What are Data Breaches?
Data breaches are increasing in size and prevalence with each passing year, with cyber-criminals (and even state actors) taking keen interest in obtaining sensitive corporate and personal data. A data breach can arise from many causes such as an intentional hacking attack, employee mischief or neglect, inadvertent leak, lack of or failure in security measures, equipment failure, human error, etc. In the last several years, many reports from around the world and in Singapore abound of data breaches occurring in many reputable organisations. It is no longer a question only of preventing data breaches but more so one of being able to effectively handle a data breach when it occurs.
Repercussions of Data Breaches
With data continuing to be a key asset and operational currency of any organisation, it is of paramount importance for an organisation to pay attention to how it can reduce the impact of a data breach and effectively deal with it, when a breach does happen. It is only a question of time before a data breach occurs in any organisation, if not already so. The consequences of a data breach for an organisation are severe, ranging from a loss of reputation, plummeting stock price or revenue, loss of customers, legal suits and damages to be paid out, loss of regulatory licence or significant regulatory fines being imposed. Research1 has shown that the average total cost of a data breach for an organisation2 increased from US$3.52 million in 2014 to US$3.79 million in 2015.
Depending on the cause and circumstance, some data breaches may have significant repercussions for senior management personnel including possible loss of job and personal criminal liability.
The important question is therefore how management can better prevent and deal with data breaches. When (not if) a data breach occurs, the organisation faces immediate, costly and time-consuming challenges, which include containing the breach, assessing the damage, determining who accessed the information, and evaluating legal liability and obligations to notify affected persons and/or the relevant regulator(s). With ubiquitous social media at play as well and the possibility of the breach becoming viral, it is of paramount importance that any response be timely and effective.
What To Do In The Event of a Data Breach
When a data breach occurs, an organisation would require timely legal advice from lawyers, on understanding the implications of the data breach and in responding to the data breach including notification of regulators and/or affected individuals, should the circumstances require such action.
The organisation would also require a competent technical team with the ability to forensically ascertain the cause of the data breach as well as the extent by which data has been compromised. Such technical/forensic work would go hand in hand with the legal work being carried out by the lawyers as the result of the technical/forensic work would often dictate the legal steps to be carried out post-breach.
Data Breach Incident Response Services
Recognising the challenges that organisations face in a connected and technology dependent world, Rajah & Tann Singapore’s Technology, Media and Telecommunications practice group is well-prepared to assist organisations in dealing with such challenges in the face of the ever lurking possibility of data breaches happening.
To ensure a seamless workflow, Rajah & Tann Singapore is collaborating with technical/ forensic specialists to provide a unique one-stop-shop service to assist organisations to effectively handle data breaches. Clients will enjoy the benefit of the legal expertise of Rajah & Tann Singapore and the technical/ forensic expertise of a technical specialist company.
Our data breach services can be customised, depending on the nature of the breach and what is needed to be done. It is intended to cater to the budget of every organisation, whether an SME, a large organisation, a financial institution, etc.
Our data breach services also seek to provide organisations with a holistic solution designed to assist in preventing data breaches and/or in effectively responding to a data breach. These include an assessment of data breach readiness, data breach preparedness activities, data breach incident response. Should a data breach occur, a representative from Rajah & Tann Singapore and/or KPMG in Singapore would be onsite within a pre-agreed time, to assist the client in handling the data breach, including containing the breach, ascertaining the cause, assessing the breach consequences, evaluating response and crisis management.