In January, we hosted an event with the Northeast Chapter of the Association of Corporate Counsel (ACC) on cyber security. Matt Field, a cyber insurance expert, participated on the panel, and we are thrilled to offer you a Q&A with Matt on the basics of cyber insurance. Matt is Woodruff-Sawyer's New England practice leader. He is expert in complex risk management and insurance areas, including cyber, D&O, clinical trials and reps and warranties insurance. He works with companies ranging from start-ups to large publicly trade global entities. Find out more about Matt here.
Whether you are in-house counsel or external counsel, upon first hearing of a massive data breach affecting your client, your first reaction will likely be at least a twinge of panic. So first, take a deep breath and calm down. Unfortunately, these days this happens all the time. Below are the top ten things to do after enjoying that deep breath.
Although no one really knows what will happen next, we thought it might be useful to outline some strategies that companies are currently using to mitigate risk in light of the European Union’s recent decision to strike down the Safe Harbor provision allowing data transfers (user web histories and other personal information) between Europe and the United States. The ruling affects any company with international users that transfers advertising and other personal information between Europe and the United States. Google and Facebook are major examples of the type of company affected. Since it’s anyone’s guess when there might be a new safe harbor agreement between the U.S. and Europe, and the current new restrictions will go into effect in January, it is wise to look into some ways of coping with tougher oversight of data transfers.
We are all learning to navigate the new and complex data security protocols and procedures, and we at InhouseGo2 thought that our experience as a firm might be helpful to our in-house clients and colleagues. We interviewed both Ilene Sunshine, our chief privacy officer and Nancy Wahl, our director of IT. They have recently led Sullivan & Worcester through a state-of-the-art data security training and have set up procedures for dealing with a data breach.
1. What do you know now that you wish you had known when you first became the firm’s chief privacy and data security officer?
Ilene Sunshine (Chief Privacy Officer): I wish I’d known how complex and scary this topic is – I might have respectfully declined the job!