- Time Warner CEO Calls DOJ’s Antitrust Claim “Ridiculous”Posted 6 hours ago
- #TimesUpPosted 6 hours ago
- Superstar Lawyers Eroding Partner Compensation SystemPosted 3 days ago
- Resource Alignment Is A Big Law Department ChallengePosted 4 days ago
- Hold Software Developers Liable For Security Flaws, Says SenatorPosted 4 days ago
- Does The Conflict-Minerals Law Hurt African Miners?Posted 4 days ago
The Life Cycle of a Data Breach
Martha Coakley, Christopher Hart and Emily Nash, Foley Hoag
A data breach can be an existential crisis for an unprepared business, and in the best case it’s likely to be expensive and disruptive. Treat data security as an integral part of the company risk profile, and to account for that risk build governance and management structures, including a data breach team. It should include a compliance and legal expert, a forensic investigator and a PR professional.
When a breach occurs, first calls should be to outside counsel and a forensic investigator. Counsel can provide expertise in managing compliance questions and navigating issues that might arise with third parties. Forensic investigators provide crucial assistance in identifying the source and scope of a breach.
In some cases, notification must also be sent to a state agency (usually the attorney general). But there are significant differences among states regarding such things as what information is protected, whether notification is necessary regardless of harm, and timing.
Many states are updating their data breach statutes and considering new regulations. Meanwhile, much remains uncertain regarding the scope of federal regulation, given questions about the new administration and its deregulation agenda. In private litigation, we can expect federal and state courts to work out questions of standing and injury, with plaintiffs continuing to use novel theories to advance their claims. Whatever the future brings, it will be critically important to be prepared in advance for a data breach, to manage compliance carefully, and to be ready for litigation.Read the full article at:
Today's General Counsel