Into the Breach: Tips for Effectively Partnering With Outside Counsel in the Data Breach Planning Process
Lane Powell Shareholder Darin Sands authored an article in the April issue of Oregon Business magazine titled “Into the Breach: Tips for Effectively Partnering With Outside Counsel in the Data Breach Planning Process.” In the article, Sands discussed the various strategies businesses should consider when structuring their breach response plans. Among stakeholders, a question often asked is, what role should outside counsel play?
Unfortunately, that question is too often answered at one of two extremes: 1) either by outside counsel who present themselves as the primary (and expensive) driver of the process, often at the expense of important business, technical, public relations and marketing objectives; or 2) by non-legal stakeholders who view the primary role of legal counsel as a reactive one, only to be engaged after a breach. Each extreme has the potential to result in costly mistakes in the event of a breach. …
… In order to ensure that all key players can communicate freely and obtain timely legal advice, the breach response planning process must include a strategy to cloak the response effort in attorney-client privilege. To benefit from that protection, a breach response must be: (1) formally directed by counsel; (2) confidential; and (3) made to assist counsel in providing legal advice. Any breach response plan must be designed with the above goals in mind.