Dec 15, 2021
The Internet presents a variety of risks for companies, including systems crashes, hacking attacks, security breaches, and the mishandling of private information.
While companies should do all they can as a matter of policy, practice and technology to prevent such risks from coming to fruition, there is no such thing as perfect prevention. Accordingly, as a backstop, companies would be prudent to procure appropriate insurance for their cyber risks.
A variety of insurance products to address cyber risks have entered the marketplace for the past decade. And, according to recent press reports, the demand for cyber insurance has surged in recent months in the wake of some noteworthy data breaches and an increase in privacy claims.
And the reported good news is that the rates charged for some Internet-related insurance has come down recently. In the mix, certain coverage limits have been raised and some deductibles have been lowered.
Insurance policies still could evolve in this relatively new area as information technology grows and changes. Indeed, the recent social media explosion could result in new risks that may call for even newer insurance products.
Companies would be better off safe than sorry and they should seek insurance that matches up with the profile of their cyber risks.
Original post: https://www.reuters.com/article/tagblogsfindlawcom2011-freeenterprise-32/should-your-company-buy-cyber-insurance-idUS103281609820110811
Dec 14, 2021
Citing new deposition testimony, actor Justin Theroux in a recent motion asked the New York Supreme Court to reconsider its December 2020 denial of Theroux’s motion to compel production of emails that his neighbor, Norman Resnicow, a law firm partner, sent to his personal lawyer about the parties’ quarrel (related to the New York City co-op where they both reside) using his law firm email account.
Theroux had argued that Resnicow’s emails to his personal lawyer lacked the key element of confidentiality required of the attorney-client privilege because they were sent on his firm email account and therefore without a reasonable expectation of privacy. In so arguing, Theroux relied upon on the First Department’s decisions in Peerenboom v. Marvel Entm’t, LLC , and Miller v. Zara USA, Inc., where the First Department held that company employees lacked a reasonable expectation of privacy when using a company laptop (Zara) and email system (Peerenboom) under applicable company computer/email policies, which, among other things, restricted use of company systems for personal purposes and warned users of the company’s ability to access their accounts. The Supreme Court, in rejecting Theroux’s motion, distinguished Resnicow’s circumstances from Peerenboom and Zara since his firm’s computer/email policy – though admittedly similar to the policies in Peerenboom and Zara – expressed only an expectation that firm “employees”, not partners, would adhere to the firm’s policy on computer and email usage, suggesting that Resnicow was not aware of the possibility that his emails would be exposed to the view of third parties. (See here for more on the December 2020 opinion.)
Having since then elicited deposition testimony from Resnicow acknowledging that email “in law firms . . . can be seen by [the] management committee” and IT staff, Theroux moved this fall to renew his motion seeking access to the emails. The thrust of this recent motion was that Resnicow’s deposition testimony undermined his contention, made on the prior motion, that a partner’s personal emails sent or received on firm servers “still belong to that partner, such that other partners or firm staff may not read those emails without the partner’s permission.”
While the Court granted Theroux’s motion to renew his prior motion based on this development, the Court stood by its initial decision that Resnicow’s use of his firm email account to communicate with his personal lawyer about his dispute with Theroux did not undermine the protection afforded those emails pursuant to the attorney-client privilege. In so holding, the Court noted that the statement Resnicow made at his deposition was couched in generalities about “law firms” and did not clearly concede that it would be proper for his law firm’s management and IT to access partner emails on firm servers. The propriety of accessing emails is distinct from the technical ability to do so, the Court explained, and therefore Resnicow’s acknowledgment did not detract from his position – bolstered by his apparent exclusion as a law firm partner from his firm’s email and computer policy – that firm management and IT would not access his personal emails sent on the firm’s system without permission. Similarly, the Court emphasized that the deposition testimony elicited by Theroux’s counsel was given in the present tense – i.e., Resnicow’s current understanding about his firm’s email system – and thus did not shed light on his contemporaneous expectation of privacy in the disputed emails at time he sent them.
Although the Court preserved is prior holding, this decision continues to shed light on the important factual nuances at play in privilege disputes relating to personal use of company email accounts and, in particular, the evidentiary record a party seeking to compel production may have to establish (though Theroux fell short of establishing) in circumstances where, like this one, a company computer/email policy does not explicitly cover the email sender.
Original post: https://www.natlawreview.com/article/ny-court-re-affirms-privilege-protection-personal-emails-sent-law-firm-partner-firm