Boulder Partner David Zetoony was quoted March 22 in MLex regarding the increase in data breaches for healthcare providers. In the last five years, the percentage of healthcare data breaches due to computer hacking rose from 1.7 percent to 80.7 by both criminal cyber attackers and state-sponsored actors. In the past few years, more regulators have entered the data security field, though the risks of being hacked are more financial than regulatory. The U.S. Department of Health and Human Services (HHS) collects breach data and issues security guidelines in areas such as risk analysis, remote use, and ransomware. “The larger story is that more regulators have entered the fold,” said Zetoony. “[HHS] didn’t exist in this space six or seven years ago, and now they are here.”
JD Supra Readers’ Choice Awards 2017
David Zetoony has been recognized as a JD Supra Top Author. The annual Readers’ Choice awards recognize authors who achieved the highest visibility and engagement for their written analysis and commentary all year. This year’s results reflect a deep dive into reader data from 2016 in 12 key industries, 13 cross-industry topics and, for the first time, nine emerging topics.
Boulder Partner David Zetoony was recognized as the top author on the emerging topic of EU-US Privacy Shield. Zetoony is the leader of Bryan Cave’s consumer protection practice, which includes corporate data security, data privacy, advertising and marketing practices. As such, he advises companies around the country on pressing consumer protection issues. He is also editor of the Bryan Cave blog BryanCaveDataMatters.com.
In addition to these individual awards, the 2016 Data Breach Litigation Report, written by Zetoony, Chicago Partner Jena Valdetero and Chicago Associate Joy Anderson, was highlighted as one of the top five most read articles in class action defense.
Click here to view the entire JD Supra Readers’ Choice Awards 2017 report.
Data and Cybersecurity Audit Webinar Cited in Thomson Reuters Legal Executive Institute
The Thomson Reuters Legal Executive Institute cited David Zetoony’s webinar, “Conducting Data Security and Cybersecurity Audit of your Organization: What In-House Counsel Should Know,” in their February 27 article on cybersecurity audits. The article discussed the complex issues that companies face in becoming compliant with state, federal and international data security standards, and referenced the questions and solutions raised in the January 31 webinar. To read the full article, click here.
David Zetoony and Joshua James will also be hosting another webinar addressing these issues on March 21, 2017.
For more information or to register for the March 21 webinar, click here.
Data Privacy Alert Cited in ‘ID Experts’
A January 6 article in ID Experts cited information from a client alert written by Boulder Partner David Zetoony on state data breach notification laws. The alert includes questions for organizations to consider when evaluating various data breach notification laws, as well as the key provisions of state data breach notification laws and areas in which state laws diverge. Click here to read the original alert.
Cross-Office Team Publishes Article in ‘Journal of Investment Compliance’
Boulder Partner David Zetoony, Denver Counsel Elizabeth Kemery Sipes, and DC Associate Joshua James published an article in the Journal of Investment Compliance regarding data security issues that financial services firms currently face and how to overcome them. Financial services firms risk potential financial implications and increasing regulatory ramifications, such as fines, penalties and enforcement actions, for failing to implement tailored cybersecurity programs. The article provides a guide for designing policies and procedures related to cybersecurity programs, including considerations for designing a document retention policy, drafting an incident response plan, and starting or evaluating a bounty program. The article is the result of three previous client alerts written by the authors and published on the Bryan Cave website. To read one of the client alerts, click here.
Achatz Quoted in ‘Law Week Colorado’
Boulder Associate Chris Achatz was quoted July 18 by Law Week Colorado concerning Privacy Shield, the European Union’s recently approved agreement between EU member states and the U.S. that will permit transatlantic transfer of personal data. The agreement, released in February, was created to replace the Safe Harbor framework, which allowed U.S. companies to self-certify compliance with the EU’s 1995 Data Protection Directive, and was deemed insufficient in October 2015. Though the new framework limits U.S. government access to certain data, raises data protection standards and grants EU citizens the right to file complaints regarding mishandling of their data, critics remain skeptical of its advantages over model contract clauses. Achatz suggested that companies gauge authorities’ responses to the blanket agreement, which might present legal challenges, though the new framework has its perks. “In the wake of the Brexit vote and other political turbulence in Europe, the European Court of Justice may be more reluctant to hand down rulings that upset the status quo,” said Achatz, adding that the Privacy Shield is held accountable by an annual review mechanism, which will allow the framework “to evolve over time.”
