Legal Tech's Predictions for 2019 in Cybersecurity and Privacy
From Equifax to Facebook to the GDPR, cybersecurity and privacy had a banner year in 2018. But according to attorneys and cyber experts, the cyber focus shows no sign of stopping.
December 18, 2018 at 11:30 AM
9 minute read
Just about every week, there's a reminder that cybersecurity remains important. But that doesn't mean that many are taking it as seriously as they should. In the past month alone, Legaltech News has reported surveys that note how law firms are not adopting proper cyber protocols, companies haven't mitigated third party risks, and attorneys are vulnerable to biometric, cloud and phishing attacks. This isn't just a U.S. problem either.
Meanwhile, the focus on privacy seems to be ever increasing. Sometimes, it's a renewed focus on privacy regulations following the EU's General Data Protection Regulation (GDPR) or the California Consumer Privacy Act of 2018. Other times, it's a matter of court cases, like the U.S. Supreme Court's Carpenter v. U.S. ruling. But in general, maybe it's just public awareness, as consumers in both the U.S. and abroad become increasingly aware of how their personal data is used.
That's why it's important to be on the forefront of cybersecurity shifts and privacy changes. To get you ready for what 2019 has to offer, LTN has solicited predictions from top attorneys and experts in the field, gaining insight into what they're looking out for in the new year. The quotes given here are in alphabetical order by last name.
LTN has also published predictions for 2019 in e-discovery, with more on new and innovative technologies coming on Thursday.
|Cybersecurity and Privacy Predictions
Paige Boshell, Privacy Counsel: “Privacy may eclipse cybersecurity in risk management efforts in 2019. Consumers, regulators and courts are all aware that data breaches are commonplace. Unless the business has been deficient in its cybersecurity efforts, it is usually seen as a victim. Privacy scandals, however, are generally viewed as self-inflicted. So-called 'data leaks' or 'data exposures' are typically caused by lapses in management or the devaluation of consumer privacy. Losses caused by such events are not usually covered by cybersecurity insurance policies. Increasing liability and regulatory risk will highlight the need for a separate, executive privacy function.”
Nina Bryant, FTI Technology: “Data protection authorities now have much more power and oversight to investigate and correct issues relating to data privacy than ever before. We're likely to see an increase in whistleblowing activity that is aimed at using GDPR violations to influence other legal matters, such as employment litigation, union negotiations, etc.”
Jared Coseglia, TRU Staffing Partners: “Ushered in by The Cambridge Analytica/Facebook scandal in America and cemented by the May 25th, 2018 GDPR deadline in Europe, privacy has instantly gone from a niche discipline to a socially understood and valued commodity that is creating jobs, if not careers, for thousands of legal and legal technology professionals. In 2018, there was an explosion of CPO and partner-level placements throughout the Fortune 1000 and Am Law200. In 2019, there will be an abundance of jobs a tier below these executives as corporate legal departments and law firm practice groups, big and boutique, aim to bolster the middle ranks with privacy associates and privacy program developers/executors.”
Adam Doblo, Adaptive Solutions: “In 2019, the frequency and intensity of law firm security audits by clients will increase, and will include greater emphasis on encryption at rest. Encryption of data at rest is a means of securing volumes of stored files and documents that may not have been recently accessed. In the event that a device is lost or stolen, or data on a network is breached, resting encrypted data will not be accessible without a decryption key.”
Stephen Ehrlich, The MCS Group: “The rest of the nation will follow California with privacy legislation like GDPR to further subject U.S. companies to protect their client's data. Companies such as Microsoft and Amazon Web Services will enhance their tools to make it easier for companies to be audited and prove compliance.”
Simon Elven, Tikit: “Law firms are increasingly expected to be able to demonstrate 'corporate-level' security for their clients' data as part of any bid process. Combined with the regulatory requirements around data privacy, and the catastrophic reputational consequences if these are breached, the law firm mind is firmly focused on data security. The key, though, will be to weave these elements into the fabric of the firm so that security and data privacy are just by-products of normal, everyday work without conscious thought or effort on the part of the users. Technologies that facilitate this approach will be the ones to look out for.”
Amanda Fennell, Relativity: “Phishing has long been the most effective entry point into any industry and it's evolving with the use of social media. Dubbed Rose Phishing, phishers will create fake profiles on platforms like LinkedIn and Facebook to disseminate false information, ruin credibility, attack other high-value targets, perpetrate financial fraud, etc. These attacks are highly complex socially but simple to enact and will be plentiful in 2019. Mitigation relies on a change in behavior of social media users, which is often difficult.”
Lisa Hawke, Everlaw: “The EU's General Data Protection Regulation coming into effect on May 25, along with several high profile data breaches that occurred in 2018, has paved the way for greater scrutiny on data security and privacy at the state and federal level. California, Ohio, and Colorado have passed data protection and security laws. GDPR helped make data protection a mainstream issue in 2018, and we will continue to see this heightened scrutiny and awareness grow in 2019.”
