Enterprises overlook legal issues in breach preparedness
Companies preparing for data breaches and cyber security incidents too often focus on the technology and overlook the legal aspects.
In a recent study by Hanover Research, for example, while about 54 percent of companies conducted a cyber threat audit — but only 33 percent involved their legal departments in the process.
“Companies are more likely to involve lawyers as a reactive measure, after an incident has occurred, rather than as a proactive measure,” researchers said in their report, which was based on a survey of corporate law departments conducted on behalf of Indiana University’s Maurer School of Law.
This is a problem, because IT or security staff typically focus on physical and electronic security, not necessarily the legal, compliance, or privacy issues of a data breach, said Scott Vernick, the head of the data protection and privacy practice at the law firm of Fox Rothschild LLP, in Philadelphia.