The 30 Minute Breach Drill

In All, Technology by lowndestech

By Ben Butterfield

A General Counsel should plan on preparing an initial briefing to a CEO shortly after a data breach has occurred.  Advance planning will help you achieve this goal.


  1. Locate outside counsel with experience in computer intrusions. Identify an individual who understands the technical, legal and regulatory implications of particular types of breaches.


  1. Get a debrief from whomever will present the information about the compromise (i.e., the IT Director, CIO, HR Director, etc.).
  2. Direct the IT staff to freeze all internal audit trails.
  3. The GC then needs to convene a meeting of the company’s incident response team which will then proceed through executing the company’s previously adopted incident response plan.
  4. The GC should then, if he/she has not already done so, inform the CFO.  A decision will then need to be made on whether or not this particular breach requires you to notify law enforcement.  This will all be spelled out in your incident response plan.
  5. An analysis of the company’s insurance policy should be undertaken to determine what, if any, insurance will cover the breach, any loss, or other costs associated with the breach.
  6. Immediately start keeping track of all costs (time, expense, damages) associated with the breach.  Finally, contact the CEO.
  7. Each of the foregoing steps will help the GC provide the CEO with the information necessary to evaluate the breach and make timely and informed decisions.