Fast and Full-Spectrum Response to Data Breach Minimizes Company’s Exposure and Satisfies Regulatory Responsibilities

Where we started: In-house lawyers of a prominent national corporation that operated four companies, including a large insurance firm, contacted McGlinchey’s Technology team to manage their response to a data breach. Although they had not retained us before, they had heard of our extensive experience in and deep and broad knowledge about privacy and data security matters. We deployed our lawyers and resources quickly.

Our strategy – plus more: Usually we ensure that our clients have policies, procedures, and people in place to handle data incursions, but this company was not as prepared as we would have liked. Consequently, our lawyers worked on the fly. We immediately assembled a team that included a third-party forensics investigation firm, handled communications with regulatory agencies and, in compliance with all federal and state requirements, notified the affected parties in 40-plus states, including those states’ attorneys general. Our Technology team drafted messaging for the company’s employees and board of directors, and we worked with the company to notify nationwide consumer reporting agencies. We helped with post-consumer notification issues such as media inquiries, consumer escalations, state license-renewal matters, and litigation and enforcement actions. While our attorneys led the strategically crafted response efforts, we collaborated closely with the company’s internal IT department and in-house counsel.

Upshot: Our Technology team put the client in a position to address the actual and potential questions from regulators. We made certain they took the steps necessary to meet their regulatory obligations and minimize their exposure. We then worked with them to ensure they were better prepared for any future incidents. Our Technology team continues to counsel the company on a range of cybersecurity and data privacy issues.