Blog

Monthly Archives: March 2016

Divorce Finances: Know the Numbers

8e2a95a81bd67d6d59f9fc086239d1be

 

Most people are not born independently wealthy so saving for retirement is a part of budgeting. Ideally married couples work together to save money for their old age.  They know exactly how much the other has and they know how it has been invested, right?

Fidelity Investments recently published the 2015 edition of it’s online biennial Couples Study. Surprisingly, the study showed that although many couples think they communicate well about money 40% of the couples surveyed didn’t know how much money their spouse made the previous year.

Sadly, the study also showed that over 50% of the couples did not know how much money they would need in retirement to maintain their current standard of living.  What does this have to do with divorce? Imagine how difficult it would be for someone to ask for a fair settlement in a divorce if they don’t know how much money their spouse made or how much money they needed to maintain their current standard of living?

Investment companies like Fidelity help people improve their understanding of the family finances.  A good place to start is taking an active role in understanding the tax returns or reading the credit card bills.  When someone is getting divorced or thinking about getting divorce, and if they have never managed their own finances before, it is a good idea to look for an investment firm and financial advisor to help.

From the perspective of a divorce attorney,  it seems that often times one spouse is more prepared than the other.  Generally people don’t plan their divorce, and often end up with a lack of financial literacy.  When a person receives a large settlement and is responsible, for the first time in many years, for paying the bills solo then financial literacy has real implications for the future.

In New York and many other states a person is entitled to half of their spouse’s IRA, 401K, or other retirement investment if they have been married at least 10 years.  There are also statutes now which determine temporary and permanent alimony payments and child support.  At Jones Morrison, we can help teach financial literacy and provide the financial and litigation support necessary to successfully navigate the future.

Allison Levinson
Of Counsel, Jones Morrison, LLP

Liability Protection for Firms That Share Cybersecurity Information?

binary-1187194_960_720

In November 2015, I wrote about a symposium conducted by the FBI and Secret Service to partner with the private sector on shared cybersecurity concerns.  One of the open issues from that symposium concerned potential liability for firms that shared cybersecurity information with law enforcement.  Those issues were supposed to be addressed in the Cybersecurity Act of 2015, which the President signed into law December 18, 2015.

Were they?  The Act includes provisions that deal with some of the concerns from firms that share information with law enforcement and with one another. The statute provides the following:

  • For private entities that share information with the federal government in accordance with the Act, the law provides that there is no legal cause of action against those entities.[1]
  • Cyber threat indicators and defensive measures that private entities share with federal government or with a state, tribal or local government under the Act may not be used to regulate those entities, including enforcement actions.[2]
  • Private entities do not waive privilege when they share information with the federal government.[3]
  • Private entities can declare shared information to be proprietary and confidential.[4]
  • Sharing of cyber threat information among private entities will not violate antitrust laws.[5]

The government can only use business-supplied information for a “cybersecurity purpose.”  That is, the information can only be used to protect “an information system or information that is stored on, processed by, or transiting an information system from a cybersecurity threat or security threat or security vulnerability.”[6] Nor can the government release that shared information to the public, including through freedom of information requests made to federal, state, and local government.[7]

Is the Act significant?  Some commentators have yawned.  One called the law’s focus “fairly modest,”[8] and stated that “companies are not especially concerned about potential liability arising from such sharing.”[9]  Forbes wrote that the bill “will likely be ineffective in the prevention of cybercrime[, and has been]…criticized for the litany of privacy issues it could potentially introduce.  At its best, the bill…[is] a step in the right direction in the fight against cybercriminals.”[10] And while some contend that many companies are already sharing cybersecurity information,[11] other tech companies (such as Apple and Twitter) have stated they would not participate in the sharing program.[12]

But others have pointed to the Act’s protections to businesses that choose voluntarily to share information.  Those include:

  • An expansive safe harbor from liability, with protections for private entities from civil, regulatory, and antitrust liability.[13]
  • No requirement that firms act after they receive shared cybersecurity information.  Though not acting creates its own problems: the law does not shield those firms from liability. “An entity that receives information about a cybersecurity threat to its networks may remain subject to claims premised on common law causes of action such as negligence if it fails to respond diligently.”[14]
  • Authorizing private entities to use defensive cybersecurity measures on a firm’s information systems and those of other consenting entities. Note, though, that the Act doesn’t green-light measures that go on the attack against hackers, in order to “destroy, render unusable, provide unauthorized access to, or substantially harm third­party information systems.”[15]

To benefit from the Act, firms are required to take certain steps, including removing personally identifiable information not directly related to a cybersecurity threat, from information provided to either the government or shared with another firm.[16] And “[e]ntities that share information should keep clear records evidencing their compliance with [the Act] to ensure they can benefit from its liability protections.”[17]

The new law may ultimately call for reduced expectations.  That understood, the Act could result in a little more certainty for firms that share cybersecurity information with one another and with the federal government.

