I hope by now that my admonitions to you to prepare in advance for a data breach have sunk in, so you and your data breach team will be well prepared for this moment. However, I would like to emphasize that rather than calling your forensic analysts first - that you call your attorney first. There is a simple reason for this in that information provided to your attorney is protected by client privilege rules, whereas all other vendors that you might use and share information with will be subject to disclosure in the case of a lawsuit.
My recommendation to you is that your first call be to your attorney so that your attorney can call all of the other vendors that will be needed to survive this breach on your behalf. If your attorney calls the vendors then all information they discuss is also subject to attorney-client privilege. This approach will allow you to only release information that you need to. If you haven’t decided which attorney you are going to use yet, I highly recommend an attorney friend of mine that specializes in cyber liability issues. Her name is Claudia Rast with the law firm Butzel Long in Ann Arbor, Michigan. I have worked with Claudia for the past four years and find her to be extremely competent, very personable and extremely fair with her rates.
Of course, there are a lot of other things that will need to be done. To help you plan through a potential breach, one of the best resources I have found to help prepare you for a data breach is the “2013 Data Breach and Readiness Guide” by the Online Trust Alliance, OTA. You can download the file from their website.
Stewart V. Nelson
Senior Risk Advisor
Kapnick Insurance Group