Cybersecurity Practices Booming in Era of the Breach

February 9, 2015 – In The News
The Legal Intelligencer

Scott L. Vernick was quoted in The Legal Intelligencer article, “Cybersecurity Practices Booming in Era of the Breach.” Full text can be found in the February 9, 2015, issue, but a synopsis is below.

The continued cybersecurity woes of many large businesses in 2014 has meant a busy start to 2015 for law firm data privacy and security practices.

While breaches continue to make headlines, it can often be difficult to convince companies that cybersecurity is an issue for it before it suffers a breach.

“The real issue that general counsel confront ... is often [having] a hard time about getting C-suite buy-in before there is a problem,” said Scott Vernick, a noted privacy attorney. “‘Why should we bring in Fox, we don’t have a problem?’”

But Fox is being called upon increasingly by clients seeking to prepare to respond to a breach in the event one does occur, said Vernick. Vernick has seen the creation of incident response plans become a growing part of his practice, he said.

Vernick often begins by showing a client a letter from a multistate attorney general investigation that has been sent to a company and says, “Here are the questions you will be asked when there is a breach. Are you ready to answer the questions? If you are not ready, we’ll get you ready.”

Clients have often focused their incident response plans on the IT response, which is often not understood by or applicable to a compliance officer or general counsel, Vernick said. Fox Rothschild has created templates for response plans that it will customize for each client, according to Vernick.

"What do you have, who has access to it and how long are you keeping it. That's what we build our plans around," he said. "You can't be ready to respond without knowing those answers."

Fox splits its practice between pre- and post-breach work as well as additional sub-focuses. The practice also has a blog for general cybersecurity issues and a separate one for the health care industry.

Additionally, Fox has created an app, Data Breach 411 , which details the varying state data breach notification laws.

The cost of a breach before litigation even occurs is estimated to be in excess of $200 per record compromised, Vernick pointed out. That cost includes notification requirements from the patchwork of some 47 state laws currently governing data breaches.

Click here to view the full article.

This article was also featured in the Pittsburgh Post-Gazette.