In our fourth installment of privacy, data (cyber) security, and your board, we look at crisis management and data breach issues. As part of providing appropriate duty of care and oversight, board members will want to ensure that the company has an incident response plan in place. They should review and understand the plan. They should want to make sure that the plan actually works. Is it being followed when an incident arises? Can it be followed? Has the response team practiced? And what about when the plan is deployed? Namely, when a cyber incident arises? Keep privilege in mind when talking to the board, for example by having legal counsel conduct investigations and communicate with the board. For our prior post on this topic, click here for day one, here for day two, and here for day three.
Putting it Into Practice: When your company faces a possible data breach, everyone will want to make sure it is handled well. The board is no exception.