Cyber Breach: A Legal Perspective - Jarrett Coco
Click here to load reader
-
Upload
it-ology -
Category
Technology
-
view
108 -
download
1
Transcript of Cyber Breach: A Legal Perspective - Jarrett Coco
Cyber Breach: A Legal Perspective
IT-oLogy Trends 2015
October 28, 2015
1
Jarrett Coco 1320 Main St., 17th Fl. Columbia, SC 29201 [email protected] (803) 799-2000
Topics
Legal Landscape
Incident Preparedness
Incident Response
Questions
2
Legal Landscape
Litigation from cyber breaches
Suits by consumers
– Individual action
–Consumer class action
Shareholder derivative suits
B to B litigation
–E.g., client/vendors, business partners, financial institutions
3
Legal Landscape
Typical legal theories for litigation:
Failure to adopt reasonable safeguards
Failure to give timely notice
Typical defenses
Lack of standing
Ripeness
Failure to allege cognizable harm
Jurisdictional defenses (e.g., no private right of action)
4
Legal Landscape
Electronic discovery in breach cases
Unique - focuses on systems themselves
–Networks, logs, wireless networks, routers, firewalls, etc.
–These are often in motion
Electronic discovery in other cases
Tends to focus on data contained in systems
–Documents, email, fileshares, etc.
–Mostly static and retrospective
5
Preparations
Technical and Physical Security
Network
Access Control
Identify and map data
Implement/Refresh Breach Response Plan
Communications
Exercises (table top or other simulations)
Legal
6
Preparations
Demonstrate Fiduciary Duties Fulfilled
Board of Directors and Management
Regulatory Compliance
Assess security related regulatory compliance obligations
Insurance Coverage
Costs for response, remediation, any ensuing litigation
Records Retention Policy/Schedule
Employee Training
7
Incident Response
Mobilize Personnel
Contain and Control
Determine scope
Cause of incident
Remediate
8
Incident Response
Assess Notification Obligations
Communications
Internal
External
Anticipate Blowback
Consider potential litigation
Prepare to address any reputational harm
9