Shawn E. Tuma

Posts Tagged ‘breach notification’

Yahoo Data Breach: US Senators Demand Answers – Still Think You Don’t Have to Disclose and Notify?

In Computer Fraud and Abuse Act, Cybersecurity Law, Data Breach, Privacy on September 27, 2016 at 6:45 pm

There is a grave and unfortunate misperception among many business leaders who believe that when their company has had a data breach, going through a response and notification of affected individuals is optional. To the educated readers of this blog, this sounds shocking. Sadly, it is something I see on a regular basis. What is worse is that there are far too many lawyers who do not practice in this area but, out of ignorance, advise such clients that it is really not as big of a deal as we are making out of it and that they can just ignore it.  Read the rest of this entry »

Cybersecurity Legal Issues: What you really need to know (slides)

In Corporate Governance, Cyber Generally, Cybersecurity Law, Data Breach, Media, Privacy on September 14, 2016 at 8:46 pm

Shawn Tuma delivered the presentation Cybersecurity Legal Issues: What you really need to know at a Cybersecurity Summit sponsored by the Tarleton State University School of Criminology, Criminal Justice, and Strategic Studies’ Institute for Homeland Security, Cybercrime and International Criminal Justice. The presentation was on September 13, 2016 at the George Bush Institue. The following are the slides from Tuma’s presentation — a video of the presentation will be posted soon!

Read the rest of this entry »

Cybersecurity Incident Response Checklist

In Cyber Generally, Cybersecurity Law, Data Breach, Digital Information Law on September 8, 2016 at 8:30 am

Business leaders, when people like me tell you that having a cybersecurity incident in your company is like being in a building on fire, we are not exaggerating. Take a look at the following checklist (note, this is not an incident response plan!) while keeping in mind that over half of the items on that checklist should be performed almost simultaneously within hours of learning that your company has had a data breach.

While this is not an exhaustive list, these are the items that most often need to be performed in the cases in which I guide clients through the incident response and remediation process. Of course there will be exceptions, additions, and omissions — take this for what it is, a starting point. Finally, note that the picture below is an image of the checklist and is blurry — you can download the original here.



Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.



Cybersecurity: How Long Should An Incident Response Plan Be?

In Corporate Governance, Cyber Generally, Cybersecurity Law, Data Breach, Digital Information Law on July 1, 2016 at 9:23 am

Last evening I had the pleasure of talking cybersecurity law with a group of CIOs from some pretty sophisticated companies. It was a great discussion and I learned as much as I shared — just the way I like it. During our discussion, the subject of Incident Response Plans came up and I explained why these are now a must-have.  Read the rest of this entry »

Why Cybersecurity Incidents Are Legal Events

In Corporate Governance, Cybersecurity Law, Data Breach, Digital Information Law, Privacy on March 18, 2016 at 7:23 pm

In this video, cybersecurity and data protection attorney Shawn Tuma explains why cybersecurity incidents are as much legal events as they are information technology and business / public relations events.

Read the rest of this entry »

%d bloggers like this: