CBA Record November 2017

Y O U N G L A W Y E R S J O U R N A L

Early Bird Tickets Nowon Sale for DiscoNights CasinoNight. Get ready to do a little dance, play a little cards, and get down tonight with the YLS at “Disco Nights,” our 11th annual casino night fundraiser benefiting The Chicago Bar Foundation. In celebration of the CBF’s 70thAnniversary, we’ll be getting down 1970’s-style in our best disco duds at an evening featuring table games, a Texas Hold’em Tournament, and food and drink at The University Club on February 23, 2018. Proceeds from the evening support the CBF’s work in Chicago’s legal community to make the justice systemmore fair and accessible for everyone. Tickets are on sale now at www.chicagobar.org/ylscasino!

unnecessary liability if that information was subject to a breach. The instinct to simply keep things forever needs to be resisted. Identifying what information you have and need can allow a firm to set up a routine destruction of data schedule. Firms should identify the data that they collect, determine how long they need to store that data based on regulations and firm use, and then create and follow through with a planned document destruction schedule. A routine schedule eliminates the possibility of suffering consequences for breached information that your firm no longer needs. Public Relations Response How a firm responds to a data breach can go a long way in determining the percep- tion of the firm’s reputation. Any firm is going to sustain damage to their reputa- tion and trustworthiness when a breach occurs, but the impact of that breach can be mitigated with a thoughtful and mea- sured response to the breach. This type of

response is much more likely if it has been prepared in advance without the pressure and time crunch of an active breach. An incident response plan should des- ignate who is allowed to speak for the firm on this issue, include prepared remarks and notification letters, and media contacts to get out in front of any story. Control- ling the perception of your firm during a breach is crucial. The information that is being conveyed to the public should not come out in drips, but a complete state- ment about what happened and the steps that are being taken to remedy the breach. Restoring the public’s trust in your firm is going to be difficult, but having a strong response to a breach can go a long way in re-establishing the reputation of the firm as someone that can be trusted. These are just some of the benefits that can come through the use of an incident response plan. The creation of an incident response plan should simply be a part of your firm’s preparation for a breach. Also, having training for employees on

data security matters and firm policies addressing cyber security issues are key. Implementing an incident response plan can be a substantial first step in preparing your law firm for the new realities of the digital age. Brian C. Eaton is an associate in the Business & Finance group at Taft Stettinius &Hollis- ter LLP. He focuses his practice onTechnology Law, specifically Privacy and Data Security. WHAT’S YOUR OPINION? Send your views to the CBA Record, 321 South Plymouth Court, Chicago, IL 60604, or to Publications Director David Beam at dbeam@ chicagobar.org.Themagazine reserves the right to edit letters prior to publishing.

36 NOVEMBER 2017