Threat and Breach Response
OneTrust DataGuidance and expert speakers from Perkins Coie LLP provided a webinar looking at the recent developments in the threat and breach response landscape.
Amelia Gerlicher, Partner, and Alexandria Bradshaw, Associate, explore trending attacks, review U.S. breach notification law, as well as share insight into recent legislative updates and the trends that continue to drive changes to state law. Against this backdrop, the webinar discusses some of the strategies to help minimise risks and streamline response when incidents occur.
Malicious attacks are rising across the US and all over the world. They are up from 42% five years ago, 24% 10 years ago. These include nation-state attacks, ransomware or targeted c-level attacks.
U.S. breach notification law
Currently, in the U.S., every state has a breach notification law and in half of the states there are data security laws. Compared to 2005, only half the states were regulated with a breach notification law and no state had a data security law in force. Important trends in state laws have happened in the states across America.
- Expanded definitions of personal information which includes online account credentials, biometric data, government identifiers and medical and insurance information.
- Deadlines are 30-90 days from the discovery.
- Regulator notification requirements are double in last five years with contents of notice increasingly detailed and individualised and also regulators are publishing the notice.
- Tweaking the details: by specifying notice contents, wording, narrowing exemptions, adding state-specific and unique requirements and adjusting definition of 'breach'.
- Litigation represents a small percentage of breaches attract disproportionate interest, 100-200 federal cases against a few dozen defendants per year and none have been tried or certified. It is specified in the CCPA that the implementation and reasonable maintenance of security procedures and practices appropriate to the nature of the information, are to protect the personal information from unauthorised access, destruction, use, modification, or disclosure. There are early indications of attracting additional interest, but not yet substantial, about 13 federal cases regarding data breaches since January have happened.
How OneTrust DataGuidance helps
OneTrust DataGuidance™ is the industry’s most in-depth and up-to-date source of privacy and security research, powered by a contributor network of over 500 lawyers, 40 in-house legal researchers, and 14 full time in-house translators. OneTrust DataGuidance™ offers solutions for your research, planning, benchmarking, and training.
OneTrust DataGuidance provides a detailed comparison for Data Breach Notification requirements across the globe, featuring Guidance Notes which provide detail on data breach requirements such as who to notify, when to inform data subjects and more.
OneTrust DataGuidance solutions are integrated directly into OneTrust products, enabling organisations to leverage OneTrust to drive compliance with hundreds of global privacy and security laws and frameworks. This approach provides the only solution that gives privacy departments the tools they need to efficiently monitor and manage the complex and changing world of privacy management.