72 Hours and Counting: Do's and Don'ts of Global Data Security Incident Response presented at GlobalPrivacySummit 2019

by Brian Hengesbaugh, Mary Fort, Shea Wynn,

Summary : Global data security incidents pose critical challenges for companies in all industry sectors. Companies are experiencing a "perfect storm" with more data security threats (financial crime, nation states, insiders, individual hackers and collectives), more vulnerabilities (expanded surface area with mobile, cloud, IOT, data monetization, and new technologies), and more data breach notification requirements. The breach notification requirements are covering more geographies (e.g., Australia, Colombia, the European Union, Mexico, Russia, South Korea), applying to broader sets of data (e.g., all personal data), and establishing faster timelines (e.g., 72 hours to report to authorities in the EU under GDPR). Although much can be said about preparation and post-incident remediation, this panel will focus on the do's and don'ts of global data security incident response from a legal perspective. What you’ll take away:How to manage "fast" breach notice timing requirements (e.g., 72 hours) when the facts are still emergingHow to seek to establish privilege and control over the investigation to help protect the companyHow to navigate data protection, blocking statutes, and other local restrictions that can affect the involvement of U.S. law enforcement and the execution of the investigation