DOJ Issues Guidance for Best Practices Before, During, and After a Data Breach


By David Cole

In response to the increasing number of data breaches around the county, and the public attention being given to them, the Department of Justice (DOJ) recently issued a guidance document intended to help organizations prepare for and respond to data breaches. The document, titled “Best Practices for Victim Response and Reporting of Cyber Incidents,” is based on the DOJ’s experience investigating and prosecuting cybercriminals. The guidelines focus primarily on the proactive and reactive measures an organization should take with respect to data breaches.

Consistent with the NIST Cybersecurity Framework, the DOJ guidance recommends that, before any data breach occurs, organizations should conduct a risk assessment to identify and prioritize critical assets, data, and services.  In addition, the guidance recommends that organizations develop a data breach response plan that has specific, concrete procedures to follow in the event of a data breach.  Once a plan is developed, organizations should test the plan with “table top” exercises, and continually update the plan to reflect changes in personnel and structure. Organizations should also ensure that they maintain necessary technology to detect and respond to data breaches.

In the event of a data breach, the guidance recommends a number of basic steps.  It advises organizations to not use compromised systems to communicate once they become aware of a potential data breach.  After making an initial assessment of the nature and scope of the incident, the guidelines also suggest that an organization minimize continuing damage to its system by taking steps such as rerouting network traffic, blocking a denial of service attack, or isolating all or part of a compromised network. The organization also should record and collect all evidence and information that it can about the unauthorized access that occurred, which may involve imaging the affected computer and retaining all logs and records of the data underlying the incident.  Finally, the guidelines suggest that an organization notify its employees, management, law enforcement (including the Department of Homeland Security), and any potential victims.

The guidelines also warn that, in the event of a cyber-attack, that organizations should not “hack back” or intrude upon the suspect’s network.  “Hacking back” may violate a number of laws, and since many intrusions are launched from compromised systems, “hacking back” can damage or impair another victim’s system. The guidance also recommends that victim organizations continue monitoring their networks after a cyber-attack for any unusual activity to make sure that any unauthorized users are really gone.  After an incident is over, the DOJ recommends a post-incident review to identify deficiencies in planning and execution of the incident response plan.

Lastly, the DOJ suggests that before, during, and after a data breach, organizations work closely with legal counsel who is experienced in handling data breaches. The use of experienced counsel ensures that an organization will receive accurate advice from counsel who is comfortable with addressing the unique and varied issues that arise from a data breach.  To review your organization's data breach preparedness and evaluate the best ways to implement these guidelines in your organization, please contact David Cole at (770) 818-1287 or [email protected].



Articles

DOJ Issues Guidance for Best Practices Before, During, and After a Data Breach

Homeowners Association Can Charge Fees For Short-Term Rentals

The War Against Pre-Dispute Arbitration Clauses Rages On

New York City Law Restricts Use of Credit Checks for Employment Purposes


Learn more about FMG

CGL and Business Liability

Commercial and Complex Litigation

Construction and Design Law

Financial Services and Securities

Insurance Coverage & Bad Faith

Government Law

Labor and Employment Law

Professional Liability / Errors and Omissions



Freeman Mathis & Gary, LLP
100 Galleria Parkway
Suite 1600
Atlanta, Georgia 30339-5948

Tel: 770.818.0000 / Fax: 770.937.9960

www.fmglaw.com


Copyright © 2016 Freeman Mathis & Gary, LLP Click here to print the article.