At A Time Of Confusion & Uncertainty
The threat posed to organizations of all types and sizes from data breaches and other cybersecurity events is unprecedented and, by all accounts, only set to increase. Whether the threat emanates from a for-profit hacking group engaged in ransomware activity or a nation-state actor seeking valuable intelligence, the threat vectors come from practically all sides. The reality is that “it is a question of when, not if.”
Once hit with a data breach or cybersecurity event, the fallout to a business can be immense. Compliance post-breach can be complex and overwhelming due to the cost of complying with the patchwork breach notification regimes on the state level (such as the CCPA as amended by the CPRA), federal level (such as HIPAA), and international regulatory authorities (such as the GDPR). Failure to comply with relevant legal obligations can result in hefty fines. Further, strategically protecting the organization, including the attorney-client privilege, is critical. For example, maintaining the confidentiality of subject matter experts’ analysis of security posture pre-breach and the extent of the incident can be pivotal in limiting the cost of a cyber incident, including as it relates to post-breach private action.
At RICHT, we focus on helping clients navigate the confusing web of laws that come into play in a data breach or cyber event, stressing mitigation and protecting client interests. Specifically, our services include pre-planning such as tabletop exercises (TTXs) and counseling clients in real-time experiencing a breach with technical experts under our RICHT&Co. offering.
- Preparedness & Prevention
- Incident Response Plans
- Breach Notification Compliance
- Navigating Ransomware & Cyber Extortion
- Representation In Regulatory Investigations
- Cyber Insurance Review & Negotiation
- Vendor Vetting & Policies
Find Out About How We Can Help You With Navigating Data Breaches & Incident Response
Data Breach & Incident Response News
Norway's Datatilsynet fines Argon Medical Devices NOK 2.5M for data breach notification delay
The Norwegian data protection authority (‘Datatilsynet’) announced, on 16 March 2023, its decision No. 21/03126-13, as issued on 8 March 2023, in which it imposed a fine of NOK 2.5 million (approx. €220,292) on Argon Medical Devices, Inc., for violation of Article 33(1) of the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’), following a data breach.
CafePress owners settle with FTC over data breach 'cover up'
The U.S. Federal Trade Commission said Tuesday it has taken action against CafePress over security lapses leading to a 2019 data breach, entering into proposed settlements with the online merchandise platform’s current and former owners.
Privacy & Cybersecurity Practice Insights