Responding to a Breach Incident
By: Brian McCormac
Article written by BrownWinick 2019 Summer Law Clerk, Casey Sievert, and BrownWinick attorney, Brian McCormac
With the growing number of data security incidents and the potential for bet-the-company sized risks, it is crucial to know how to navigate such an event. BrownWinick’s data security and privacy team specializes in helping businesses understand the next steps after they discover a security incident and guiding them through the investigation and response process. We counsel and guide company leaders through every step of the breach incident and help them navigate the myriad state, federal, and international privacy laws that may impose response and notification obligations.
Companies should consult an attorney specializing in data breach management anytime they experience a cyber security incident. It is essential to contact an attorney immediately following any suspected breach because there may be a short deadline to comply with notification requirements. The attorney will gather information about the breach incident and quickly develop a plan to direct those in the company moving forward. An additional benefit to engaging counsel immediately is to establish the attorney-client privilege for the communications needed to investigate and respond to an incident.
BrownWinick’s specialized attorneys have established relationships with vendors that provide essential services (e.g., forensic investigation) into the source and extent of the breach. A forensic investigation provides essential information needed to determine the scope of the breach and the notification requirements, if any. Time is of the essence and it is crucial to find reputable vendors — an attorney can provide an approved list for quick contact.
Our team of attorneys works with companies and public relations professionals to create a communication plan to respond to questions from the media, regulators, and customers in order to control the narrative surrounding the event and minimize reputational harm.
BrownWinick’s data security and privacy team is also available to help companies prepare an incident response plan before a breach occurs. An incident response plan is a proactive measure that provides a helpful roadmap that outlines the steps a company should take when an incident occurs. Being prepared for a breach incident before it occurs makes company leaders more swift, confident, and thorough in their actions following a breach incident.