• Assessing Drone Industry Successes & Challenges as the FAA’s Small Commercial Drone Rule Turns 1

    By Scott C. Hall.

    The Federal Aviation Administration’s (“FAA’s”) Part 107 rule for small commercial drone operation, effective as of August 2016, has now been up and running for over a year. In light of this milestone, the FAA recently took the opportunity to highlight various successes resulting from the rule and to promote continuing drone innovation and operations. Yet, while much progress has been made in commercial drone use over the past year, an honest assessment also requires acknowledging that there are still many obstacles to overcome, and much work to do, to fully realize the benefits of commercial drone operation in the U.S.

    One particularly notable success for the drone industry has been the important role played by drones in supporting emergency response and rescue efforts in connection with recent natural disasters, including Hurricane Harvey and Hurricane Irma. In addition to the use of drones by media outlets to provide news coverage of otherwise inaccessible areas affected by the hurricanes, the FAA issued well over 100 specific authorizations – sometimes within hours of a request – to drone operators performing time-sensitive search and rescue missions or assessing damage to roads, bridges and other critical infrastructure in disaster areas. FAA Administrator Michael Huerta commented on the role of drones in the wake of recent hurricanes as a “landmark in the evolution of drone usage in the country.”

    However, despite these beneficial uses of drones in emergency response situations, not all drone news in connection with recent hurricanes and other natural disasters has been positive. As in years past, drones made news this year for interfering with emergency responders fighting wildfires in California. Because helicopters and other aircraft supporting critical emergency response efforts can easily collide with drones – causing potentially significant damage, injury, and even death – emergency response aircraft must often remain grounded if unauthorized drones are spotted in the area. This significantly impairs the ability of emergency responders to do their jobs. Unauthorized drone use also threatened to impede efforts of the U.S. National Guard, Marines and Coast Guard to rescue and recover individuals in hurricane disaster zones. In fact, these incidents caused the FAA to officially warn on its website that flying a drone in or near a disaster area may violate federal, state, or local laws and ordinances, and that unauthorized drone operators may be subject to significant fines if they interfere with emergency response operations. Thus, while drones are playing an increasingly important role in disaster response, continued misuse of drones has also complicated rescue and response efforts in various respects.

    The FAA also touted the continued expansion of commercial drone use across a variety of industries, including insurance, news and media, construction, mapping and surveying, and infrastructure inspection, among others. According to the FAA, uses of drones for scientific research, emergency response, and government infrastructure improvements are also rapidly expanding. Additionally, several companies, including Amazon, Domino’s Pizza, 7-Eleven and Flirtey, have attempted to spark consumer excitement for drones in recent months by demonstrating the potential for drone delivery of food and other consumer products.

    At the same time, however, many in the industry lament the fact that the U.S. still seems to be years away from integrating commercial drone deliveries and other innovative drone uses into the regulatory regime, even while such uses are moving forward in other countries.  Indeed, the FAA has stated that – putting aside isolated publicity stunts – it does not believe that regulations for delivery drones will be ready until at least 2020, even while countries in Africa are currently benefitting from drone delivery systems transporting items such as blood and life-saving emergency supplies on a daily basis.

    In addition to regulatory hurdles, part of the delay in drone innovation in the U.S. may be attributable to ongoing public skepticism regarding drones due to reported misuse of drones and their perceived potentially harmful impacts on safety and privacy.  For example, according to some reports, while 75% of consumers expect drone deliveries by 2021, only 44% said they liked the idea of drone delivery. Thus, despite the undeniable increase in commercial drone use over the past year under Part 107 – and the inevitable continued expansion over the next few years – fully realizing the many potential benefits and services drones can provide must still await slow regulatory and lawmaking processes and gain greater public acceptance of anticipated uses.

    Ultimately, the FAA acknowledges that Part 107, as it exists currently, isn’t the end of the story – it’s the starting point. By 2021, the FAA estimates there could be as many as 1.6 million small drones in commercial operation throughout the country. There is still a lot to be done to realize the full commercial potential of drones, much of which will require increasingly complex drone operations (and correspondingly sophisticated laws and regulations), including for flights over people, operations beyond line-of-sight, delivery of goods, and even transportation of people. But, if commercial drone operations are to successfully accommodate the predicted increase in the number of commercial drones and expand on pace with expected innovations in the technology, it will require the coordination of many actors, including lawmakers at federal, state and local levels, drone manufacturers and operators, and greater acceptance by the public at large, to achieve.

