Navigating the Legal Aspects of Cyber Incidents: First Steps, Required Disclosures and Notifications, Avoiding Pitfalls
Course Details
- smart_display Format
On-Demand
- signal_cellular_alt Difficulty Level
Intermediate
- work Practice Area
Cybersecurity and Data Privacy
- event Date
Wednesday, January 8, 2025
- schedule Time
1:00 p.m. ET./10:00 a.m. PT
- timer Program Length
90 minutes
-
This 90-minute webinar is eligible in most states for 1.5 CLE credits.
This CLE webinar will discuss the legal risks posed by a cybersecurity or data breach incident. The panel will address the crucial immediate first steps for counsel when a client is the victim of a breach, best practices for guiding clients on their disclosure and notification requirements, and how to avoid common and not-so-common pitfalls.
Mr. Ballon is an intellectual property and internet litigator. He represents clients in copyright, DMCA, trademark, trade secret, right of publicity, privacy, security, software, database and internet- and mobile-related disputes and in the defense of data privacy, cybersecurity breach, adtech and behavioral advertising, TCPA and other internet-related class action suits. Mr. Ballon is the author of the five-volume legal treatise, E-Commerce and Internet Law: Treatise With Forms 2d Edition (West 2008 & 2022 Cum. Supp.)
Mr. Auty has led engagements with hundreds of companies in diverse industries. He works side-by-side with clients to navigate complex, intersecting data privacy and security regimes, including the California Consumer Privacy Act, the GDPR, HIPAA and the Gramm-Leach-Bliley Act. Mr. Auty also has significant experience responding to data breaches and defending privacy and security practices in investigations initiated by regulatory agencies around the world. He is a frequent writer and speaker on data privacy topics, in particular issues related to digital marketing.
Ms. Akinkuotu leads investigations and litigation at Notion. Previously, she served as Associate General Counsel at Quora, where she managed dispute resolution, litigation, global regulatory compliance (content and moderation), and brand protection. She partnered with key stakeholders across engineering, moderation, operations, product, and finance teams to achieve business objectives while developing innovative, strategic, and practical solutions to complex legal challenges. Prior to Quora, Ms. Akinkuotu was Lead IP Counsel at Meta (formerly Facebook), leading a team of attorneys focused on global intellectual property, product, and content issues across Meta Products (Facebook, Instagram, WhatsApp, Oculus). With over a decade of experience in legal and operations roles, Shantel specializes in supporting clients, improving efficiency, and addressing evolving legal issues through creative problem-solving."
Cyber incidents and data breaches present a myriad of legal issues for clients across every industry. These issues are complex and overwhelming due to the ever-growing patchwork of breach notification requirements at the state, federal, and international level.
When a breach occurs, clients' key concerns are protecting their data and the company's interests, particularly their reputation. When advising an organization that is dealing with the fallout of a cyber incident, counsel must understand that the potential for investigations by government agencies and private lawsuits is high. Thus, counsel must position their client's response and resolution of the incident as favorably as possible while also preserving documents and managing communications and other potential evidence in anticipation of future investigations or litigation.
It is incredibly important for counsel to be involved early on when a breach occurs because many of the decisions an organization makes during the chaos of a cyber incident will have important legal implications down the road. Counsel must be strategic in preserving the attorney-client privilege and maintaining the confidentiality of service providers engaged to manage the cyber incident. Also, counsel plays a critical role after the resolution of an incident by assessing the effectiveness of the client's processes and programs to guard against the potential for future security incidents.
Listen as our authoritative panel provides guidance for advising and protecting clients on the legal implications of responding to a cyber incident or data breach. The panel will also highlight examples of cyber incident responses that went wrong and the resulting costs to the companies involved.
- Overview: current cyber threat landscape
- The role of counsel when a cyber threat or incident occurs
- The need for incident response and data mapping programs before a breach occurs and the role these programs play in resolving a breach
- Initial incident response: containing the damage and preserving evidence related to the breach
- Protecting the attorney-client privilege and maintaining confidentiality with outside vendors when responding to a security incident
- The role of law enforcement and other regulators when a security incident occurs
- Reviewing incident response processes and ongoing monitoring after the incident is closed
- Examples of cyber incident responses that went wrong and the resulting costs to the organizations involved
- Other considerations and practice pointers
The panel will address these and other key considerations:
- What is the current cyber threat landscape?
- Why is it important for organizations to have effective logging and data mapping in place before an incident occurs and how can these measures assist an organization in the event of a cyber incident?
- What are the key legal considerations organizations and counsel must keep in mind when responding to a cyber incident?
- How can counsel position their client as favorably as possible for potential government investigations or litigation when resolving the fallout of a breach?
Related Courses
AdTech and Data Privacy Risks: Law, Policy, Litigation and Enforcement
Thursday, May 1, 2025
1:00 PM E.T.