As Legal Counsel, you are an important player in your company’s data protection processes. Whether alone or in collaboration with Compliance and Data Protection Officers, managing your company’s legal information to minimise legal risk created by cyber attacks and data breaches is increasingly important.
Data breaches can affect your company’s bottom line, but if regulators and shareholders allege that you breached various fiduciary duties by not mitigating known data security risks, you may also be at risk of personal liability. Therefore, GCs need a clear understanding of where they are vulnerable so they can mitigate their risks and avoid liability.
While news headlines focus on the growing prevalence of cyber-attacks, much less malicious forces, like a lost computer or accidentally deleting a file, also cause data breaches. It is important to have a clear view of the entire threat landscape.
Types of data security incidents that cause data breaches
Security incidents that can result in a data breach can be either accidental or intentional, by people known to your company (inside threats) or strangers (outside threats).
Accidental breaches by inside players can include lost documents or equipment (like mobile phones or laptops), sending data to the wrong person, unauthorised access to shared drives or corporate applications, and equipment failure (including computers, software or servers). People known to your company, like employees or partners, can also cause intentional breaches by stealing or leaking data in an attempt to profit or sabotage the company.
On the other hand, outside threats are most often intentional, and include attempts to steal your data by hacking or using phishing tactics to install malware.
Preventing data breaches
In our latest whitepaper, “Best Practices for Preventing a Data Breach & Avoiding Liability”, we provide more detail about most prevalent types of data security incidents to help you identify your vulnerabilities. With a clear idea of the risks you need to mitigate, you adopt a structured approach to data breach management.