Businesses of all types and sizes throughout the United States, Mexico and beyond bring their disputes to Gardere's litigation team and receive practical, responsive, boutique-style attention in return. Our clients have access to the firepower and value of a well-known and highly-regarded Firm's capabilities and interdisciplinary strengths.
Gardere has a national and international energy practice formed around our Energy Industry Team, which is a multidisciplinary group of approximately 60 attorneys with diverse backgrounds, experience and skills specific to the energy industry. Our team includes attorneys who have served as in-house counsel for major energy companies, providing a depth of insight into our clients' needs, issues and concerns. We understand and regularly practice in virtually every sector of the energy, and we represent a wide variety of industry participants from multinational corporations to individuals.
From our offices in the United States and Mexico, our International Practice helps clients operate in today’s global economy. We have more than 30 professionals operating as a boutique within an Am Law 200 law firm and are able to provide focused service with the resources of a large firm. We understand that clients who are engaged in the global marketplace need lawyers who can operate seamlessly across multiple jurisdictions. Our international experts are multi-lingual, are culturally fluent and intimately familiar with various legal systems across the world, especially those in Latin America. Whether you need help with commercial transactions, regulatory matters, customs and import regulations, immigration matters, M&A and joint ventures, international disputes, or international tax planning, Gardere’s international team is here to assist you.
We represent domestic and foreign private funds in all aspects of fund formation, fund operations, platform and add-on acquisitions, and portfolio company operations. Our team has a reputation for being the go-to-lawyers for private equity funds, hedge funds, venture capital funds and family offices. We are known for our vast deal experience, the efficient way we staff and manage our work, and the way we maintain our relationships. We get deals done with sophisticated, strategic, and practical advice tailored to the needs of our clients.
*Not admitted to practice law.
GUEST BLOG FROM JIM BRASHEAR
I welcome Jim Brashear as a Guest Blogger with his blog concerning cyber security risks. Jim is Vice President, General Counsel and Corporate Secretary of Nasdaq-
traded Zix Corporation, the market leader in email encryption services. He frequently appears as a public speaker on corporate governance, data security and information technology legal topics. You may want to follow him on Twitter. I’m sure we will see more Guest Blogs from him in the future.
New SEC disclosure guidance about cyber security risks
The SEC recently issued new disclosure guidance about cyber security risks. In summary, the SEC is directing public companies to review, on an ongoing basis, the adequacy of their disclosure relating to cyber security risks and cyber incidents. The disclosure guidance does not create new standards, but reminds public companies of existing disclosure requirements that may apply to cyber security risks and cyber incidents.
The bottom line is that this guidance should cause public companies, including their senior management and boards of directors, to give more attention to assessing cyber security as part of their enterprise risk assessments, because a discussion of cyber security risks and cyber incidents may become expected in public company financial disclosure. It should also prompt public companies to include these issues in their disclosure controls processes.
The SEC provides more specific guidance about disclosure in six areas of public company financial reports: Risk Factors, Management’s Discussion and Analysis (MD&A), Business Description, Legal Proceedings, Financial Statement Disclosure, and Disclosure Controls and Procedures.
On the latter point, public companies will need to assess and disclose conclusions about the impact of cyber security risks and cyber security incidents on the effectiveness of the organization’s controls over financial disclosure, including whether there are any deficiencies that would render those controls ineffective. Additionally, public companies should supplement their disclosure controls checklists, so that their disclosure controls processes will include consideration of possible disclosure about cyber risks and cyber incidents.
Companies are not required to disclose any or all of the issues that are identified for consideration and discussion by their disclosure controls committees. In fact, the SEC recognizes that detailed disclosures of these issues could increase the cyber risks. The organization may have concerns about what personnel can be involved in IT security discussions or receive any report about those issues, based on individual security clearances, etc. The process might, therefore, require that those discussions occur in a smaller group.
The list of questions below is intended to (a) prompt a discussion in the disclosure committee of any meaningful changes in the company’s cyber risk profile and whether additional disclosure (or other action) is warranted, and (b) create a written record that management thoughtfully considered the principal data security and privacy risks facing the company in order to determine whether additional disclosure (or other action) is warranted.
1. Any significant change to the nature or level of cyber security risks facing the company or affecting the company’s services to customers [such as any meaningful increase in actual or threatened penetration attempts, spear phishing or other advanced persistent threats (APT), or denial of service (DOS) attacks]
2. Any significant cyber incident [such as malware embedded in any company system which may have exposed or compromised any of the company’s confidential or proprietary information, or the transmission or other exposure via the internet of unencrypted personal information of any customer, employee or other individual]
3. Any significant cyber security risk deficiency that was identified in any review or audit of the company’s information security or data privacy practices
4. Any significant change to the company’s expenses or capital costs of mitigating cyber security risks, such as an increase in cyber risk insurance premiums or services purchased to avoid system penetration
5. Any significant change in the company’s ability to promptly respond to, and promptly resume operations after, a cyber incident or damage or loss of power to the company’s principal data center or any other systems important to maintaining operations
The publications contained in this site do not constitute legal advice. Legal advice can only be given with knowledge of the client's specific facts. By putting these publications on our website we do not intend to create a lawyer-client relationship with the user. Materials may not reflect the most current legal developments, verdicts or settlements. This information should in no way be taken as an indication of future results.
You may use the wildcard symbol (*) as a root expander. A search for "anti*" will find not only "anti", but also "anti-trust", "antique", etc.
Entering two terms together in a search field will behave as though an "OR" is being used. For example, entering "Antique Motorcars" as a Client Name search will find results with either word in the Client Name.
AND and OR may be used in a search. Note: they must be capitalized, e.g., "Project AND Finance."
The + and - sign operators may be used. The + sign indicates that the term immediately following is required, while the - sign indicates to omit results that contain that term. E.g., "+real -estate" says results must have "real" but not "estate".
To perform an exact phrase search, surround your search phrase with quotation marks. For example, "Project Finance".
Searches are not case sensitive.