryption. Steve is one of a handful of lawyers in the United States with in-depth knowledge of PKI legal issues and continues to provide legal advice about PKI, digital certificate management, and PKI liability. He is the author or co-author of seven books on data security and served as the Co-Chair of the Information Security Committee in the American Bar Association Science & Technology Law Section from 2001 to 2004. He served as chair of the Section from 2010 to 2011, and has helped start Section committees to cover areas such as Homeland Security, Big Data, Internet of Things, and Artificial Intelligence and Robotics.
If your company has had a data breach or is trying to set up a security program to comply with security laws or customer requirements, we would be happy to have an initial consultation with you to go over your security needs and challenges. If you would like to make an appointment for an initial consultation, please contact us using the web form on the right or the phone number at the top of this page. Our firm seeks to solve data security legal problems. We would be glad to speak with you on an initial consultation about what our firm can offer to solve your problems, without obligation. Videoconference appointments are available.