Partners Judy Selby and Lynn Sessions co-authored an article entitled, “Building a Data Breach Response Team, Before You Have a Breach,” which was published by CSO.com and CIO.com on October 3, 2014. They advised companies to address the issue before they have a breach in order to assemble the best team for the company’s need. If companies wait until an issue happens to form a breach response team, Selby and Sessions cautioned that they “may find themselves in the unfortunate position of enlisting whoever is available, easiest (or lowest costing) to retain versus best for the job, which can lead to disastrous results for both the breached company and those whose information has been breached. Assembling a breach response team in advance of an incident allows entities to thoughtfully and thoroughly vet candidates and ensure retention of the best qualified team for the entity’s unique needs.” The article includes sections entitled, “Practice Makes Perfect,” “Breach Response Team Members,” “Selection of Outside Privacy Counsel,” “Choosing the Right Forensics Firm,” and “Retaining an Appropriate Crisis Management Firm.”
In conclusion, they advised:
Since identifying appropriate breach experts is a relatively new task for many companies, consider starting with a key expert such as outside legal counsel or a cyber insurer to obtain referrals for breach response team members. Also, explore the growing number of data breach and cybersecurity trade shows and conferences to network with and vet breach coaches, forensic firms and crisis management specialists. Lastly, when the full breach response team is assembled, remember to practice the response plan with all team members to ensure that everyone understands their roles and can work together as an effective team.