A prominent Chinese dissident may proceed with his malpractice case against a law firm based on allegations that the firm failed adequately to protect his personal data from hackers, a Washington, D.C. district court said in an opinion on February 20.  In his $50 million suit, the plaintiff, Guo Wengui, alleges that after he retained

The outlines of the attorney-client privilege and work-product doctrine are well-established. But how should they apply when an organizational client suffers a cybersecurity event or other intrusion that results in a data breach?  Should information about the company’s security policies pre-breach and its post-breach response be given any enhanced protection? Under what circumstances?

The questions

Law firm cybersecurity is in the news again with two developments. First, the latest ABA TechReport says that large law firms were more likely to be victims of a data security breach last year than mid-size or small firms, with one in seven respondents having been hit overall. That’s a big deal. Next, a federal class action complaint in what is thought to be the first suit attempting to base liability solely on a U.S. law firm’s allegedly inadequate cybersecurity was unsealed on December 9. But that suit possibly turns out not to be such a big deal.
Continue Reading Data breach report says BigLaw is most likely to be hit, and cybersecurity complaint is unsealed

PhishingAs Willie Sutton supposedly said, he robbed banks “because that’s where the money is.”  That also explains why law firms and lawyers are increasingly the targets of cyber-intrusion, particularly phishing scams.  Apparently, phishing in legal waters can yield a full net of stolen information.

“Most likely” to take the bait

Verizon’s 2015 Data Breach