In the Belly of the Breach: What Every In-House
Counsel Needs to Know about Data Breach Response
ACC International Legal Affairs Committee
Legal Quick Hit: May 8, 2014
Presented by:
Colin Zick
Foley Hoag LLP
Gant Redmon
General Counsel
Co3 Systems, Inc.

•
Common Breach Scenarios
•
Anatomy of a Common Type of Data Breach
•
Legal Frameworks for Breach Response
•
Preparing for and Responding to the Breach
•
Incident Response and Investigation
•
Breach Notification and Resolution
•
Preparing for Related Litigation and Government Investigations
•
Breach Insurance
•
Getting Ahead of the Game: Industry Collaboration
2
“In the Belly of the Breach” | 2 © 2014 Foley Hoag LLP. All Rights Reserved.

•
Accidental Breaches
•
Faithless Employee/Ex-Employee
•
Hackers & Thieves / Organized Crime
•
Competitive Espionage

© 2014 Foley Hoag LLP. All Rights Reserved.
3
“In the Belly of the Breach” | 3

© 2014 Foley Hoag LLP. All Rights Reserved.
4
“In the Belly of the Breach” | 4


Customer Privacy Laws

Federal and state identity theft laws and regulations
- Requiring customer notice
- Requiring information security programs

HIPAA / Medical information regulation

Gramm Leach Bliley / Financial information regulation

Regulations for specific industries (e.g., FCC CPNI Regulations)

Laws governing specific information (e.g., Social Security number statutes)

Negligence / Consumer protection laws

Authorized Use Statutes

Computer Fraud & Abuse Act (CFAA)

Electronic Communications Privacy Act (ECPA)

Stored Communications Act (SCA)

Surveillance / Information Security Law

Federal & State Wiretapping Statutes

Invasion of Privacy

Property Law

Larceny / Conversion

Trade Secrets

Copyright / Digital Millennium Copyright Act (DMCA)
5
© 2014 Foley Hoag LLP. All Rights Reserved.
“In the Belly of the Breach” | 5

•
Compliance / developing information security programs
•
Incident response and investigation
•
Breach notification and resolution
•
Anticipate government investigations and possible litigation, as well as consumer litigation
•
Press/public relations strategy
6
“In the Belly of the Breach” | 6 © 2014 Foley Hoag LLP. All Rights Reserved.

 What is in-house counsel ’ s role in responding to a breach?
 Notice:
 To federal/state agencies;
 To those impacted by the breach as both a matter of state law and risk management
 Mitigation
 The role of notice and credit monitoring
 In post-breach public statements, what key points should be included to minimize litigation risk?
 To what extent can a company be liable for lost data?
 How much can a typical breach cost a company both in time, brand equity and internal distraction?
 What kind of insurance, if any, can a company use to offset costs?
 Does it really help cover the costs?
 The role of outside counsel
7
“In the Belly of the Breach” | 7 © 2014 Foley Hoag LLP. All Rights Reserved.

© 2014 Foley Hoag LLP. All Rights Reserved.
8
“In the Belly of the Breach” | 8


Headline

Text
© 2014 Foley Hoag LLP. All Rights Reserved.
9
“In the Belly of the Breach” | 9


Headline

Text
© 2014 Foley Hoag LLP. All Rights Reserved.
10
“In the Belly of the Breach” | 10

•
Still a developing area
•
Limited history of evaluating risk, so premiums can vary widely
•
Scope of coverage can vary widely
•
Limits vary and can range from $25,000 to $25 million depending on the nature of the policy and business.
•
What can be covered?
– Crisis management services
– Notification of breached parties
– Credit/public records/fraud monitoring
– Fraud remediation services
11
“In the Belly of the Breach” | 11 © 2014 Foley Hoag LLP. All Rights Reserved.

© 2014 Foley Hoag LLP. All Rights Reserved.

12
“In the Belly of the Breach” | 12

 Colin J. Zick, Esq.
Foley Hoag LLP czick@foleyhoag.com
(617) 832-1275

Gant Redmon, Esq.
Vice President, Business Development, and General Counsel
 Co3 Systems, Inc.
gredmon@co3sys.com
(617) 300-8136
13
“In the Belly of the Breach” | 13 © 2014 Foley Hoag LLP. All Rights Reserved.