Data breaches at Target, Home Depot and more recently JPMorgan Chase have grabbed the biggest headlines this year, but threats aren’t limited to for-profit entities, according to lawyers in a seemingly growing data-security practice area.
Universities haven’t been immune to so-called cyberthreats, but even those that have avoided major incidents are looking to strengthen policies and procedures, put response plans in place and otherwise remain proactive, practitioners said.
Scott Christie, a partner in the cybersecurity and data privacy practice at Newark’s McCarter & English, said there’s a “growing market” for counsel from universities: “I have seen it, and I am getting more of those calls.
“When I’m getting calls, they’re asking, ‘What are we legally obligated to do?'” Christie said. “The answer is, it depends. …You could pull your hair out trying to comply with every nuance of every state law.”
There’s yet another layer to the inquiry: cyberinsurance.
“An entity that is not addressing this risk with cyberinsurance is missing the boat,” according to J. Wylie Donald, a Wilmington, Del.-based partner of McCarter & English who’s also in the cybersecurity group.