Client Alerts, News Articles & Blog Posts

Everything you need to know about BMD and the industry.

Five Things That Owners and Boards Need to Know About Privacy and Cybersecurity Compliance

Do you serve on a Board of Directors or serve in a similar advisory capacity for a company or organization? Do you own your own business? Here are five things you should know about privacy and cybersecurity compliance.

  1. Upholding Your Fiduciary Duties

As a fiduciary of an organization, you may already know that you have a duty of loyalty and duty of care, including the duty to keep investors and owners informed of the cybersecurity risks of the organization. You also have the duty to protect the organization from undue risk, balancing the organization’s ability to conduct its operations with appropriate levels of risk mitigation strategies.

  1. Basic Knowledge of Privacy and Cybersecurity Issues

To properly fulfill your fiduciary duties, you need to obtain and maintain a basic knowledge of cybersecurity and privacy issues and risks facing the organization. Lack of understanding is not an excuse, and it is expected that Boards familiarize themselves with the cybersecurity efforts in the organization, champion and drive the organization’s commitment to ensure adequate cybersecurity protections are established and maintained. Board members and owners are also strongly encouraged to engage in the organization’s training and awareness campaigns and gain additional awareness as it relates to advising organizations effectively.

  1. Maintain the Company’s Reputation and Public Perception

Privacy and cybersecurity compliance builds the foundation of trust and reinforces an organization’s reputation for honoring the privacy expectations of both customers and business partners. A company’s character and brand are driven by industry expectations, treatment of customer data, legal requirements and product development. Mishandling a security breach can have devastating effects on the organization’s reputation, financial, operational and other aspects of the business. Many companies do not recover from a data breach due to the lack of proper advance planning and proper oversight.

  1. Watchdogs

In the United States alone, there are several different government authorities that maintain varying levels and scopes of authority over organizations with respect to privacy and cybersecurity issues, including the Securities and Exchange Commission, Federal Trade Commission, Department of Justice, Federal Sentencing Commission, and State Attorneys General, to name a few. There are also non-governmental watchdogs, from privacy advocacy groups who lobby for stricter laws and regulations and plaintiffs’ attorneys who bring actions against organizations that fail to comply with laws and regulations as well as organizations’ own stated privacy practices.

  1. Board Personal Liability

Breaches of fiduciary duties can be a slippery slope: subjecting board members to personal liability if the failure to exercise a minimum level of care, such as ignoring cybersecurity risks of the organizations, delegating responsibility without oversight, and lack of proper skill or training to properly advise the organization in these matters. Penalties can range from debarment from eligibility to bid on future federal contracts, large fines and jail time for individuals.

What Owners and Board Members can Do Today:

  • Call your insurance provider:
    • Do you have a cyber insurance policy?
    • Understand what is covered and make sure that the coverage is appropriate for your business risks.
  • Meet with your technology experts to talk about current protections and risks that they are aware of. Understand where there may be gaps in current protections from a technology perspective and what recommendations the technology experts have to fill those gaps.
  • Consult with legal counsel to identify the laws and regulations that apply to your business related to privacy and cybersecurity compliance.
  • Assemble a cross-functional team of internal and external subject matter experts and professionals who handle critical data of the company to form a privacy steering committee. The Committee’s core responsible should be implementing and maintaining a compliance program that addresses the company’s privacy and cybersecurity risks.

Need conversation starters about privacy and cybersecurity for your board or organization? Contact Partner Allison Cole at aecole@bmdllc.com to discuss ways to address this important topic for your business.

UPDATE: Governor Dewine Signs HB 606 Granting Short Window of Immunity from COVID-19 Personal Injury Lawsuits

The Ohio General Assembly, in Am. Sub. H.B. No. 606, is in the final stages of passing a law that will prohibit lawsuits seeking damages from COVID-19. This includes injury, death, or loss to person or property if the lawsuits are based, in whole or in part, on the exposure to, or the transmission or contraction of the coronavirus, unless the defendant in the lawsuit acted intentionally or recklessly. In circumstances where this immunity does not apply, H.B. 606 prohibits such claims being aggregated and brought as a class action.

Revised Department of Labor FFCRA Guidance, Effective September 16, 2020

In response to attacks on the legality of the Department of Labor’s (“DOL”) Final Rule regarding the Families First Coronavirus Act (“FFCRA” or the “Act”), which took effect in April 2020, the Department of Labor issued new guidance on Friday, September 11th to formally address ongoing questions and concerns related to the COVID-19 legislation.

FCC Adds $198 Million to Strengthen Telehealth for Rural Healthcare Providers

The Federal Communications Commission (“FCC”) has added an additional $198 million in funding to its Rural Health Care Program. These funds will be used to increase broadband services and telecommunications to bolster telehealth/telemedicine services for rural healthcare providers. Funding for rural healthcare providers was initially capped at $605 million in 2020, but the added funds will now allow the FCC to provide over $800 million to eligible providers.

Finding Opportunity in Adversity: Optimism for the Construction Industry

Looking for good news? If so, you are not alone. Aside from the collective mental, physical and emotional human toll imposed by the COVID-19 pandemic, entire sectors of the economy have been ravaged, and old, familiar ways of doing business have been disrupted. Although deemed essential, the construction industry has not been immune to interruption and uncertainty during these unprecedented times. Amid new health and safety concerns, coupled with financial uncertainty, progress on projects has slowed, and the start dates for a number of new projects slated to begin in 2020 have been deferred. However, resilience has always been a trademark of contractors, subcontractors and other industry professionals. Reports indicate that while the construction industry lost more than one million jobs February through April, at least 600,000 of those jobs had been gained back by the end of June.

Yard Sign Do’s and Don’ts: How to Avoid Legal Challenges to Municipal Sign Codes this Election Season

As the nation heads into the tail end of the 2020 general election, municipalities will inevitably face challenges as they seek to regulate the seasonal proliferation of yard signs on residential property. While the matter may seem trifling, a seemingly benign yet content-based sign ordinance can result in significant legal exposure for municipalities that have not heeded recent Supreme Court decisions on content neutrality.