United States: Cybersecurity Risks Reviewed: Directors And Officers Must Be Proactive And Prepared

Last Updated: July 28 2014
Article by Peter J. Isajiw and John C. Vázquez

Most Read Contributor in United States, July 2019

As recent events have made abundantly clear, threats to corporate cybersecurity are an issue that companies, their boards and their managers cannot afford to ignore. Cyberattacks and other threats to data security are alarmingly common. In its ''2014 Data Breach Investigations Report,'' Verizon confirmed there were more than 63,000 cybersecurity incidents in 2013, resulting in more than 1,300 confirmed data breaches.1 The Ponemon Institute, a data security research firm, estimates that cybercrime costs more than $113 billion a year worldwide and that the average cost to a company of a data breach is $3.5 million.2 More and more business systems are networked, and so long as the Internet continues to play an expanding role in commerce, both the motive and opportunities for cybercrime will expand alongside it.

The highly publicized data theft suffered by Target in November 2013 is just one example of the tremendous costs that a cyberattack can inflict on a company's bottom line, as well as its reputation. More than 110 million customer records were stolen in that attack, including the data from more than 40 million credit and debit cards.3 And although Target's data breach is remarkable for its size, it is otherwise typical of an increasingly common threat and serves as a useful illustration of the variety of costs that a data breach can inflict on a business and its leaders. Target has spent $87 million on data breach-related expenses through May 2014, and these costs are ongoing.4 They include internal investigation costs, additional call center staffing, legal and professional fees, and compensation to payment card networks for fraud losses. But these direct costs do not represent the totality of the risks that data breaches pose to companies. This article explores some of the many risks that directors and officers must consider in planning for and responding to a cyberattack.

Reputational Risk

Companies face serious reputational risk in the wake of a data breach, which could create significant economic loss. For example, after announcing its recent breach, Target experienced a 46 percent drop in net profit during the holiday shopping period. And although consumers have largely returned to Target's stores, some companies may not easily regain their customers' trust. During an SEC roundtable on cybersecurity in March, one panelist opined that a single incident of customer loss due to data intrusion would probably bring down an investment manager or securities broker-dealer because the loss of customer confidence in the financial services industry could be irreparable.5

Litigation Risk

Significant data breaches almost inevitably will be met with litigation, which often becomes a drawn-out and expensive distraction from a company's day-to-day operations. In its year-end report, Target disclosed that more than 80 actions have been filed in courts nationwide. Sony similarly faced almost 60 lawsuits after a 2011 cyberattack on its PlayStation network.6 Reviewing even a small number of these lawsuits demonstrates the multiplicity of legal claims that a company may face after a data breach. A sampling of the various types of litigation risks are described briefly below.

Direct Consumer Economic Loss

Companies may face litigation seeking to recoup direct economic losses sustained by the customers or individuals whose data is breached. In Target's case, the bulk of the losses from fraudulent use of the stolen payment card information have fallen on the issuers of those cards, and as losses have mounted, a number of banks and card issuers have sued to recoup their costs. One such complaint alleges that it has cost banks more than $172 million just to re-issue stolen payment cards and cites an analysis by the investment bank Jefferies estimating that the total losses from the data theft may total more than $1 billion.7

Violation of Data Privacy Laws

Even in data breaches that do not involve banking or credit card information, or where there are no fraud losses, there can still be substantial exposure to litigation by individuals whose personal information was compromised. In Target's case, dozens of lawsuits have been brought on behalf of consumers, seeking damages for negligence and for violations of state data privacy laws.8 Forty-six states, plus the District of Columbia, have passed data privacy laws requiring entities sustaining a data breach to promptly notify any individual whose personal information was, or was reasonably believed to have been, compromised.

Although the precise details of these statutes vary from state to state, the majority of these notification laws provide for a private right of action. Additionally, many state attorneys general have been aggressive in their efforts to enforce data breach notification laws. In one recent instance, Kaiser Permanente agreed to pay $150,000 and to submit to an injunction to settle a lawsuit brought by the California attorney general after Kaiser allegedly delayed notifying employees of a data breach for more than two months while it conducted a forensic analysis to determine the scope of the breach.9 The injunction requires Kaiser to provide notification of any future breaches on a rolling basis, to make this notification ''as soon as reasonably possible after identifying a portion of the total individuals affected by a breach, even if Kaiser's investigation of the breach is ongoing,'' and to ''continue to notify individuals as soon as they are identified, throughout and until completion of Kaiser's investigation of the breach.''10 This language may indicate that the California AG will interpret the statutory requirement that notification be made ''without unreasonable delay'' strictly in future cases, and as California has been a leader in this area, other states may follow its lead in construing their own data breach notification statutes.

