According to a recent ACC survey, 70% of CLOs rate protection of corporate data and managing data breaches as an extremely or very important issue to address over the next 12 months. What’s more, 27% had experienced a data breach at their organisations within the past two years, up from 23% in the previous year’s survey. Of course, with an increased likelihood of data breaches comes an increased workload and need for budgets and resources, which is not always easy to obtain. It’s no wonder nearly 50% of general counsel say planning for cybersecurity incidents and responding to breaches is now a part of their job.
Yet despite the perceived importance, CLOs and GCs still struggle to manage data privacy and security concerns before they become a crisis. And waiting to react to a data breach involving confidential information is often too late, putting the entire organisation at risk. In a previous post we addressed the growing role of the GC in preventing data breaches.
This post looks at developing a plan to manage the consequences should a breach ever occur, although we certainly hope no GC finds themself in this position.
Data Breach Management Plan
Knowing where your company’s vulnerabilities lie and putting preventive measures in place can help you reduce the risk of them happening in the first place. However, in the event of a breach, effective data breach management is critical in helping minimise the impact and preventing a reoccurrence. We recommend establishing an internal procedure covering the following main steps: