It's Not If But When: What You Need to Know to Prepare For & Respond To a Data Breach

This course, provided by Privacy & Data Security attorney James Mariani, provides an overview of data breach from a general, risk-based, and legal compliance perspective through the lens of both preparing for and responding to any data incident. The program will begin by discussing the consequences and costs of a data breach after one occurs (including after the California Consumer Privacy Act's private right of action goes into effect) as well as common sources of vulnerability including through email inbox phishing, Internet of Things (IoT) devices, and zero day vulnerabilities. This will involve a systematic discussion of what to do when any data incident occurs as well as the old and new regulatory mechanisms aimed at both prevention and response to a data breach. Finally, the course will discuss the concept of the information security program as both a means of compliance with regulatory mechanisms (and to ease regulatory ire in the event of an incident) and as a necessary measure towards the effort of preventing data incidents (to the extent possible).

Topics to be covered include data breach notification statutes, the California Consumer Privacy Act, the General Data Protection Regulation, regulatory enforcement, data security vulnerabilities, and the Information security program, including data governance as a whole, regulatory impact and risks, and tackling an information security policy's implementation and integration.

Learning Objectives:

1. Examine the causes, risks, and repercussions of a data incident
2. Analyze the costs of a data breach including recent examples
3. Identify the regulatory requirements both before and after a data incident occurs
4. Explore the information security program, its implementation, and its role regarding both prevention and response to a data incident