Attorney Frank Lauletta publishes article on necessity of a data breach response plan
Experienced Business Attorney publishes his first article in his series of Instructional Articles, the first one on the necessity for companies to have a data breach response plan in place
By: Lauletta Birnbaum
In a rapidly evolving field with increasing regulatory oversight, companies dealing with personal or sensitive information should be mindful of their legal obligations with respect to data protection. While securing customer data and ensuring compliance with protection obligation is an obvious area of concern, another important aspect of data protection is having a contingency plan in place in case of an actual date breach.
A company's obligations in case of data breach is now regulated by law in all 50 U.S. states and the District of Columbia. All states and DC now have data breach notification laws on the books, requiring companies to timely notify consumers of the breach. Furthermore, recent trend continues toward expansion of information covered by these data protection and strengthening of consumer protection.
A major development in the field of data protection is the newly enacted General Data Protection Regulation ("GDPR") in Europe. While a comprehensive discussion of GDPR is beyond the scope of this article, GDPR is one of the most expansive data protection laws in the world. With the passage of GDPR and increasing public concern over data protection, many U.S. states are now strengthening their own data protection laws. Data protection laws in California and Vermont are some of the most stringent in the country. Furthermore, multiple states have amended their data protection laws in 2018, mostly expanding the scope of protected information and clarifying or adding obligations in case of a breach.
These regulatory requirements regarding data breach highlight the need for companies to work diligently to create and maintain a data breach response plan. Companies should work with an attorney who is an expert in the field of data protection laws to ensure that they are ready and able to deploy a rapid response in accordance with all the applicable legal requirements should the need arise. Such planning is even more critical for multistate or international operations that may be subject to legal obligations in multiple jurisdictions.
Mr. Lauletta notes that keeping the response plan up to date is just as critical as creating one. Because the field is undergoing such rapid changes across multiple jurisdictions, Mr. Lauletta stresses the importance of ensuring that there is process in place to regularly review and update the response plan. Any change in business operations may trigger the need for a review, such as expansion into new localities or addition of services or operations.
The article will be published in full on the Blog of Mr. Lauletta.
About Frank A. Lauletta
As a general corporate attorney, Frank Lauletta's practice focuses heavily on representing and counseling a broad array of emerging growth and established companies in both the public and private sectors. With his broad legal experience, executive-level background, and vast relationships in the legal, venture capital, and high technology communities, Frank is uniquely suited to serve as outside general counsel to clients. Working closely with executive management teams, Frank currently serves in this capacity to a number of software, telecommunications, and high technology companies throughout the United States.
Frank A. Lauletta