Privacy

The COVID-19 pandemic has changed the conversation around remote work. As more employees work remotely, law firms must employ security best practices to ensure that the extended reliance on the cloud doesn't expose sensitive data or cripple daily operations. Following is a practical checklist of systems, technologies and processes to consider when evolving your firm for remote work and selecting your cloud technology provider.

Over 30 trade associations and companies co-signed a letter last month to California Attorney General Xavier Becerra asking him to push back the enforcement date for the California Consumer Privacy Act due to the new coronavirus and a lack of clarity on the enforcement rules.

Most companies doing business in California are well aware of the CCPA and prepared diligently in advance of the law's Jan. 1, 2020 compliance deadline. While compliance certainly is key, even compliant businesses must consider — and prepare for — the eventual onslaught of class action litigation that is coming.

The California IoT Security Law is the first of its kind in the nation and pushes device manufacturers to adopt cybersecurity standards during the product development and design stages where none have existed before.

Here are some of the key issues of which law firms and companies need to be aware and steps that should be considered to minimize the risk to keep everyone — and client data — safe.

In their consideration of possible worst-case cyber attack scenarios, organizations often focus on the various types of attacks and their relative severity. But, the worst-case scenario is not the breach, it's the reputational damage, regulatory enforcement action, the business interruption, and the inevitable litigation that follows a poorly handled breach from an unprepared organization. Given this reality, it is important to adjust planning assumptions and response scenarios to focus on addressing these drivers of post-breach exposure.

Technology allows attorneys to keep informed so they can help their clients understand the potential impact on their company.

The Pennsylvania Supreme Court enlivened the Thanksgiving holidays of privacy lawyers in 2018 with its decision in Dittman v. UPMC, which held that an employer has a legal duty to exercise reasonable care to safeguard employees' personal information. While the scope of the decision technically was confined to the employer-employee relationship, the court's reasoning implies that such a duty of reasonable care may arise in any scenario where one party engages in the collection of personal information.