Tips on Dealing with the Aftermath of a Data Breach

At the IAPP Privacy Academy in Boston on September 18, I moderated a session on dealing with the aftermath of a data breach.  I was fortunate to have an expert panel — Chris Cwalina, Vice President, Associate General Counsel, Intersections Inc. and Carol DiBarriste, SVP Privacy, Security, Compliance and Government Affairs, LexisNexis Group. You can view a copy of our Powerpoint presentation.

There is useful information in the slide deck including information on the current legislative landscape — note the analysis of currently-pending HR 2221 and a review of recent state laws, as well as some points on the variations in the requirements of breach notification laws. 

Fundamentally, you will find helpful tips on what to do in the aftermath of a breach, and how to take steps in advance of a breach to minimize the risks.

The session in Boston concluded with a recommendation that companies conduct an assessment of how they are collecting, using, sharing, storing, securing, and disposing of personal data — for only by understanding how data is handled can the risk of a breach (and its expensive effects) truly be avoided.  Hogan & Hartson regularly conducts such risk management assessments for our clients, which often results in recommendations on how to close the "gaps" — how to improve policies, practices, training and auditing.

Authored by Christopher Wolf