A recent presentation at the ACC Colorado Fall Frenzy in Denver addressed how blockchain platforms are reshaping contracting, particularly how blockchain can be used to protect the security and integrity of contracts and automatically execute based on external conditions.

A post on the website of Kilpatrick Townsend expands on the three takeaways: Blockchains have important uses besides cryptocurrencies; smart contracts are already in use by companies; and the technology is in its infancy and several pitfalls exist.

Read the article.

Registration has begun for the 2018 Eastern District of Texas Bench Bar Conference, which is being held in conjunction with The Center for American and International Law’s Patent Trial and Appeal Board Bench Bar Conference.

Hosted by the Eastern District of Texas Bar Association, the annual event is one of the largest of its kind nationally, bringing together practicing lawyers, general counsels, in-house counsels, respected judges, and industry experts from across the globe to discuss the latest issues in patent law and intellectual property litigation. Topics will also include Corporate Cyber Threats, Qui Tam litigation, Trade Secret Theft and Protection, and many others.

The Honorable Andrei Iancu, U.S. Under Secretary of Commerce for Intellectual Property and Director of the United States Patent and Trademark Office (USPTO), will be the keynote speaker.

The 22nd annual EDTX Bench Bar Conference is set for October 17-19 at the Marriott Legacy Town Center in Plano, and registration information is available here.

Contact Andrea Williams-McCoy for more information on conference programs, registration and lodging at 903-870-0070 or andrea@siebman.com.

A federal judge slashed attorneys’ fees in a $115 million data breach case settlement between Anthem Inc. and its customers, according to Bloomberg Law.

“The Aug. 16 ruling by Judge Lucy Koh of the U.S. District Court for the Northern District of California closes the long-running lawsuit against Anthem. The case stemmed from a 2015 breach that exposed Social Security numbers, birth dates, and health-care data of 78.8 million customers,” explains reporter Daniel R. Stoller.

The judge ruled that attorneys for the class action plaintiffs are entitled to $31 million in fees, $2 million in expenses, and $132,000 for other operation costs. Class attorneys had requested $37.95 million in fees, or roughly one-third of the total settlement fund, which Koh approved Aug. 15.

Read the Bloomberg Law article.

A post on Dykema’s The Firewall blog considers the question: Who bears the loss from a breach perpetrated by a data breach fraudster: the consumer whose data was compromised, the financial institution where the data was used, or the business that failed to protect the data?

The author, David B. West, writes that the answer depends on which law applies.

“While statutes require banks and their vendors to protect customers’ Personally Identifiable Information (“PII”), the obligation of other businesses to do so is not as well defined,” West explains. “Regulatory obligations to protect data vary by industry and geography.”

He also discusses relying on common law for data breach losses, recovering damages, and the need for consistent ability to recover losses.

Read the article.

Bloomberg Law is reporting that a virtual currency operator accused of running off with investor funds after a 2013 hack and lying to investigators has accepted a plea deal with federal prosecutors in New York.

Reporter Lydia Beyoud writes that Jon E. Montroll of Saginaw, Texas, faces up to 40 years in prison.

Manhattan U.S. Attorney Geoffrey S. Berman said in a July 23 statement accompanying the plea agreement that Montroll “repeatedly lied during sworn testimony and misled SEC staff to avoid taking responsibility for the loss of thousands of his customers’ bitcoins,” in 2013, Berman said.

Read the Bloomberg Law article.

The Society of Corporate Compliance and Ethics will present its 17th Annual Compliance & Ethics Institute, October 21-24, 2018, in Las Vegas, with top industry experts and professionals from around the world.

At this four-day networking and educational event, participants will gain information they need to effectively manage their compliance programs and mitigate risk, the SCCE says on its website.

At the Compliance & Ethics Institute, participants will:

• Network with over 1,800 professionals from all industries and 40 countries.
• Choose from 10 learning tracks, 100+ sessions, and over 150 speakers.
• Get up-to-date on issues relevant to your current challenges, including global antitrust compliance, cyber security, anti-corruption, and harassment and discrimination prevention.
• Leave with practical solutions you can immediately put into practice at your organization.

This conference is for compliance and risk professionals and those who work with them in an advisory or partnership capacity. Positions include: in-house and outside counsel, audit managers and officers, consultants, corporate executives, human resource managers, privacy officers, researchers and policy makers, risk managers, staff educator and trainers, and more.

Get more information.

Image by Mike Mozart

Target Corp.’s $17 million class settlement to resolve consumer claims over a 2013 data breach passed Eighth Circuit scrutiny on its second trip to the appeals court, reports Bloomberg Law.

The court rejected an objector’s challenge that the named plaintiffs weren’t adequate representatives for the whole class because they received compensation while others didn’t, according to reporter Perry Cooper.

