Incident & Breach Response , Managed Detection & Response (MDR) , Security Operations

Who Should Be Contacted After a Breach?

Attorney Ruth Promislow Offers Insights on Who to Include on the List
Ruth Promislow, partner, Bennett Jones LLP

Who is on your list of contacts in the event that your organization experiences a data breach? Attorney Ruth Promislow, partner at Bennett Jones LLP, says the police and external legal counsel should be near the top of that list of contacts.

See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors

Having outside counsel is important, she says, because "there have been cases where correspondence with in-house counsel has been held not to be privileged. ... When you're dealing with external counsel, it's much cleaner when protecting that line of communication."

In a video interview at Information Security Media Group's recent Fraud and Breach Prevention summit in Toronto, Promislow discusses:

  • Why contacting the police can be critical to containing damage;
  • How working with external council is different than working with in-house legal staff;
  • Why boards of directors are now held to new a standard for understanding breach response.

Promislow practices commercial litigation with a focus on commercial crime, including cybersecurity, investment fraud, employee fraud and anti-money laundering. She has extensive experience with cybersecurity matters, including cyber preparedness, incident response and related litigation. She oversees and conducts internal investigations for clients, working with internal and external auditors.

About the Author

Joan Goodchild

Joan Goodchild

Director of Multimedia Content, ISMG

Joan Goodchild is veteran writer and editor who has been covering security for more than a decade. Before joining ISMG, she was the editor-in-chief of CSO, where she led the team to several national awards, including an AZBEE (ASPBE) for website of the year and several Digital Eddie (Folio) awards for B2B website of the year. Her previous experience in business journalism includes roles as a broadcast and web editor with the Boston Business Journal and as a news writer covering the Windows OS with TechTarget. Prior to that, she worked as a television reporter and anchor for more than a decade. She has a master's degree in journalism from Northwestern University's Medill School of Journalism and is the recipient of an Edward R. Murrow award for investigative reporting.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.