The article discusses Yahoo’s two massive data breaches and how in-house legal departments are absorbing a lot of the blame for cybersecurity issues.
The general counsel should be asking questions of the board and the IT team to figure out what the status of the company is when it comes to data security, said Denver Edwards, a principal at law firm Bressler, Amery & Ross. “What policies are in place?” he said. “How engaged is the board when it comes to data security? What are vendor relationships like?”
“You’d be negligent at this point if you don’t have an incident response plan on what to do when there is a breach,” Edwards added. “And the general counsel, if he or she is aware of a breach of this magnitude, must go to the board and engage them right away and have the incident response plan triggered.”
To read the entire article on the Corporate Counsel website, click here. Subscription may be required.