He explained:

“All class members had the ability to register for credit monitoring, and all of the compromised payment cards undoubtedly were canceled and replaced by the issuing banks,” Judge Bobby E. Shepherd wrote for the U.S. Court of Appeals for the Eighth Circuit.

“Any risk of future harm is therefore entirely speculative,” the court said.

Read the Bloomberg Law article.

The 4th annual Bloomberg Law In-House Forum will Explore the steps that general counsel need to take to mitigate the internal cybersecurity threat.

The event will be Wednesday, June 27, 2018, at the Grand Hyatt San Francisco, 345 Stockton Street, San Francisco 94108.

Specifically, the event will dissect one of the most pressing issues affecting the modern corporate workplace: cybersecurity threats from its own employees. Participants will learn how general counsel can effectively partner with other teams at the organization to guard against this growing risk.

Speakers will guide the discussion, outlining how corporate counsel can build relationships between IT and Human Resources in order to act in a leadership role, crafting an effective risk avoidance plan that includes auditing, training, and both preemptive and post-breach initiatives.

Register for the event.

Bloomberg Law is reporting that a federal magistrate judge recommended the dismissal of a lawsuit that accuses Reed Smith LLP and Clark Hill PLC of using baseless lawsuits, discovery delays—and even thuggish private eyes—to help a client conceal its criminal activities.

Reporter Samson Habte writes that the recommendation could bring an end to one of several high-stake lawsuits that LabMD Inc. is pursuing against cybersecurity firm Tiversa Inc. and some of the nation’s largest law firms.

In a lawsuit, LabMD accused former U.S. Attorney Mary Beth Buchanan and Bryan Cave Leighton Paisner LLP of trying to prevent a whistleblower from revealing Tiversa hacked LabMD with “FBI surveillance software” it got from Buchanan.

The suit also claimed that Reed Smith and Clark Hill helped Tiversa cover up Tiversa’s allegedly criminal activities. “The firms allegedly did so by bringing baseless defamation suits that drained LabMD’s resources, and by using private investigators to intimidate and silence the whistleblower,” according to Habte.

Read the Bloomberg article.

Bloomberg Law is reporting that a little-noticed lawsuit filed in New York federal court accuses a former federal prosecutor of unethically preventing a whistleblower from telling the FTC that he hacked an embattled company’s files using “FBI surveillance software” that the prosecutor gave him.

The allegations are in a suit against former U.S. Attorney Mary Beth Buchanan and Bryan Cave Leighton Paisner LLP, the global megafirm where she is now a partner, according to reporter Samson Habte.

Plaintiff LabMD Inc., a cancer-screening firm, says it went out of business after falling victim to a “shakedown scheme” by a cybersecurity firm that hacked the lab’s files—and then reported it to the FTC when it refused to pay for “remediation” services.

LabMD’s complaint alleges Buchanan gave FBI surveillance tools to Tiversa Inc., which then allegedly used the tool to hack LabMD. It also alleges Buchanan unethically represented the whistleblower in FTC proceedings to keep him from divulging how Tiversa received the hacking tool.

Read the Bloomberg article.

Michael Best announced that Velvet Johnson has joined the firm’s Privacy & Cybersecurity Practice Group as senior counsel in Washington, D.C.

In a release, the firm said Johnson’s arrival comes on the heels of other recent hires to the group, including partners Ryan Sulkin and Elizabeth Rogers in Chicago and Austin, respectively.

Johnson concentrates her practice advising clients on various matters of internet policy, regulatory compliance, privacy and cyber-related issues, in addition to providing counsel on numerous cross-border business issues.

“Velvet has an incredibly strong background on cybersecurity matters from her time working in the government,” said Adrienne Ehrhardt, Chair of Michael Best’s Privacy & Cybersecurity Practice Group. “Her reputation and breadth of experience in Washington, D.C. will certainly enhance our group’s ability to address client’s needs, particularly as it relates to policy assessment and legal frameworks. Her addition comes at a key period in time as well with the European Union’s enforcement of the General Data Protection Regulation beginning later this month.”

Prior to joining Michael Best, Johnson spent nearly a decade in various legal and policy advisory roles both within the U.S. Congress and the U.S. Department of Defense (DoD). Much of her time was spent advising on matters related to federal cybersecurity legislation, the National Institute of Standards and Technology Framework for Improving Critical Infrastructure, and national security law guidelines. In her latter role, she represented the DoD in multiple National Security Council-led Cybersecurity Interagency Committees, Working Groups, and senior-level policy forums. After her time with the government, she spent two years as a cyber strategy consultant with a global management consulting firm where she was responsible for managing and executing security and risk programs on behalf of her clients.

“We’re thrilled that Velvet has decided to join us here in Washington, D.C.,” said Kevin Barner, Michael Best’s Washington, D.C. Office Managing Partner. “Her addition will help our clients navigate the complex regulatory and compliance challenges they will inevitably face.”

