Data Protection Masterclass: Managing Data Breach Incident Response

22 Jul 2015 04:30 p.m. - 06:00 p.m. BST

Jason Rosenthal

Listen to Presentation

A record high 783 data breaches in the U.S. alone occurred in 2014, according to a recent survey, and 2015 has brought more bad news, including significant breaches affecting the U.S. federal government. Besides embarrassment and loss of customer confidence, these incidents can be costly and may result in significant legal exposure and financial penalties. However, although a security breach is always an unfortunate event, it does not need to be a crisis if a company has a workable incident response plan in place. Companies that have an effective and realistic plan are able to respond to a material breach in an efficient and responsible manner and, as a result, fare much better with regulators and in dealing with PR and brand issues. 

Creating an incident response plan is crucial because without a plan, your response to a crisis will be, at best, disjointed and inefficient. At worst, it will be ineffective and create additional risks. Among the first requests from every regulator is a copy of the incident response plan, and the failure to have one will be deemed evidence of unreasonable security practices. Once the plan is implemented, how a company manages the incident is key to limit damages and reduce recovery time and costs.

During this program, you will receive practical guidance on developing and implementing an incident response plan, trends in incident response from recent security breaches, and also hear from corporate counsel on best practices. Topics to be addressed will include:

  • Development of an incident response team involving multiple stakeholders (privacy team, legal, HR, IT, PR, senior management, etc.)
  • Worldwide data breach notification and obligations to government, regulatory and law enforcement authorities, and credit reporting agencies
  • Action items within the first 72 hours of a breach


  • Andrew Serwin, Partner, Morrison & Foerster, San Diego
  • Korin Neff, Senior Vice President & Corporate
    Compliance Officer, Wyndham Worldwide Corporation
  • Ron Plesco, Managing Director, KPMG LLP



Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.