Planning and Policies

  • Records management (e.g. records retention, litigation hold planning, data classification, records disposal, etc.)
  • Security incident response planning (e.g. breach notice law compliance, HITECH Act, payment card and PCI-DSS breach planning)
  • Written security incident response plans
  • Third party incident response planning and contracts (e.g. contractually ensuring that vendors are aligned with client’s incident response strategy)

Notice and Response

  • Coordinate incident response team (e.g. forensics, security, public relations, insurance, etc.)
  • Breach notice law applicability analysis
  • Drafting written notices to individuals affected by breach
  • Communication with law enforcement and governmental agencies (e.g. FTC, DOJ, local law enforcement, state attorneys general, etc.)
  • Develop communication strategies
  • Communicate and interact with affected stakeholders (e.g. consumers, employees, merchant banks, payment processors, card brands, issuing banks, etc.)
  • HITECH Act notice response actions
  • Payment card breach notice response actions

Litigation Readiness

  • Establish attorney-client privilege
  • Analyze legal risk of organization due to breach
  • Develop defense strategies and legal theories in the event of litigation
  • Determine mitigating actions of organization

e-Discover and Electronic Evidence Management

  • Manage forensic team efforts for gathering relevant data
  • Identify relevant data types
  • Coordinate preservation and collection of relevant data