March 23, 2015 Articles

Managing Cybersecurity Risk for Experts and Consultants

Data breaches can be costly, but most are preventable with modest cybersecurity efforts.

By Matthew F. Prewitt

By the nature of their work, expert witnesses and litigation consultants regularly accept custody of data that must be protected from unauthorized disclosure. Documents submitted to the expert for analysis may include private personal information, trade secrets, or confidential business information of the client, an opposing party, or nonparty consumers or employees. The expert may also receive extensive attorney work product and privileged communications, and the expert's own work product may be confidential. In any single case of even modest complexity, an expert witness may be bound by multiple confidentiality obligations arising from numerous distinct sources—the data privacy laws of multiple states, federal statutes and regulations, a protective order issued by the court hearing the case, a joint defense agreement among codefendants, the common law of privilege, and a confidentiality agreement in the expert's retention agreement with the client. In the context of work that is inherently adversarial—after all, the expert is being retained for litigation—and that often includes frequent exchanges of information among multiple participants in separate organizations, expert witnesses face substantial risk of a cyberbreach dispute. Even if the expert witness is ultimately proven not to be at fault, the expert's firm may still face a burdensome process to investigate and respond to the breach and demonstrate the firm's compliance.

Premium Content For:
  • Litigation Section
Join - Now