Regulatory Scrutiny

Federal regulators are increasingly active in policing businesses' cybersecurity efforts. In 2010, the FTC promulgated the ''Red Flags Rule'' that requires a wide variety of companies to implement identity theft protection programs to detect and mitigate data breaches11, and Federal Trade Commission Chairman Edith Ramirez has been vocal in asking Congress to give the FTC specific rulemaking authority to allow it to better address cybersecurity threats.12 Even without specific statutory authority related to cybersecurity, the FTC has brought and settled almost 50 cases claiming that companies' data security practices constituted unfair or deceptive trade practices.13 For example, the FTC recently settled with Snapchat over allegations that the company was making misleading representations about its privacy practices. The consent agreement with Snapchat will require it to operate under the supervision of an independent privacy monitor for 20 years.14 Although the FTC has stepped into a lead role in cybersecurity enforcement, it is not the only federal regulator that has taken up the issue. The SEC, for example, has promulgated rules advising public companies to make disclosures regarding their data security efforts and has indicated that it is contemplating further cybersecurity rulemaking.15

The Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Act protect the privacy of individuals' personal health information and require patient notification in case of data breach. These rules can be enforced not just against healthcare providers, but in many cases against their vendors, consultants, accountants and contractors—many of whom may not realize the legal risks they face for noncompliance. Civil penalties for willful neglect under the statute can be as high as $1.5 million per violation in cases of repeated or uncorrected violations.16 Even unknowing, good faith violations can result in fines from $100 to $50,000 per occurrence. In one recent settlement, a health plan paid more than $1.2 million in penalties after it returned several photocopiers to a leasing agent without erasing data contained on the copier hard drives.17 And in May 2014, two New York hospitals that operated a shared data network jointly agreed to pay a record-setting $4.8 million fine after private health information was accidentally made accessible to Internet search engines.18

Potential Tort Liability for Regulatory Non-Compliance

Although the federal healthcare statutes don't directly provide for a private right of action, some states have determined that failure to adhere to HIPAA and HITECH constitutes the common law tort of negligence.19 These potential tort claims pose a real risk of economic loss. For instance, in February 2014, a federal court in Florida gave final approval to a settlement in a first-of-its-kind class action that will compensate class members whose personal information was compromised, but who did not experience any fraud losses or identity theft, as ''reimbursements for data security that they paid for but allegedly did not receive.''20 The settlement required the defendant, AvMed, to pay $3 million into a fund to be used to compensate the class members. Significantly, AvMed initially won a dismissal of the case that the U.S. Court of Appeals for the Eleventh Circuit overturned, finding that the insurance premiums paid by class members included payment for data security that was not received.21 The inability to prove specific damages has often been an obstacle in claims by individuals whose personal information was compromised, but who suffered no fraud loss. These types of claims may enjoy a renewed vitality as plaintiffs' lawyers take note of the AvMed decision.

Shareholder Litigation Risk

As SEC Commissioner Luis Aguilar recently warned, ''boards that choose to ignore, or minimize, the importance of cybersecurity oversight responsibility, do so at their own peril.''22 Derivative lawsuits against directors are increasingly common after data breaches. In the wake of a large data theft of more than 130 million credit card records, Heartland Payment Systems's directors and officers faced a derivative complaint that alleged the directors misled shareholders about the breach in SEC filings and on investor calls.23 Similarly, derivative lawsuits have been filed against the directors and officers of Target, alleging that they breached their fiduciary duties in failing to take reasonable steps to maintain customers' personal and financial information. In light of U.S. Senate and media reports claiming that Target had warning signs that its systems had been infiltrated, yet failed to heed them, the defendants in these derivative lawsuits may be facing protracted and expensive litigation.24

The trend of shareholder litigation relating to cybersecurity is likely to continue, as the SEC has demonstrated that it views cybersecurity as a material corporate governance concern. In 2011, the agency issued staff guidance encouraging companies to make fuller disclosures of cybersecurity risks,25 and at a roundtable in March, commissioners made clear that they were contemplating further rulemaking.26 Commissioner Aguilar has expressed the view that there is a gap between ''the magnitude of the exposure presented by cyber-risks and the steps, or lack thereof, that many corporate boards have taken to address these risks.''27

Insurance Risk

Companies' exposure to legal costs related to data security can be compounded by unforeseen indemnity and insurance complications if corporate leaders are not proactive. Many businesses have been denied insurance coverage for damages and legal defense costs after a data breach, as most general commercial liability policies only cover losses to tangible property. For example, after Sony sustained a massive data theft from its PlayStation network, Sony's insurer filed for—and won—a declaratory judgment holding that it had no duty to defend against the more than 50 related lawsuits, nor any duty to indemnify Sony for its losses, which Sony estimated at more than $171 million before defense costs. The court found that Sony's loss did not involve tangible property and therefore was not covered under the policy's property loss provision, and that Sony had not itself published the information and therefore was not entitled to coverage under its advertising injury policy.28 The threat of cybersecurity risks and the uncertainty of coverage from traditional insurance policies has created a growing market for new cybersecurity insurance policies for businesses.

