October 23, 2020

Volume X, Number 297

Advertisement

October 22, 2020

Subscribe to Latest Legal News and Analysis

October 21, 2020

Subscribe to Latest Legal News and Analysis

October 20, 2020

Subscribe to Latest Legal News and Analysis

Turn on the Camera Part Two: Are You Prepared to Handle a Breach Remotely and Do You Know Your Legal Security Obligations?

During their COVID-19 preparations, companies are dusting off -and deploying- their business continuity plans. Also worth revisiting are incident response plans. Teams working remotely, if faced with a data breach, will still face privilege issues. For this reason simply moving to asynchronous forms of communication (email, chat, etc.) may not suffice, or may increase legal risk and exposure. Teams will thus need to be prepared for coming together virtually. Turning on the camera to converse remotely with video can be an impactful and important way to effectively handle a breach situation. To prepare, here are three key questions companies can consider:

Coronavirus

  1. In the event of a data breach, is your incident team prepared to handle the situation remotely?

  2. What steps will be taken to bring people together? Have those steps been practiced?

  3. Does everyone on the team fully understand how to use virtual technologies, have cameras on their devices, and understand those cameras’ benefits?

In addition to thinking about data breach response, many companies will want to bear in mind the obligations to protect personal information. There are many jurisdictions with laws that govern how companies must protect information. These laws would apply to information the company already holds, and may also apply to new personal information that might be collected during a company’s COVID-19 response (see more about this in the first post in this series). For example, as we have written in the past, New York’s data protection law will go into effect on March 21, and other states already have data security laws in place with specific requirements, including notably Massachusetts and Nevada. And other states, like Ohio provide companies that suffer a breach certain safe harbors if they have security programs in place.

Putting it Into Practice: As companies reflect on (and use) their business continuity plans, thought should be made to breach response plans, and how teams will handle the -hopefully unlikely event- that they must address a breach with an entirely virtual team. At the same time, thought should be given to the legal data privacy protections that exist, and what steps companies are taking to meet those obligations.

Copyright © 2020, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume X, Number 72
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement

About this Author

Liisa Thomas, Sheppard Mullin Law Firm, Chicago, Cybersecurity Law Attorney
Partner

Liisa Thomas, a partner based in the firm’s Chicago and London offices, is Co-Chair of the Privacy and Cybersecurity Practice. Her clients rely on her ability to create clarity in a sea of confusing legal requirements and describe her as “extremely responsive, while providing thoughtful legal analysis combined with real world practical advice.” Liisa is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, which has been described as “a no-nonsense roadmap for in-house and...

312-499-6335
Partner

Craig Cardon serves as Co-chair of Sheppard Mullin’s Privacy & Data Security Group and as the International Liaison for the firm’s China offices. Craig is a partner in the Entertainment, Technology and Advertising and the Intellectual Property Groups in Sheppard Mullin's San Francisco and Century City offices.

Areas of Practice

Craig enjoys a broad advertising, privacy and ecommerce focused practice. He primarily represents brands, retailers, ad agencies, ad networks and other business involved in advertising, marketing and the data associated with it.  

310-228-3749
Kari Rollins Intellectual Property Lawyer Sheppard
Partner

Kari M. Rollins is a partner in the Intellectual Property Practice Group in the firm's New York office.

Areas of Practice

Ms. Rollins focuses her practice on privacy and complex commercial litigation matters. She has successfully represented clients in the financial services, audit and accounting, food services, retail, and fashion industries before state and federal courts, as well as in front of state attorneys general, federal regulators, and U.S. and international commercial arbitration forums....

212.634.3077
Rachel Hudson, Lawyer, Sheppard Mullin, Intellectual Property Practice Group
Associate

Rachel Tarko Hudson is an associate in the Intellectual Property Practice Group in the firm's San Francisco office.

Areas of Practice

Rachel advises clients in the retail, technology, media, and other industries in online and mobile e-commerce transactions and vendor agreements, intellectual property licensing, commercial and development agreements, and other transactional matters. She assists clients in complying with domestic and international privacy laws, clearing advertising campaigns, conducting contests and sweepstakes promotional initiatives, and...

415.774.2999
Advertisement
Advertisement