The State Bar Association of North Dakota Fall 2015 Gavel Magazine | Page 25

to any resident of the state whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. The disclosure must be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, as provided in section 51-30-04, or any measures necessary to determine the scope of the breach and to restore the integrity of the data system.” 6 Second, wide-spread data loss can threaten a law firm’s ability to continue operating. “Resilience for organizations has evolved from emergency preparedness that centered on protection of data and information systems to the more comprehensive, standardized mitigation of risks for the continuity of business products and services.”7 The authors continue, stating: “Today’s threats require the creation of an ongoing, managed response that ensures the survival and sustainability of a law firm’s or association’s core activities before, during and after a disruption. Law firms of all types and sizes must not decide for themselves to implement the minimum requirements for effective business continuity, including whether they desire to purchase cyber insurance coverage in addition to the insurance coverage that the law firms may already have in place.”8 business from injury or property damage. However, most standard commercial lines policies do not cover many of the cyber risks. . . . To cover these unique cyber risks through insurance requires the purchase of a special cyber liability policy.”10 Hack: Canadian Law Firms File $578M Lawsuit The ABA Cybersecurity Handbook authors suggest that, “[w]hile having strong security measures may help mitigate and even ward off cyber threats, the magnitude of the costs associated with a breach may lead to a decision that the risk of loss associated with a cyber breach should be passed off to a third party.” 11 Given the cybersecurity realities, lawyers and law firms probably should make risk of loss allocation decisions part of their business operations, and consider whether a special cyber-risk insurance policy is warranted. Introduction, The Gavel (Winter 2015) at 24, available 1 Bloomberg, Data breaches don’t just affect retailers Against Adultery Website’s Parent Companies, available at http://www.ibtimes.com/ashley-madison-hack- canadian-law-firms-file-578m-lawsuit-against-adulterywebsites-2064297. 4 at http://www.joomag.com/magazine/the-state-bar- association-of-north-dakota-winter-2015-gavel-magazi ne/0691645001425995919?short. 5 com/magazine/the-state-bar-association-of-northdakota/0241418001432650447. 6 N.D.C