Johnson received her J.D. from the University of Maryland School of Law and her B.S. from the University of Richmond. In addition to her university degrees, Johnson also earned a cybersecurity certification from Georgetown University and the Certified Information Privacy Professional/United States (CIPP/US) credential through the International Association of Privacy Professionals (IAPP).

Flexera will present a complimentary webinar about the basics of open source licensing, vulnerabilities, trends and expectations for compliance.

The event will be Wednesday, April 18, at noon Central time.

Data shows that most companies are significantly under-counting their use of open source software (OSS), leading to potential legal and security concerns that need to be respected, monitored, and — if needed — resolved. Additionally, your customers are expecting higher levels of compliance. This begs the question, what is your legal team’s role in managing compliance and security vulnerabilities associated with OSS?

Marty Mellican, VP and Associate General Counsel at Flexera, will discuss the need for process and lawful management of OSS. This webinar will cover:

• The basics of intellectual property (IP) law and how open source licenses are built on top of those principles
• The most common licenses, including the GPL, AGPL, BSD, Apache, and MIT to name a few
• How to work effectively and securely with OSS both as a consumer and a creator of OSS
• Trends in OSS license enforcement in the last year
• Expectations for compliance and what compliance looks like
• How GDPR will affect your open source use and management

Register for the webinar.

Hunton & Williams LLP has posted an on-demand webinar discussing the Securities and Exchange Commission’s recently released cybersecurity guidance.

For the first time since its last major staff pronouncement on cybersecurity in 2011, the SEC has released new interpretive guidance for public companies that will change the way issuers approach cybersecurity risk, the firm says on its website.

Presenters are partners Lisa Sotto, Aaron Simpson and Scott Kimpel, and senior associate Brittany Bacon. They discuss the new guidance, along with changes in regulatory obligations under EU law with respect to the upcoming GDPR and historical SEC enforcement actions related to cybersecurity.

Watch the on-demand webinar.

Troutman Sanders will host a complimentary webinar that will cover the legal landscape surrounding data based products. The event will be Thursday, March 22, 2018, 3-4 p.m. Eastern time.

“In the last few years, the right to privacy has been hotly debated in the United States. What critics do not understand or appreciate is that the next technological paradigm is completely dependent on improvements both to the quality and quantity of data,” the firm says on its website.

Webinar speakers will cover the ongoing evolution of the legal landscape for data-based products, so that organizations can continue to succeed in their development of data-based products.

Register for the webinar.

Law firms may not be the safe repository of client confidences—such as trade secrets and merger plans—that they once were, as hackers recognize firms as prized vaults of proprietary corporate data, warns Bloomberg Law. And clients are starting to view law firm data breaches as serious business considerations.

Daniel R. Stoller talked with Christopher Dore, privacy partner at plaintiff-side firm Edelson PC in Chicago, who told him that “if hackers want to get data from Alphabet Inc.’s Google, the best path may be through a law firm rather than directly from the company, because the law practice likely has an almost ‘unlimited variety of data.'”

And Lucian T. Pera, legal ethics partner at Adam and Reese LLP in Memphis, Tenn. and former treasurer of the American Bar Association, told Stoller: “Cybersecurity protections are becoming a serious factor in client decision-making,” at law firms, and large firms stand to lose business if they don’t take care of cybersecurity.

Read the Bloomberg article.

FTI Consulting, Inc. announced findings from its Technology segment’s 12th Advice from Counsel study of e-discovery, information governance (IG), privacy and security trends. The study explores how issues of data security and privacy impact in-house legal teams at Fortune 1000 corporations and reveals the top concerns and emerging best practices across three key and intersecting topics: the General Data Protection Regulation (GDPR), IG and data security and remediation.

“A clear and recurring theme is that in-house legal teams are under greater pressure to meet ever-changing and increasing data-related challenges,” said Chris Zohlen, a managing director in the Technology segment at FTI Consulting and co-author of the study. “This year’s Advice from Counsel study shares their practical advice on a range of topics, from securing executive buy-in to benchmarking against peers or auditing the security practices of service providers.”

Data privacy, security challenges and threats were top priorities for virtually every large organization around the globe. Respondents had dozens of suggestions for proactive ways to address IG and data protection, including addressing the human element and creating a culture of awareness in achieving strong security. While billions of dollars have been spent on technology to strengthen security, several participants said that they do not believe their organizations are safer than they were five years ago, because the human element has not been adequately addressed. Other organizations reported working with outside experts to focus equally on implementing technology solutions and creating a culture of awareness to address continually evolving data privacy and security challenges.

