Representing Your Business Is My Business
The Law Office of Keith C Thompson PC - Logo
This is a placeholder for the Yext Knolwedge Tags. This message will not appear on the live site, but only within the editor. The Yext Knowledge Tags are successfully installed and will be added to the website.
,
This is a placeholder for the Yext Knolwedge Tags. This message will not appear on the live site, but only within the editor. The Yext Knowledge Tags are successfully installed and will be added to the website.
Blog

The Law Office of Keith C. Thompson, P.C. Blog

The Law Office of Keith C Thompson PC Blog

Privileges in your business’ cybersecurity

By KCTlaw July 17, 2019
Cybersecurity is an overall business risk because you will always have vulnerabilities and despite your greatest efforts, there is no such thing as being truly “secure”. Because you could devote all of your resources to cybersecurity and still remain insecure, you must treat the risk like you would any other and use your business judgment to determine what is reasonable for your unique circumstance. These risks open up a crucial role for an attorney in your business’ cybersecurity because Attorney’s privileges keep everything confidential. While working on your business’ cybersecurity posture, there are several concepts that would incline any business owner to seek out and acquire legal counsel. Some risks are inevitable and must be accepted as a part of doing business. Businesses are hoping to avoid having to disclose information that is developed and used during the pre-incident cyber-risk management process. Once an incident occurs they want to protect the info they discover through the investigation. In cybersecurity related situations, Attorney-Client privilege protects only confidential communications between an attorney and their representatives and the client and their representatives that were not intended to be disclosed. In the same situations, the Work-Product Doctrine only protects communication, information, and materials made and developed in anticipation of litigation or trial. Because of these limitations, one can see that while these privileges are powerful when they apply, they can also be quite fragile and uncertain. In order to ensure your Attorney-Client privilege and Work-Product Doctrine are applicable to your situation you must follow these practices in your cybersecurity for legitimacy. Use two separate outside teams for investigating in the ordinary course of business and in anticipation of litigation. Outside counsel’s role in an investigation should be active and substantive, not perfunctory. Obtain outside counsel first, and then have counsel retain the investigators or consultants and limit the dissemination of information. Some things to remember in ensuring your safe practice with counsel on your cybersecurity are Remember Attorney-Client privilege applies to communication and does not shield facts. Work-Product doctrine only applies in anticipation of litigation. Due to the precarious nature of privileges, the best course of action is to prepare by doing everything possible to ensure applicability of privileges but carry out the work as though there will be no privileges. There may not be. Work with your counsel to understand this uncertainty and strategy. Discuss communication protocols with the appropriate members of the workforce so they understand what types of things should and should not be put into writing. Note that everything from memos, emails and texts could be considered “writing” in an investigation. You don’t have to produce what does not exist. If you do not have something in writing, do not put it in writing. Create multiple drafts when things must be put in writing. The Attorney must truly direct the communication. Simply copying your counsel onto a communication will not be sufficient enough to establish protections. Label documents and email subject lines to show the communication is Attorney-Client privileged and information is requested by counsel. For communication between clients and counsel, segregate those regarding legal advice from those that are not legal in nature but pertain to purely business issues. For pre-incident risk management engagements, some ways to help with the applicability of privilege is to hire the attorney first for the purpose of providing the client with legal advice on legal and regulatory implications of its cyber-risk posture. For incident response situations, clients should retain legal counsel first. Counsel then decides whether parallel investigative tracks are desirable and then retains consultants. Counsel should actively and substantially lead the investigation and use the consultants’ work to render legal advice that is only shared in a controlled manner. These practices can be applied to any scenario you may face in your cybersecurity. Cyber breach Critical employee termination Discovery of illegal employee activity affecting customers Phishing Ransomware Botnets Distributed denial of service attacks