    Categories: Publications
  • Five Lessons All Companies Can Learn From The Equifax Data Breach

    Authored by Scott C. Hall and David (Duff) Beach.

    The Equifax data breach has dominated news headlines for weeks, and Equifax will be dealing with the legal and financial fallout from the breach for many years.  While many companies may be relieved not to be in Equifax’s position right now, no company is immune to data breaches.  Those who fail to learn key lessons from Equifax’s mistakes may find themselves in the next headline.  Accordingly, companies in every industry, and of every size, that maintain any type of sensitive personal data—whether it be of customers, employees, or data maintained on behalf of others—should study the Equifax situation and ensure that they are better prepared for a data breach incident.

    1.  Everyone (yes, everyone) will experience a data breach. 

    When it comes to data breaches, the question is not if, but when.  This makes the more important question how will you respond?  Data breaches do not only result from malicious hackers or phishing scams.  They can occur when employees inadvertently access and/or mistakenly share personal data.  They can occur when company laptops, flash drives, or even personal phones or tablets that contain company data, are lost or stolen.  These kind of events occur in every company in every industry.  As a result, everyone needs to prepare to respond.  Indeed, the manner in which Equifax handled this most recent data breach—including: (1) the several weeks that elapsed before notifying affected individuals,(2) the executives who sold stock during the period between discovery of the breach and notifying the public, and (3) the company’s offer to provide credit monitoring services to affected individuals, but only in exchange for a waiver of certain legal rights against the company—indicates that Equifax was not sufficiently prepared to deal with this kind of a data breach.

    Every company should have a basic data breach response plan in place that at a minimum  identifies who (among IT, HR, business operations, public relations, and other personnel) will respond to the breach, what their respective roles will be, and who will be the ultimate contact point and decision-makers with respect to the response.  The plan should also include a timeline and enumerated steps to follow regarding discovering the scope of the breach, investigating the cause, remedying or mitigating the breach, notifying affected individuals, and contacting law enforcement as necessary.

    Because of the widely publicized nature of Equifax’s data breach, as well as other recent high-profile data breaches, no company will get a “free pass” or be able to argue that they had no idea a data breach could happen to them.  In effect, these high-profile breaches put everyone on notice that data security must be a priority for all.  Any company that chooses to put its head in the sand, does so at its own (certain) risk.

    2.  Act quickly to show affected individuals that you are trying to protect them.

    In responding to data breaches, time is of the essence.  Many have criticized Equifax for waiting until early September to notify affected individuals of a data breach it discovered in July.  Most state data breach notification statutes require that a company disclose a data breach “in the most expedient” time possible, without further clarification about what that means.  The minimum amount of time specified under state laws that contain specific time periods for notification is generally either 30 or 45 days from discovery of the breach.

    In light of these general standards, Equifax’s timing for notification to individuals may not have constituted an improper or unlawful delay as a matter of law.  After all, it takes some time to investigate what happened, confirm what data was breached, and implement remedial measures. And, as a company responding to a data breach, you do not want to rush to publicize inaccurate facts that you later have to correct.  However, as a practical matter, 6 weeks is a lengthy period of time for sensitive personal information to be exposed without notifying affected individuals—and as the response to Equifax shows, many people believe this kind of delay is unreasonable, regardless of the legal standards.  Thus, while a company needs time to investigate the incident and communicate accurate facts to those affected, all companies should seek to notify those whose information has been compromised sooner rather than later.

    3.  Take actions that demonstrate that you are genuinely attempting to remedy the problem.

    Data breaches happen.  They will continue to happen.  And the public generally understands that not every data breach, especially a hacking attack, can be prevented.  However, when a data breach occurs, affected individuals want to know that the company is doing everything in its power to protect them, not itself.  Equifax added insult to injury when it offered to enroll affected consumers in free credit monitoring services—something required under at least some state data breach laws—only if consumers agreed to waive certain legal rights against the company.  Unsurprisingly, this did not go over well in the court of public opinion.  And, while Equifax has since agreed to provide credit monitoring without these legal restrictions, the reputational damage has already been done.

    Ultimately, the legal fallout from any data breach will be what it will be based on the circumstances and whether the company had reasonable protections in place.  But reputational harm may damage the company as much or more than the legal process.  The best thing a company can do in the wake of a breach is to diligently correct its data security weaknesses and work with affected individuals to minimize the scope and harm caused by the breach.

