Disclosing Information Security Breaches Under Privacy and Securities Laws
February 27, 2007
The Privacy Rights Clearinghouse estimates that over 100 million records containing sensitive personal information have been involved in security breaches. This non-profit consumer organization has tracked these breaches on its website (www.privacyrights.org) beginning with the significant and well-publicized ChoicePoint breach in February 2005. As a result, over two-thirds of states enacted security breach notification laws governing the notification that a company must make in the event of a security breach. This article outlines the requirements for providing notification of a security breach under state security breach notification law by any company and the factors that a public company needs to take into account regarding whether to disclose a security breach under federal securities law.
FLSA Collective Action Litigation
February 27, 2007
When the dust settles from the current round of discussions on increasing the federal minimum wage, the lowest paid of the country's non-exempt employees may or may not be earning an additional dollar or two per hour. Either way, the debate will have drawn the country's ' and the plaintiffs' bars' ' attention toward the lowest paid of our country's workers, and the climate will be right for those attorneys to begin focusing not only on how much non-exempt employees are being paid per hour, but also on whether these workers are being paid in a manner that is consistent with every intricate (and often contrary-to-common-sense) twist and turn of federal and state law.
Quarterly State Compliance Review
February 27, 2007
Corporations, LLCs, and other statutory business entities must comply with the provisions of their home states' business entity laws. These laws are constantly being amended by the state legislatures and interpreted by the courts. This edition of our new regular series, Quarterly State Compliance Review, looks at some amendments to these laws that went into effect during the last three months, and reviews some court cases of interest decided during that period.
The Missing Link Between Corporate IT and Legal
February 27, 2007
In 15 years of advising corporate and government litigators on the best processes and technology to deliver discovery management solutions, our company, IE Discovery, consistently encounters a common challenge in almost every organization: The legal and information technology departments simply do not communicate well. This can have major ramifications in producing information in response to requests from investigators, regulators, or litigation opponents. In the following dialogue, IE Discovery's corporate counsel, Stacy O'Neil Jackson, and its technology services and support manager, Keith Moore [the authors], discuss some of the reasons for this breakdown and provide some practical tips for improving the communication between IT and Legal.
Bragging Rights
February 22, 2007
For years, I've been bragging about our Law Journal Newsletters, and I often get the same response: 'But isn't all that information right on the Web? Why not just Google it?' The answer: Yes and No.
Professional Development Programs As Formidable Recruiting and Retention Tools
January 31, 2007
At top-rated firms, lawyer development and training has become the cornerstone of successful recruiting programs for both law school and lateral recruiting efforts. This trend assures that firms with active development programs will continue making significant investments in their attorney and potential attorney's futures via their professional development programming.
Where Privacy and Corporate Governance Laws Meet
January 31, 2007
As business information, particularly in electronic format, continues to proliferate, the need to maintain the security of this information is increasing. There are privacy and corporate governance laws that govern the obligation of a company to keep information secure. According to the Global State of Information Security 2006, a worldwide study by CIO magazine, CSO magazine and PricewaterhouseCoopers representing the responses of almost 7800 senior executives, 'Noncompliance runs broad and deep in all industries, and ignorance of applicable law is a big factor.' This article provides an overview of two important information security obligations ' security procedures and practices and document destruction ' under privacy and corporate governance laws.
Voluntary Disclosures of Export Violations
January 31, 2007
The recent settlement agreement entered in the EP MedSystems matter (described below) does little to refute the common wisdom that the Department of Commerce's Bureau of Industry and Security ('BIS') treats voluntary disclosures of export violations more harshly than other agencies that regulate exports from the United States. It also illustrates a potential, but avoidable, peril in the two-step voluntary disclosure process urged by BIS and other federal agencies. Finally, it serves as yet another example of the regulatory minefield that U.S. export laws present for U.S. companies with foreign subsidiaries.
Compliance with Non-U.S. Environmental Health and Safety Regulations
January 31, 2007
Most U.S.-based companies have fairly sophisticated environmental, health and safety ('EHS') programs that are designed to ensure compliance with applicable EHS rules and regulations. The reasons for such programs are obvious: EHS compliance represents the floor for most, if not all companies, and non-compliant companies are likely to experience adverse financial, environmental, health and safety impacts as a result of non-compliance.
Title VII Disparate Pay Claims
January 31, 2007
The U.S. Supreme Court is currently considering a case of great importance to employers, Ledbetter v. Goodyear Tire & Rubber Co., Inc. It will decide when the statute of limitations begins to run under Title VII of the Civil Rights Act of 1964 (as amended) ('Title VII') for certain types of disparate pay claims.
