Breach Notification and Incident Response
Planning and Policies
- Records management (e.g. records retention, litigation hold planning, data classification, records disposal, etc.)
- Security incident response planning (e.g. breach notice law compliance, HITECH Act, payment card and PCI-DSS breach planning)
- Written security incident response plans
- Third party incident response planning and contracts (e.g. contractually ensuring that vendors are aligned with client’s incident response strategy)
Notice and Response
- Coordinate incident response team (e.g. forensics, security, public relations, insurance, etc.)
- Breach notice law applicability analysis
- Drafting written notices to individuals affected by breach
- Communication with law enforcement and governmental agencies (e.g. FTC, DOJ, local law enforcement, state attorneys general, etc.)
- Develop communication strategies
- Communicate and interact with affected stakeholders (e.g. consumers, employees, merchant banks, payment processors, card brands, issuing banks, etc.)
- HITECH Act notice response actions
- Payment card breach notice response actions
Litigation Readiness
- Establish attorney-client privilege
- Analyze legal risk of organization due to breach
- Develop defense strategies and legal theories in the event of litigation
- Determine mitigating actions of organization
e-Discover and Electronic Evidence Management
- Manage forensic team efforts for gathering relevant data
- Identify relevant data types
- Coordinate preservation and collection of relevant data
