Data Breach and Incident Response – Part III

Our law firm’s attorneys have been able to manage unexpected data breaches since they take place on a regular basis. Our legal team and group of technology experts have implemented specific protocols to mitigate the damages. One of the most important factors is assessing your company’s security weaknesses which may include proper training of all personnel including full/part-time employees and independent contractors. Training is a key factor and should be conducted in a methodical manner. The information technology department should implement the procedures for setting up personnel training sessions.

The first step is to setup a framework for proper incident responses. Then, incident notification procedures should be published for all personnel and should be part of the hiring process. The company should be able to validate the data breach by examining the information. All sensitive and confidential documents (e.g., trade secrets) should be protected and preserved on a regular basis. The incident response team should immediately investigate and monitor the breach. The company should mitigate the damages by securing electronic devices and the stored information. Also, the company should ensure the existing encryption software is functional, and if not, it should be replaced with another type of encryption software. The data owners should be formally notified since their information has been affected by the data breach. In most cases, law enforcement officials should be notified about the data breach. Finally, the company should assess and improve its data breach and incident response plans to avoid similar problems in the future.

Any organization that collects, stores, or manages sensitive or confidential information is susceptible to cyberattacks. Therefore, it must setup and manage a proper incident response plan. It must be able to engage in preventive and reactive measures such as proper data retention policies. The chain of custody in preserving information is a key factor. So, the data must be located, identified, and protected to avoid unnecessary complications. Data protection and preservation are key components from a legal perspective. The organization should have access to legal counsel to prepare for potential legal actions. The legal team should work closely with the Incident Response Team (“IRT”) to protect confidential client information such as medical or financial records. This way, the attorney-client privilege can be properly established by them.

The SANS Incident Handler’s Handbook outlines the following steps: (1) preparation which involves having the IRT on standby; (2) identification which involves the determination of whether a data breach has occurred, and if so, the IRT must execute the incident response plan; (3) containment which involves limiting the data breach’s impact by isolating the affected computers and network servers; (4) eradication involves the removal and restoration of the affected systems; (5) recovery involves the relocation of the affected computers into the network infrastructure after testing, monitoring, and validating them; and (6) learned lessons involves a full assessment of the incident and summarizing the learned lessons.

Finally, California law requires a business or state agency to notify residents whose unencrypted personal information was acquired, or reasonably believed to have been acquired, by an unauthorized person. Please refer to California Civil Code Sections 1798.29 and 1798.82 for more information. Also, visit Federal Trade Commission’s website for additional information.

Our internet and technology lawyers have been prosecuting and defending legal actions in state and federal courts and are available to speak with their clients. Our law firm assists clients in matters related to privacy and cybersecurity and the applicable state, federal, and international laws. Please contact our law firm to speak with an internet attorney at your earliest convenience.