Data Breach Planning in 10 Easy Steps: How to Think Like A Litigator
For the first Monday in November, we have 10 easy steps to make sure that your data breach incident response planning is viewed from that pesky point of view of a litigator.
- Fail to plan = plan to fail.
- Big problems first, small problems later (don't let the perfect be the enemy of the good).
- The criticality of the tone at the top cannot be overstated.
- You cannot prevent idiocy, but you can train (and retrain, and retrain).
- Make good email practices your fight song (in both times of calm, and times of crisis).
- Say what you mean and mean what you say (avoid good policies with poor follow-through; don't set standards that you can't meet).
- Avoid inconsistencies wherever possible.
- Know what your peers are doing (and if you aren't doing the same thing, document why not).
- If you have a close call, document your decision and carefully consider whether you want privilege to apply or not (and why not).
- Think about your "story" in slow motion being played on a movie screen (or in excruciating detail on the front page of the Wall Street Journal).
H/T to Mintz's Meredith Leary for these. For more on these 10 easy steps and a replay of our Halloween-themed October Privacy Webinar, "Tricks, But No Treats: A Halloween Visit to the Frightening World of Data Security Litigation," check out this link to the recording.
Author
Cynthia J. Larose
Member / Co-Chair, Privacy & Cybersecurity Practice
Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.