Lewis Brisbois' Data Privacy Team Speaks with American Lawyer for Article on Law Firm Data Breaches
Portland, Ore. (August 17, 2022) - Portland Partner and Chair of Lewis Brisbois’ Data Privacy & Cybersecurity Practice Sean B. Hoar, Dallas Partner and Vice-Chair of the Data Privacy & Cybersecurity Practice Lindsay B. Nickle, and Philadelphia Partner Aubrey L. Weaver recently spoke with the American Lawyer (part of Law.com) for an article titled, “The Law Firms That Get Hired When A Firm Is Hacked.” The article, which was republished in the Daily Report (also part of Law.com), highlights Lewis Brisbois as being among “a select set of players in the Am Law 200” most often retained by fellow firms to handle data breach matters, and discusses the implications of these breaches.
In describing examples of the unique and challenging issues that arise when a law firm suffers a data breach – particularly in the middle of a complex litigation – Ms. Nickle told the American Lawyer that the plaintiffs’ Social Security numbers and medical records could be exposed, thereby raising the stakes in the dispute. “That can impact ongoing litigation and can add a layer of complexity to a litigation that is already pretty complex on its own,” she explained. “In notification situations with ongoing litigation, we have to think about how we are going to notify this individual. As a lawyer, I am not able to contact opposing counsel’s clients directly. It can be really difficult to navigate.”
Similarly, Ms. Weaver noted, “There’s an extra wrinkle when considering law firms, which are the ethical obligations from the duty of confidentiality to clients,” adding, “Attorneys have to be concerned about confidential client information, though that’s not really well defined. It could be anything that could impact a representation or impact a client in a legal matter.”
Ms. Nickle also discussed how retaining data privacy attorneys helps prevent cyber incidents. She told the American Lawyer that many firm leaders underestimate the skill required to vet third-party vendors and navigate the ever-evolving regulatory landscape. “It’s a specialty in the law that a lot of lawyers don’t even know exists, and I recommend lawyers who aren’t familiar with it don’t try to navigate it on their own,” she explained. “Bringing lawyers in who can help can make things more smooth and minimize the impact of being a victim of a cyberattack.” Moreover, Ms. Nickle noted that Lewis Brisbois’ Data Privacy team leaders expect to counsel clients in more than 2,000 breaches in 2022. She explained that although breach response work still comprises a large part of the data privacy team’s caseload, clients’ greatest needs currently are regulatory compliance and proactive prevention measures.
In discussing the development of Lewis Brisbois’ Data Privacy team, Mr. Hoar described that when the practice launched in 2017, he envisioned that 50% of the work would be proactive and compliance-related, with the remainder being managing responses to data breaches. “As it turned out, the incident response side of our practice increased rapidly and probably became around 90% of our work,” he observed. Mr. Hoar further described that Lewis Brisbois recently began building out its compliance advisory services platform and expects that services in this area will comprise close to 30% of the practice’s total workload in 2023.
Mr. Hoar has extensive experience managing responses to digital crises and effectively marshaling resources to contain and remediate information security incidents. He previously served as the lead cyber attorney for the U.S. Attorney’s Office in Oregon and he worked closely with the Computer Crime & Intellectual Property Section in Washington D.C.
Ms. Nickle assists clients by overseeing the process of investigating data security events and interpreting the myriad state and federal laws governing data breach response. She also guides clients through regulatory investigations arising from data security incidents.
Ms. Weaver utilizes her education in digital forensics and cybersecurity to counsel clients in proactively managing cyber risk, and to guide clients in managing and responding to data security incidents. She has a longstanding interest in technology, which aids her in continually developing her knowledge base to best serve the needs of her clients.
Read the full American Lawyer article here and the Daily Report article here (subscription may be required). Learn more about Lewis Brisbois’ Data Privacy & Cybersecurity Practice – a two-time Advisen “Cyber Law Firm of the Year” winner – here.