Information Security Policies and Data Breach Response Plans
If You Updated Yours in June, They Are Already Obsolete
Cost: There is no cost to attend this program, however, registration is required.
With the recent uptick of high-profile data breaches and lawsuits being filed as a result by both employees and consumers as a result, every business should take a fresh look at its information security policies and data breach response plans with two thoughts in mind: compliance with applicable laws, and limiting liability in the event of litigation. Cybersecurity is a critical and timely issue for all businesses. If your company has employees and pays them or gives them benefits, then your company is maintaining their personally identifiable information and faces liability in the event of a data breach.
Currently, there is no comprehensive federal law that sets forth a uniform compliance standard for information security best practices or data breach response plans. Companies operating in the U.S. must comply with a patchwork of 47 different states' laws that set forth a company’s obligations in the event of a data breach. In the wake of several high-profile data breaches, state legislators in the U.S. have been updating these state laws in the past few months, adding new requirements.
In addition to dictating how and when a company must respond in the event of a data breach in which personal information has been compromised, a number of these laws also contain substantive requirements about cybersecurity measures a company must take generally. Add into this mix that a U.S. Court of Appeals agreed with the Federal Trade Commission (FTC) that it has the right to file lawsuits against businesses that it deems have lax information security protocols - without informing companies in advance of the standard to which they will be held.
Against this backdrop, Seyfarth attorneys will provide a high-level discussion on how your business can structure an information security program to comply with applicable law and minimize liability - since waiting for a breach is not an option. They will discuss, from a legal perspective:
Essential components of a comprehensive information security policy;
Key elements of a data breach response plan including strategies for state law compliance; and
Best practices for dealing with third party vendors that store personally identifiable information for your company.
*CLE Credit for this webinar has been awarded in the following states: CA, IL, NJ and NY. CLE Credit is pending for GA, TX and VA. Please note that in order to receive full credit for attending this webinar, the registrant must be present for the entire session.