Your Organization’s Name Hinges on Data Value and Security
Data breaches are all about reputational risk, says attorney Lisa Sotto. And as legal requirements grow, attorneys must play increasingly integral roles in helping clients respond to incidents.
When consumers’ privacy, is compromised, it’s not just legal compliance organizations have to worry about. “Data breaches are really about reputational risk,” says Sotto, a managing partner for New York-based law firm Hunton & Williams, where she focuses on privacy and information.
Ethical requirements and deciding how far to go beyond the legal breach notification mandates of certain jurisdictions are where attorneys step in and play critical roles in how their clients respond after consumer information is compromised.
“The law only requires that an entity notify those who had sensitive information compromised, like Social Security numbers,” Sotto says. “But now we know other things, like e-mail addresses, can lead to compromise through social engineering and phishing.”
How an organization responds when that kind of less-sensitive information is compromised can go far in defraying the fallout after a privacy-security breach, ensuring a breached organization’s reputation is not damaged beyond repair.
But the notification process is complicated. “Most breaches affect victims in many jurisdictions,” she says. “And making all of those laws mesh is much like dealing with a puzzle containing hundreds of small pieces.”
During this interview, Sotto discusses:
- Why attorneys must be play key roles in not only the forensic investigation after a breach but also the subsequent public-relations efforts that follow;
- How attorneys can break in to the field of information security, and why they should; and
- Why attorneys are increasingly being looked to as the gatekeepers of data-privacy, necessitating them to manage an organization’s data-security strategy from “the cradle to the grave.”
Sotto is the managing partner of the New York office, and her practice focuses on privacy, data security and information management issues. She was rated No. 1 privacy expert in 2007 and 2008 by Computerworld magazine. She also earned a No. 1 U.S. national ranking for privacy and data security from Chambers and Partners. In addition, Hunton & Williams’ privacy and information practice received a No. 1 U.S. national ranking from Chambers in privacy and data security.