Too many organizations continue to address breach response from a reactive mode - having a crude disaster-recovery plan in place in case something "does" happen, rather than accepting that something "will" happen and proactively preparing for it. Once a security incident has occurred, the security incident response team is focused on identification, containment, eradication and recovery. In other words, they are trying to get operations back to normal. The preparation phase is the time to thoughtfully consider and research the legal decisions required during a security event. Legal considerations to include in the incidence response plan include the pertinent laws and regulations, what to do if prosecution is a possibility and maintaining advocate-client privilege.
It's critical to understand what well-prepared organizations are doing right when it comes to proactive interaction with law enforcement, information sharing and breach investigation and response.
The session will discuss:
- Lessons learned from case law involving breached entities that have run afoul of the law;
- Recommendations for a contextualized breach disclosure regime in India and the impact of GDPR;
- Data breach prevention, readiness and response.