Cyber security breaches — and the resulting litigation — are on the rise, and businesses need to be prepared, as best as possible. Lawsuits originate from consumers, employees, shareholders, business partners and government regulators.
“In most of these highly visible cases you can expect lawsuits and regulator inquiry,” said Kim Peretti, co-chair of Alston & Bird’s Cybersecurity Preparedness & Response Team and former senior litigator for the Department of Justice’s Computer Crime and Intellectual Property Section.
The Federal Trade Commission recently won a victory before the U.S. Court of Appeals of the Third Circuit reaffirming its right to bring administrative actions against companies regarding data security.
With the recent court rulings and the number of breaches, general counsel need to be prepared. Peretti warns they should remember that “cybersecurity touches all aspects of legal departments.”
“When an incident happens, anticipate regulatory inquiries and potential litigation,” she said.
Among other things, Peretti recommends activating an incident response plan and bringing on outside experts to conduct an investigation, keeping in mind that a company's response to the cyber incident will be scrutinized later.
Peretti added that it also helps to conduct the investigation under attorney-client privilege.
“All programs will have some vulnerability at some place,” Peretti said. “You can’t have total security.”