Lawyer Monthly Magazine - August 2019 Edition

What are the impacts of a data breach and how do you work towards ensuring the impact isn’t as detrimental? There are three main business impacts of a data breach: (1) costs, (2) reputation, and (3) intangibles. The most apparent business impact of a breach is the associated costs. This can come in many forms, such as ransom, theft or diversion of funds, legal fees, fines, settlements, etc. The cost of a breach alone is enough to causemany small andmedium businesses to close their doors permanently. According to a study conducted by IBM Security and Ponemon Institute, the average cost of a data breach is $3.86 million. While harder to measure, a company that suffers a data breach also has to deal with reputational damage. Breaches have a massive negative impact on a company’s customer base, particularly if the breach involves sensitive data. Immediately after a data breach, companies often see a sharp decline in their customer base and find that news of a data breach causes some recognises the multiple data privacy and security laws that apply, companies have a very real risk of subjecting themselves to fines and other penalties. There is currently no federal data privacy and security law in the United States. Consequently, several states are implementing their own laws. This will make it even more difficult for companies to ensure full compliance with applicable laws and regulations. Data breach: what should be the first course of action a client should take? Despite your best efforts, data breaches happen. The minutes, hours, and days after a data breach can be hectic, stressful, frustrating, and confusing. Hopefully, when the dreaded day comes, you and your company have already prepared and have in place a practical, fact- based and realistic data breach response plan that is tailored specifically to your company’s specific needs. If that’s the case, you are ahead of the game, and you should follow this breach response plan step-by-step. If, on the other hand, you do not have a well-crafted plan in place, potential customers to think twice before doing business with your company. It can take ten months to more than two years to restore a company’s reputation following a breach of customer data. Certain business impacts are immeasurable while remaining incredibly impactful. For example, personal data may be lost or sold on the dark web. The theft or loss of your company’s (or your clients’) trade secrets and other intellectual property could be detrimental to the future success of your company. These are only a few examples of intangible business impacts, as they vary widely. The most important thing a company can do to reduce the impact of a data breach is to react as swiftly and systematically as possible to mobilize your incident response team, secure systems, and conduct a thorough investigation. Reacting slowly will only make the effects of the data breach worse. A company must also be as open and transparent in its communications with individuals affected by the data breach as possible. LM then the most critical first step would be to check your insurance policy and then engage qualified outside counsel to guide your response efforts. Several insurance companies now offer cyber risk insurance (also known as data breach insurance). Depending on your policy, your insurance company can help you retain qualified outside counsel that specializes in this complex, ever-evolving area of law, often at a reduced hourly rate. It is critical to obtain outside counsel because (at least in most cases within the United States) it is possible to protect the actions and communications of a breach response with the attorney-client privilege and its related work product doctrine. This protection is crucial because it allows for the free flow of information between an attorney and his or her client, allowing for the fastest response possible. Additionally, an attorney that specializes in this area of law can advise whether the breach triggers any of the many and varied notification obligations at the state, federal, and international level. Super Lawyers By Anthony E. Stewart, Hall Booth Smith, P.C. 70 WWW.LAWYER-MONTHLY.COM | AUG 2019