Security Breach Notifications

By Jennifer Archie, Gail Crawford, Andrew Moyle, Serrin Turner, and Brian Meenagh

Hacking of organizations’ systems is becoming increasingly commonplace, even with advancements in security practices. To mitigate risk, a company must have an enterprise-level, cross-functional incident response plan that is rehearsed and practiced. In the event of an incident a company with a rehearsed plan can avoid delays and mistakes, minimize conflicts between functions, and ensure regulatory, legal and contractual reporting requirements are met.

Take Preventative Action

No one can predict when or how a cybersecurity breach will occur, but organizations should take active steps to prepare. The following five actions can help ensure an organization’s cyber-readiness.

1. Adopt and continuously optimize a formal cybersecurity program:

While any program should be tailored to industry and regulatory schemes, generally the program must have the following core components.

Speakers: Jennifer Archie, Kevin Boyle, Gail Crawford & David Schindler

The legal and business consequences of recent high-profile data breaches are varied and severe. Today, lawyers and executives for large enterprises must assess and advise on complex multi-jurisdictional notification, investigation, litigation and remedial issues that arise following a major data breach incident. How are general counsel and executives to respond to the broad spectrum of cyber intrusions that threaten a company’s most sensitive information, particularly where data sets

By Jennifer Archie and Rebekah Lewis

WH Report2.JPGThe Obama Administration has unveiled a 50-page blueprint for consumer data privacy, including a recommendation for a federally legislated and FTC-enforced Consumer Privacy Bill of Rights. While it would not alter existing laws, the legislation would extend privacy protections to unregulated sectors and preempt conflicting state law. The Administration’s framework also recommends a national standard for security breach notifications.

The report proposes an immediate “multistakeholder process” to develop enforceable codes of conduct, and embraces