Chicago partner Ken Dort was quoted in a recent Advisen article, titled, “NIST Cyber Agenda Seen Driving Class Actions.” The article discusses the National Institute of Standards and Technology’s (NIST) proposed cyber security framework (PCF), which was opened for public comment on October 29. Ken authored an alert on this topic, noting that this framework equips both regulators and the plaintiff’s bar with new and important ammunition.
Ken told Advisen that, “right now plaintiff’s attorneys have no formal protocol with which to go after companies that have suffered data breach. What [the NIST standards] do unintentionally—since they’re ‘suggested’ and ‘voluntary’—is they throw a potential set of considerations to the plaintiff’s bar.”
He also added, “I can guarantee, the next time there’s a big data breach and a potential class action, you’re going to see references to this particular draft laid out in the complaint in terms of allegations of what may or may not have been done.”
NIST initially had the task of developing a cyber-security framework to improve the nation’s security posture against a cyber-attack, with a particular focus on protecting critical infrastructure such as US transportation systems, oil and gas facilities, and utilities.
Ken’s client alert explained that NIST’s new framework does have many advantages. “It sets out specific steps and best practices for all organizations – public and private, as well as small and large – to implement so as to better protect the US’s critical cyber infrastructure.”
Ken added that “the ‘fire drill’ part of his practice comes into play when clients experience data breaches, in which case Drinker Biddle helps them to respond appropriately to all government authorities and other relevant parties.”