Data breaches—What would you do?

Data breaches—What would you do?

You get a call, there has been a data breach on some of your most sensitive data.

What is your first thought? Your first action? If this all seems quite daunting, you have a plan but are not sure of what your first steps would be, or you do not have a plan at all, then you are not alone.

Tech consultant Adriana Linares highlighted “lawyers get complacent” when it comes to their data, believing ‘nobody’s going to come after me’. However, PricewaterhouseCoopers found in at 2017 survey that 60% of law firms reported an information security incident between 2016-2017. With the number of reported breaches rising (not withstanding those unreported), it is only a matter of time before you may experience a breach.

At the latest Cordery Breach Navigator event Jonathan Armstrong and André Bywater partners at Cordery stressed that ‘data breaches are not an if, but a when’ for companies. For an opportunity to know how people might respond in a breach, LexisNexis and Cordery invited individuals from different companies to participate in a breach scenario based on a real life event.

The scenario highlighted some interesting facts that you may not have considered.

From randomising the ‘data breach response teams’ where no one was acquainted to replicate how a team will most likely be put together in an actual company, to setting time limits replicating the urgency of reporting to the Information Commissioners Office (ICO) within a 72-hour window, it was clear that having a pre-planned data breach response plan is vital.

Participants noted how the stress made it hard to think clearly and the experience was a rollercoaster of emotions, trying to deal with each issue and locate information.

How would you respond?

Some teams were quick to rally together. Some teams took time to deliberate the facts. However, there were some key decisions made by all teams which could be beneficial to you when preparing and re

Subscription Form

Already a subscriber? Login
RELX (UK) Limited, trading as LexisNexis, and our LexisNexis Legal & Professional group companies will contact you to confirm your email address. You can manage your communication preferences via our Preference Centre. You can learn more about how we handle your personal data and your rights by reviewing our  Privacy Policy.

Related Articles:
Latest Articles:

Access this article and thousands of others like it free by subscribing to our blog.

Read full article

Already a subscriber? Login

About the author:

Hannah is one of the Future of Law blog’s digital and technical editors. She graduated from Northumbria University with a degree in History and Politics and previously freelanced for News UK, before working as a senior news editor for LexisNexis.