In today’s rapidly-expanding digital economy, cyber security breaches occur every day supporting the need for an incident response team. And data security risks extend beyond the immense task of fixing a breach and notifying impacted customers for organizations conducting business with customers in the U.S., the U.K., the EU, and other jurisdictions with specific data privacy regulations.
With an ever-growing myriad of regulations designed to protect consumers from harm and hold businesses accountable, organizations must contemplate and prepare for additional threats. Legal liability, regulatory penalties, and other repercussions are very real consequences for companies that fail to promptly and properly address data breaches.
In addition, businesses also risk negative publicity and the loss of customer trust. The resulting reputational harm can make it difficult to attract and retain new customers in the future.
While data breaches involving a company’s confidential information or its customers’ personal information will inevitably cause disruption, an organization with a strong incident response plan will be better equipped to minimize downtime and control expenses associated with addressing the breach. Organizations’ incident response plans should include, at a minimum, the following key elements:
- Creation of an incident response team;
- Documentation of team members’ proposed roles and responsibilities in a breach situation, as well as identification of required tools needed to address the breach;
- Review of information affected by the breach to identify the extent of the breach and the impacted consumers;
- A containment plan to limit the impact of a breach;
- Mechanisms to copy affected networks and systems;
- Removal of affected systems;
- Testing to confirm containment, removal, and recovery;
- Current breach notification requirements in the jurisdictions in which the company operates and in which its customers live;
- Consumer notifications designed to comply with all applicable laws and regulations;
- Notifications to law enforcement, industry regulators, state attorney generals, and others (as required);
- A data retention policy that addresses documenting the breach and preserving attorney-client privilege; and
- Preparation for potential litigation related to the breach.
Some of the specific elements of an incident response plan are situation-specific. However, organizations can prepare many of these items in the abstract. When key players understand the scope and required components of the company’s incident response plan ahead of time, it becomes easier to address actual breaches when they occur. Baer Reed provides a variety of business and legal services, including assisting with internal investigations and helping organizations implement their incident response plans. To learn more, contact us today.
Mr. Reyes graduated with honors from the Ateneo de Manila University, where he received the Procter and Gamble Student Excellence Award. He obtained his Juris Doctor degree from the Ateneo de Manila School of Law. During law school, Mr. Reyes was part of the Philippine delegation to the Willem C. Vis International Commercial Arbitration Moot held in Vienna, Austria. He was also a member of the Ateneo Society of International Law and the St. Thomas More Debate Society. He completed his internship at the Public Attorney’s Office. He wrote a thesis entitled: “To Kill A White Elephant: An Analysis of the Fiduciary Exception to the Corporate Attorney-Client Privilege”. Mr. Reyes is admitted to practice law in the Philippines and the State of New York.
Ms. Lardizabal-Manzano is a graduate of San Sebastian College-Recoletos, where she earned her B.A. in Political Science. In 2003, she received her law degree from Lyceum of the Philippines and was admitted to practice law in 2004.
Matthew Hersh earned a B.A. in Political Science from Columbia University in 1990 and graduated cum laude from Georgetown University Law Center in 1999. He also holds a master’s degree in international relations from the Georgetown University School of Foreign Service.
Cap. Avi Levak (Res. IDF) graduated from from Israel’s prestigious Ben-Gurion University of the Negev with a Bachelor of Science in Computer Science and Mathematics. He is also a Leadership and Communication coach trained in TuT coaching by Alon gal in Israel. Avi specializes in high-level, in-depth analysis of business and client needs, within systems and software strategy and architecture.
Ms. Tyler graduated cum laude from Georgetown University and received her law degree, cum laude, from Georgetown University Law Center. During law school, she interned at the United Nations Economic Commission for Europe. She also worked on The Tax Lawyer journal and was a member of the award-winning Barristers’ Council Mock Trial Team. Ms. Tyler is admitted to practice law in the State of California and the District of Columbia.
Ms. Cruz-Anonuevo graduated cum laude and top nine in her batch from Miriam College with a degree of Bachelor of Arts in InternationalStudies. She obtained her Juris Doctor degree from Ateneo de Manila University School of Law in Rockwell. During law school, she interned in Rivera, Santos, Maranan & Associates. She was also part of Ateneo’s Labor Law Bar Operations. She wrote her thesis on, “Stealing Privacy: Limitations on Media’s Photographic Invasion.,” Ms. Cruz-Anonuevo is admitted to practice law in the Philippines.
Ms. Aquino-Batallones obtained a Bachelor of Arts degree in Development Studies (with Minors in Global Politics and Hispanic Studies) from the Ateneo de Manila University. In 2011, she received her Juris Doctor degree from Ateneo de Manila University School of Law. During law school, she interned at Romulo Mabanta Buenaventura Sayoc & de los Angeles then became an intern of Ateneo Legal Services Center’s Clinical Legal Education Program.
Mr. De Guzman graduated from San Beda College with a degree of Bachelor of Arts Major in Economics and received his law degree from San Beda College of Law. He is multilingual and is fluent in three languages: Chinese, Filipino, and English. He was admitted to the Philippine Bar in 2003.