Where trade secret theft is involved, a civil action may be commenced under the relevant state trade secret act or common law. Under the California Penal Code, it is illegal to knowingly access and without permission damage any computer system in order to defraud or extort.
In today’s environment, companies should be proactive in preparing for and resolving cyberattacks, and in addressing any resulting crisis management, legal or insurance issues. One step that companies can take is to engage an outside consultant to conduct risk assessments for business lines or an entire enterprise. Working closely with senior management and a company’s IT, compliance and legal departments, an outside cybersecurity consultant can assist a company in critically analyzing cybersecurity and privacy organization and governance, policies and procedures, as well as technology and controls that are within the company’s desired scope and tailored to the company’s needs. The end result provides for actionable recommendations that can be immediately deployed by the company.
In selecting a cybersecurity consultant, companies should consider whether they want to also engage outside legal counsel to assist in overseeing the testing of their cybersecurity infrastructure so that at least some aspects of the process can potentially remain confidential.
There is no avoiding the fact that breaches are inevitable and part of doing business in today’s data-driven marketplace. Well-rounded preparedness and testing is crucial in responding properly and mitigating liability.
VINCE L. FARHAT, PARTNER - HOLLAND & KNIGHT Vince.Farhat@hklaw.com.
JOHN A. CANALE, ASSOCIATE - HOLLAND & KNIGHT John.Canale@hklaw.com