Business Partner and Vendor Risk

Companies also need to meticulously examine their relationships with both customers and vendors for ways in which those relationships may be creating cybersecurity exposure. In recent speeches, U.S. Comptroller of the Currency Thomas J. Curry has expressed concerns about vendor and contractor risks in the financial sector, noting that banks increasingly rely on third-party vendors who have access to large amounts of sensitive data and that even well-established banks have encountered problems resulting from underestimating the risk in third-party relationships.29 As another example, Stanford Hospital agreed to pay roughly $750,000 toward a $4.1 million settlement in a class action brought after patient information ended up on a public website after passing through a series of interconnected vendors and affiliates.30 The information was provided to a marketing consultant that was engaged by a billing contractor that in turn provided services to Stanford.

Proactive Management Required

Data breaches have become so frequent that only the largest incidents draw much media attention. However, no business with a digital presence is immune to cybersecurity risks. Companies, large and small, need to be proactive and aggressive in confronting these threats. Companies need to take appropriate measures to minimize the risks that their data is compromised. This should include not only physical and cryptographic security measures, but also an accurate and complete assessment of data systems to identify and correct potential security weaknesses.

Companies also must consider what information they collect, how it is used, and whether they are creating unnecessary risk by over-collecting data or storing stale data beyond its useful life. Companies also need to have a considered and practiced action plan to handle the aftermath of a data breach.

After a data breach, litigation risks, regulatory mandates and reputational concerns may all pull in different directions, with internal stakeholders competing for control. A well-orchestrated response plan that accounts for these competing concerns, as well as the early involvement of technical experts and legal counsel, may provide the best opportunity to minimize the legal and business costs of a data breach.

Originally published in Corporate Accountability Report, 12 CARE 30, 07/25/2014 by The Bureau of National Affairs, Inc.

Footnotes

1. Verizon, 2014 Data Breach Investigations Report, http://www.verizonenterprise.com/DBIR.

2. PONEMON INST., 2013 COST OF DATA BREACH STUDY: GLOBAL ANALYSIS (May 2013), available at https://www4.symantec.com/mktginfo/whitepaper/053013_GL_NA_WP_Ponemon-2013-Cost-of-a-Data-Breach-Report_daiNA_cta72382.pdf.

3. Elizabeth A. Harris and Nicole Perlroth, For Target, the Breach Numbers Grow, N.Y. TIMES B1, Jan. 11 2014.

4. See Target Securities and Exchange Commission Form 10-K dated Mar. 14, 2014 and Form 8-K dated May 21, 2014.

5. U.S. Sec. & Exch. Comm'n, Cybersecurity Roundtable Transcript (Mar. 26, 2014), available at http://www.sec.gov/spotlight/cybersecurity-roundtable/cybersecurity-roundtable-transcript.txt.

6. E.g., In re Sony Gaming Networks & Customer Data Sec. Breach Litig., 903 F. Supp. 2d 942 (S.D. Cal. 2012).

7. Trustmark Nat'l Bank v. Target Corp., No. 1:14-cv-02069 (N.D. Ill, filed Mar. 24 2014).

8. E.g., Mancias v. Target Corp., No. 3:14-cv-00212 (N.D. Cal., filed Jan. 14, 2014).

9. Complaint, People v. Kaiser Found. Health Plan, No. RG14711370 (Super. Ct. Alameda Co., filed Jan. 24, 2014).

10. Id.

11. 16 C.F.R. 681.

12. Prepared Statement of The Federal Trade Commission on Protecting Personal Consumer Information from Cyber Attacks and Data Breaches, testimony before Senate Committee on Commerce, Science, and Transportation (Mar. 26, 2014), available at http://www.ftc.gov/system/files/documents/public_statements/293861/140326datasecurity.pdf

13. The FTC's authority to regulate data security was upheld by the U.S. District Court for the District of New Jersey, after hotel franchiser Wyndham Worldwide challenged its authority to do so in an action related to a string of three data losses Wyndam sustained inside of two years, which resulted in more than $10 million in fraudulent credit card losses. FTC v. Wyndham Worldwide Corp., No. 2:13-cv-01887 (D.N.J, unpublished opinion 6/23/14).

14. The consent order remains subject to final approval by the Commission as of May 12, 2014. See Fed. Trade Comm'n, Snapchat Settles FTC Charges That Promises of Disappearing Messages Were False, available at http://www.ftc.gov/news-events/press-releases/2014/05/snapchat-settles-ftc-charges-promises-disappearing-messages-were.

