The Law Offices of Mary N. Chaney, P.L.L.C.
The Cyber Security Law Firm of Texas

Mary's Blog

The Breach Whisperer

About Mary....

Mary N. Chaney, Esq., CISSP, CIPP/US is a former Special Agent for the FBI where she investigated cybercrime, a seasoned corporate executive that built and operated information security teams and now a cybersecurity attorney.

As a self-described “Breach Whisperer” our firm can train your company to properly prepare for your eventual breach!

The overall goal of our firm is to use our wealth of knowledge and expertise to help support, translate and advise, Boards of Directors, CIO's, CISO's and General Counsel's on how to legally protect their company from cyber related risk.

Blog Entries


 

For Lawyers It's Your Ethical Duty To Report A Breach

See Article Here

The American Bar Association issued guidance that on its “Model Rules of Professional Conduct that require lawyers to monitor for and prevent data breaches, determine what occurred, restore systems and inform clients if their sensitive data is breached.” The ABA also stressed that meeting compliance obligations does not mean you meet the ethical standard, an attorney must make, you guessed it, “reasonable efforts” to avoid the loss of client data.

What I find most interesting in this article is the statement by the ABA that says “Although security is relative, a legal standard for ‘reasonable’ security is emerging.” That it is, as I have rambled on in previous post about the writing being on the wall. The more standards that are out there that require companies to instill basic security measures, in addition to all the case law, a true sense of what is “reasonable” has already emerged.

The ABA goes on to say “That (reasonableness) standard rejects requirements for specific measures (such as firewalls, passwords, or the like) and instead adopts a fact-specific approach to business security obligations that requires a ‘process to assess risks, identify and implement appropriate security measures responsive to those risks, verify that the measures are effectively implemented, and ensure that they are continually updated in response to new developments.”

Wow, and there you have it.