The reality of today’s digital world is that, at some point, every company experiences a data breach. Whether it is an inadvertent e-mail sent to the wrong person, a successful phishing scam, or the act of an insider, companies need to be prepared to rapidly identify and respond to a data incident at any level. However, preparing for a data incident is often easier said than done, as companies in the United States face ever-shortening periods of time within which to remediate and provide notification of data breaches.
Common pitfalls in incident response can include (i) not knowing who is quarterbacking the response; (ii) when and which outside resources to bring to bear; (iii) power plays amongst internal groups; (iv) lack of communication leading to lost time and resources; and (v) not controlling the public narrative because there is no one source of information. Nearly all of these common pitfalls can be addressed by developing a plan and complying with it when faced with an incident. Written incident response plans, training exercises, and identifying trusted partners are critical components for effective incident response.
This course, presented by David Saunders of Jenner & Block LLP and Heidi Wachs of Aon’s Cyber Solutions, will examine how companies can prepare for a data incident, discuss some of the common pitfalls that companies experience during incident response, and provide outside counsel as well as in-house attorneys with strategies for working together to create strong incident response policies.
Heidi L. Wachs, Vice President at Aon’s Cyber Solutions (formerly Stroz Friedberg), helps clients prepare for and respond to data breach and cybersecurity incidents and develop and implement data privacy and information security programs. Ms. Wachs, whose experience includes serving as a technical analyst and Chief Privacy Officer for a major research university, frequently speaks and writes on data privacy, information security, information governance, and best practices for data privacy and breach response. Ms. Wachs earned her B.A. in Journalism from Lehigh University and her J.D. from the Benjamin N. Cardozo School of Law and is a certified information privacy professional, CIPP/US.
David Saunders (CIPP/US) is a partner and member of the firm’s Data Privacy and Cybersecurity Practice and its Complex Commercial Litigation Practice. Through the lens of a litigator, Mr. Saunders helps clients navigate their risks in the data privacy and cybersecurity arenas. Clients who are developing privacy programs, handling a data incident or facing regulatory investigations turn to Mr. Saunders for his experience as both a privacy professional and a litigator. Whether they need proactive or reactive privacy and cybersecurity counseling, he collaborates to help them achieve their goals.
From Fortune 100 companies to small businesses, Mr. Saunders works as a trusted advisor to businesses, understanding and advising on their data practices so as to provide them with guidance on the myriad issues that may arise in today’s digital world. He has experience conducting risk assessments, developing privacy programs, drafting privacy policies, performing due diligence for corporate transactions, negotiating vendor agreements and working with clients through data incident response. Mr. Saunders regularly counsels on HIPAA, HITECH, GLBA, CCPA, and state law privacy obligations. He has litigated and helped resolve matters related to data privacy and cybersecurity issues including navigating potential and actual regulatory investigations.
Mr. Saunders maintains an active pro bono practice, having represented inmates in various actions in state and federal courts.
He is active in a number of community and professional associations including the Sargent Shriver National Center on Poverty Law Professionals’ Council, the Seventh Circuit Bar Association’s Board of Governors and serves as the chair of the Illinois State Bar Association’s Privacy and Information Security Law Committee. Mr. Saunders was a fellow in the Leadership Greater Chicago class of 2018.