Akin Gump Practitioners Talk Cybersecurity with MCC

The Metropolitan Corporate Counsel interviewed government contracts practice head Bob Huffman, litigation partner Michelle Reed and public law and policy senior counsel Francine Friedman on the topic of cybersecurity and data protection.

Among the topics covered in the discussions:

  • The boardroom and cybersecurity: “The boardroom’s first concern is this: What kind of information do we collect? How do we store, secure and share that information? What have we told people we will do with that information, and are we doing what we told people we would be doing with it?” (Friedman)
  • European “right to be forgotten” legislation: “We should see what kinds of requests are being made and whether or not there’s cost-benefit data. There could obviously be some instances in which it would make sense to ask that search results not bring up things that should not be found. It may be good for the U.S. that this process is being tested in Europe to provide us with more data, allowing us to see how it works in practice.” (Friedman)
  • Cybersecurity concerns for government contractors, I: “[B]ecause these contractors have their own confidential data and labor force with personal information, they have to deal with cyber issues from a security standpoint, a trade secret standpoint and a privacy standpoint independent of their contractual requirements.” (Huffman)
  • Cybersecurity concerns for government contractors, II: “One of the big issues for government contractors under the [False Claims Act] is whether they are in reckless disregard of standards for compliance with the new National Institute of Standards and Technology (NIST) framework standards for cybersecurity. Prime contractors and upper-tier subcontractors will have to impose these standards on their subcontractors. This may come as an unwelcome surprise to many small businesses and commercial contractors.” (Huffman)
  • Industry targets for cyber attacks: “Based upon the press coverage, you would think that retail would top the list. However, the amounts spent on compliance are the greatest in defense companies, followed by utilities and energy companies, financial services and education. Retail is at the bottom.” (Reed)
  • The importance of board involvement in cybersecurity programs: “As for boards of directors, I can’t emphasize enough how important it is for them to be involved…Ultimately, the standard for the business judgment rule and fiduciary duty is different where the board acts and exercises its business judgment versus cases where the board fails to act and doesn’t exercise its business judgment.” (Reed)

To read the full interview, please click here.