Attorney Client Privilege in HR and Internal Investigations

By KCTlaw July 17, 2019
The Attorney client privilege is intended to encourage full and frank communication between you the business owner, and your counsel. The attorney-client privilege recognizes that sound legal advice depends on your counsel being fully informed. Maintaining full transparency with your attorney can protect your business in the event of an internal investigation, or when faced with the challenges of taking the steps to terminate a problem employee. Counsel is often called upon to handle or supervise internal investigations into serious human resources matters. These matters can range from allegations of sexual harassment to employee drug abuse. Such matters can expose your business to substantial liability, yet the company’s investigation may be required by law. Therefore, as a business owner, it can be beneficial to include counsel in such decisions and or investigations to ensure that privileged information remains private. Involving your lawyer as soon as a call to action is deemed necessary, allows you to work together to determine what steps, if any, will be taken to protect the investigation from discovery. To Maintain Successful and Secure Communication Do not combine requests for legal advice with requests for other advice; We will let one document or communication perform one task. Also, indicate on the communication if it is either confidential or privileged. In the age of emails, keep in mind who you send communications to and what contacts you attach to them. Address privileged legal information only to those who are “privileged”. Check with your attorney before forwarding any legal advice you’ve received, to any non-lawyer employees. Be careful not to waive the privilege by disclosing the communications, or the content of communications you’ve had with your counsel to third parties. With a clear understanding of the limitations of the attorney-client privilege, thoughtful preparation of an investigation’s goals, and proactive planning, your business and you as the employer can put yourselves in the best possible position to control what information becomes public and maintain work-product and attorney client privileges. When conducting an internal investigation, we will pay particular attention to maintaining privilege throughout the investigation. In the Event on an Internal Investigation Clearly articulate the reasons for and the goals of the investigation. When an investigation is conducted in anticipation of litigation, that reason should be clearly articulated. I as your outside counsel should clearly understand the reasons for and the goals of the investigation. Expect interview notes to be discoverable. Remember that privilege does not attach to facts. In many cases, interview notes will be discoverable in a subsequent lawsuit. Accordingly, interview notes should contain only clear statements of facts and information gathered during the interview. It is important to thoroughly train your interviewers to include only appropriate information in their notes. Especially if your business is conducting the investigation itself. Prepare an Executive Summary. An executive summary can provide a broad overview of an investigation and its results, while at the same time protecting confidential and privileged information that should be reserved to a more select audience. When preparing an executive summary, we will scrutinize the amount of detail necessary and consider whether citation or detailed discussion of the underlying investigation documents is necessary. Consider whether a public or more general release serves the company’s purposes. We will be especially cautious when releasing information or conclusions gathered during an investigation to anyone outside of your business. Public disclosure can result in waiver of the attorney client privilege. This may also include disclosure to government agencies or other third-parties. If some disclosure is necessary, we will consider whether a confidentiality agreement or a joint-defense agreement serves your business’ interest. Maintain realistic expectations. Finally, no amount of planning can guarantee that an investigation will not become public. Anything created during an investigation may become public. Accordingly, we will handle all communications, notes, and any other documents created during the investigation with this in mind as to ensure we take every preventative measure possible. Internal investigations are a necessary part of any business, and these guidelines can serve as helpful reminders of the importance of thoroughly preparing for and planning any investigation. By knowing the rules relating to privilege and proactively planning any internal investigation, we can put you and your business in the best possible position to control what information becomes public and maintain work-product and attorney-client privileges.

5 Ways to Protect your Business

By KCTlaw July 16, 2019
If you can't bake a cake without all the ingredients, you can't run a successful business without having preventative measures in place. Chances are, your business is your livelihood. In that case, wouldn't you want to protect it as if your life depends on it? Simply making sure you have your ducks in a row can mean the difference between success and failure (aka lawsuits or no lawsuits). Prevention can be overwhelming, and although we can’t cover EVERYTHING, below we’ve broken down 5 ways you can protect your business, regardless of its size. 1. Keep Accurate Records and Put Everything in Writing Running a business means that “business” is being conducted day in and day out. With so many moving parts, (like employees and inventory) there’s a lot to keep track of. If you want to keep your head above water, the best way to do that is to remain organized. According to the IRS, keeping accurate and in depth records can aid in keeping tabs on many things. Monitoring the progress of your business Prepping your financial statements Identifying sources of income Keeping track of deductible expenses Keeping track of your basis in property Prepping your tax returns Supporting items reported on your tax returns Another major preventative for your business is ensuring that everything is put into writing. No deal or agreement is sufficient with only a handshake or verbal communication. Good intentions and trust is no substitution for a written agreement. Verbal Agreements are meaningless Verification doesn’t exist without documentation Your rights rely on documentation Misunderstandings and miscommunication happens all the time. Ensure your business’s safety and rely on written documentation, not a past conversation. 2. Follow Employment Laws and enforce policies and expectations clearly Businesses are typically subjected to many different employment such as wage and hour laws, safety regulations, and laws intended to extinguish workplace harassment and discrimination. Even if any of these laws or regulations are broken unintentionally, you may find yourself with a lawsuit in your lap. Know what laws apply to you so you can create and enforce policies to ensure your business is in compliance. 3. Provide Outstanding Customer Service Not only should you be clear and compliant with your employees, you need to communicate with your customers and clients as well. Whether an order will be delayed, or you learn a project will take longer than expected, you don't want an unhappy customer. You never know what type of person you're dealing with, and sadly there are people out waiting on the edge of their seat for anything they can use to place blame on you and your business. Apart from keeping communication open with your customers, you need to be able to provide a positive and appealing environment overall. If your store is filthy and your checkout girl has an attitude, chances are you’ll be losing some customers. 4. Get Insured When owning a business, risks come with the territory. Therefore, its pertinent that you have solid liability insurance. Say someone gets hurt in your business or your system is hacked, insurance is there to cover those risks and losses and in return, minimizes your chances of getting sued. Insurance companies can handle claims, and negotiate settlements should those situations present themselves. 5. Find a Great Business Lawyer If there’s one professional you want in your corner, it’s a business attorney. No matter what phase of business ownership you’re in, a good business attorney can provide you with advice and the vital assistance you’ll want to ensure your business is a well oiled machine. Some instances could include but are not limited to the following. Zoning Copyright and Trademark Corporation and LLC Domains Licenses and permits IRS paperwork Written agreements for contracts and consultants Contracts for the sale and rental of goods Buy-sell agreements for business partners
Share by: