First call all the lawyers

A recent study by the Ponemon Institute, LLC reports that data breaches have resulted in an average cost of US$4.8 million per incident (based on an average of 26,300 records lost or stolen, at US$182 per record).

Of the breaches examined in the study, 90 per cent of them were the result of a loss or theft of electronically stored data.

IT professionals play a key role not only in the prevention of breaches but also in the implementation of a prompt and effective response strategy to contain and minimize the damage caused by a breach when it occurs.

IT should get the legal team involved as soon as a breach has occurred or is suspected, even if all of the facts are not yet known.

Decisions requiring legal input, such as whether to notify affected individuals, regulators such as the privacy commissioner, law enforcement and insurers need to be made and acted on within hours, not days or weeks, of a breach occurring.

Experience has shown that an organization’s delay in responding to a breach can significantly increase the damage suffered by the organization as a result of the breach (including greater reputational harm and more legal liability). IT personnel should also immediately seek input from the legal team to implement a protocol to protect communications regarding the incident and the subsequent investigation as “privileged,” so that the organization is not required to disclose this information in any resulting litigation.

To enable legal counsel to determine the appropriate communication strategy and manage the legal risks, IT should provide legal counsel with as much information as possible about the incident itself and the remediation efforts taken or planned. This should include a detailed chronology of the incident, a list of what records were or may have been accessed, the types of information contained in the record, a summary of the steps taken to contain the breach and a description of the remediation plan.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now