Investigating security breaches and managing contracts with third parties
You receive a call from your IT team; someone has noticed odd access patterns to one of your key databases containing key confidential information, some of which belongs to third parties who you contract with. Some more checking and analysis takes place and within a few hours, you know with reasonable certainty that someone has been and still is, accessing your and your business partners’ confidential data.
At this stage, you probably have some information but in terms of the total information available about the problem, at this point in time, you probably don’t know that much. It is important to work quickly with IT, the commercial teams who work with the data in question and senior management to understand as much as you can in the next 12–24 hours so that you can decide what to do next.
This might appear obvious — surely just cut off the access to your data? This route ‘solves’ the immediate problem, and may in some cases be the correct approach. However, it means risking severely limiting the amount of information that you can obtain about the breach. In turn, this limits the information you have available to work out the identity of and, if appropriate, pursue the wrongdoers and to feed information about the problem back into the business to improve security. Information security is not just about IT security — it encompasses the whole business and all employees. In those very early hours of working out the scope of the problem, it is also key to review contracts you have with third parties that may give rights to those third parties in relation to data and information security…
If you are registered and logged in to the site, click on the link below to read the rest of the Taylor Wessing briefing. If not, please register or sign in with your details below.
News from Taylor Wessing
News from The Lawyer
Briefings from Taylor Wessing
The Düsseldorf Court of Appeal has referred questions to the CJEU on whether the supply of patent-protected substances by a third party to a generic company is covered by the Bolar exemption.
This is only the second time that the Data Protection Index has featured in Global Intellectual Property Index, yet a number of trends are already apparent from the results.
Analysis from The Lawyer
The city-state is working hard to become a global wealth management hub, and law firms are gearing up for a prosperous new world
Financial disputes are starting to dominate the English courts as the long-awaited fallout from the downturn finally comes to town