Steady Counsel
At A Time Of Confusion & Uncertainty
The threat posed to organizations of all types and sizes from data breaches and other cybersecurity events is unprecedented and, by all accounts, only set to increase. Whether the threat emanates from a for-profit hacking group engaged in ransomware activity or a nation-state actor seeking valuable intelligence, the threat vectors come from practically all sides. The reality is that “it is a question of when, not if,” a particular company or other organization will experience an incident. From smaller breaches to ones of great proportions, such as AT&T’s data breach that resulted in “nearly all” customers’ data being disclosed.
Once hit with a data breach or cybersecurity event, the fallout to a business can be immense, not only in terms of regulatory and legal expenses but also reputationally. The legal dynamics of data breach compliance are complex and overwhelming due to the need to comply with patchwork breach notification regimes on the state level (such as the CCPA as amended by the CPRA), federal level (such as HIPAA), and international regulatory authorities (such as the GDPR). Though the legal frameworks are criticized, failure to comply with relevant legal obligations in the event of an incident or data breach can result in hefty fines. Further, strategically protecting the organization, including the attorney-client privilege, is critical. For example, maintaining the confidentiality of subject matter experts’ analysis of security posture pre-breach and the extent of the incident can be pivotal in limiting the cost of a cyber incident, including as it relates to post-breach private action.
At RICHT, we focus on helping clients navigate the confusing web of laws that come into play in a data breach or cyber event, stressing mitigation and protecting client interests. Specifically, our services include pre-planning such as tabletop exercises (TTXs) and counseling clients in real-time experiencing a breach with technical experts under our RICHT&Co. offering.
Our Data Breach & Incident Response Services
Preparedness & Prevention
Incident Response Plans
Regulatory Investigations
Vendor Risk
Breach Notification Compliance
Cyber Insurance Review
Key Data Breach Stats Of Note
$4.45 Million
2024 Data Security Incident Response Report
BakerHostetler released its 2024 Data Security Incident Response Report which provides an overview, insights, and metrics from the security incidents the firm managed in the prior year (more than 1,150 incidents in 2023).
NY College Forced To Invest $3.5 Million In Cybersecurity After Breach Affecting 200,000
New York state’s attorney general is forcing a college to invest $3.5 million into cybersecurity after a 2021 data breach leaked troves of sensitive information about almost 200,000 people.
2023 DATA SECURITY INCIDENT RESPONSE REPORT
Now in its ninth year, the Data Security Incident Response Report features statistics and insights from 1,160+ incidents.
Norway's Datatilsynet fines Argon Medical Devices NOK 2.5M for data breach notification delay
The Norwegian data protection authority (‘Datatilsynet’) announced, on 16 March 2023, its decision No. 21/03126-13, as issued on 8 March 2023, in which it imposed a fine of NOK 2.5 million (approx. €220,292) on Argon Medical Devices, Inc., for violation of Article 33(1) of the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’), following a data breach.
Former Uber Security Chief Found Guilty of Hiding Hack From Authorities
Joe Sullivan, the former Uber security chief, was found guilty on Wednesday by a jury in federal court on charges that he did not disclose a breach of customer and driver records to government regulators.
CafePress owners settle with FTC over data breach 'cover up'
The U.S. Federal Trade Commission said Tuesday it has taken action against CafePress over security lapses leading to a 2019 data breach, entering into proposed settlements with the online merchandise platform’s current and former owners.
Supreme Court Limits Article III Standing in Data Privacy Litigation
In a 5-to-4 decision, the court said only people who had suffered “concrete harm”… had the right to sue.
