Kristin-Casler-Editor-at-Large-4By Kristin Casler, featuring Ryan White, Assistant U.S. Attorney, California; TiTi Nguyen, Deputy Attorney General, California; and Ryan Kriger, Assistant Attorney General, Vermont.

You’ve often heard, don’t sweat the small stuff. When it comes to your organization’s response to a data breach, regulators say you’d actually better sweat that small stuff. There’s no better indicator of problems with the big stuff than ignoring the small stuff, according to several regulators who participated in a round-table discussion of corporate-data-breach-response strategies.

Ryan Kriger, Assistant Attorney General of Vermont, tells the stories of two vastly different corporate responses. In one—the best breach notification he ever received—a president of a local company called him personally on a Monday to report that the company had discovered a breach the previous Thursday. They had already notified the FBI and were working closely with them, notifications were going out the next day, and they had pulled the hard drives. In the other case, Kriger was the one calling the company because he learned about a breach incident. The company denied that the breach had even occurred.

“When I hear that, I know that this is a business that might wind up needing an enforcement action,” Kriger said. “In 99 percent of cases we decide very early on whether the company might warrant action.”

Read the rest of Kristin’s article in the LexisNexis Corporate Counsel Newsletter, then sign up to receive the digital update six times a year. Read More

Relevant HB & Affiliated Programs

NetDiligence Cyber Forum • June 7-8, 2016 • Philadelphia

4A Healthcare Data Privacy Symposium | October 4-5, 2016 | Drexel University | Philadelphia, PA

Privacy+Security Forum 2016 | Oct. 24-26, 2016 | Washington, DC