On Tuesday, September 22 at 12:00 p.m. Central, Seyfarth attorneys Karla Grossenbacher and John Tomaszewski will present “Information Security Policies and Data Breach Response Plans.” With the recent uptick of high-profile data breaches and lawsuits being filed as a result by both employees and consumers as a result, every business should take a fresh look at its information security policies and data breach response plans with two thoughts in mind: compliance with applicable laws, and limiting liability in the event of litigation. Cybersecurity is a critical and timely issue for all businesses. If your company has employees and pays them or gives them benefits, then your company is maintaining their personally identifiable information and faces liability in the event of a data breach.
Currently, there is no comprehensive federal law that sets forth a uniform compliance standard for information security best practices or data breach response plans. Companies operating in the U.S. must comply with a patchwork of 47 different states’ laws that set forth a company’s obligations in the event of a data breach. In the wake of several high-profile data breaches, state legislators in the U.S. have been updating these state laws in the past few months, adding new requirements.
In addition to dictating how and when a company must respond in the event of a data breach in which personal information has been compromised, a number of these laws also contain substantive requirements about cybersecurity measures a company must take generally. Add into this mix that a U.S. Court of Appeals agreed with the Federal Trade Commission (FTC) that it has the right to file lawsuits against businesses that it deems have lax information security protocols – without informing companies in advance of the standard to which they will be held.
Against this backdrop, the presenters will provide a high-level discussion on how your business can structure an information security program to comply with applicable law and minimize liability – since waiting for a breach is not an option. They will discuss, from a legal perspective:
- Essential components of a comprehensive information security policy;
- Key elements of a data breach response plan including strategies for state law compliance; and
- Best practices for dealing with third party vendors that store personally identifiable information for your company.
Registration: There is no cost to attend this program, however, registration is required.
If you have any questions, please contact email@example.com.
*CLE Credit for this webinar has been awarded in the following states: CA, IL, NJ and NY. CLE Credit is pending for GA, TX and VA. Please note that in order to receive full credit for attending this webinar, the registrant must be present for the entire session.