Photo of Jeffrey Neuburger

Jeffrey Neuburger is co-head of Proskauer’s Technology, Media & Telecommunications Group, head of the Firm’s Blockchain Group and a member of the Firm’s Privacy & Cybersecurity Group.

Jeff’s practice focuses on technology, media and intellectual property-related transactions, counseling and dispute resolution. That expertise, combined with his professional experience at General Electric and academic experience in computer science, makes him a leader in the field.

As one of the architects of the technology law discipline, Jeff continues to lead on a range of business-critical transactions involving the use of emerging technology and distribution methods. For example, Jeff has become one of the foremost private practice lawyers in the country for the implementation of blockchain-based technology solutions, helping clients in a wide variety of industries capture the business opportunities presented by the rapid evolution of blockchain. He is a member of the New York State Bar Association’s Task Force on Emerging Digital Finance and Currency.

 

Jeff counsels on a variety of e-commerce, social media and advertising matters; represents many organizations in large infrastructure-related projects, such as outsourcing, technology acquisitions, cloud computing initiatives and related services agreements; advises on the implementation of biometric technology; and represents clients on a wide range of data aggregation, privacy and data security matters. In addition, Jeff assists clients on a wide range of issues related to intellectual property and publishing matters in the context of both technology-based applications and traditional media.

“Who Do You Trust” was a 1950’s game show that required players to decide whether they could rely upon the information provided by their partners to win cash prizes of $25, $50 and $75. In today’s increasingly networked environment, there’s a lot more at risk in trusting another’s information about cybersecurity. Corporations and industries complain that they can’t trust the timeliness and accuracy of government information about cybersecurity. And cybersecurity experts point to distrust over the motives of the government and competitors as a bar to information sharing among private entities. But despite that, everyone agrees that information sharing would inure to the general benefit of all involved.

Rep. Daniel Lungren of California,Chair of the Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies of the House Committee on Homeland Security, is aiming at impediments to cybersecurity data sharing in a bill introduced on Dec. 15, 2011. S. 3674, the ‘‘Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act of 2011’’ or the “PRECISE Act of 2011,” contains, among other things, a provision that would encourage corporate and industry participation in government sponsored cybersecurity programs by including legal exemptions and protections for private entity information-sharing.

On April 7, 2011, the SEC announced that it had imposed fines of $20,000 each against the former president of a broker-dealer and a former broker for their actions in transferring customer information to a new firm as the defunct firm wound down. The SEC also fined the brokerage firm’s former chief compliance officer $15,000 for compliance failures and security breaches that took place at the defunct firm, some dating back to 2005. Visit our blog to learn more.

In August, we wrote about the ruling of a New Jersey appellate court in Stengart v. Loving Care Agency, Inc., in which the court took a very narrow view of the ability of employers to monitor the e-mail communications of employees over its computer networks. In that case, which is now on appeal to the New Jersey Supreme Court, the appellate court held that an employee did not waive her attorney-client privilege with respect to e-mails that she sent to her attorney while using the employer’s computer network, but via her personal Web mail account, despite the existence of a broadly worded communications policy giving the employer the right to access all communications occurring over its network. The appellate court court ruled that even if the employer’s policy applied to the employee (she disputed its applicability), the employer’s right to access to such communications pursuant to that policy was limited by the employer’s "legitimate business interests." Such interests did not extend, the court concluded, to the employee’s communications with her attorney.

In contrast to the New Jersey court’s narrow view of the applicability of such policies, the district court judge in Alamar Ranch, LLC v. County of Boise, 2009 U.S. Dist. LEXIS 101866 (D. Idaho Nov. 2, 2009), held that knowledge of employer monitoring of employee communications over its network could be imputed, not only to the employee but to the employee’s attorney as well. As a result, the court held, the attorney-client privilege had been waived with respect to messages sent by the employee to the attorney using her employer-assigned e-mail account, and to messages sent to the employee at her employer e-mail address by the attorney.

By Jeffrey D. Neuburger and Sara Krauss

Congress has been dithering over the adoption of a federal data security breach notice law for the last several years without coming to an agreement on a national standard for reporting breaches in the security of personal and financial data, but on February 17, data breach notice provisions applicable to health information were signed into law as part of the HITECH Act provisions of the massive economic stimulus legislation, H.R. 1 (111th Cong., 1st Sess. Feb. 17, 2009).

Beginning no later than September 16 of this year, “covered entities” under the Health Insurance Portability and Accountability Act (HIPAA) will be required to give notice of breaches in the security of protected health information, and “business associates” of HIPAA-covered entities will be required to report such breaches to the covered entities. §13402(a) & (b). Currently, California and Arkansas are the only states that require that notification be given in the case of a breach in the security of medical or health insurance information.