The Law Offices of Mary N. Chaney, P.L.L.C.
The Cyber Security Law Firm of Texas

Mary's Blog

The Breach Whisperer

About Mary....

Mary N. Chaney, Esq., CISSP® is a former Special Agent for the FBI where she investigated cybercrime, a seasoned corporate executive that built and operated information security teams and now a cybersecurity attorney.

As a self-described “Breach Whisperer” our firm can train your company to properly prepare for your eventual breach!

The overall goal of our firm is to use our wealth of knowledge and expertise to help support, translate and advise, Boards of Directors, CIO's, CISO's and General Counsel's on how to legally protect their company from cyber related risk.

Blog Entries


Boilerplate Arbitration Language Not Working In Large Breaches

See Article Here

Marriott had to back down on arbitration language that was included when victims of its breached signed up for fraud monitoring service with its selected provider Kroll WebWatcher. When signing up with the WebWatcher service victims of the breach were unsure if using the complimentary fraud monitoring service would waive their right to pursue legal claims in court through a class action case. Many contracts include standard language of waivers by default and these provisions can be used to prevent a victim from pursuing legal action against a company. However, as we learn experience more and more breach claims, and the courts start to relax its stance on class actions not being able to be certified based on a lack of “damages” these types of binding provisions will lose favor. Especially, for a company concerned about repetitional damage associated with their breach.

Marriott eventually stated that it would not enforce the provision, allowing claims, including class action claims, to be pursued unimpeded. Equifax did the same thing under pressure from vitims of its 2017 breach. I suspect this trend will continue as consumers get more educated about their rights and start to flex their muscle to force companies to answer for their inability to safeguard sensitive data.

It is often said, by me at least, that the only thing that will get companies to pay attention to their cybersecurity shortcomings is class action law suits. They have to feel the pain. Get ready!