Last week, at the Georgetown Law Continuing Legal Education event in Washington DC, I attended an interesting session on security, “Preparing for and Responding to Data Security Incident”. The session was moderated by Heidi Wachs, Special Counsel at Jenner & Block. Panelist Allen G. Brandt, Anne Fealy, Oliver M. Johnson II and Heidi Salow, and mostly focused on the importance of data security and the need to have an incident respond plan in place.
The panelists emphasized that in case of unauthorized disclosure of your information, there is more at stake than the potential loss of valuable information and the risk of hefty fines. They also point to the severe damage a data breach can do to a company’s reputation. Today’s media is highly educated after a series of high profile data breaches, and knows exactly the difficult questions to ask when inquiring about a breach. And usually within 72 hours of a breach, companies will be hit with their first class action suit. We all know that a class action suit is 40 to 50 times more costly than the usual litigation.
In some verticals, there are bigger risks involved than the loss of data and information. In the medical world, cybersecurity also involves securing the connection to medical devices. A pacemaker for example, these days can be monitored and controlled remotely by a physician. A data breach here can have serious implications beyond the loss of data. It could include data corruption which could affect the operation of that medical device, thus, affecting a patient’s health.
The coming breach
Corporations today understand that a security breach is not an “if”, but a “when”. And when it happens, you must be prepared. Part of that preparation is getting your house in order with your information to help minimize risks and protect your data and your customer’s data.
Here are my top three tips for protecting your data:
- Take stock of the information that you collect. This can include customer data, employee information and financial information
- Implement a retention policy where you scale down the information you keep. Only keep what is necessary for business, thus, minimizing your risks when there is a security breach;
- And lastly, dispose of your data properly to protect your data.