New stories of businesses being hacked are constantly being brought to light, and many need guidance from their legal teams on the measures and steps necessary after such an incident occurs. Cyberintrusion isn’t only confined to big businesses, though. Even the U.S. government and healthcare providers are also experiencing hacking. With this in mind, the Department of Justice has provided instructions for cybervictims through the Cybersecurity Unit called Best Practices for Victim Response and Reporting of Cyber Incidents. According to the Department of Justice, it is important for businesses and organizations to have a legal team familiar with cyberintrusion because it poses different concerns than a physical intrusion. For example, business need to know which measures they can or cannot take in order to try to remedy the situation. A wrong move could result in legal action against the company, which is the last thing one wants to deal with after being hacked. Additionally, businesses can better protect themselves against hacking if their lawyers know which cyber security practices are legal and effective to use.
The lack of uniformity surrounding how companies must react to cyberintrusion also requires lawyers to be extremely knowledgeable about the laws effecting their location. Though the U.S. government may soon implement a law that requires the same response for every company no matter its location, currently there are policies specific to each of the 47 states that have requirements concerning investigation into hacking. Additionally, companies that process credit cards should be familiar with the Payment Card Industry Security Standards Council. With so many regulations and procedures that may change in the future as policies are taken into consideration by state and national governments, it is more important than ever for lawyers to be tech and cyber-savvy.
Article via E-Commerce Times, July 20, 2015
Photo Code view via Jeffrey Zeldman [Creative Commons Attribution-NonCommercial-NoDerivs]