Rob Hanna and Elisa Arko, Tucker Ellis: “With news of cyber breaches bombarding us daily, we anticipate the continued growth and implementation of blockchain technology to address cybersecurity and privacy threats in 2019. Blockchain technology contains inherent features that make it a natural solution to mitigate these risks. Its key features include: (1) decentralized architecture (no longer able to attack a centralized database); (2) consensus validation (continued validation of the integrity of the data); and (3) encryption (sophisticated monitoring of the computers authorized to transact on the blockchain). As we continue to search for ways to combat cyber risks, and we are searching, blockchain technology is a potential solution. The cyber risks continue to evolve in complexity and intensity. So must we.”
Tim Helming, DomainTools: “A set of security standards for consumer and small business-grade IoT devices will be drafted. This proposal could include something analogous to the UL listing for electrical devices—it would state that a device with the certification meets specific minimum standards for 'securability.' Example criteria could include forcing strong administrative passwords, hardening of the OS, not listening on any ports except one or two that require encryption and authentication, etc.”
Erin Illman, Bradley: “Public sentiment, and impending legislation, on privacy will cause companies to reconsider how they handle data. In an effort to stand out, companies will build their brand around transparency of their data collection practices and the acknowledgment that data is valuable. Companies will start providing customers with large-scale financial incentives for data collection and use.”
Joe Kelly, Legal Workspace: “As cyberattacks increase and malicious programs proliferate, there's no room to ignore technology updates or enable systems that compromise your firm and its clients. There's no more set it and forget it. The evaluation of law firms' tech in 2019 will have to be mandatory, constant, and proactive. Ensure that tech providers keep up with the latest attacks and address vulnerabilities quickly. Also, if your firm isn't compliant with regulations like HIPAA, start that process now. Not only will you be able to market that compliance, but the additional safeguards associated with HIPAA will help protect your firm.”
Mark Mao, Troutman Sanders: “Before the end of 2019, 'edge computing' might force lawyers and regulators to rethink the current paradigms of data privacy law. With machine learning/artificial intelligence (AI) and advances in processing, we are ever less reliant on far away servers. As the world becomes more connected (e.g., IoT), businesses also realize that they cannot be over-reliant on the cloud. But if more data is processed locally by AI (i.e., edge computing), are users surrendering their confidential data when proprietary AI processes and uses that information, even if the information is never technically further transmitted? The answer is unclear under current paradigms.”
Darrell Mervau, FileTrail: “Information governance will continue its ascent up the priority ladder in 2019 as firms move beyond simply having a written policy to automating its execution. Clients are putting IG requirements into RFPs. This includes the ability of firms to demonstrate a commitment to data security and the enforcement of a defensible IG program that manages data through its lifecycle (but not longer.) Firms that can prove their compliance with both their own IG policies and client outside counsel guidelines will attract and retain clients at a higher rate than those that don't.”
Eli Nussbaum, Keno Kozie Associates: “2019 is the year that it will become universally accepted that the lack of strong password policies and multifactor authentication within an organization are akin to leaving the office unlocked outside of business hours. Even the most change averse partners will come to understand that the 'inconvenience' and 'added work' of these tools are the new normal and comprise the bare minimum to protect against the ever-changing cybersecurity threat.”
Joe Raczynski, Thomson Reuters: “With an increased ownership of cryptocurrency wallets—allowing complete control of money, tokenized real estate, health records, and state issued documents for individuals—legal professionals and corporations must be prepared for the 'kidnapped for crypto' scenario. Criminals will target individuals/legal professionals, forcing the victim to send their currency to an address and then vanish, the funds impossible to retrieve. The distributed nature of blockchain places the onus of protection, privacy, and security on the individual, but organizations and government agencies need to prepare for this and leverage technology to serve and protect customers.”
Wayne Stacy and Cynthia Cole, Baker Botts: “Data protection continues to captivate headlines: breaches, surveillance, senate hearings, local legislation and drafts of federal policies. And Margaret Atwood, author of The Hand Maid's Tale is headlining the 2019 IAPP Global Privacy Summit. Ultimately, we will see that innovation in data protection leads us back to old-fashioned sound human judgment. Away from the infinite application of machines and algorithms in processes and procedures. Technology is a tool that is only as good as its master. And the master of data is king.”
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
- 1Decision of the Day: Judge Reduces $287M Jury Verdict Against Harley-Davidson in Wrongful Death Suit
- 2Kirkland to Covington: 2024's International Chart Toppers and Award Winners
- 3Decision of the Day: Judge Denies Summary Judgment Motions in Suit by Runner Injured in Brooklyn Bridge Park
- 4KISS, Profit Motive and Foreign Currency Contracts
- 512 Days of … Web Analytics
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250