Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Cybersecurity and Privacy Diligence in a Post-Breach World

Posted by Paul Ferrillo, Weil, Gotshal & Manges LLP, on Sunday February 15, 2015 – The Harvard Law School Forum on Corporate Governance and Financial Regulation.

Editor’s Note: Paul A. Ferrillo is counsel at Weil, Gotshal & Manges LLP specializing in complex securities and business litigation. This post is based on a Weil Alert authored by Mr. Ferrillo and Randi Singer; the complete publication, including footnotes, is available here….Thus, it is absolutely critical to understand what kind of data a company collects, how the company uses, stores, shares, processes, protects, and disposes of information, and how to develop and evaluate a plan to respond to attacks that target these data. Proper planning can mean the difference between a news story that begins, “Sony has just announced that Sony Pictures Entertainment co-chairman Amy Pascal is stepping down from her post,” and one that announces a major cyber-attack, but concludes, “Anthem said it doesn’t expect the incident to affect its 2015 financial outlook, ‘primarily as a result of normal contingency planning and preparation.’” Proper planning includes incident response and information management business continuity planning, which are mission-critical. They are (or should be) part of a Board’s enterprise risk management duties, and they are particularly vital for certain federally-regulated entities with an obligation to protect consumer and client information and to keep it private. We have written in-depth elsewhere about incident response plans and their elements. Here, we set forth a high-level summary designed to help evaluate a company’s incident response and business continuity plans…”

Sorry, comments are closed for this post.