Stages of a Breach
The legal stakes are high for organizations that suffer a data breach.
After a security incident becomes public, investigations and enforcement actions by regulators around the world are increasing in size and scope. Regulators such as the SEC, the FTC and US state Attorneys General are increasing their scrutiny on company’s data security practices that allowed the security incident to occur and also focus on whether statements made prior to the breach were misleading. Data Protection Authorities, likewise are increasing the number of companies that they investigate (and fine) after receiving a notice of a security incident.
With both investigations by government agencies and the filing of private lawsuits looming just over the horizon as soon as a data breach occurs, organizations must respond in a way that positions them to resolve breach-related investigations and litigation as favorably as possible.
To meet these challenges, members of our global Privacy + Data Security and our Crisis Management Groups have written articles that tackle the legal concepts and concerns that organizations and their teams must keep in mind as they deal with the fallout from a data breach and the possibility—or perhaps likelihood—of government investigations and private litigation. Read these articles to gain deeper insight into:
- The role that the board of directors should play in preparing for and responding to a data breach;
- Strategies for preserving attorney-client privilege when hiring a third-party forensics firm to investigate a breach;
- The pros and cons of making voluntary disclosures to law enforcement after suffering a breach, as well as the appropriate law enforcement agencies to contact;
- The types of claims that plaintiffs’ attorneys often bring in data breach litigation and possible defenses to those claims;
- Multidistrict Litigation (MDL)—the consolidation of multiple suits stemming from the same breach—and its potential impact on both the course and the outcome of the litigation;
- And more.
Before the Breach
During the Breach
Beyond the Breach
It is our hope that the “Beyond the Breach: Through the Lens of a Litigator” articles will provide you with helpful insights into what you can do after a data breach to support your organization for the inevitable legal battles ahead.
- Client Alert
Litigation Readiness: Seven Things to Keep in Mind
Data breach class actions continue to rise, following almost inevitably from nearly every major security incident. Here are seven things in-house counsel can do to prepare for that anticipated litigation.
- Client Alert
Six Considerations to Preserve Privilege
This article in the Beyond the Breach series explores how organizations and their in-house counsel can structure their breach investigations from the get-go to bolster privilege.
- Article
What Should Boards Think About After a Breach?
Thanks in no small part to a breach’s potential impact on organizations’ bottom lines, cybersecurity has become a top-of-mind concern for boards of directors.
- Client Alert
The Benefits and Risks of Notifying Law Enforcement
In the wake of a data breach, one of the key questions an organization will face is whether to inform law enforcement of the incident.
- Client Alert
Communicating with the SEC When Your Organization Suffers a Cybersecurity Incident
If there was ever doubt before, the Securities and Exchange Commission (SEC) has made clear that it expects public companies and registered entities to promptly assess the materiality of cybersecurity incidents and make swift disclosures of material incidents.
