Photo of Carly Ziegler

Carly is an associate in the Corporate Department and a member of the Private Equity and Mergers & Acquisitions Groups.  She represents strategic companies and private equity firms in mergers and acquisitions, including joint ventures, divestitures, growth equity investing and other strategic transactions, as well as in portfolio company governance and other general corporate matters. Carly works with clients in a variety of industries, including sports and entertainment, consumer products, life sciences, financial services, media and technology.

Traditionally, a person’s most valuable assets to be distributed upon death consisted of tangible items such as real property, cash, jewelry and personal effects of sentimental value like photographs and letters.  However, the advent of the digital age has brought a shift from file cabinets, mailmen and photo albums to cloud storage, e-mail accounts and online photo streams.  Today, virtually everyone has at least some assets that are not physical, but are stored as data and accessed via the Internet.  “Digital assets” may include, for example, text messages, instant messaging accounts, e-mails, documents, audio or video images and sounds, social media content, health insurance records, source code, software, databases, online bank accounts, blogs, and the user names and passwords necessary to access online accounts, among other things.  More specifically, consider a person’s PayPal or Venmo accounts, which might contain large sums of money, or Google, Yahoo, Facebook or Instagram accounts, which might contain letters, pictures, videos and other items of intrinsic value.  The steady growth of most individuals’ online presence has given rise to a novel legal issue – authority over administering the digital assets and accounts of an account holder upon death or disability. 

We’re all familiar with the ads that pop up on the side of our browsers, personalized to highlight things we might be interested in based on our web browsing activity.  Marketers and advertisers regularly track consumers’ online activities, interests and preferences and use the information they collect to create targeted ads, meant to appeal to individual consumers based on their behavioral profiles.  Some consumers have no objections to this type of targeted advertising, but others do not want their online activities monitored.  In response to privacy concerns raised by pervasive online tracking, the U.S. Federal Trade Commission endorsed the implementation of a Do Not Track (“DNT”) mechanism and the World Wide Web Consortium (“W3C”) has been working to develop a DNT technology standard that would allow users to control the tracking of their online activities. 

As announced during the 2013 State of the Union Address, President Obama recently signed an Executive Order on cybersecurity.  The primary goals of the Executive Order are to (a) improve communication between private companies and the federal government about emerging cyber threats and (b) safeguard the nation’s critical infrastructure against cyber attacks by developing and implementing baseline cybersecurity standards. Critical infrastructure refers to those systems and assets, both physical and virtual, so vital to our nation that any cyber attacks upon them would have a debilitating impact on national security, economic security, and/or public health or safety.

According to a report issued by the Department of Homeland Security (the “DHS”) in December 2012, there were 198 cyber attacks on the nation’s critical infrastructure last year, several of which were successful.  One such successful attack involved highly sophisticated malware found on critical engineering workstations at a power generation facility.  According to the DHS’ Industrial Control Systems Cyber Emergency Response Team Monitor, an “ineffective or failed cleanup would have significantly impaired” the power plant’s operations.  Critical infrastructure systems ranging from air traffic control systems, highways, and hospitals to electrical grids, water systems, power plants and financial systems all have virtual components that are vulnerable to cyber attack.  Over the past year, the need for stronger defenses against cyber attacks has gained traction in the public eye, as hackers have successfully targeted numerous high profile companies, including major newspapers, banks, and federal agencies.

President Obama’s Executive Order on cybersecurity comes in the wake of proposed cybersecurity legislation, which was stalled in Congress last year. The Executive Order relies heavily on a voluntary program that encourages private companies operating critical infrastructure to adopt baseline cybersecurity standards, which the federal government will develop with industry assistance.