Who Should Be Contacted After a Breach?Attorney Ruth Promislow Offers Insights on Who to Include on the List
Who is on your list of contacts in the event that your organization experiences a data breach? Attorney Ruth Promislow, partner at Bennett Jones LLP, says the police and external legal counsel should be near the top of that list of contacts.
See Also: The 5 Foundational DevOps Practices
Having outside counsel is important, she says, because "there have been cases where correspondence with in-house counsel has been held not to be privileged. ... When you're dealing with external counsel, it's much cleaner when protecting that line of communication."
In a video interview at Information Security Media Group's recent Fraud and Breach Prevention summit in Toronto, Promislow discusses:
- Why contacting the police can be critical to containing damage;
- How working with external council is different than working with in-house legal staff;
- Why boards of directors are now held to new a standard for understanding breach response.
Promislow practices commercial litigation with a focus on commercial crime, including cybersecurity, investment fraud, employee fraud and anti-money laundering. She has extensive experience with cybersecurity matters, including cyber preparedness, incident response and related litigation. She oversees and conducts internal investigations for clients, working with internal and external auditors.