Brooks Pierce partner Charles Marshall recently participated in a cybersecurity panel with Business North Carolina to discuss data breach issues.
The discussion, titled "Digital Disaster," examined the scope of data breaches within North Carolina and how businesses can recognize threats, protect data and react to a breach.
"As privacy lawyers, we help clients understand their legal obligations, both on the front end, such as privacy policies, and back end, such as required data-breach responses to customers and authorities," said Marshall. "That happens before a data breach occurs. Many companies haven't identified what data they're collecting and if it is regulated. That is the first step."
Marshall also offered insight on how businesses can handle a breach with their customers.
"Customer service is often left out of data-breach response planning. The first people I talk to after a breach are the IT folks, because they're charged with explaining what happened - and how to prevent it - to the executive team. I have to understand that, too, if I'm going to advise the executives about their legal obligations. The initial assessment also includes notifying customers. In most cases, that means you're giving them the company's phone number or email address. Affected customers will call and email. Customer-service representatives are not privacy or IT professionals, but they will be on the breach's front line. They're protecting the company's reputation. They need to explain the company's message and provide good information. That reassures customers. If you neglect planning a customer-service response on the front end, you'll be scrambling to pull it together on the back end."