Cybersecurity Incident Investigation

Cybersecurity incident response lawyers can bring valuable tools to a business faced with handling a security incident or investigation. In order to utilize these tools effectively, an attorney should be engaged at the beginning of any investigation of a security incident.

A couple of notable tools to be used in these investigations are the attorney-client privilege and the work product doctrine. The attorney-client privilege can protect confidential communications from disclosure to outside parties during regulatory investigations and litigation. The work product doctrine can protect investigation reports and documented findings from disclosure as well. Businesses should seriously consider employing the assistance of an incident response attorney at the onset of a security incident investigation to take advantage of these tools.

Businesses must also consider the technical side of the investigation. Using third-parties to coordinate and conduct the investigation can be helpful in situations where a disclosure resulted from actions inside the company. Kirkpatrick Law can coordinate technical investigations while protecting the findings, asserting legal rights, and developing a legal strategy.

Get Started with Cybersecurity Incident Investigation

An attorney will respond to you within 24 hours.

Cybersecurity Incident Investigation Q&A's

Cybersecurity Incident Investigation Q & A's

What communication should be disclosed about a security incident? +

Businesses should conduct internal security incident investigations with the thought of protecting the communications from disclosure outside of the organization. Engaging an attorney at the beginning of an investigation can create the attorney-client privilege of such communications. An attorney can designate a specific team for the incident handling and investigation to help ensure that the relevant communications remain confidential. Without the attorney-client privilege, written and oral communications may have to be disclosed as evidence during an investigation by regulatory authorities or in litigation against the company. Typical communications that a business will want to protect from disclosure include e-mails, meeting notes, recorded voice messages or phone calls, and even the possible testimony about the conversations concerning an investigation.

What documents should be disclosed about a security incident? +

What documents should be disclosed about a security incident?

Protecting communications from disclosure can be valuable for defending a case in litigation or from regulatory authorities. Protecting the reports and findings from disclosure can be just as important. Not only may it be critical to obtain reports to determine what information was compromised and how it was compromised for the benefit of notifying the proper authorities, but it may also be necessary to avoid a spoliation sanction or to prepare for defending itself from impending actions from shareholders, clients, or government authorities. Asserting the work product privilege can help client prevent unwanted disclosures of documents created as part of the investigation.

What if our company has in-house counsel? +

In-house attorneys are integral to meet the myriad of legal challenges a company may face. Corporate attorneys often interface with outside counsel with expertise in technical areas such as information security. A cybersecurity attorney can assist an organization with compliance, record management, technology contracts, incident response planning, drafting and reviewing technology policies, databreach insurance, and working with the governmental entities. In addition, many inside counsel are inundated with responsibilities and will likely not have the time or resources to deal with the workload of responding to a government investigation like one from the Federal Trade Commission. 

 

Is an attorney necessary if we have complied with the industry standard? +

There are many technical industry standards. Although choosing and complying with any cybersecurity standard can be helpful in demonstrating a company’s attitude toward protecting the information of the business and its customers, it may not help in the preparation, defense, or handling of the legal issues related to a security incident. Of course there are many industry standards with varying differences such as NIST, ISO 27001, and ISO 27002. Employing the assistance of an attorney for interpreting legal matters related to a security incident can prove to be prudent for complying with the relevant laws in addition to the technical standards.

What communications should be disclosed about a security incident? +

Businesses should conduct internal security incident investigations with the thought of protecting the communications from disclosure outside of the organization. Engaging an attorney at the beginning of an investigation can create the attorney-client privilege of such communications. An attorney can designate a specific team for the incident handling and investigation to help ensure that the relevant communications remain confidential. Without the attorney-client privilege, written and oral communications may have to be disclosed as evidence during an investigation by regulatory authorities or in litigation against the company. Typical communications that a business will want to protect from disclosure include e-mails, meeting notes, recorded voice messages or phone calls, and even the possible testimony about the conversations concerning an investigation.

What documents should be disclosed about a security incident? +

Protecting communications from disclosure can be valuable for defending a case in litigation or from regulatory authorities. Protecting the reports and findings from disclosure can be just as important. Not only may it be critical to obtain reports to determine what information was compromised and how it was compromised for the benefit of notifying the proper authorities, but it may also be necessary to avoid a spoliation sanction or to prepare for defending itself from impending actions from shareholders, clients, or government authorities. Asserting the work product privilege can help client prevent unwanted disclosures of documents created as part of the investigation.

What if our company has in-house counsel? +

In-house attorneys are integral to meet the myriad of legal challenges a company may face. Corporate attorneys often interface with outside counsel with expertise in technical areas such as information security. A cybersecurity attorney can assist an organization with compliance, record management, technology contracts, incident response planning, drafting and reviewing technology policies, databreach insurance, and working with the governmental entities. In addition, many inside counsel are inundated with responsibilities and will likely not have the time or resources to deal with the workload of responding to a government investigation like one from the Federal Trade Commission.

Is an attorney necessary if we have complied with the industry standard? +

There are many technical industry standards. Although choosing and complying with any cybersecurity standard can be helpful in demonstrating a company’s attitude toward protecting the information of the business and its customers, it may not help in the preparation, defense, or handling of the legal issues related to a security incident. Of course there are many industry standards with varying differences such as NIST, ISO 27001, and ISO 27002. Employing the assistance of an attorney for interpreting legal matters related to a security incident can prove to be prudent for complying with the relevant laws in addition to the technical standards.