Bloomberg Law said in its June 6 article "Lawyers Need Plan of Attack After a Cyber Attack,” that every lawyer "dreads falling victim to a ransomware, malware, or phishing attack. But an even worse fate is suffering a data breach without having a plan in place.”
The article covers in depth the panel presentation “Information Governance Part II – The Ethics of Data Breach Reaction,” by Shook Partner Bill Sampson, Hinshaw & Culbertson’s deputy general counsel Steven Puiszis, and Jason Warmbir, vice president at Willis Towers Watson, at the American Bar Association’s 44th National Conference on Professional Responsibility in Louisville, Kentucky.
During the panel, Sampson discussed the response of law firm DLA Piper to a data breach in 2017. According to Sampson, the law firm sent out three communications to clients in less than two weeks. “While the first two messages were ‘hardly chock-full of information,’ Sampson said, the firm appeared to be reacting appropriately to the breach,” said Bloomberg Law. “Sampson attributed the firm’s success to good planning (early breach detection and ability to shut down the entire system), good backup systems, buy-in from firm leadership (who approved 15,000 hours of overtime), and increasing the level of detail in the communications without over-promising.”
Sampson’s presentation was based on “Navigating Client Notification in the Aftermath of a Cyber-Attack: A DLA Piper Case Study,” co-authored with Shook Associate Jen Varon. Sampson is chair of a Sedona Working Group on Data Security and Liability “brainstorming group” to establish “reasonableness” in the context of data security.
Shook’s Privacy and Data Security practice, chaired by Partner Al Saikali, handles data breach response, crisis management and compliance with laws governing the collection, storage, use and disposal of sensitive information.