fbpx

Steady Counsel

At A Time Of Confusion & Uncertainty


The threat posed to organizations of all types and sizes from data breaches and other cybersecurity events is unprecedented and, by all accounts, only set to increase. Whether the threat emanates from a for-profit hacking group engaged in ransomware activity or a nation-state actor seeking valuable intelligence, the threat vectors come from practically all sides. The reality is that “it is a question of when not if.” 

Once hit with a data breach or cybersecurity event, the fallout to a business can be immense. From the cost of complying with the patchwork breach notification regimes on the state level, federal level (such as under HIPAA), or international regulatory authorities such as under the GDPR, compliance post-breach can be complex and overwhelming. Failure to comply with relevant obligations under the law can result in hefty fines. Further, strategically protecting the organization, including the attorney-client privilege, is critical. For example, maintaining the confidentiality of subject matter experts’ analysis of security posture pre-breach and the extent of the incident can be pivotal in limiting the cost from a cyber incident, including as it relates to post-breach private action

At RICHT, we focus on helping clients navigate the confusing web of laws that come into play in a data breach or cyber event, stressing mitigation and protecting client interests. Specifically, our services include pre-planning such as tabletop exercises (TTXs) and counseling clients in real-time who are experiencing a breach, including in conjunction with technical experts under our RICHT&Co. offering. 


Find Out About How We Can Help You With Navigating Data Breaches & Incident Response




    Data Breach & Incident Response News


     

    DataGuidance

    2023 DATA SECURITY INCIDENT RESPONSE REPORT

    Now in its ninth year, the Data Security Incident Response Report features statistics and insights from 1,160+ incidents.

    Data Breaches
    Incident Response
    Privacy Law
    DataGuidance

    Norway's Datatilsynet fines Argon Medical Devices NOK 2.5M for data breach notification delay

    The Norwegian data protection authority (‘Datatilsynet’) announced, on 16 March 2023, its decision No. 21/03126-13, as issued on 8 March 2023, in which it imposed a fine of NOK 2.5 million (approx. €220,292) on Argon Medical Devices, Inc., for violation of Article 33(1) of the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’), following a data breach.

    Data Breaches
    Incident Response
    Privacy Law
    The New York Times

    Former Uber Security Chief Found Guilty of Hiding Hack From Authorities

    Joe Sullivan, the former Uber security chief, was found guilty on Wednesday by a jury in federal court on charges that he did not disclose a breach of customer and driver records to government regulators.

    Data Breaches
    Incident Response
    Privacy Law
    Reuters

    CafePress owners settle with FTC over data breach 'cover up'

    The U.S. Federal Trade Commission said Tuesday it has taken action against CafePress over security lapses leading to a 2019 data breach, entering into proposed settlements with the online merchandise platform’s current and former owners.

    Data Breaches
    Privacy Law
    The New York Times

    Supreme Court Limits Article III Standing in Data Privacy Litigation

    In a 5-to-4 decision, the court said only people who had suffered “concrete harm”… had the right to sue.

    Data Breaches
    Privacy Law

    Privacy & Cybersecurity Practice Insights