Forensicon Blog Interview: Attorney Jena M. Valdetero
Forensicon interviews privacy and data breach response attorney, Jena Valdetero, a partner with Bryan Cave LLP, on the topic of Data Breach Preparedness. Valdetero provides further details on what organizations should do in order to be prepared for the eventual future data breach of their organization.
About Jena Valdetero
Jena Valdetero is a partner at Bryan Cave LLP, where she serves as the head of Bryan Cave LLP’s data breach response team. She has provided counseling to dozens of clients in connection with data privacy and security issues. She is a Certified Information Privacy Professional/United States (CIPP/US) by leading privacy trade organization the International Association of Privacy Professionals. She has written and presented extensively on the topic of data breach response and breach preparedness and most recently co-authored the handbook Data Security Breaches: Incident Response and Preparedness, which will be published shortly by the Washington Legal Foundation. In addition to her privacy practice, Valdetero handles litigation matters on behalf of a variety of clients, including class action litigation, in both state and federal courts.
Jena, tell us what some of the things you recommend your clients to do before a data breach happens so that they’re ready?
Valdetero: We actually worked on a data breach preparedness checklist and what we often find in a data breach situation, it’s a crisis. People are upset, they are scrambling, and they often don’t have a solid plan in place.
And one of the most basic things that you can do is quickly identify various documents that you’re going to need to rely on, that will help guide you through the process. And by that I mean;
- Does your company have a cyber liability insurance policy?
- Do you have an incident response plan and people who are identified to be a part of an incident response team?
- Do you have contracts in place with a forensic company who can come on the ground very quickly and help go through your computer systems and try to figure out the source of the breach and also as important what was actually accessed or acquired?
Those types of things, there are a variety of other documents including business partner contracts that we tell people that they should have in their possession and their ability to access, pretty quickly. Because, you’ll want to consult all those documents in order to make sure that you’re complying with your obligations under all of those documents and also to make sure that you’re aware of all the moving parts that are occurring.
Forensicon: You raised a good point about having a relationship with a computer forensics firm. If you are a firm that has been exposed to a breach or you are preparing for one, having a meeting and doing a limited amount of consulting with a firm long before anything goes wrong can really help. If the firm understands your systems, they already know the IT department, they have a network map of what the systems do and what not, that goes a long way to help in a time of crisis.