Law.com Subscribers SAVE 30%
Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
Tips for Quickly and Effectively Responding to and Handling a Data Breach
Data breaches have become a common occurrence, and any organization, regardless of location, size and industry, can be attacked. In the wake of a public announcement of any data breach, litigation is sure to follow. Many organizations may also face scrutiny from government regulators, which creates additional burdens. Data breaches are typically a double whammy for companies: first, they are a victim of the breach; then, they must defend themselves against litigation and government investigation. This article summarizes key steps and recommendations for responding to and handling a data breach quickly and effectively.
Involving Counsel Early and Often
When a data breach is first discovered, there will be a great deal of urgency and uncertainty. The first priority is to contain the breach and attempt to understand the scope, including the data system(s) affected and the harm caused. Most federal and state governments require organizations to self-report a breach as soon as possible, so it is important that organizations have well-thought-out strategies in place to enable quick assessment of the breach, execute internal response efforts, and make immediate key decisions and disclosures. As such, many organizations establish data breach plans and conduct tabletop exercises at regular intervals. This planning should, and typically does, involve experienced discovery counsel to assist with establishing a strategic plan to identify, preserve, and collect, as needed, relevant information that will be implicated after a data breach, including discovery required for resulting data breach–related lawsuits. When a breach occurs, the discovery counsel will be able to assist immediately as they are already aware of the company's data landscape and content, security practices, and personnel.
Legal Holds: Don't Wait for the Lawsuit
Since litigation is likely to follow a reported data breach, companies should consider issuing a legal hold as early as possible. Although issuing a legal hold may not seem to be a top priority, doing so will emphasize to company employees the importance of preserving critical data. For example, system logs provide key information about a data breach but often have short retention periods, so disabling and preserving the implicated system logs is essential immediately after a breach. These logs contain information that is not only critical to diagnosing and responding to the breach but may also be valuable in future litigation or government investigations related to a breach.
This premium content is locked for Entertainment Law & Finance subscribers only
ENJOY UNLIMITED ACCESS TO THE SINGLE SOURCE OF OBJECTIVE LEGAL ANALYSIS, PRACTICAL INSIGHTS, AND NEWS IN ENTERTAINMENT LAW.
- Stay current on the latest information, rulings, regulations, and trends
- Includes practical, must-have information on copyrights, royalties, AI, and more
- Tap into expert guidance from top entertainment lawyers and experts
Already a have an account? Sign In Now Log In Now
For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473
Strategy vs. Tactics: Two Sides of a Difficult Coin
With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.
'Huguenot LLC v. Megalith Capital Group Fund I, L.P.': A Tutorial On Contract Liability for Real Estate Purchasers
In June 2024, the First Department decided Huguenot LLC v. Megalith Capital Group Fund I, L.P., which resolved a question of liability for a group of condominium apartment buyers and in so doing, touched on a wide range of issues about how contracts can obligate purchasers of real property.
The Article 8 Opt In
The Article 8 opt-in election adds an additional layer of complexity to the already labyrinthine rules governing perfection of security interests under the UCC. A lender that is unaware of the nuances created by the opt in (may find its security interest vulnerable to being primed by another party that has taken steps to perfect in a superior manner under the circumstances.
CoStar Wins Injunction for Breach-of-Contract Damages In CRE Database Access Lawsuit
Latham & Watkins helped the largest U.S. commercial real estate research company prevail in a breach-of-contract dispute in District of Columbia federal court.