United States: You’ve Been Hacked. Now What?

With data breaches on the rise, many companies have had to face the question of what it should do after it has been hacked.

One of the critical steps following a breach is to deal effectively with legal concerns, starting with having IT, security and other senior executives meet with corporate and external legal teams to discuss the potential implications.

Remediation of the problem could be a long process because the source of the breach may not always be readily apparent, and companies need to ensure any evidence is preserved, says Scott L. Vernick, a noted privacy attorney.

"There's always one eye toward what law enforcement or an enforcement agency may require, or litigation down the road," Vernick says.

Companies need to ensure they conduct investigations into the source of a breach without disturbing any evidence. "This can include but is not limited to cloning the server, laptops and desktops; making images of documents so that you are investigating the image as opposed to the original," he says.

Legal concerns are centered around potential government investigation and making sure that under relevant breach notification laws stakeholders and business partners are informed.

"And then of course you have the potential litigation that flows from that," Vernick says.

Some reporting policies and procedures are determined by the state breach notification statue or by an industry sector, Vernick notes.

"The bottom line is that organizations should try to be as up front and transparent as possible," he says. "Some of that is difficult to do because usually it's a moving target in terms of understanding what happens in developing the information. But certainly with respect to your stakeholders—particularly customers or employees or government agencies—the sooner you're transparent and the more transparent you are, the better it generally ends up."

Click here to view the full article.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.