2021 Data Security Incident Response Report


Digital Assets and Data Management – Disruption and Transformation

Contents

02 At A Glance

03 Why Incidents Occur

04 Day 1 Checklist

05 Incident Response Life Cycle

06 Forensics

07 Litigation

08 Work From Home / Information Governance

09 Vendor Incidents

10 CCPA

11 EU Regulatory Update

12 Healthcare

13 Advertising, Marketing and Digital Media

14 Security

15 Contact

CLIENTS AND FRIENDS OF THE FIRM


Welcome to our seventh Data Security Incident Response Report (DSIR). It has been quite a year from many perspectives. Thank you to everyone we have continued to partner and work with to create this report.

We are excited to launch this new digital platform version, and we intend to update this version throughout the year with real-time data. The DSIR will continue to share data and insights about security incidents, regulatory enforcement actions, class actions, transactions, digital innovation, compliance projects, data governance, and advisory matters to help organizations develop solutions to address the issues that data and technology create.

We kicked off 2020 with the formation of a practice group focused on “everything data”—the Digital Assets and Data Management (DADM) Practice Group. At that time, no other law firm had prioritized these issues on the practice group level. We had big plans associated with the launch of DADM, and like those of everyone else, our plans for 2020 were disrupted. Fortunately, however, the members of our group quickly pivoted to meet the evolving needs of our clients. Also, the timing of our launch was fortuitous. Before the pandemic, it was already a cliché to say that every company is in some way a technology company. This is definitely the case after COVID-19 due to remote working and the temporary closure of brick-and-mortar businesses.

The DSIR we published in April 2020 anticipated some of the work-from-home challenges due to the pandemic. Our teams went from spending a significant amount of time on-site with clients to learning how to engage, advise, and train through videoconferencing. We scrapped a six-month effort to have a vendor build us a custom data security incident case management solution and, instead, had our IncuBaker legal technology team build it using existing resources. We saw some (but not many) incidents occur due to the rush to support remote work. In the summer and fall, we faced a surge of ransomware matters. Then, we definitely experienced an impact from the pandemic (in practical ways, such as dependence on technology that was not available heightening the need to pay a ransom and challenges in collecting evidence to do an investigation). Collaboration, teamwork, and resilience, helped us face these pandemic-driven obstacles and solve problems.

It would not be appropriate to discuss the past year without also addressing systemic racism and inequities seen across underrepresented minority groups. Diversity, equity, and inclusion are priorities for our practice, and significant time has been spent by leaders in our group to address these issues as part of our strategic planning. Law firms generally still have a lot of work to do in this regard; however, it is worth noting that: over 50% of our practice group is composed of female lawyers, nearly 30% of our lawyers are persons of color or LGBTQ+, and women and persons of color hold over 70% of our group’s leadership positions. We will continue our commitment to not only hiring lawyers and staff from underrepresented groups but also integrating them into our group once they are hired so that they have a successful path forward.

We hope you enjoy this edition of the DSIR, and we welcome you to contact our DADM group members with questions or suggestions.

Sincerely,

Ted Kobus (He, Him, His) Chair, Digital Assets and Data Management Group


0+

Incidents in 2020


U.S. Breach Notification Law Interactive Map


EU GDPR Data Breach Notification Resource Map


For the latest, visit our blog at bakerdatacounsel.com

The Lifecycle of Data

Transformed legal services for the information and technology ecosystem

Share this page