Data Privacy Alert Cited in ‘BedTimes’
A July 1 article in BedTimes cited information from a client alert written by Boulder Partner David Zetoony and Santa Monica Partner Andrew Klungness on social media and data privacy. The alert includes questions for organizations to consider when evaluating their use of social media related to their readiness for a data breach of social media; whether employees are governed by a social media policy; and the management of security and passwords for social media sites. Click here to read the original alert.
Zetoony’s Privacy Shield Alert Shared on CARCO Group Blog
Valdetero Discusses Data Privacy at CLE by the Sea
On July 12, Chicago Partner Jena Valdetero discussed issues that all businesses face with regard to protecting their own data, the data of their clients, and their proprietary information at CLE by the Sea in Coronado, Calif. The three-day conference, organized by the State Bar of Arizona, provided attendees with a year’s worth of MCLE credit hour requirements. Valdetero’s panel provided practical guidance on what lawyers should discuss with clients as to what they can and should be doing to protect their business data. The panel was moderated by Phoenix Partner Bob Shely.
Jena received excellent ratings on the seminar evaluation form. One of the comments on the evaluation forms said: “Jena was great! … Jena’s contributions tied the relevance of their input to law, clients and litigation.”
Data Privacy Lawyers in ‘Journal of Consumer & Commercial Law’
The Journal of Consumer & Commercial Law republished Bryan Cave’s 2016 Data Breach Litigation Report, written by Boulder Partner David Zetoony, Chicago Partner Jena Valdetero and Associate Joy Anderson. The report offers a comprehensive analysis of class action lawsuits involving data security breaches filed in United States district courts. Click here to view the republished report in the journal’s Summer 2016 issue.
Data Breach Litigation Report in ‘Wall Street Journal,’ ‘Dow Jones’
Bryan Cave’s 2016 Data Breach Litigation Report was cited June 26 by The Wall Street Journal and Dow Jones in articles about whether hacked companies should have to compensate exposed customers. “Overall, only 5% of data breaches in the U.S. have led to lawsuits, but the highest-profile cyberattacks can spawn more than a hundred suits, according to a study by law firm Bryan Cave LLP,” The Wall Street Journal article stated. Bryan Cave’s 2016 Data Breach Litigation Report was written by Boulder Partner David Zetoony, Chicago Partner Jena Valdetero and Associate Joy Anderson. The report offers a comprehensive analysis of class action lawsuits involving data security breaches filed in U.S. district courts. Click here to view the original report.
Zetoony’s Article Republished by Risk Based Security
Boulder Partner David Zetoony authored a blog post for the Washington Legal Foundation Legal Pulse that was republished June 14 by Risk Based Security, a security information provider. Zetoony wrote about the Tennessee breach notification law, which he says is indicative of data security regulators’ lack of creativity. The Tennessee legislature amended its data breach notification statute so that beginning July 1, a “breach of security” will no longer have the qualifier that the data must be “unencrypted.” Despite this change being characterized by the media as making the Tennessee statute “among the nation’s toughest,” Zetoony argues that the change will have very little, if any, impact on businesses. Click here to read the original blog post.
Zetoony, Achatz Author Article in ‘Transportation Quarterly’
Boulder Partner David Zetoony and Associate Chris Achatz authored an article on privacy issues for self-driving vehicles in the spring edition of Transportation Quarterly, published by the Antitrust Litigation Committee of the American Bar Association. “To date, seven states and the District of Columbia have enacted laws that address autonomous vehicles or autonomous technology, but none of these state regulations address key areas of data privacy, such as the collection, use, and disclosure of driver behavior information gathered from autonomous vehicles or autonomous technology,” they wrote. Click here to read the article.
