ARTICLE
23 March 2020

Turn On The Camera Part Two: Are You Prepared To Handle A Breach Remotely And Do You Know Your Legal Security Obligations?

SM
Sheppard, Mullin, Richter & Hampton LLP

Contributor

Sheppard, Mullin, Richter & Hampton LLP logo
Businesses turn to Sheppard to deliver sophisticated counsel to help clients move ahead. With more than 1,200 lawyers located in 16 offices worldwide, our client-centered approach is grounded in nearly a century of building enduring relationships on trust and collaboration. Our broad and diversified practices serve global clients—from startups to Fortune 500 companies—at every stage of the business cycle, including high-stakes litigation, complex transactions, sophisticated financings and regulatory issues. With leading edge technologies and innovation behind our team, we pride ourselves on being a strategic partner to our clients.
Explore Firm Details
During their COVID-19 preparations, companies are dusting off -and deploying- their business continuity plans.
United States Privacy
Liisa M. Thomas,Craig Cardon,Rachel Tarko Hudson
+1 Authors
 Your Author LinkedIn Connections
Sheppard, Mullin, Richter & Hampton LLP are most popular:
  • within Cannabis & Hemp topic(s)

During their COVID-19 preparations, companies are dusting off -and deploying- their business continuity plans. Also worth revisiting are incident response plans. Teams working remotely, if faced with a data breach, will still face privilege issues. For this reason simply moving to asynchronous forms of communication (email, chat, etc.) may not suffice, or may increase legal risk and exposure. Teams will thus need to be prepared for coming together virtually. Turning on the camera to converse remotely with video can be an impactful and important way to effectively handle a breach situation. To prepare, here are three key questions companies can consider:

  1. In the event of a data breach, is your incident team prepared to handle the situation remotely?
  2. What steps will be taken to bring people together? Have those steps been practiced?
  3. Does everyone on the team fully understand how to use virtual technologies, have cameras on their devices, and understand those cameras' benefits?

In addition to thinking about data breach response, many companies will want to bear in mind the obligations to protect personal information. There are many jurisdictions with laws that govern how companies must protect information. These laws would apply to information the company already holds, and may also apply to new personal information that might be collected during a company's COVID-19 response (see more about this in the first post in this series). For example, as we have written in the past, New York's data protection law will go into effect on March 21, and other states already have data security laws in place with specific requirements, including notably Massachusetts and Nevada. And other states, like Ohio provide companies that suffer a breach certain safe harbors if they have security programs in place.

Putting it Into Practice: As companies reflect on (and use) their business continuity plans, thought should be made to breach response plans, and how teams will handle the -hopefully unlikely event- that they must address a breach with an entirely virtual team. At the same time, thought should be given to the legal data privacy protections that exist, and what steps companies are taking to meet those obligations.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]
Authors
Photo of Liisa M. Thomas
Liisa M. Thomas
Photo of Craig Cardon
Craig Cardon
Photo of Kari M. Rollins
Kari M. Rollins
Photo of Rachel Tarko Hudson
Rachel Tarko Hudson
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More