© 2013 The Texas Lawbook.
By Natalie Posgate
Staff Writer for The Texas Lawbook
(July 17) – As corporations struggle to keep their sensitive information safe, at least a dozen Texas law firms are counseling their clients about cybersecurity concerns – most commonly regarding data breaches and privacy protection.
Firms that currently have Texas lawyers involved in such efforts include Akin Gump, Baker Botts, Bracewell & Giuliani, Gardere Wynne Sewell, Haynes and Boone, Jackson Walker, Jones Day, K&L Gates, Norton Rose Fulbright, Patton Boggs, Thompson & Knight and Winstead.
And by the looks of it, cybersecurity counseling is here to stay. Lawyers in private practice say general counsels are increasingly citing cybersecurity as one of the top concerns of their companies.
Ron Breaux, a Dallas partner at Haynes and Boone, said five years ago, cybersecurity would not have been on a GC’s “radar screen.” But now, he added, “If you ask any GC, ‘What keeps you up at night?’ I think you’ll find a large number will say cyber issues.”
Some firms – Haynes and Boone included – have approached the problem by creating a practice group to specifically handle the legal issues tied to client data breaches and other privacy issues.
Breaux said Haynes and Boone began considering a practice group a few years ago. When a large client underwent a significant data breach, the incident prompted the firm to officially form a group.
Today, the thriving privacy and data breach practice group has eight attorneys who traditionally specialize in white-collar defense, health care, banking, regulatory, IP and transactional work – some sectors that are most commonly targeted for cyber attacks.
“Not a week goes by when we’re not being contacted about a new matter for either an existing client or a new client,” said Breaux, who also chairs Haynes and Boone’s litigation department.
Other firms have formed an “interdisciplinary group,” similar to a practice group but less formal. Firms taking this approach include Gardere Wynne Sewell and Thompson & Knight.
IT and Internet trial partner Peter Vogel is the leader of Gardere’s Internet, eCommerce and Technology Industry Team – and was also the driving force for establishing the group.
Vogel, a former programmer who earned a Masters in computer science prior to his JD, said in addition to legal counseling, Gardere’s team informs clients about important cybersecurity issues by sending alerts about new laws or court rulings, hosting continuing education programs and providing webcasts on various cyber topics.
Partner Rose Romero, a former Executive Assistant United States Attorney and regional director in the Securities and Exchange Commission’s Fort Worth office, is the leader of T&K’s cross-practice Data Privacy and Cybersecurity team.
Romero said Thompson & Knight’s observation of the wide array of disciplines that are impacted by cybersecurity issues led the firm to start an interdisciplinary group to consult with clients.
T&K’s group, which consists of three former federal prosecutors who have experience in prosecuting cyber crime, also strives to build relationships between clients and law enforcement. This tactic makes the job easier for both sides when a cyber attack occurs.
When an issue arises, Romero said cooperating with law enforcement officials is important because, long term, it will help the private sector stay informed about existing threats.
Winstead takes a different approach. Instead of an interdisciplinary group, the firm designates an expert in each practice area to address cybersecurity issues with clients.
Cybersecurity issues certainly are not limited to corporations.
A few years ago, the FBI invited a group of top law firms, which the bureau identified as potential targets of cyber attacks, to attend a briefing to address risks. Andrews Kurth was one of the firms to attend, said Ashley Nelly, the firm’s director of marketing operations.
Since the briefing, Nelly said Andrews Kurth has been working on strengthening its internal cybersecurity and has hired a security manager.
“We know from discussions with leaders of other firms that they are [also] actively working on their cybersecurity policies and procedures,” Nelly wrote in an e-mail.
Cybersecurity experts noted that attacks on law firms are not uncommon – in fact, they’re expected.
Erin Nealy Cox of Stroz Friedberg, a global cybersecurity risk management and investigations firm, noted that any service-oriented firm offering consulting services, such as law firms or public relations firms, is vulnerable to data breaches and other cyber attacks.
“Lawyers and firms handle big problems and big corporate transactions for companies,” said Nealy Cox, an executive managing director of Stroz Friedberg. “As a result, they keep a lot of proprietary sensitive confidential information on behalf of the client.”
Nealy Cox said awareness of cybersecurity issues is increasing.
“There is more awareness generally in law firms and in corporate America about the risk of data breach and the importance of cybersecurity,” Nealy Cox said. “I think cybersecurity is going to be a huge issue for companies for a long time to come.”
© 2013 The Texas Lawbook. Content of The Texas Lawbook is controlled and protected by specific licensing agreements with our subscribers and under federal copyright laws. Any distribution of this content without the consent of The Texas Lawbook is prohibited.
If you see any inaccuracy in any article in The Texas Lawbook, please contact us. Our goal is content that is 100% true and accurate. Thank you.