Data Breaches, Part 1 – How Prepared Is Your Company?

Computer hacking and data security became central issues in the 2016 presidential election as a result of several, high-profile data breaches. Although the public may have been surprised to learn how vulnerable electronic data actually is, corporate chief legal officers regularly toss and turn at night worrying about their organizations’ data security. According to the Association of Corporate Counsel’s 2016 Chief Legal Officer Survey, data security has ranked among the top three concerns of Chief Legal Officers for several years running.  The ACC survey found that twenty-two percent of CLO’s experienced a data breach within the last two years. Astonishingly, forty-nine percent of healthcare CLO’s experienced a data breach within the last two years, followed by forty-five percent of education industry CLO’s.

Data breaches can be extraordinarily expensive. Response costs can quickly mount into the millions of dollars. Resulting government investigations can lead to significant legal expenses, as well as potential fines. However, the damage will likely go well beyond the initial financial costs. A high-profile data breach can inflict significant damage on a company’s brand, impacting the bottom line far more than the initial legal and investigative costs. Such damage may take years to repair. Beyond the financial damage, a high-profile data breach can often wreck the careers of CEO’s, CLO’s and information technology professionals.

So, the question becomes, how well-prepared is your organization for a data breach? Advance preparation is crucial. Waiting until a data breach is discovered is a recipe for disaster.

Preparing for Data Breaches

To reduce exposure in the event of a data breach, your company must prepare for a breach in advance. This includes instituting security and prevention measures, as well as creating an incident response plan, in the event a breach occurs. In upcoming posts, I will offer help on both fronts. These posts will examine the following topics, all of which your organization must consider before a data breach occurs:

  1. Has your company taken “reasonable security measures” with respect to data security?
  2. Is your company collecting and keeping sensitive information unnecessarily?
  3. Are your vendors and service providers a weak link in your data security plan?
  4. Does your organization have an up-to-date incident response plan?
  5. Has your company purchased adequate insurance covering both the response costs and resulting liability?
  6. Have you prepared your board of directors for a data breach?

I hope these posts prove helpful and would love to hear how your company has prepared for, and responded to, a data breach.

Photo courtesy of Zakwitnij on Flickr.

Related posts:

  1. Data Breaches, Part 2 – “Reasonable Security Measures” Will Protect More Than Just Your Data There once was a time when in-house lawyers could sleep soundly and let the computer experts stay up at night worrying about IT issues. Those days...
  2. Data Breaches, Part 4 – Are Your Vendors A Weak Link? For the first time in weeks, you slept well last night, confident that your expensive consultant found every hole in your company’s data-security program. The board...
  3. Data Breaches, Part 3 – Hackers Can’t Steal What You Don’t Have Does your company collect and keep only the information that is essential for your business? If not, your company is exposing itself to unnecessary risk...
  4. 3 Quick Tips To Improve Email Security General counsel, IT professionals and CEO’s frequently lose sleep worrying about data security, including email security. Worldwide, people send approximately 205 billion emails each day! The...

Author: Scott H. Marder

Scott H. Marder is an attorney, with more than 25 years’ experience. He helps clients find solutions to their complex business problems. As an early-adopter of technology, Mr. Marder’s practice includes the intersection of technology and law. He has written and lectured on technology-related issues, as well.