    4.  Consider what sensitive personal data you maintain or need to maintain and how to safeguard it.

    It is a rare company that holds no sensitive personal data.  While credit reporting companies like Equifax have more sensitive information than most, all companies have some kind of personal data—in the form of customer or employee social security numbers, financial account numbers, or other information—that triggers data breach notification requirements.  All companies should, at a minimum, know the types of personal information they maintain, how and where is it stored, who has access, and whether it is sufficiently secured.  Companies then need to consider: (1) whether they truly need all the personal information they have and (2) whether such personal information can be separated, encrypted, or otherwise safeguarded to minimize the accessibility of such information or its usefulness if improperly accessed or exposed.

    5.  Consider cybersecurity insurance and other professional services.

    While every company will at some point experience a data breach incident, the potential risk largely depends on the type and volume of sensitive personal data a company maintains.  For those companies where there is a real possibility of significant financial injury if a data breach were to occur, cybersecurity insurance is something to consider.  Many companies elect not to carry cybersecurity insurance because they do not want to pay expensive premiums, they are unsure exactly what the policies will cover, or they are skeptical that they will suffer a significant cybersecurity incident sufficient to justify the cost of insurance.  But the Equifax breach reminds us that data breaches will occur—and likely with increasing frequency in coming years.  Companies with significant risk should analyze whether cybersecurity insurance makes sense for them.

    As the Equifax breach shows, especially in the area of cybersecurity, an ounce of prevention is worth a pound of cure.  Companies should work with cybersecurity consultants, attorneys, or other professionals prior to a data breach both to protect against breaches, and to prepare to respond to a breach. Preventative cybersecurity training for employees is key, as human error is responsible for many data breaches.  Companies should ensure that their IT systems are reasonably secured, their personnel are reasonably trained, and their data breach response plan is ready to go for when a data breach occurs.  And it will.

    Click here to download a printable PDF of this article.

    Categories: Publications
  • Three Partners Ranked as Leading Private Wealth Lawyers by Chambers HNW 2017

    Coblentz Partners Philip Feldman, James Mitchell, and Jaime Mannon are listed as Leading Lawyers in the Private Wealth Law category of the 2017 Chambers HNW (High Net Worth) guide for Northern California, published by Chambers & Partners.

    Phil Feldman is again ranked as a Leading Lawyer in Band 2, where clients and industry colleagues note that “He’s a very outgoing personality, he’s immediately likable and in technical terms, he’s sophisticated and yet very approachable.” A fellow estate planning lawyer notes “Not only was he up there with the complexities of the matter but negotiating with him was a pleasure. He’s just a good guy that it’s a pleasure to work with.” Another describes Feldman as a “thoughtful, collegiate and careful attorney.”

    Jim Mitchell is also ranked as a Leading Lawyer in Band 2. A wealth advisor notes that “We tend to refer a lot of matters to Jim that require not only very sophisticated legal expertise but also a delicate touch from a personal point of view. We’ve found Jim is particularly good at navigating client situations.” And another explains that “He doesn’t get rattled, stays steady to the task, is very knowledgeable and very pro-client in his thought process. He’s just generally a very good attorney to work within this field.”

    Jaime Mannon is listed as an Up and Coming lawyer by Chambers. One source says that Mannon “is someone who is building her practice, and we often will refer young entrepreneurs to her who would like to work with someone roughly the same age.” Another describes her as “very knowledgeable, responsive and intellectual.”

    The Coblentz Family Wealth practice is also listed by Chambers HNW in Band 2 for Private Wealth Law, Northern California. Chambers writes that “The firm is well regarded among California wealth professionals,” and colleagues in the field mention that the Coblentz team has  “a very sophisticated practice. I feel confident they will handle any technical issue a client may need help on. The firm has a wonderful, supportive culture, and people there are able to take their time – they’re thoughtful and responsive. They value the relationship they build with clients. We like working with them.” Another interviewee says the firm is “first on my list for a reference,” and that our attorneys are “intelligent, flexible and work well with advisers. Their flexibility and reactiveness are probably one of their highest values to me. Also, they have a creativeness but not too aggressive an attitude, meaning they will suggest leading-edge techniques but won’t overly push the implementation if it’s not appropriate. So they can give a very well thought-through platform of suggestions, being flexible in terms of which ones fit the client’s situation.”

    London-based Chambers and Partners conducts intensive, continuous research to identify the world’s leading lawyers and law firms – individual lawyers are ranked (in their practice-areas) on the basis of their legal knowledge and experience, their ability, their effectiveness, and their client-service.

    Categories: News