Article Detail

News & Knowledge

Data Breach! Miranda Himself May Be Dead, But the Wisdom of the Case that Bears His Name Lives On [Lowndes Tech]

June 02, 2021

Lowndes attorney Drew Sorrell discusses how the things you say via electronic communications can be held against you in a court of law. 

Let us assume a company has done all the right things. Preemptive security was a concern, so the company tightened up its written cybersecurity controls and associated technical controls, including policies and procedures, endpoint detection and response, and training. Breach was a concern, so the company drafted its data breach response plan. Moreover, the company pre-emptively identified (and possibly retained?) a technical specialist to respond on short notice in case of emergency, along with a cyber attorney to provide advice and a critical communications specialist to talk the talk. Additionally, the company obtained appropriate cyber insurance to cover the likely breach scenarios and even understands its coverages (which may include the cost of the professionals identified).

But as these things happen, the company still suffered a breach (it wouldn’t be much of an article if nothing happened!). In investigating the matter, the CEO texted the CIO. The CIO then texted the systems engineer, who proceeded to text the forensics specialist. Given the inherent casual nature of text messages and the stress of the situation, word choice was not necessarily what you would want your mother to read, nor was it artfully crafted sufficient to satisfy a lawyer. Suffice it to say, the CEO was convinced that someone in IT was not only negligent, but grossly so, “Otherwise, this would never have happened!” and made his feelings known via text.

Also, regrettably, the systems engineer left a voicemail for a friend and coworker which was automatically transcribed and emailed to the coworker via the firm’s third-party email archiving system. This time, the systems engineer recounted his recent interaction with the CIO and provided to his friend and coworker a frank assessment of the CIO’s unilinear family tree and severe lack of educational accomplishment, finishing the message with a suggestion that the CIO attempt an improbable physical act with himself. Adding to it all, the systems engineer explained to his coworker that if the CEO had only approved the previously requested updated firewall budget, this whole breach would never have happened. [Read more]

This is an excerpt from a blog post originally written on Lowndes Tech.

This article is informational only. You should consult an attorney before acting or failing to act. The law may change rapidly and no warranty is given. LOWNDES DISCLAIMS ALL IMPLIED WARRANTIES AND WITHOUT LIMITATION, ANY WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE. ALL ARTICLES ARE PROVIDED AS IS AND WITH ALL FAULTS. Consult a Lowndes attorney if you wish to establish an attorney/client relationship.

Drew Sorrell is a seasoned business lawyer with particular expertise in technology, cybersecurity and privacy issues. With an MBA in marketing and finance, he approaches clients’ legal issues with both a practical business bent and a self-described geeky love of technology.

Drew enjoys working with CLO’s, CIO’s, CTO’s and technology owners at businesses of all sizes in every phase of their legal needs. He assists them on the front end, drafting and negotiating software licenses, Internet service provider agreements, data privacy/breach policies and procedures, and employment/services agreements as well as the indemnity and insurance coverage related to those agreements. He advises clients on the GDPR and state-specific regulations, penetration testing and security audits. He also has years of experience handling matters when things go wrong, including data breaches, privacy issues and other technology or software problems.

A founding member of the Sedona Conference Group 11 (Privacy/Data Security), Drew is frequently asked to speak and write on legal and ethical issues arising from technology, including unfair and deceptive trade practices, data breach, privacy, data governance, and technology contract drafting. He is chair of the firm’s multi-disciplinary Data Governance Group as well as the past chair of the Orange County Bar Association’s Intellectual Property, Business Law and Technology Committees. Drew is also the past president of the Orlando Chapter of the Federal Bar Association.

Outside the technology arena, Drew has substantial expertise in both contracts and commercial litigation. In addition, he has experience assisting clients with government contracting. Drew began his legal career as a judicial clerk to Senior United States District Judge John H. Moore II, in Jacksonville, Florida, and then practiced with an AmLaw top 10 firm in Manhattan. After a stint as an assistant county attorney responsible for day-to-day legal advice and litigating civil issues for the county, Drew returned to Lowndes. Drew is admitted to practice in Florida, New York and the District of Columbia.

Born in Florida, Drew roots for his adopted football team—the FSU Seminoles (because neither Rollins nor George Washington has a football team). He is the proud father of two sons who wrestle and play the euphonium, make great grades and generally keep him on his toes.

Meritas Law Firms Worldwide logo