Yahoo Inc. has had a tough run in the wake of the 2016 public disclosure of two massive data breaches that took years to disclose—one in 2014 that impacted at least 500 million customer email accounts and another in 2013 that affected more than one billion user accounts.

As a result, the company took a $350 million price cut in its planned acquisition by Verizon Communications Inc. and has paid $16 million in publicly reported expenses related to the incidents, including $11 million in nonrecurring legal costs.

On Wednesday the breaches hit home for the legal department in a major way, when the company announced in a filing with the U.S. Securities and Exchange Commission that Yahoo general counsel Ron Bell is leaving the company, after the release of the results of an independent investigation into the breaches.

Bell's resignation in connection with the data breaches should be a signal to in-house counsel that jobs may be on the line as a result of cybersecurity issues, said Edward McAndrew, a partner at Ballard Spahr and co-leader of the firm's privacy and data security group. "In-house counsel are often best positioned to play leading roles in cyber-incident response, but they are often on the sidelines," he said. "And that's not a viable model anymore for anyone who wants to keep their job."

But there are steps in-house counsel can take to avoid being targeted when there's a breach, said McAndrew. "The in-house lawyer who is trying to protect himself or herself needs to be able to clearly communicate and have channels available to them to escalate these issues within the legal department and within the organization," he said. "You need to be able to communicate risk through a chain of command to be sure decision makers have all the information."

Read the full article here. Subscription may be required.