It Was Just A Mission Statement…
Re-posted from intothecyberbreach.com, originally published on July 28, 2019.
Just what the world needs. Another blog.
Let me start that over. What are we doing here?
This first post will be my mission statement, if you will. My statement of intentions.
So, who is this blog for?
It’s mainly directed to entrepreneurs, technologists, business owners, executives, in-house counsel or really anyone trying to figure out: 1) how to prevent the data in my possession from being compromised or stolen; 2) what I need to do if it has been compromised; and 3) how I can protect myself and my company from liability in the event of a breach? I will be covering these things from the legal aspect, but there will be actionable information relevant to your approach to technology as well.
And who am I?
I have a relatively unusual background for a lawyer. (cue Liam Neeson’s explanation of my “unique set of skills”) I started my adult life dropping out college in 2000 to go join the new technology revolution. Back then, you could get a job writing code by just reading a few books and having the gumption to ask for a job.
I started my first tech job in Newark, NJ at NJIT’s business incubator in the late 90s. My best friend was working for at a tech startup, writing software for one of the world’s first online travel booking engines. For those of you born in this century, what that means is that before this project, in order to book a travel vacation people would either drive to a travel agent’s office, or pick up the phone and book their vacation through the telephone. My friends were changing that. And they were making way more money doing it than I was going to make digging ditches or painting fences.
So, in an effort to get what was intended merely to be a summer job, I showed up to their office and begged for a job. The boss asked me, “What do you know how to do? Can you write code? Ever use SQL? Unix? Do you know any Perl?”. “No, but I can learn really fast.” I said. He wasn’t impressed and ignored me the rest of the day. They were too small and busy to have the sense to kick me out of their single-room incubator office.
There was an energy there that can only be found in a new startup, and I absorbed everything, like a sock in a puddle. I sat in their office reading coding manuals all day. There were very few websites that taught programming back then, but they existed, and I sought them out. I started with HTML, a little javascript, and it didn’t take long before I was piping into grep. (Don’t ask)
I hung around for a few days, asking for a job each day, and having a sense, deep down, that if they just hired me, I’d be great. I read and learned and waited for the job that I knew I would get.
After those first few days, as I sat around in their office, some data entry task for a client’s website came up that no one wanted to do. It involved making it so that clicking on certain parts of an image brought you to different links (i.e., travel agent locations). I eagerly volunteered. It required almost no skill, just effort. I did it for free. It took me all day (in hindsight, probably a 20 minute job). At the end of the day, my new mentor said, “well, if you are going to work here I guess we’ll have to pay you.” I was in!
I dove in, learned as much as I could and was (in my mind) on track to make my first million before 21. I dropped out of college shortly thereafter to go full time. We were doing cutting edge stuff, and I was in the middle of it. I worked long hours, and it hardly ever felt like work. Our little company with a few people grew to 10. After hours, I wrote more code at night on my own time, eventually creating a task management system that utilized some of the prototypical aspects of social media, which I sold to our company in exchange for a stake in ownership. We were on our way!
*bubble pop*
Then it was gone in a couple years. It all happened so fast. I went to see my doctor for a checkup one day and my insurance had lapsed. A few months later, my paycheck bounced. I felt like the wind was knocked out of me. My lease came up, and instead of renewing, I lived in my truck for a few weeks and began to re-group. Re-grouping looks a lot like mostly moping in the day and partying at night to outside observers. It took me a long time to understand what happened, and even longer to come to terms with it.
One thing led to another, I wrote code freelance in my living room for a number of years to get through college, and made the decision that I would go to law school to pursue my original path before my affair with the startup world. I loved law school, and I avoided anything tech like the plague. I think part of it was that it hurt too much. Besides, anytime I told a prospective internship about my tech experience, they always asked me to work on their website, while the other interns were going to be doing policy research or watch oral arguments in court. I felt like I couldn’t escape. I stopped telling people that I knew how to write code, and I graduated law school to become a trial lawyer. That was 9 years ago, and the world has changed. People don’t need me to make them a website anymore, they need me to help them keep their data secure and stay out of trouble if they get breached.
You’ve probably already gotten one of those letters explaining that your private information has been compromised by a major retailer. You might have seen even more in the news. Companies that find themselves in the position of having been breached need someone who understands the technology, understands the rules governing breach responses, and who can handle any litigation that may arise out of the breach. This isn’t just about big-box retailers anymore. In many states, anyone who handles private information (or has a third-party vendor that does so), could liable for either mishandling that information or not reporting and notifying in the event of a breach.
So, that’s what this blog is about. I am a seasoned litigator and business attorney in a mid-sized law firm with offices across the country, and am admitted in New York, California and New Jersey. I live in upstate New York. I have seen the inside of a server, and I have seen the inside of a courtroom. The law is changing fast, and almost all of the states now require a complex response in the event of a company having its private data accessed inappropriately (i.e., a data breach). Not surprisingly, I offer these services (as well as other more traditional litigation and corporate law representation). You can contact me if you find yourself needing counsel regarding a data breach. But, my hope is that this blog is useful to you whether you become my client or not.
That said, let me throw this disclaimer out there, because it really needs to be made clear (to protect us both): NOTHING IN THIS BLOG IS LEGAL ADVICE. UNLESS WE HAVE A RETAINER AGREEMENT, I AM NOT YOUR LAWYER. IF YOU ARE RESPONSIBLE FOR A COMPANY WHOSE PRIVATE DATA HAS BEEN BREACHED, YOU SHOULD CONTACT A LAWYER IMMEDIATELY IN ORDER TO COMPLY WITH THE NUMEROUS STATE AND INTERNATIONAL DATA BREACH NOTIFICATION REQUIREMENTS. There are real consequences to being breached and not complying with notification laws. There are also real consequences to over-notification (and we’ll talk about that here too). Ideally, this is something that you should work out ahead of time, so you have someone to help you right away. In some cases, you really have very little time, a matter of a few days, not weeks.
Anyway, I will be writing about arising issues in the cybersecurity world, notable data breaches, and developments in the law, yes. But more importantly, I want this blog to provide actionable information, and I intend to do it in as human a fashion as possible. This isn’t a stuffy generic presentation of “what you need to know.” I’m going to write about what’s new in the cyber security world, but I might also write about why movies showing hackers hacking are mostly nonsense. I might also write about why Terminator is an amazing piece of art.
So read the blog. If you have questions, or just want to riff on these issues, get in touch. If you have complaints, keep those to yourself. Good luck navigating this crazy world!