Fast and Comprehensive Response to Data Breach Minimizes Company’s Exposure and Satisfies Regulatory Responsibilities
Where we started: In-house lawyers of a prominent national corporation operating four companies, including a large insurance firm, contacted our team to manage their response to a data breach. Although they hadn’t previously retained our Cybersecurity and Data Privacy team, they had heard of our extensive experience in and deep knowledge about these matters, as well as our financial services and insurance capabilities. We knew we could help and deployed our lawyers and resources quickly.
Our strategy – plus more: Like many data breaches, this incursion posed a serious problem, so our team worked swiftly to assess the situation and provide counsel. We immediately assembled a team that included a third-party forensics investigation firm, handled communications with regulatory agencies, and, in compliance with all federal and state requirements, notified the affected parties in 40-plus states, including those states’ attorneys general.
Our attorneys drafted messaging for the company’s employees and board of directors, and worked with the company to notify nationwide consumer reporting agencies. We helped with post-consumer notification issues such as media inquiries, consumer escalations, state license renewal matters, and litigation and enforcement actions. While our attorneys led the strategically crafted response efforts, we collaborated closely with the company’s internal IT department and in-house counsel.
Upshot: Our team put the client in a position to address the actual and potential questions from regulators, while making certain they took the steps necessary to meet their regulatory obligations and minimize their exposure. We then worked with them to ensure they were better prepared for any future incidents. Our lawyers provide ongoing counsel to ensure the company has optimal policies, people, and procedures in place, establishing proactive strategies to address a wide range of cybersecurity and data privacy issues.