what in-house counsel should be doing

Ten Things: Things In-House Counsel Should be Doing Before a Data Breach Occurs

This past week I was honored to be the keynote speaker at the 2017 ACC Alberta Annual Conference in Calgary.  First, let me say that Calgary is a wonderful city and a great place to visit (and the people are awesome too).  Second, a big “thank you” to ACC Alberta for inviting me and hosting a tremendous event.  One of the topics I spoke on was what to do when you are faced with a data breach.  It was a very interactive session with lots of great questions and feedback from the lawyers in the audience.  In particular, we spent some time discussing the recent Equifax data breach and the very negative fallout that company is experiencing – mostly because it seems Equifax was very unprepared to deal with a breach.  This is very surprising given the nature and the amount of sensitive data in its possession.  We also talked a lot about things in-house counsel should be doing before there is a breach.  Some of those things were in my presentation, others were brought forward by members of the audience.  And as I stood on stage listening to the discussion I knew I had my next blog forming right before my eyes.  As important as it is to know what to do if you have a breach, there are a number of things that all in-house lawyers should focus on before there is a breach and by doing so, you can substantially limit the potential damage caused by a breach.  So, with big thanks to my friends from Canada, this edition of “Ten Things” will discuss ten things to do to get your house in order before you are faced with a data breach: