Working With Companies to Plan For Data Breach Incident Responses

The reality of today's digital world is that, at some point, every company experiences a data breach. Whether it is an inadvertent e-mail sent to the wrong person, a successful phishing scam, or the act of an insider, companies need to be prepared to rapidly identify and respond to a data incident at any level. However, preparing for a data incident is often easier said than done, as companies in the United States face ever-shortening periods of time within which to remediate and provide notification of data breaches. 

Common pitfalls in incident response can include (i) not knowing who is quarterbacking the response; (ii) when and which outside resources to bring to bear; (iii) power plays amongst internal groups; (iv) lack of communication leading to lost time and resources; and (v) not controlling the public narrative because there is no one source of information. Nearly all of these common pitfalls can be addressed by developing a plan and complying with it when faced with an incident. Written incident response plans, training exercises, and identifying trusted partners are critical components for effective incident response. 

This course, presented by David Saunders of Jenner & Block LLP and Heidi Wachs of Stroz Friedberg, will examine how companies can prepare for a data incident, discuss some of the common pitfalls that companies experience during incident response, and provide outside counsel as well as in-house attorneys with strategies for working together to create strong incident response policies.

Learning Objectives:

1. Review the state of U.S. laws related to data breach notification
2. Guide clients in developing an effective written incident response plan 
3. Discuss the most common issues that companies face during an incident
4. Identify the roles and responsibilities of key internal and external stakeholders in responding to data breaches