Beyond the Breach

The legal stakes are high for organizations that suffer a data breach.

Government investigations of data breaches are becoming more sweeping and are leading to ever-increasing settlement amounts. For example, in July 2019, Equifax agreed to a global settlement with the Federal Trade Commission, the Consumer Financial Protection Bureau, and 50 U.S. states and territories for the company’s 2017 data breach. The settlement calls for Equifax to pay between $575 million and $700 million to consumers, the U.S. government, and those states and territories.

Not to be outdone, plaintiffs’ attorneys are now filing data breach lawsuits on the day a particular breach is publicly announced.

With both investigations by government agencies and the filing of private lawsuits looming just over the horizon as soon as a data breach occurs, organizations must respond in a way that positions them to resolve breach-related investigations and litigation as favorably as possible.

To meet these challenges, we have developed our new series, “Beyond the Breach: Through the Lens of a Litigator.”

In “Beyond the Breach,” members of our Global Privacy + Data Security and our Global Risk + Crisis Management Groups will tackle the legal concepts and concerns that organizations and their legal teams must keep in mind as they deal with the fallout from a data breach and the possibility—or perhaps likelihood—of government investigations and private litigation. Read our series to gain deeper insight into:

  • The role that the board of directors should play in preparing for and responding to a data breach;
  • Strategies for preserving attorney-client privilege when hiring a third-party forensics firm to investigate a breach;
  • The pros and cons of making voluntary disclosures to law enforcement after suffering a breach, as well as the appropriate law enforcement agencies to contact;
  • The SEC’s current approach to data breach enforcement, and strategies to consider when the SEC comes calling;
  • The types of claims that plaintiffs’ attorneys often bring in data breach litigation and possible defenses to those claims; and
  • Multi-District Litigation (MDL)—the consolidation of multiple suits stemming from the same breach—and its potential impact on both the course and the outcome of the litigation.

It is our hope that “Beyond the Breach: Through the Lens of a Litigator” will provide you with helpful insights into what you can do after a data breach to support your organization for the inevitable legal battles ahead.



Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.