Investigating security breaches and managing contracts with third parties
You receive a call from your IT team; someone has noticed odd access patterns to one of your key databases containing key confidential information, some of which belongs to third parties who you contract with. Some more checking and analysis takes place and within a few hours, you know with reasonable certainty that someone has been and still is, accessing your and your business partners’ confidential data.
At this stage, you probably have some information but in terms of the total information available about the problem, at this point in time, you probably don’t know that much. It is important to work quickly with IT, the commercial teams who work with the data in question and senior management to understand as much as you can in the next 12–24 hours so that you can decide what to do next.
This might appear obvious — surely just cut off the access to your data? This route ‘solves’ the immediate problem, and may in some cases be the correct approach. However, it means risking severely limiting the amount of information that you can obtain about the breach. In turn, this limits the information you have available to work out the identity of and, if appropriate, pursue the wrongdoers and to feed information about the problem back into the business to improve security. Information security is not just about IT security — it encompasses the whole business and all employees. In those very early hours of working out the scope of the problem, it is also key to review contracts you have with third parties that may give rights to those third parties in relation to data and information security…
If you are registered and logged in to the site, click on the link below to read the rest of the Taylor Wessing briefing. If not, please register or sign in with your details below.
News from Taylor Wessing
Briefings from Taylor Wessing
New rules will apply to most businesses selling to consumers in the EU, including to those selling online from outside the EU, from no later than 13 June 2014.
Last year — 2013 — was a considerably less eventful year for German gambling law than 2012, which saw significant reforms within the industry.
Analysis from The Lawyer
The city-state is working hard to become a global wealth management hub, and law firms are gearing up for a prosperous new world
Financial disputes are starting to dominate the English courts as the long-awaited fallout from the downturn finally comes to town