Legal, reputational and business risks have the potential to mount following a cyberattack, Baker McKenzie Global Data Privacy and Security Business Unit Chair Brian Hengesbaugh, CIPP/US, writes. To ease the stresses an affected business will face, Hengesbaugh said, “companies should conduct an assessment as part of their pre-incident planning process” to identify notification obligations in the categories of incident notification laws, restrictions on data use, collection and transfers, and conflicting laws that could interfere with a domestic breach incident investigation.
Full story