NetDiligence® Cyber Risk & Privacy Liability Forum
June 9, 2011

PHILADELPHIA—One of the biggest mistakes a company that experiences a data breach can make is to downplay the size of the breach and its effect on the victims, said attorney Jamie Sheller at the HB Litigation Conferences Second Annual NetDiligence® Cyber Risk & Privacy Liability Forum on June 9 in Philadelphia.

Sheller, a plaintiff’s attorney with Sheller, P.C. in Philadelphia said that downplaying the magnitude of a breach “inflames the victims” and “inflames the courts” when the real statistics are revealed to the government.

Defense attorney John Mullen of Nelson, Levine, de Luca & Horst in Philadelphia, who also sat on the panel, said that companies need to assume there’s going to be litigation when a data breach takes place.   He suggested that companies be sure to make the “right deals with the right  vendors” to provide credit monitoring to victims before a breach takes place and to avoid “panic buying” when it does.

“Even if you provide the best package [to victims] you’re not going to stop anyone from suing you,” he said.

Panelist Richard Bortnick, a defense attorney with Cozen O’Connor in Conshohocken, PA, said there are three typical scenarios in data breach cases—first, where the company assumes the risk of the breach before it occurs; second, where the company purchases data breach insurance coverage; and third, where the company has done nothing to prepare for a breach.

He said that the last scenario occurs in the “majority of cases.”

Bortnick also stated that the issue of cyber security is “in the cross-hairs of the federal government,” not only of the United States, but other countries throughout the world.

“This is a global, international problem,”  he said.