Zetoony Authors Article in ‘Pratt’s Privacy and Cybersecurity Law Report’
Boulder Partner David Zetoony authored an article on insurance coverage gaps as they relate to data breaches in the June issue of Pratt’s Privacy and Cybersecurity Law Report. Zetoony and former Bryan Cave Attorney Courtney Stout authored the article, “Credit Card Data Breaches: Protecting Your Company from the Hidden Surprises,” which was published in two parts by Pratt’s. The first part, published in the May issue, assessed the risk to a retailer from a credit card breach. Click here to read the second part of the article.
Rockey Interviewed by Legal Executive Institute
Zetoony Quoted in Numerous Outlets
Boulder Partner David Zetoony was quoted April 20 by Legal IT Insider and April 19 by Yahoo Finance, IT Briefing, Financial IT and Global Banking & Finance Review regarding CrowdStrike’s new cyber risk assessment program aimed at businesses conducting mergers and acquisitions. “You can never be sure about the security of a target’s system, but quantitative, independent and objective analysis of a potential target provides far more certainty than asking sellers to complete written questionnaires that only reflect their own knowledge and understanding,” Zetoony said. Click here to read the full Yahoo article.
Valdetero Quoted in ‘Law360’
Chicago Partner Jena Valdetero was quoted April 19 by Law360 regarding ways that general counsel can stave off future data breach litigation. Valdetero, who is co-leader of Bryan Cave’s Data Breach Response Team, explained the importance of having a lawyer on a company’s data breach response team. “Bring in the law department, if you have one, or outside breach counsel who’s experienced with this type of work because you’ll want to conduct your investigation to the extent possible under attorney-client privilege,” Valdetero says. The article also quoted Bryan Cave’s 2016 Data Breach Litigation Report, authored by Boulder Partner David Zetoony, Chicago Associate Joy Anderson and Valdetero.
Zetoony Authors Article in ‘Pratt’s Privacy and Cybersecurity Law Report’
Boulder Partner David Zetoony authored an article in the May issue of Pratt’s Privacy and Cybersecurity Law Report. In the first part of the article, “Credit Card Data Breaches: Protecting Your Company from the Hidden Surprises,” Zetoony and co-author Courtney Stout assess the risk to a retailer from a credit card breach. The second part of the article, which will be published in a later issue, will address insurance coverage gaps. Click here to read the article.
Achatz Quoted in ‘Law Week Colorado’
Boulder Associate Chris Achatz was quoted March 14 by Law Week Colorado concerning the preliminary text of the Privacy Shield, recently released by the U.S. Department of Commerce and the European Commission. While there are still many hurdles to pass before this agreement between the U.S. and European Union becomes law, it is a first step in terms of guidance for U.S. companies handling Europeans’ personal information. Achatz said it is unclear how quickly the EC might move in adopting the Privacy Shield or making revisions. “Some people don’t want to wait to find out if this Privacy Shield is going to work for them, or what it is going to look like, or how it is going to be enforced,” Achatz said. “So those clients may look to the certainty of model contract clauses, which have been around for many years, and they already know what they look like and how they’re enforced. It’s a quick solution if there’s too much uncertainty in the other options.”
Smallhoover Interviewed by Le Monde du Droit TV
Paris Partner Joseph Smallhoover was interviewed March 24 by Le Monde du Droit TV on the Privacy Shield – the new agreement between the EU and U.S. on transatlantic data exchange. Smallhoover said the Privacy Shield is a significant improvement over the former Safe Harbour Regime and he welcomes the clarity brought by the Privacy Shield rules to the protection of private data. Click here to view the video, in French.
Bryan Cave Noted in ‘2016 Data Protection and Breach Readiness Guide’
Bryan Cave was acknowledged for its contributions to the Online Trust Alliance’s 2016 Data Protection and Breach Readiness Guide. The guide, being released in recognition of Data Privacy & Protection Day, provides prescriptive advice to help businesses optimize online privacy and security practices, and detect, contain, and remediate the risk and impact of data loss incidents. Click here to view the guide.
