Benjamin Charles Fishman

Representative Matters

Commercial Litigation
Representing a financial-guaranty insurance company in contract and fraud litigations against investment banks that sponsored and originated residential mortgage-backed securities.

Representing a medical device company in contract and fraud disputes arising out of distribution contracts.

False Advertising
Representing a major pharmaceutical company in a federal court Lanham Act action. Obtained a preliminary injunction that was successfully defended on appeal.

White Collar Defense and Investigations
Representing a retired executive of a major retail company in a Foreign Corrupt Practices Act investigation.

Pro Bono
Representing a death row inmate in Alabama in a post-conviction challenge.

Data Security Law Blog

DataSecurityLaw.com is the firm's resource for the latest news, analysis, and thought leadership in the critical area of privacy and cybersecurity law.

Recent Blog Posts

• Obama Announces Commission on Enhancing National Cybersecurity Earlier today, President Obama issued an Executive Order creating a Commission on Enhancing National Cybersecurity within the Department of Commerce. The commission “will make detailed recommendations to strengthen cybersecurity in both the public and private sectors while protecting privacy, ensuring public safety and economic and national security, fostering discovery and development of new technical solutions, and bolstering partnerships between Federal, State, and local government and the private sector in the development, promotion, and use of cybersecurity technologies, policies, and best...
• Litigation Watch: Can a Third-Party Vendor Be Left Holding the Bag After a Breach? Many organizations, particularly those outside of the technology sector, rely heavily on third-parties-including cyber security specialists, lawyers, and public relations firms-to help pick up the pieces after a data breach. But what happens when a third-party vendor doesn't fix the problem?We've written about managing third-party risk on this blog several times, and from a legal perspective, we've focused on dealing with those risks through careful planning and thoughtful contracting. But what other steps can an organization take if a third-party...
• EU Commission and United States Agree on New “Privacy Shield” for Trans-Atlantic Data Flow U.S. and European Commission officials announced on Tuesday that they have reached an agreement in principle on a new EU-U.S. Privacy Shield to permit the flow of data between Europe and the United States. The new deal follows on the heels of reports Monday evening that U.S. and European officials were continuing to negotiate a replacement for the now-defunct Safe Harbor Framework, after officials failed to reach an agreement by the January 31st deadline.The European Commission (EC) has indicated that...
• U.S. and European Officials Fail to Reach Agreement for New Data Transfer Deal American and European officials failed to meet the January 31st deadline for a new agreement on the transfer of data between the United States and Europe, disappointing hopes that the two sides would broker a deal to replace the now-invalidated U.S.-EU Safe Harbor Framework. Over the past few months, European Union and United States officials have been locked in intense negotiations for a new deal on the Safe Harbor, which would allow companies to resume safely transferring data across the...
• The FDA's Draft Guidance on Cybersecurity for Networked Medical Devices Yet another regulator has weighed in on cybersecurity issues, adding to an already complicated and daunting mosaic of regulatory enforcement actions and guidance. Last week, the U.S. Food and Drug Administration (“FDA”) posted new draft guidance concerning the postmarket management of cyber risks associated with medical devices that are connected to networks. The new draft guidance comes almost a year after President Obama issued Executive Order 13636, which directs public and private actors to work together to share information about...
• CISA Is Now Law-What It Means for Your Organization After several fits and starts, Congress finally passed the Cyber Information Sharing Act of 2015 (CISA) as part of the omnibus budget bill. President Obama signed the bill into law on December 18, 2015.CISA allows-but does not require-companies to share certain cybersecurity information with the NSA and other federal agencies, where that information is necessary to identify malicious intrusions, security vulnerabilities, or other enumerated “cyber threat indicators.” Supporters of the legislation argue that this type of information-sharing is critical to...
• Department of Homeland Security & Cyber Governance: It Starts at the Top The U.S. Department of Homeland Security's (DHS) top privacy official said today that a “clear mandate” from top management is the foundation of an organization's ability to establish and implement an effective data security and privacy plan.“I report directly to the Secretary of Homeland Security,” said Karen Neuman, Chief Privacy Officer of the DHS. “The same should be said of any organization.”Neuman's comments came during a symposium hosted by the International Association of Privacy Professionals/Federal Communications Bar Association at EverBank...
• Breaking News: Hacker's Conviction Affirmed Despite Lower Court's Error This week, the United States Supreme Court upheld a conviction under the Computer Fraud and Abuse Act despite the Court's acknowledgement that the jury had been wrongfully instructed on the elements of the crime charged. This is the second noteworthy decision relating to the Act to be issued recently.Defendant Michael Musacchio had been the president of a logistics company, Exel Transportation Services (“ETS”) until his resignation in 2004. In 2005, Mr. Musacchio formed a rival company, and the former head of ETS'...
• “Interoperable” Healthcare Data Will Be a Tempting Target At a panel during last week's Consumer Electronics Show in Las Vegas, Edith Ramirez, chair of the Federal Trade Commission - America's top privacy regulator - said she would not wear a Fitbit personal fitness tracker. “I don't want my sensitive health information being shared,” she explained. And as it happens, Fitbit suffered a hack the same week.Meanwhile, U.S. healthcare regulators have recently been promoting policies that promise to aggregate and render accessible the health data of millions - whether that data...
• The Privilege of PR: Application of the Attorney-Client Privilege to Crisis Communications and Public Relations in Breach Response Planning Cyber-attacks have become a matter of everyday reality for all businesses: regardless of industry or size, it is no longer if a data breach will happen, but when. And waiting for a breach to occur before designing and implementing a cyber incidence response plan is generally a recipe for disaster. Often overlooked, however, is the need to include a carefully-crafted crisis communication or public relations strategy and to do so in a way that extends the attorney-client privilege to the...