Cyber Breach: A Legal Perspective

IT-oLogy Trends 2015

October 28, 2015

1

Jarrett Coco 1320 Main St., 17th Fl. Columbia, SC 29201 jarrett.coco@nelsonmullins.com (803) 799-2000

Topics

Legal Landscape

Incident Preparedness

Incident Response

Questions

2

Legal Landscape

Litigation from cyber breaches

Suits by consumers

– Individual action

–Consumer class action

Shareholder derivative suits

B to B litigation

–E.g., client/vendors, business partners, financial institutions

3

Legal Landscape

Typical legal theories for litigation:

Failure to adopt reasonable safeguards

Failure to give timely notice

Typical defenses

Lack of standing

Ripeness

Failure to allege cognizable harm

Jurisdictional defenses (e.g., no private right of action)

4

Legal Landscape

Electronic discovery in breach cases

Unique - focuses on systems themselves

–Networks, logs, wireless networks, routers, firewalls, etc.

–These are often in motion

Electronic discovery in other cases

Tends to focus on data contained in systems

–Documents, email, fileshares, etc.

–Mostly static and retrospective

5

Preparations

Technical and Physical Security

Network

Access Control

Identify and map data

Implement/Refresh Breach Response Plan

Communications

Exercises (table top or other simulations)

Legal

6

Preparations

Demonstrate Fiduciary Duties Fulfilled

Board of Directors and Management

Regulatory Compliance

Assess security related regulatory compliance obligations

Insurance Coverage

Costs for response, remediation, any ensuing litigation

Records Retention Policy/Schedule

Employee Training

7

Incident Response

Mobilize Personnel

Contain and Control

Determine scope

Cause of incident

Remediate

8

Incident Response

Assess Notification Obligations

Communications

Internal

External

Anticipate Blowback

Consider potential litigation

Prepare to address any reputational harm

9