Zetoony Quoted in ‘The American Lawyer’
Boulder Partner David Zetoony was quoted extensively Jan. 1 in The American Lawyer regarding the future of cyber litigation. Recent signs indicate that courts may be more receptive to newer theories for holding companies accountable for data breaches. If those theories were to take hold, Zetoony said the landscape of private cyberbreach litigation could change dramatically. “If someone can figure out a good theory for data breaches that leads to more compensation and really cracks that open, we’ll see a lot more activity,” he said. The article also highlighted statistics from Bryan Cave’s 2015 Data Breach Litigation Report. Zetoony is the leader of Bryan Cave’s global Data Privacy and Security Team.
Valdetero Profiled on Bryancave.com
A company website shut down by hackers. Malware installed on a computer system to gain access to private information. Names and email addresses stolen by an employee. What exactly should a company do if they experience a data breach? How can they protect themselves?
Jena Valdetero helps her clients answer these complex questions. In an age when cyber attacks are perhaps the country’s biggest threat to national security, the idea of empowering companies to be prepared for such a breach keeps Valdetero passionate about her work — and on her toes…
Smallhoover Quoted in ‘Les Echos’
Paris Partner Joseph Smallhoover was quoted Oct. 6 by Les Echos regarding a recent European Court of Justice (ECJ) ruling that says a system enabling data transfers from the European Union to the United States by thousands of companies is invalid. This decision opens the way to verify that data being transferred to the U.S. is protected from snooping by the U.S. government. “In the short term, there is a risk of litigation in other countries attacking data transfers,” Smallhoover told the publication. Click here to read the article, in French.
Lanahan’s Blog Post Picked up by Lexology
Zetoony Quoted in ‘Business News Daily’
Boulder Partner David Zetoony was quoted May 24 by Business News Daily on the steps small businesses can take to recover from a data breach. Zetoony noted that, given enough time, a data security incident is as inevitable as any other type of crime. Learning from it will help you handle it better going forward. “If you view each breach as a learning exercise, you won’t be able to stop them necessarily,” he said. “But you can learn how to respond to them more efficiently, quickly, and with less impact to your business and your customers.” Click here to read the full article.
Zetoony Quoted on NYAG Site
Boulder Partner David Zetoony was quoted Jan. 15 on the New York attorney general’s website regarding an announcement by A.G. Eric Schneiderman that he would propose legislation to overhaul New York state’s data security law. New York state does not have a law directly requiring entities to institute data security measures to protect consumer information. Prior to the announcement, Zetoony was contacted by the A.G.’s office asking for ideas on data security. Zetoony proposed incentivizing companies to reach new data security standards through safe harbors from litigation, rather than imposing new mandatory requirements or penalties – an approach reflected in the proposed legislation. “The approach that the attorney general is proposing – providing a safe harbor from suit for companies that go the extra mile to audit and verify their security practices – is innovative, unique and friendly to business,” Zetoony said. Click here to read the coverage.
Zetoony Quoted in ‘ABA Journal,’ ‘Bloomberg News’
Boulder Partner David Zetoony was quoted Jan. 15 by Bloomberg News with tips on how to avoid email hacking scandals. In light of the recent hack that exposed Sony Corp.’s email secrets, Zetoony suggested the best protection may simply be to not store messages. “If you don’t have information in your system, it can’t be taken,” he said. Click here to read the full article. He also was quoted Jan. 16 in the ABA Journal regarding email preservation policies in light of the attack on Sony Pictures. Click here to read the full article.
Valdetero, Zetoony to Chair Regional Networks of Privacy Professionals
David Zetoony and Jena Valdetero have been selected to lead local chapters of the International Association of Privacy Professionals (IAPP). Zetoony, who recently relocated from Washington, D.C., to Colorado, will co-chair the IAPP’s Colorado regional network, while Valdetero will co-chair the Illinois regional network. Both will serve a two-year term, beginning January 2015. Click here to read more.
Zetoony Cited in ‘The George Washington Law Review’
Boulder Partner David Zetoony was cited in an article in the The George Washington Law Review: “Tipping the Scales: Judicial Encouragement of a Legislative Answer to FTC Authority over Corporate Data-Security Practices.” Click here to read the article.