Data Breach! Miranda Himself May Be Dead, But the Wisdom of the Case that Bears His Name Lives On [Lowndes Tech]
June 02, 2021
Lowndes attorney Drew Sorrell discusses how the things you say via electronic communications can be held against you in a court of law.
Let us assume a company has done all the right things. Preemptive security was a concern, so the company tightened up its written cybersecurity controls and associated technical controls, including policies and procedures, endpoint detection and response, and training. Breach was a concern, so the company drafted its data breach response plan. Moreover, the company pre-emptively identified (and possibly retained?) a technical specialist to respond on short notice in case of emergency, along with a cyber attorney to provide advice and a critical communications specialist to talk the talk. Additionally, the company obtained appropriate cyber insurance to cover the likely breach scenarios and even understands its coverages (which may include the cost of the professionals identified).
But as these things happen, the company still suffered a breach (it wouldn’t be much of an article if nothing happened!). In investigating the matter, the CEO texted the CIO. The CIO then texted the systems engineer, who proceeded to text the forensics specialist. Given the inherent casual nature of text messages and the stress of the situation, word choice was not necessarily what you would want your mother to read, nor was it artfully crafted sufficient to satisfy a lawyer. Suffice it to say, the CEO was convinced that someone in IT was not only negligent, but grossly so, “Otherwise, this would never have happened!” and made his feelings known via text.
Also, regrettably, the systems engineer left a voicemail for a friend and coworker which was automatically transcribed and emailed to the coworker via the firm’s third-party email archiving system. This time, the systems engineer recounted his recent interaction with the CIO and provided to his friend and coworker a frank assessment of the CIO’s unilinear family tree and severe lack of educational accomplishment, finishing the message with a suggestion that the CIO attempt an improbable physical act with himself. Adding to it all, the systems engineer explained to his coworker that if the CEO had only approved the previously requested updated firewall budget, this whole breach would never have happened. [Read more]
This is an excerpt from a blog post originally written on Lowndes Tech.
This article is informational only. You should consult an attorney before acting or failing to act. The law may change rapidly and no warranty is given. LOWNDES DISCLAIMS ALL IMPLIED WARRANTIES AND WITHOUT LIMITATION, ANY WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE. ALL ARTICLES ARE PROVIDED AS IS AND WITH ALL FAULTS. Consult a Lowndes attorney if you wish to establish an attorney/client relationship.