This hands-on course will explore the fast-paced, high-stakes field of data breach response. Data breaches wreak havoc at organizations of all shapes and sizes in both the public and private sectors. From hospitals and financial institutions to military installations and civilian government agencies, entities face sophisticated adversaries and a diverse range of threats. Few organizations are prepared to manage and respond to an incident. This lack of preparation and experience can turn an already high-pressure event into a full-scale crisis.
Legal experts who can provide clients with sound advice and pragmatic guidance are in high demand but there remains a dearth of lawyers with the relevant training and experience to navigate the barrage of issues that surface following an incident. This course examines the full range of challenges and questions that counsel may face, from legal compliance to risk mitigation and reputational damage.
The course will introduce the subject, focusing on the types of breaches organizations may experience and some basic technical issues. The overview is followed by a deep dive into the myriad legal issues that arise. Most notably, we’ll explore how different governments regulate breach response activities and the challenging patchwork of requirements. Other issues include: mitigating the risk of liability and potential litigation; coordinating with law enforcement; working with human resources; and examining contractual and other obligations of third parties. The course then turns to a dizzying array of policy and strategic issues: public relations and communications; government affairs; managing the investigation; coordinating with technical teams; assessing risk to potentially impacted individuals; and effective breach notification. Real world scenarios and actual data breaches will be used and referenced throughout the course to illustrate different points. By the end of the course students should be able to enter the job market prepared to develop and execute a comprehensive data breach response strategy.
- Understand the legal and regulatory framework that governs data breach response in the United States and other jurisdictions.
- Appreciate the importance of establishing and following clear policies for addressing a data breach.
- Be prepared to pivot back and forth between the legal and practical functions necessary to address a serious incident.
- Be able to manage a data breach response team composed of a range of stakeholders with potentially inconsistent priorities.
- Tailor response strategies to different types of data breaches from a lost laptop or an insider threat to the exfiltration of sensitive data by organized crime.
- Learn how to identify, assess, and mitigate the risk of harm to potentially impacted individuals as well as to the organization itself.
- Become comfortable with making high-stakes decisions in short time frames and with incomplete information.