Legal issues stemming from cyber incidents are enough of a concern that Black Hat had a cyber attorney speak to attendees in Vegas this month. These are key points from his talk that our clients and Resellers need to be aware of:
- IT providers are not attorneys, and cannot provide legal advice in the event of a cyber incident. Don’t rely on IT to be able to confirm what your obligations are for breach reporting under the various data protection standards – they likely are not aware of all of them.
- Preservation of forensic evidence must be handled properly or the evidence will not be able to be used in litigation. This is particularly important if you suspect an employee or vendor access data improperly and you need to prove it. Also, if evidence such as logs that can show if data was exposed are overwritten during recovery efforts and it can’t be proven that data did NOT get stolen as part of a confirmed breach, you will likely have to assume that it was.
- Attorney-client privilege does not mean that you don’t have to report a data breach, but it can prevent disclosure of statements made or details. There are specific legal documents that must be in place and may require separate incident investigations for some of the information to remain privileged.
- Paying a ransom is another key area to discuss with a cyber attorney to make sure you will not face any sanctions under the U.S. Department of Treasury’s Office of Foreign Asset Control (OFAC) that could lead to heavy penalties or even jail time.
- Legal resources need to be part of your incident response plan to insure that you don’t do anything that increases your exposure. Our Breach Response Service includes access to cyber attorneys as the first step to any response for this very reason.