Interested in training for your team? Click here to learn more

Mitigating Cybersecurity Litigation Risks: Polices, Procedures, Service Providers, Notification, Damages

Recording of a 90-minute CLE video webinar with Q&A

This program is included with the Strafford CLE Pass. Click for more information.
This program is included with the Strafford All-Access Pass. Click for more information.

Conducted on Thursday, November 10, 2022

Recorded event now available

or call 1-800-926-7926

This CLE webinar will provide practical solutions for corporate counsel to mitigate potential cybersecurity class action risks. The panel will discuss how businesses should implement policies, procedures, and training to limit data security breaches and what steps companies can take with service providers to reduce the time between incident detection and notification. The panel will also address how damages can be limited in class action litigation.


Equifax, Home Depot, Capital One, Uber, Morgan Stanley, and Yahoo! are just a handful of data breach victims resulting in class action litigation and settlements in the hundreds of millions of dollars.

Counsel must prepare to address a security incident and know best practices to minimize the risk of class action lawsuits and other liability exposure. While technical preventative issues are often outside a legal department's purview, updating policies, procedures, and training can help alleviate data security risks.

Several states, most notably California, have instituted privacy laws that provide potential causes of action beyond common law torts. Companies should be aware of the cross-compliance aspects of these various laws. Counsel should work to ensure that contracts with service providers have clear timelines and notification requirements in the event of an incident. Agreements with service providers with access to data should address damages.

Companies must also review the issues with class certification. In 2021, the Supreme Court heard TransUnion L.L.C. v. Ramirez, which raised the bar for putative class members to establish standing under the Fair Credit Reporting Act (FCRA). Over 8,000 TransUnion customers brought a class action for violations of the FCRA, but SCOTUS found that only 1,853 plaintiffs, which had their credit reports distributed to third parties, had standing.

Listen as our authoritative panel discusses cybersecurity class actions and the best practices to mitigate claims risks and limit damages when classes are certified.



  1. Cybersecurity class actions
    1. Mitigating risks
      1. Technical preventative measures
      2. Legal preventative measures
    2. Policies, procedures, and training
    3. Service provider agreements
      1. Timelines
      2. Notification requirements
      3. Damages
    4. Other means to limit damages
    5. Class certification
      1. Recent SCOTUS decision


The panel will discuss these and other key topics:

  • How can counsel best prepare for a data security breach?
  • With multiple state privacy laws, how can counsel create a compliance program, and what policies and procedures should be included?
  • How can agreements with service providers limit liability in a data breach?
  • What does the recent SCOTUS decision imply regarding certifying future classes?


Ballon, Ian
Ian C. Ballon

Shareholder, Co-Chair Global Intellectual Property & Technology Practice Group
Greenberg Traurig

Mr. Ballon represents Internet, technology, entertainment companies and social networks in internet-related...  |  Read More

Bryan, Kristin
Kristin L. Bryan

Squire Patton Boggs

Ms. Bryan is a data privacy and cybersecurity litigator experienced in the resolution of complex disputes. She has...  |  Read More

Access Anytime, Anywhere

Strafford will process CLE credit for one person on each recording. All formats include course handouts.

To find out which recorded format will provide the best CLE option, select your state:

CLE On-Demand Video