36 / 52
Y O U N G L A W Y E R S J O U R N A L
unnecessary liability if that information
was subject to a breach. The instinct to
simply keep things forever needs to be
resisted. Identifying what information you
have and need can allow a firm to set up a
routine destruction of data schedule. Firms
should identify the data that they collect,
determine how long they need to store
that data based on regulations and firm
use, and then create and follow through
with a planned document destruction
schedule. A routine schedule eliminates
the possibility of suffering consequences
for breached information that your firm
no longer needs.
Public Relations Response
How a firm responds to a data breach can
go a long way in determining the percep-
tion of the firm’s reputation. Any firm is
going to sustain damage to their reputa-
tion and trustworthiness when a breach
occurs, but the impact of that breach can
be mitigated with a thoughtful and mea-
sured response to the breach. This type of
response is much more likely if it has been
prepared in advance without the pressure
and time crunch of an active breach.
An incident response plan should des-
ignate who is allowed to speak for the firm
on this issue, include prepared remarks and
notification letters, and media contacts
to get out in front of any story. Control-
ling the perception of your firm during a
breach is crucial. The information that is
being conveyed to the public should not
come out in drips, but a complete state-
ment about what happened and the steps
that are being taken to remedy the breach.
Restoring the public’s trust in your firm is
going to be difficult, but having a strong
response to a breach can go a long way in
re-establishing the reputation of the firm
as someone that can be trusted.
These are just some of the benefits that
can come through the use of an incident
response plan. The creation of an incident
response plan should simply be a part
of your firm’s preparation for a breach.
Also, having training for employees on
data security matters and firm policies
addressing cyber security issues are key.
Implementing an incident response plan
can be a substantial first step in preparing
your law firm for the new realities of the
digital age.
Brian C. Eaton is an associate in the Business
& Finance group at Taft Stettinius &Hollis-
ter LLP. He focuses his practice onTechnology
Law, specifically Privacy and Data Security.
Early Bird Tickets Nowon Sale for DiscoNights CasinoNight.
Get ready to do
a little dance, play a little cards, and get down tonight with the YLS at “Disco
Nights,” our 11th annual casino night fundraiser benefiting The Chicago Bar
Foundation. In celebration of the CBF’s 70thAnniversary, we’ll be getting down
1970’s-style in our best disco duds at an evening featuring table games, a Texas
Hold’em Tournament, and food and drink at The University Club on February
23, 2018. Proceeds from the evening support the CBF’s work in Chicago’s legal
community to make the justice systemmore fair and accessible for everyone.
Tickets are on sale now at
www.chicagobar.org/ylscasino!WHAT’S YOUR OPINION?
Send your views to the
CBA Record,
321
South Plymouth Court, Chicago, IL 60604, or to
Publications Director David Beam at dbeam@
chicagobar.org.Themagazine reserves the right
to edit letters prior to publishing.
36
NOVEMBER 2017