Thomas on Data Breach: A Practical Guide to Handling Data Breach Notifications Worldwide, 2015 Edition
There often is nothing worse, as a general counsel, than getting that call from your IT department: "we think our database of employee social security numbers was hacked." Or, "we think our online credit card payment system has been compromised." Or, from HR "a disgruntled employee just walked out the door with hundreds of social security numbers and is selling them on the black market." Or, the call from the FBI: "we think your company is under attack." There is a flurry of activity. Teams will try to determine what information was accessed, who accessed it, and if employees or consumers have been put at risk. Each situation is fact-specific, so no amount of drills will answer these questions for every breach.
Then, there is the inevitable scramble to understand legal obligations. Do we have to notify under various data breach notification laws? Whom do we notify? How quickly? What should be included in the notice? What is our potential exposure after the notice goes out? And in the event of a breach, the inevitable question: "did we do all that we could have to prevent the attack?"
The answers to these questions can be tricky. This book is intended to fill a glaring void and serve as a helpful tool in navigating a data breach. The book will help you understand breach notification requirements so you can have a clear plan in place before the breach occurs. And if the statistics are correct, the breach will occur. As the nation – and the world – debates issues about data breach laws this book gives a comprehensive overview of where we are right now, and how to best prepare for the future.