Interested in training for your team? Click here to learn more

Data Security Compliance and Responding to a Data Breach: Lessons for Corporate Counsel After Equifax

Recording of a 90-minute CLE webinar with Q&A

This program is included with the Strafford CLE Pass. Click for more information.
This program is included with the Strafford All-Access Pass. Click for more information.

Conducted on Tuesday, January 23, 2018

Recorded event now available

or call 1-800-926-7926

The CLE course will examine the issues presented by the Equifax data breach and response, outline proactive strategies to reduce the likelihood of a data breach, and provide best practices for responding to a breach. The panel will also discuss new data breach disclosure obligations and other recent legal developments regarding data protection.


On Sept. 7, 2017, Equifax announced a data breach of about 143 million Americans’ sensitive information. The circumstances of the breach (hacking of a website application for which a patch had been provided but not installed) and Equifax’s widely criticized response to the breach provide critical lessons for corporate counsel.

Breaches of data security damage companies’ reputations and pose a risk to trade secrets, confidential information, and individual customers’ personally identifiable information. They also increase the likelihood of state and federal enforcement actions, fines and class action suits.

Counsel must know the types of personal information their companies and clients maintain, how and where is it stored, who has access, and whether it is sufficiently secure. A well-crafted data breach response plan identifies first responders (among IT, HR, business operations, public relations, and other personnel), their respective roles, and the ultimate contact point and decisionmakers.

Cloud computing raises more privacy and security concerns for corporate counsel. Due to recent well-publicized incidents of irretrievably lost virtually stored information, counsel – especially for regulated sectors such as medical providers and financial services providers – must ensure agreements with cloud vendors specifically include data security measures.

Companies with significant risk for costly data breaches should understand what cybersecurity insurance covers and evaluate whether the company needs it.

Listen as our authoritative panel of data privacy and information security attorneys examines recent legal developments impacting compliance with a patchwork of international and U.S. rules. The panel will outline proactive legal and technology tactics for counsel to reduce the risks associated with data breaches and best practices for responding to a breach to minimize potential liability and reputational damage.



  1. Recent legal developments
    1. Federal law developments
    2. State law developments
    3. International law developments
  2. Crafting and implementing a comprehensive data privacy policy
    1. Restricting access to certain information
    2. Encryption of sensitive and/or personally identifiable information
    3. Written security policies that are consistently enforced
    4. Ongoing internal training and testing of executives and staff as to key threats such as phishing
    5. Internal training – including tabletop exercises – of key personnel as to appropriate responses to data breaches
    6. Regular monitoring of networks
    7. Implementing patches when vulnerabilities are disclosed.
  3. Responding to security breaches
    1. Notification of key company officials
    2. Investigation of the breach
    3. Notification to affected individuals and state officials
    4. Memorializing actions taken in response to a security breach
    5. Cyberinsurance


The panel will review these and other key issues:

  • What proactive strategies should counsel take to protect the private information of customers, employees and the company?
  • What response policies should corporate counsel establish to minimize liability for disclosure of confidential information if a breach occurs?
  • What terms and conditions should counsel include in agreements with cloud computing vendors to minimize the risk of data breach?


Brownstone, Robert
Robert D. Brownstone

Technology & eDiscovery Counsel
Fenwick & West

Mr. Brownstone advises clients on information-security, data-privacy, electronic discovery, electronic information...  |  Read More

Kidwell, Brent
Brent E. Kidwell

Jenner & Block

Mr. Kidwell is the Firm’s Chief Knowledge Counsel. He helps clients proactively prepare for electronic discovery...  |  Read More

Access Anytime, Anywhere

Strafford will process CLE credit for one person on each recording. All formats include course handouts.

To find out which recorded format will provide the best CLE option, select your state:

CLE On-Demand Video