Data Breach and Incident Response – Part II

Data breach incidents require a quick response from the information technology team and their experts. They are responsible for investigating the incident, notifying the affected parties, and contacting law enforcement agencies. The business operations should not be interrupted by these data breach incidents which is a difficult task. In other words, business continuity is one of the main complications that the targets face in these situations.

The hackers use various methods to infiltrate and extract valuable information such as trade secrets and private or confidential information. This information should be protected by using suitable methods. The private and confidential information should be stored on internal and external storage devices. They should be backed up on a regular basis and protected by using encryption technologies. We recommend using strong encryption algorithms which meet the minimal technical requirements that can be implemented by a qualified technology expert. This is important since the confidential information that can be stolen may include sensitive corporate, medical, and financial records. So, obviously, there are mandatory notification protocols in every jurisdiction.

California Civil Code Sections 1798.29(a) and 1798.82(a) require a business or state agency to notify any California resident whose unencrypted personal information was acquired or reasonably believed to have been acquired by an unauthorized person.

California Civil Code Sections 1798.29(e) and 1798.82(f) require any person or business that is required to issue a security breach notification to more than 500 California residents as a result of a single breach of the security system shall electronically submit a single sample copy of that security breach notification, excluding any personally identifiable information, to the Attorney General.

Our law firm advises clients on data security and breach incidents on a regular basis. We have handled cases where the client’s electronic devices (e.g., network servers, computers, smartphones) were infiltrated by hackers. We have managed to identify, locate and prosecute the hackers in various jurisdictions. It is important to note these issues are complex and require working with information technology and computer experts and consultants. Our law firm works with various local and international experts and consultants who can help the investigation. The experts and consultants we work with are knowledgeable and qualified in their field and have a significant amount of experience. Our data breach and incident response attorneys have cooperated and worked with local, state, and federal law enforcement agencies in various investigations. We keep our staff updated on recent data breach incidents to properly inform and educate our team. Our law firm’s principal, Salar Atrizadeh, Esq., regularly conducts seminars and educates legal and non-legal practitioners on this topic.

A significant amount of data breach incidents take place every month. In fact, you may find the most recent data security breaches by visiting the Attorney General’s website which includes more information on the list of targets. Therefore, it’s crucial to design and implement a proper security breach notification protocol. First, internal and external notifications are important. Second, security incident investigations must be conducted to determine if there was a security breach. This step requires documenting the work and creating a so-called “confidential information security report” by a qualified information security officer.

Our internet and technology lawyers have been prosecuting and defending legal actions in state and federal courts and are available to speak with their clients. Our law firm assists clients in matters related to privacy and cybersecurity and the applicable state, federal, and international laws. Please contact our law firm to speak with an internet attorney at your earliest convenience.