Data Breach Toolkit

Resources to assist counsel in preparing for and responding to a data breach incident. This toolkit includes resources that address risk mitigation and data security preparation, data breach laws, and data breach notification.

Practical Law Intellectual Property & Technology

Data security breaches are a key risk area for businesses. A business that suffers a data breach incident may incur significant expenses, including costs relating to:

Because currently there is no uniformly applicable federal law that applies to data breaches that affect PII, assessing legal obligations in the event of a breach requires looking to several sources. Sector-specific federal laws, such as the Health Insurance Portability and Accountability Act of 1996 ( www.practicallaw.com/1-501-6222) (HIPAA), may apply. In addition, nearly all states, the District of Columbia, and US territories have enacted laws that require notification of individuals, and sometimes regulators, if state residents are affected.

An effective breach management process can help minimize risk. The data breach management process includes:

  • Preparation and risk management.

  • Incident investigation and legal assessment.

  • Notification of affected individuals and other entities, if required.

  • Post-incident review and management.

This Toolkit contains continuously maintained resources that provide practical guidance on many aspects of the data breach management process. For a tool to compare state-specific requirements under state data breach notification laws, see Data Breach Notification Laws: State Q&A Tool ( www.practicallaw.com/3-578-0925) .

 

Preparation and Risk Management

 

Notification and Response

 

Litigation and Enforcement

 
{ "siteName" : "PLC", "objType" : "PLC_Doc_C", "objID" : "1248188515137", "objName" : "ACT_OWNED - READ_ONLY - 5-616-7755", "userID" : "2", "objUrl" : "http://us.practicallaw.com/cs/Satellite/us/resource/5-616-7755?null", "pageType" : "Resource", "academicUserID" : "", "contentAccessed" : "true", "analyticsPermCookie" : "22e97be00:15b01bdc793:2887", "analyticsSessionCookie" : "22e97be00:15b01bdc793:2888", "statisticSensorPath" : "http://analytics.practicallaw.com/sensor/statistic" }