For the first Monday in November, we have 10 easy steps to make sure that your data breach incident response planning is viewed from that pesky point of view of a litigator.
- Fail to plan = plan to fail.
- Big problems first, small problems later (don't let the perfect be the enemy of the good).
- The criticality of the tone at the top cannot be overstated.
- You cannot prevent idiocy, but you can train (and retrain, and retrain).
- Make good email practices your fight song (in both times of calm, and times of crisis).
- Say what you mean and mean what you say (avoid good policies with poor follow-through; don't set standards that you can't meet).
- Avoid inconsistencies wherever possible.
- Know what your peers are doing (and if you aren't doing the same thing, document why not).
- If you have a close call, document your decision and carefully consider whether you want privilege to apply or not (and why not).
- Think about your "story" in slow motion being played on a movie screen (or in excruciating detail on the front page of the Wall Street Journal).
H/T to Mintz's Meredith Leary for these. For more on these 10 easy steps and a replay of our Halloween-themed October Privacy Webinar, "Tricks, But No Treats: A Halloween Visit to the Frightening World of Data Security Litigation," check out this link to the recording.