I have handled several data breach incidents for clients as their breach response counsel and, while we have an effective process to implement to help keep clients out of legal hot water, that really is not the most important aspect of handling the incident. The most important issue is how the incident will impact the company’s overall business. No matter how great of a job we do on the legal side, if the business side suffers too much, it is an overall failure. These situations are not the time for tunnel vision.
The key to dealing with the business side comes from the company’s executives. As breach response counsel, I try to keep a big picture focus and work with the company’s executives just as I do in-house counsel to ensure we take into consideration the business objectives as well as the legal. We want our actions to be consistent with the company’s values. The only way to effectively accomplish that is if we have buy-in from the executives and they are willing to take the lead in guiding the company through the unfortunate event. I have always stressed the importance of this to my clients and now I have help!
The following article from the Harvard Business Review provides great advice on executives can lead their company through this process. Here is an excerpt and a link to the article:
Executives in any business, however, can learn valuable lessons in crisis leadership:
One critical concept that we share with the participants in the National Preparedness Leadership Initiative (NPLI) at Harvard is that every crisis includes many situations, each with different contingencies and considerations. In this case, they include security, legal, law enforcement, customer relations, media, shareholder, employee, the board, card issuers and providers, regulatory, and more. While there can be overlap, each of these situations has a distinct (and sometimes conflicting) set of stakeholders, power structures, priorities, perspectives, interests, requirements, and values. For example, Communications may want to be immediately open and transparent while Legal may want to wait to more fully assess the liability exposure that such a stance could create. They each have a legitimate case. Navigating this complex web of interdependent relationships is daunting in routine times. In a crisis of this magnitude, the added pressure and higher stakes can make it overwhelming. How can an executive successfully lead through such a complex morass?
Read the full article here: How to Lead During a Data Breach – Eric J. McNulty – Harvard Business Review.
If you would like to discuss how you and your company can be better prepared to help avoid or, if necessary, respond to data breach incidents, please feel free to give me a call (469.635.1335) or email me (stuma |at| brittontuma.com).
About the author
Shawn Tuma is a lawyer who is experienced in advising clients on complex digital information law and intellectual property issues such as trade secrets litigation and misappropriation of trade secrets (under common law and the Texas Uniform Trade Secrets Act), unfair competition, and cyber crimes such as the Computer Fraud and Abuse Act. He is a partner at BrittonTuma, a boutique business law firm with offices near the border of Frisco and Plano, Texas which is located minutes from the District Courts of Collin County, Texas and the Plano Court of the United States District Court, Eastern District of Texas. He represents clients in lawsuits across the Dallas / Fort Worth Metroplex including state and federal courts in Collin County, Denton County, Dallas County, and Tarrant County, which are all courts in which he regularly handles cases (as well as across the nation pro hac vice ). Tuma regularly serves as a consultant to other lawyers on issues within his area of expertise and also serves as local counsel for attorneys with cases in the District Courts of Collin County, Texas, the United States District Court, Eastern District of Texas, and the United States District Court, Northern District of Texas.
Good post, Shawn – the best reminder for all businesses: be prepared before a data breach happens!
Thank you very much Allan — as we both know, it’s no longer a matter of if, but when it happens (and in all likelihood, it already has, they just don’t know it yet!).