Additional key findings and takeaways in the study include:

• The investment required to ensure GDPR compliance was a top concern among the 80 percent of organizations that confirmed they will be impacted by the regulation. However, they were divided on whether they should wait to see how the regulation will be enforced before acting, vs. working to get ahead of penalties proactively.
• For those evaluating an IG strategy to better protect data, respondents agreed on the importance of seeking outside experts. They repeatedly made clear that data security is an area that is evolving quickly and teams need to work with technical experts to stay apace and handle it effectively.
• The growth of cloud storage and machine learning is making it easier for organizations to identify trends and realize monetary benefits from enterprise data. Finding the right balance between Big Data and over-preserving is a common challenge. Organizations know they are creating and saving too much data, and more than half of respondents reported successfully conducting data remediation projects. Others were hampered by limited resources, lack of engagement from cross-department teams or failure to obtain C-level buy-in to move projects forward.

“In today’s business climate, all organizations are challenged to better protect enterprise data, which is a complicated effort that requires dedicated resources across multiple departments,” said Jake Frazier, Head of the Information Governance, Privacy & Security practice and a senior managing director in the Technology segment at FTI Consulting. “Overcoming the initial barriers of securing buy-in and approval from top company leadership can be overwhelming but will make all the difference in setting projects up for success from the outset. Our clients and the respondents in the Advice from Counsel study have found that working with internal and external partners to conduct data protection assessments, identify priorities and execute a plan custom-built for the company’s risk profile are the most effective steps to address budget issues and the broader landscape of challenges.”

About the study
For the past nine years, FTI Technology has partnered with Ari Kaplan Advisors to publish the annual Advice from Counsel study, a quantitative and qualitative view into e-discovery best practices for corporate counsel. The study was conducted through phone interviews with 30 in-house lawyers at Fortune 1000 corporations with responsibilities that included some aspects of e-discovery and information governance. Of this year’s participants, 79 percent develop and implement e-discovery processes while 89 percent develop and implement information governance processes. Eighty percent of participating organizations had total annual revenues greater than $5 billion and 67 percent had over 10,000 employees. In terms of litigation events over the past 12 months, 33 percent reported managing 100 to 500 litigation events, and 33 percent reported managing more than 500 litigation events.

Zapproved has published “GDPR Readiness: A Quick Start Guide” about the European Union’s General Data Protection Regulation (GDPR) which is set to go live on May 25, 2018.

Zapproved says that half of all affected businesses won’t be ready for the May launch of the GDPR. This guide is intended to help those struggling with compliance so companies can avoid fines, which can be as much as 4 percent annual corporate turnover, or €20 million — whichever is greater.

“If you collect or maintain data about EU residents or conduct business in the EU, you will need to understand and comply with the data collection, security, access and erasure provisions of the GDPR or face unprecedented penalties,” the company warns.

This complimentary quick guide explains why GDPR exists and how it’s likely to conflict, at least initially, with U.S. discovery principles. It includes a short checklist for the first steps to take to get started with GDPR readiness.

Download the guide.

Flexera will present a complimentary webinar on how open source security and compliance have grown to be a big part of the cybersecurity and legal portfolio.

Presenter Jeff Luszcz, vice president of product management for Flexera, also will share special insights from Flexera’s open source auditing team for the past year.

The event will be Wednesday, Feb. 21, 2018, beginning at 11 a.m. Central time.

Topics will include:

• Open source vulnerabilities and licenses that made the news in 2017.
• Closing the risk window – How long do you really have to mitigate a vulnerability once it is discovered?
• How do GDPR laws affect your use of open source?
• How you can improve your open source security and compliance process.

Register for the webinar.

Washington Technology will present a complimentary webinar on Jan. 25, 2018, to discuss new compliance requirements for securing government data contractor networks. The webinar will begin at 2 p.m. Eastern time.

Speakers for the one-hour event will be Ron Ross of NIST; Maria Proestou, CEO of Delta Resources; and Susan Cassidy, partner, Covington & Burling.

Government and industry experts will:

• Offer advice and guidance on what contractors should be doing to ensure compliance.
• Provide insights on best practices in areas such as training, risk management and planning for in the future.
• Help to prepare attendees for meeting this requirement and maintaining compliance for their government customers.

Register for the webinar.

In an article for Bloomberg Big Law Business, Wiley Rein LLP’s Kirk Nahra details the top-10 U.S. and international developments in 2018 that companies must be aware of to ensure an effective information security program.

Nahra writes that “it is clear that privacy and data security has moved from an issue impacting primarily healthcare and financial services companies, to an issue that affects, in large and small ways, virtually every company across the globe. These issues affect litigation, mergers and acquisitions, product development, research, corporate strategy, business partnerships, and, in some way most activities of most companies.”

His article covers the European Union’s new General Data Protection Regulation, Privacy Shield and other data transfer obligations, non-EU data transfer programs, cybersecurity, breach litigation, FTC and Office for Civil Rights enforcement, and the role of the states.

Read the Bloomberg article.