Bohdan S. Ozaruk
Of Counsel, Jones Morrison, LLP

________________________________________

The information in this article is for general use, and may not be applicable in all situations.  You should not act on it without specific legal advice based on your particular circumstances. The views expressed in this article should not be attributed to Jones Morrison LLP, its attorneys, or its clients.


[1] Cybersecurity Act of 2015 §106(a)-(b) (“[n]o cause of action shall lie…against any private entity, and such action shall be promptly dismissed, for the monitoring of an information system….[and] for the sharing or receipt of a cyber threat indicator or defensive measure….”) (Act)

[2] Sullivan & Cromwell discusses The Cybersecurity Act of 2015, CLS Blue Sky Blog, (Jan. 6, 2016) 4/7, http://clsbluesky.law.columbia.edu/2016/01/06/sullivan-cromwell-discusses-the-cybersecurity-act-of-2015/ (Blue Sky Blog)

[3] Act, §105(d)(1) (“shall not constitute a waiver of any applicable privilege or protection provided by law, including trade secret protection.”)

[4] Act,, §105(d)(2) (cyber threat or defensive measure…shall be considered the commercial, financial, and proprietary information of such…entity when so designated by the…entity….”)

[5] Act,, §104(e)(1) (“it  shall  not  be  considered  a  violation  of  any provision of antitrust laws for 2 or more private  entities  to  exchange  or  provide  a  cyber  threat  indicator  or  defensive  measure,  or  assistance  relating  to  the  prevention,  investigation,  or  mitigation  of  a  cybersecurity  threat,  for  cybersecurity  purposes….”)

[6] Act,, §102(4).  An “information system” is “a discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.”  Id., §102(9)(A) (incorporating by reference, 44 U.S.C. §3502(8)).

[7] Act,, §105(d)(3)(B) (“cyber threat or defensive measure…shall be…withheld, without discretion, from the public under section 552(b)(3)(B)…and any State, tribal, or local provision…requiring disclosure of information or records….”)

[8] Cadwalader, President Obama Signs Cybersecurity Act of 2015 to Encourage Cybersecurity Information Sharing, (Dec. 24, 2015), http://www.cadwalader.com/resources/clients-friends-memos/president-obama-signs-cybersecurity-act-of-2015-to-encourage-cybersecurity-information-sharing (Cadwalader).

[9] Id.

[10] Forbes, The Problems Experts And Privacy Advocates Have With The Senate’s Cybersecurity Bill, 1/6, http://www.forbes.com/sites/abigailtracy/2015/10/29/the-problems-experts-and-privacy-advocates-have-with-the-senates-cybersecurity-bill/print/

[11] Forbes, 3/6

[12] Corey Bennett, Major Tech Group Comes Out Against Cyber Bill, The Hill (Oct. 15, 2015, 12:34 PM), http://thehill.com/policy/cybersecurity/257029-major-tech-group-opposes-cyber-bill (cited in Cadwalader)

[13] Blue Sky Blog, 2/7 (“Once triggered, CISA’s safe harbors from liability are broad. Private entities sharing information are generally shielded from civil, regulatory, and antitrust liability based on their sharing.”)

[14] Blue Sky Blog, 2/7.

[15] Blue Sky Blog, 2/7.

[16] Cybersecurity Act, §104(d)(2) (“A  non-Federal  entity  sharing  a  cyber  threat indicator… shall,  prior  to  such  sharing…review  such  cyber  threat  indicator  to assess  whether  such  cyber  threat  indicator  contains  any  information  not  directly  related  to  a  cybersecurity threat that …identifies  a  specific  individual  and  remove such information; or…implement and utilize a technical capability  configured  to  remove  any [such personally identifiable] information….”)

[17] Blue Sky Blog, 2/7.

 
CONTACT MANAGING PARTNER
Stephen J. Jones
Direct Dial For All Offices
914.713.9311  
Telephone
914.472.2300