Governance & Risk Management , Incident & Breach Response , Managed Detection & Response (MDR)
Preparing for Post-Breach Regulatory Scrutiny
Video Interview: Attorney Randy Sabett on Importance of Incident Response PlansBecause more federal regulators are paying closer attention to how businesses are protecting consumer information, having a detailed incident response plan is more important than ever, says Randy Sabett, special counsel at law firm Cooley LLP in Washington.
See Also: Forrester Top 35 Global Breaches Report: Balance Defense with Defensibility
The Federal Trade Commission, the Securities and Exchange Commission and the Federal Communications Commission are all paying closer attention to consumer protection and privacy risks that surface in the wake of a data breach, Sabett says in an interview with Information Security Media Group.
"I think it's really an extension of what the FTC started several years ago," Sabett says in this video interview with Information Security Media Group. "Now we're seeing, because these various other agencies, in some way shape or form, touch or have jurisdiction over some aspect of personal information, they're all getting involved. ... They're looking at the breach side of it and going after companies in very much the same way the FTC has done over the years."
Having an incident response plan in place, as well as having the right people within the organization prepared to respond, can help reduce fines that regulators could impose after a breach, he says.
In this interview at ISMG's recent Boston Fraud and Breach Prevention Summit, Sabett also discusses:
- How the SEC and FCC are following the FTC's lead in post-breach actions;
- Why regulators are increasingly staking their claims on jurisdiction in the wake of a breach; and
- How federal action is influencing the roles state attorneys general play in fining organizations that expose personal information about consumers.
Sabett is vice chairman of the privacy and data protection practice group at Cooley LLP. A former National Security Agency crypto-engineer, Sabett's practice focuses on data security, privacy, licensing and intellectual property. He has managed numerous data breach incident responses involving major retailers, financial and healthcare organizations, and online service providers. He served on the Commission on Cybersecurity for the 44th Presidency.