Governance & Risk Management , Incident & Breach Response , Managed Detection & Response (MDR)

Preparing for Post-Breach Regulatory Scrutiny

Video Interview: Attorney Randy Sabett on Importance of Incident Response Plans
Randy Sabett, special counsel, Cooley LLP

Because more federal regulators are paying closer attention to how businesses are protecting consumer information, having a detailed incident response plan is more important than ever, says Randy Sabett, special counsel at law firm Cooley LLP in Washington.

See Also: Forrester Top 35 Global Breaches Report: Balance Defense with Defensibility

The Federal Trade Commission, the Securities and Exchange Commission and the Federal Communications Commission are all paying closer attention to consumer protection and privacy risks that surface in the wake of a data breach, Sabett says in an interview with Information Security Media Group.

"I think it's really an extension of what the FTC started several years ago," Sabett says in this video interview with Information Security Media Group. "Now we're seeing, because these various other agencies, in some way shape or form, touch or have jurisdiction over some aspect of personal information, they're all getting involved. ... They're looking at the breach side of it and going after companies in very much the same way the FTC has done over the years."

Having an incident response plan in place, as well as having the right people within the organization prepared to respond, can help reduce fines that regulators could impose after a breach, he says.

In this interview at ISMG's recent Boston Fraud and Breach Prevention Summit, Sabett also discusses:

  • How the SEC and FCC are following the FTC's lead in post-breach actions;
  • Why regulators are increasingly staking their claims on jurisdiction in the wake of a breach; and
  • How federal action is influencing the roles state attorneys general play in fining organizations that expose personal information about consumers.

Sabett is vice chairman of the privacy and data protection practice group at Cooley LLP. A former National Security Agency crypto-engineer, Sabett's practice focuses on data security, privacy, licensing and intellectual property. He has managed numerous data breach incident responses involving major retailers, financial and healthcare organizations, and online service providers. He served on the Commission on Cybersecurity for the 44th Presidency.


About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.