15. U.S. Sec. & Exch. Comm'n, CF Disclosure Guidance, Topic No. 2: Cybersecurity (Oct. 13, 2011), available at http:// www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm; U.S. Sec. & Exch. Comm'n, Cybersecurity Roundtable Transcript, supra note 5.

16. 42 U.S.C. § 1320d-5.

17. U.S. Dep't of Health & Human Svcs., HHS settles with health plan in photocopier breach case (Aug. 14, 2013), available at http://www.hhs.gov/news/press/2013pres/08/20130814a.html.

18. U.S. Dep't of Health & Human Svcs., Data breach results in $4.8 million HIPAA settlements (May 7, 2014), available at http://www.hhs.gov/news/press/2014pres/05/20140507b.html.

19. E.g., R.K. v. St. Mary's Med. Ctr., Inc., No 11-0924 (W. Va. Nov. 15, 2012).

20. Curry v. Avmed Inc., No. 10-cv-24513-JLK (S.D. Fla. Feb. 28, 2014).

21. Resnick v. AvMed, Inc., 693 F.3d 1317 (11th Cir. 2012).

22. Speech, Luis A. Aguilar, Commissioner, U.S. Sec. & Exch. Comm'n, Boards of Directors, Corporate Governance and Cyber-Risks: Sharpening the Focus (June 10, 2014), available at http://www.sec.gov/News/Speech/Detail/Speech/1370542057946#.U8VmTnPD-Uk.

23. In re Heartland Payment Sys., Inc. Sec. Litig., No. CIV- 09-1043, (D.N.J., Dec. 7, 2009).

24. Elizabeth A. Harris, Target Had Chance to Stop Breach, Senators Say, N.Y. TIMES, Mar. 27, 2014, at B10; Michael Riley et al., Missed Alarms and 40 million Stolen Credit Card Numbers: How Target Blew It, BLOOMBERG BUSINESSWEEK, available at www.businessweek.com/articles/2014-03-13/target-missed-alarms-in-epic-hack-of-credit-card-data.

25. U.S. Sec. & Exch. Comm'n, CF Disclosure Guidance, Topic No. 2: Cybersecurity (Oct. 13, 2011), available at http:// www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm.

26. U.S. Sec. & Exch. Comm'n, Cybersecurity Roundtable Transcript (Mar. 26, 2014), http://www.sec.gov/spotlight/cybersecurity-roundtable/cybersecurity-roundtable-transcript.txt.

27. Speech, Luis A. Aguilar, Commissioner, U.S. Sec. & Exch. Comm'n, Boards of Directors, Corporate Governance and Cyber-Risks: Sharpening the Focus (June 10, 2014), available at http://www.sec.gov/News/Speech/Detail/Speech/1370542057946#.U8VmTnPD-Uk.

28. Zurich Am. Ins. Co. v. Sony Corp of Am., No. 651982/ 2011 (Sup. Ct. N.Y. Cnty). On Apr. 9, 2014, Sony appealed the ruling; the appeal remains pending.

29. Thomas J. Curry, U.S. Comptroller of the Currency, Remarks before the CES Government (Apr. 16, 2014), available at http://www.occ.gov/news-issuances/speeches/2014/pub-speech-2014-59.pdf; Remarks before the New England Council (May 16, 2014), available at http://www.occ.gov/news-issuances/speeches/2014/pub-speech-2014-73.pdf.

30. Kevin Sack, How Did Data About Patients Land on Web? Don't Even Ask, N.Y. TIMES, Oct. 6, 2011, at A20; Marianne Kolbasuk McGee, DATA BREACH TODAY, Stanford Breach Lawsuit Settled (Mar. 24, 2014), http://www.databreachtoday.com/stanford-breach-lawsuit-settled-a-6670.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Authors
Similar Articles
Relevancy Powered by MondaqAI
Skadden, Arps, Slate, Meagher & Flom (UK) LLP
 
In association with
Related Topics
 
Similar Articles
Relevancy Powered by MondaqAI
Skadden, Arps, Slate, Meagher & Flom (UK) LLP
Related Articles
 
Related Video
Up-coming Events Search
Tools
Print
Font Size:
Translation
Channels
Mondaq on Twitter
 
Mondaq Free Registration
Gain access to Mondaq global archive of over 375,000 articles covering 200 countries with a personalised News Alert and automatic login on this device.
Mondaq News Alert (some suggested topics and region)
Select Topics
Registration (please scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions

Mondaq.com (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of www.mondaq.com

To Use Mondaq.com you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.

Disclaimer

The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.

General

Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions