Rely on the most comprehensive, up-to-date legal content designed and curated by lawyers for lawyers
Work faster and smarter to improve your drafting productivity without increasing risk
Accelerate the creation and use of high quality and trusted legal documents and forms
Streamline how you manage your legal business with proven tools and processes
Manage risk and compliance in your organisation to reduce your risk profile
Stay up to date and informed with insights from our trusted experts, news and information sources
Access the best content in the industry, effortlessly — confident that your news is trustworthy and up to date.
Find up-to-date guidance on points of law and then easily pull up sources to support your advice with Lexis PSL
Check out our straightforward definitions of common legal terms.
Our trusted tax intelligence solutions, highly-regarded exam training and education materials help guide and tutor Tax professionals
Access our unrivalled global news content, business information and analytics solutions
Insurance, risk and compliance intelligence using big data, proprietary linking and advanced analytics.
A leading provider of software platforms for professional services firms
In-depth analysis, commentary and practical information to help you protect your business
LexisNexis Blogs shed light on topics affecting the legal profession and the issues you're facing
Legal professionals trust us to help navigate change. Find out how we help ensure they exceed expectations
Lex Chat is a LexisNexis current affairs podcast sharing insights on topics for the legal profession
Discuss the latest legal developments, ask questions, and share best practice with other LexisPSL subscribers
You get a call, there has been a data breach on some of your most sensitive data.
What is your first thought? Your first action? If this all seems quite daunting, you have a plan but are not sure of what your first steps would be, or you do not have a plan at all, then you are not alone.
Tech consultant Adriana Linares highlighted “lawyers get complacent” when it comes to their data, believing ‘nobody’s going to come after me’. However, PricewaterhouseCoopers found in at 2017 survey that 60% of law firms reported an information security incident between 2016-2017. With the number of reported breaches rising (not withstanding those unreported), it is only a matter of time before you may experience a breach.
At the latest Cordery Breach Navigator event Jonathan Armstrong and André Bywater partners at Cordery stressed that ‘data breaches are not an if, but a when’ for companies. For an opportunity to know how people might respond in a breach, LexisNexis and Cordery invited individuals from different companies to participate in a breach scenario based on a real life event.
The scenario highlighted some interesting facts that you may not have considered.
From randomising the ‘data breach response teams’ where no one was acquainted to replicate how a team will most likely be put together in an actual company, to setting time limits replicating the urgency of reporting to the Information Commissioners Office (ICO) within a 72-hour window, it was clear that having a pre-planned data breach response plan is vital.
Participants noted how the stress made it hard to think clearly and the experience was a rollercoaster of emotions, trying to deal with each issue and locate information.
Some teams were quick to rally together. Some teams took time to deliberate the facts. However, there were some key decisions made by all teams which could be beneficial to you when preparing and responding to a data breach.
The key learning from the Cordery event was: Be prepared and stay prepared.
Reiterating Armstrong and Bywater, a breach is not and if, but a when. Having a well thought out, simple and rehearsed plan is crucial.
Not only does this plan take the pressure off when a breach occurs, but it could save you time and money. As identified in the scenario session, knowing what supplies, insurance, etc you may need for a breach and purchasing them early is often cheaper. Your board has more time to understand what you need and why, putting the financial backing behind it. As well as this, identity theft alert companies will become aware of your breach, and often raise their prices—so it is good to plan ahead.
Having a solid plan also ensures you can report your breach within the 72-hour window necessary for the ICO. By delegating out different tasks to dedicated roles your team can easily pick up a section of work and get the job done in the most efficient way.
When putting your data breach response plan together, some key things to consider:
There are many other things to consider, as outlined in LexisPSL practice notes such as Data breaches—GDPR—overview, Data breaches—GDPR—overview and Managing a personal data breach—process flowchart—GDPR.
Understanding and identifying a data breach can be complex, let alone managing one. However, tools such as Cordery Breach Navigator make the data breach process simple and are here to help.
Cordery Breach Navigator is the only solution that combines legal and compliance expertise with intelligent workflows to help data protection professionals deliver the best outcomes for their business and reputation.
Basically, all fears around working out your next steps, whether you are responding correctly and running through your plan can be helped by one tool. From breach notification and risk assessment to report drafting and an investigation stage, Cordery Breach Navigator guides you through all process of a breach from start to finish—removing the need for stress and panic.
‘What is your first thought? Your first action?’ following a data breach, it should now be simple.
For more information and a free demo of Cordery Breach Navigator, click here.
Free trials are only available to individuals based in the UK
* denotes a required field
Hannah is one of the Future of Law blog’s digital and technical editors. She graduated from Northumbria University with a degree in History and Politics and previously freelanced for News UK, before working as a senior news editor for LexisNexis.
0330 161 1234