It is no wonder that [Trivalent Board Member] Jennifer Puplava of Mika, Meyers, Beckett and Jones jumped at the chance to get involved when her client, Trivalent, talked with her about presenting at their “Solutions Expo.”
A dynamic and interesting speaker, she saw the opportunity to communicate both on her subject matter and about how she as an attorney, and others at MMBJ, can help.
For example, in her presentation “Prepare for the Worst — Best Prac-
tices for Responding to Cybersecurity Breaches,” she referred to a list of private rights of action over which a company with a security breach can be sued as “The Parade of Horribles.” Included were negligence, breach of contract, breach of fiduciary duty, unjust enrichment, and others.
When warning of the likelihood that some manner of breach will happen, Puplava said that the only way to avoid it with certainty was to “go caveman” and avoid all contact with any form of technology or the Internet.
What she advised instead was a lot of planning in advance on what to do in the event of such a breach.
“Breach” is defined by Michigan law as “the unauthorized access and acquisition of data that compromises the security or confidentiality of ‘Personal Information’ maintained by a covered entity as part of a database of ‘Personal Information’ regarding multiple individuals,” and Personal Information is defined as the first name, or first initial, and last name linked to one or more of the following: Social Security Number, drivers’ license or Michigan ID, and/or a financial account number or credit/debit card number in connection with any required code, or password, that would permit access to the accounts. (In response to an audience question, Puplava said mailing address are not considered that type of information.)
As another of her presentations advised, it is critical to do everything within a company’s power to avoid breaches, but because technology is ever-changing and there seems to be no lack of individuals wanting to access private information illegally for their own gain, she warned that two of the important areas for advance planning were public relations and messaging, and notification.
The law is fairly specific about the content of notices, though she referred to the timing requirement, “without delay,” as “squishy.” They must be “written in a clear and conspicuous manner,” advise specifically what information was accessed, and give a description of what the firm or department has done to prevent further breaches, including giving a phone number and warning potentially compromised individuals to be on the lookout for unauthorized uses and symptoms of identity theft.
“We lawyers like to over-complicate things — and sometimes it’s intentional,” she said with a smile, “but this is a case where we’ll advise you to be as clear and concise as possible.”
The rub may lie more in who and how to notify than with the content, which is one of the very good reasons to think about it in advance. For example, if a company’s customers are in a number of states, it is not impossible that notification requirements will differ, and it would be very difficult to figure all that out in a timely fashion after rather than before the breach.
However, Puplava noted, “Many of the states have similar rules.” She added that in most instances where there are differing federal and state regulations, the federal takes precedence.
Her other cybersecurity presentation covered how to protect a business from internet crime, but noted that the laws in this area are “a moving target.”
Puplava is well-equipped to delivery such advice, and her practice also delves into technology where it overlaps with intellectual property law, another of her specialties. She represents clients in litigation and trademark proceedings, and counsels them on trade secret and copyright agreements and other documents; and her technology law expertise spans domain names to information security, including the subjects of her presentations.
She graduated magna cum laude from Saint Mary’s College in Notre Dame, Indiana, and cum laude from Indiana University School of Law.
In addition to committee and section memberships with the Grand Rapids, State and American Bar Associations, Puplava is or has been a member of the Cascade Downtown Development Authority Board, the Humane Society of West Michigan board, the International Trademark Association, the American Intellectual Property Law Association, and the Grand Rapids Chamber of Commerce; she has also been very active in the Woman Lawyers Association of Michigan Western Region.