By Ronald Raether, Jr., Esq., CIPP
Faruki Ireland & Cox P.L.L.
Independent forensics firms hired by companies to do things like application testing in the event of a cyber breach want to show results. They want to show to the executive team at the company that the money they invested in that forensic firm was worthwhile. One frequent way of doing so is providing examples of the weakness in the company’s systems and the data that could be accessed. Which may mean extracting Fair Credit Reporting Act data to include in the final report—but they may not have the right to do so. In fact, their access of that data may be in violation of the law.
Similarly with contracts, especially in the context of third parties—the contracts may limit who has access to that information and it may not include a third-party forensics company. One way to address these challenges is to be prospective when writing those agreements with third parties and getting consumer consents. Unfortunately, not many companies have agreements written in a way that when a consumer submits information, they give consent for the company to run a forensic analysis in the event of a breach or more importantly to prevent a breach.
Ronald I. Raether, Jr., Esq., CIPP, is a partner at Faruki Ireland & Cox. Ron’s broad experience with technology-related issues brings a unique and important perspective to successfully resolving disputes and developing creative compliance programs that blend well with existing business practices. These technology-related matters have spanned a broad array of substantive legal areas, including patent, antitrust, licensing and contracts, employment, trademark, domain name disputes, and federal and state privacy statutes. When tackling new matters, this broad experience brings valuable insight not often available from attorneys that focus on a single area of the law. One recent example is Ron’s defense against claims that a company infringed a business-method patent in the wake of the Supreme Court’s decision in Bilski. Ron’s trial experience, including an arbitration in New York City where Ron successfully defended a computer performance dispute for a major provider of computer systems, assures that the plan developed always has the ultimate goal in mind – success.