Of all the strategic risks C-level executives face today, perhaps none threaten more to undermine a company's reputation and business model than those of cybersecurity. Because these issues not only cut across traditional legal disciplines—but also, in most companies, different business functions—too often companies lack a holistic understanding of cybersecurity and the interrelationship of all of these critical elements.
Kaye Scholer's Global Cybersecurity & Privacy Group can help by drawing on lawyers from multiple practice areas and combining combine our frontline knowledge of cyber issues with decades of litigation, regulatory affairs, government contracting, technology transactions, national security, and compliance experience to help your company balance and work through competing issues.
> “Promoting & Protecting Cyberspace” (Kaye Scholer, 2014)
> “Risk and Responsibility in a Hyperconnected World”
(World Economic Forum; Contributor, 2014)
> “Rethinking Cyber/Information Security”
(Tuck School of Business, Dartmouth; Roundtable Participant, 2014)
Cyber Advocacy & Public Policy
For more than a decade, our lawyers have been actively engaged in most major cyber policy actions and debates in the US, EU, China, India and other jurisdictions to help ensure you have a voice when it comes to shaping the reach and scope of US and global cyber law. Cyber law, policy and regulation is being developed and written right now, and every major company and industry can and should have a say in how these polices affect them. All critical infrastructure sectors, communications, IT, electric, financial services, health care, defense industrial base, transportation, chemical, energy, agriculture, and government services are being affected, and should help shape the policy globally. Every multinational company's policy position must be global, and work globally, as the rules of the road are being written simultaneously in the US, the EU, India, China, Brazil, Latin America, in multilateral organizations like the ITU, ISO, WTO, and in standards bodies like the IETF and IEEE.
Our lawyers have served in senior positions in government, and have successfully advocated for Cyber policy and regulatory positions with the White House, US Congress, DoD, DHS, NIST, USTR, FTC, the European Commission, and the governments of India, China, Russia, as well as other agencies globally. As cybersecurity and privacy issues move into regulatory agencies, like the FTC, FCC, FERC, DoT, DoD, SEC, OCC and other agencies, our team can help companies and industries set the right rules up front, file comments, advocate positions, and craft solutions that work and can be adopted globally. We also have a robust national security and government contracts practice that can and does advocate policy changes relating to national security, government contracting, export control, ITAR and product certification and evaluation (including Common Criteria and FIPS). Our cybersecurity practice is a merger of policy, technology, law and geopolitics, and our lawyers can bring all these together to chart paths forward that work for our clients and governments – at the end of the day, the cyber interests of the government and the private sector are often aligned.
Litigation & Investigations
Consistently ranked as a top IP litigation and technology transactions firm by Chambers USA, US News & World Report and Managing IP, we are well versed in cyber and Internet challenges and risk management related to patent, trademark and copyright protection, trade secrets, online marketing, false advertising, cyber-squatting and the role of using IT to improve data security. Many of our patent litigators have degrees in electrical, chemical or mechanical engineering, computational fluid dynamics and other scientific backgrounds, which enable us to understand not only the law, but also the technology behind the incident.
We have extensive experience in defending class action and security derivatives suits that might arise from cyber issues, including data breaches, loss of service, theft of core intellectual property, product liability, tort or contract disputes. Additionally, our white collar litigation team, which includes several former federal prosecutors, is well versed in internal investigations and external representations into cyber fraud allegations or other civil and criminal claims. Our outsourcing and IT technology transaction lawyers understand how IT systems can be challenging as well as a cure for data security risks.
Our employment lawyers have significant experience defending companies against allegations relating to the leak of confidential employee information. We also advise on government access to, and use of, private sector records should they be subpoenaed.
Governance & Compliance
Cybersecurity is now a board-level risk management issue. A loss of intellectual property, or a breach of systems resulting in a loss of consumer, partner or supplier data, or the failure of the provision of a core service of the company can cause significant reputational, brand, monetary and/or regulatory loss. It is a risk that needs to be managed.
Our team provides a focused approach to managing your particular cyber risks, and, in conjunction with technical and audit partners, provides a range of compliance solutions.
We also offer training for your managers and employees on how to comply with privacy and data protection rules, including counseling related to the cross-border exchange of data and international privacy protection laws, drawing on lawyers from our London and Frankfurt offices.
We work directly with executive teams, boards, audit committees and risk management committees to provide timely, real-world guidance on compliance and potential liability issues related to the production, collection, processing, use, distribution, storage and disposal of electronic data; information management policies regarding customer and employee personal information; establishment of cybersecurity, privacy and data protection protocols; theft, loss and unauthorized use of confidential or personal information; and industry-specific privacy regulations like HIPAA, HITECH and federal securities laws. We also can assist you with allocating oversight responsibility, determining Internet Service Provider responsibilities and addressing insurance coverage matters.
Finally, if a breach occurs, we not only counsel on breach notification and disclosure requirements, but also help with crisis management, incident response and remedial action, working in tandem with you, your media, government affairs and brand consultants to resolve issues quickly and effectively to limit potential consequences to customers or investors, and with as little adverse publicity as possible.
Cyber Transactions and National Security
We help structure contracts, service level agreements, outsourcing arrangements and purchasing or leasing of IT systems or services to ensure all security and privacy-related issues are properly understood. When it comes to M&A matters, we perform due diligence so that parties understand the attendant cyber risk and mitigation, and lower the possibility of surprise after acquisition.
Cross-border deals related to the exporting of hardware or software products often raise national security concerns and are subject to review by the Committee on Foreign Investment in the United States (CFIUS). Whether a transaction is reportable to CFIUS or not, clients must consider how to structure deals up front to reduce regulatory risk, and where arrangements need to be negotiated, ensure the core benefits of the deal remain. Our National Security Practice, ranked nationally by Chambers USA, counsels on approximately 25 percent of all CFUIS-related transactions, making us among the nation's most experienced firms when it comes to export control issues.