<b>Online Exclusive:</b> Dewey Ballantine and Orrick Set to Merge
October 25, 2006
New York's Dewey Ballantine and San Francisco's Orrick, Herrington & Sutcliffe have taken another step toward completing a merger. According to a statement released Wednesday morning, the management and executive committees at both firms announced to their respective partners that they intend to recommend approving the combination. A full partnership vote at both firms is expected before the end of the year.
<b>Online Exclusive:</b> Around the States
October 24, 2006
<b>Maryland.</b> Baltimore is on the cutting edge of cities using surveillance cameras in high-crime areas to aid in spotting crimes and generating information for arrests.<br><b>New Jersey.</b> Legislators are moving toward requiring banks, mortgage companies, credit card issuers, and other financial institutions to obtain an affirmative acceptance by consumers before the institutions can share financial information. <br><b>Ohio.</b> Privacy advocates are informing voters who support a ballot initiative that would raise the state's minimum wage that the same initiative potentially will give employers, unions, government agencies, and others access to individual pay records.
Security Breaches: What You Need to Know About European Legislation
October 19, 2006
Last month's installment discussed corporate security practices, the legislative background in Europe, and mandatory reporting provisions. Part Two addresses additional reporting obligations, prior registration, the possibility of civil actions, and manually held data.
The Human Side of Data Security: The Critical Role of Employee Controls
October 19, 2006
As headlines continue to report data security breaches at an alarming rate, discussion often focuses on the need for enhanced technical controls, such as two-factor authentication and encryption, to protect sensitive, personally identifiable information. The role of the company employee, both as the cause of, and the first line of defense against, security breaches is often lost in the analysis. Yet developing law is increasingly requiring administrative or procedural controls, particularly those directed at employees, as a component of a legally compliant security program.
Consumer Data Privacy in the Merger/Acquisition Context: What's an Acquiring Mind to Do?
October 19, 2006
Current wisdom favors non-disclosure of the private data related to consumers held by companies that obtain such data in the course of doing business. This sentiment is in full blossom in a wide variety of contexts, not the least of which are the provision of medical services and of financial services. In these heavily regulated industries, protection of consumer data is the subject of complex regulatory schemes aimed at ensuring data privacy and security while, nonetheless, allowing business to be conducted in its ordinary course.
Lessons Learned: Issues Exposed in the Aftermath of the Hewlett-Packard Debacle
October 19, 2006
On Sept. 5, 2006, <i>Newsweek</i> published a story about Hewlett-Packard's Chairman Patricia Dunn's use of a private investigation firm to locate the source of leaks of confidential corporate information. As the story unfolded, the public learned the following: After confidential information appeared in news publications in 2005, certain officers and certain members of the board of directors of Hewlett-Packard ('HP') authorized the launch of two investigations, the first in 2005, and the next in 2006, to locate the source of the information leaks. The basis for the investigations was that the information leaked to the press was known only to board members. Certain officers and directors collectively comprised the 'HP investigation team' in the secret investigation of the leaks to the media. In devising its plan, the HP investigation team sought the assistance of a top investigator, Ron DeLia, head of Security OutSourcing Solutions, Inc. ('SOS'), with whom Hewlett-Packard previously had worked on unrelated matters. DeLia allegedly encouraged the HP investigation team to use pretexting or 'social engineering' to obtain private cell phone and phone records of certain targeted individuals, among other things.
