eDiscovery Daily Blog

• January 21, 2020

Last Friday, we covered one updated commentary from The Sedona Conference® (TSC) and promised to cover another one this week.  Consider our promise kept!  :o)

On January 10, TSC and its Working Group 11 on Data Security and Privacy Liability (WG11) announced the publication of the January 2020 final version of The Sedona Conference Incident Response Guide.

The mission of WG11 is to identify and comment on trends in data security and privacy law in an effort to help organizations prepare for and respond to data breaches, and to assist attorneys and judicial officers in resolving questions of legal liability and damages.  WG11 developed the Incident Response Guide to provide a comprehensive but practical guide to help practitioners and organizations deal with the multitude of legal, technical, and policy issues that arise whenever a data breach occurs.

The Incident Response Guide is intended to help organizations prepare and implement an incident response plan and, more generally, to understand the information that drives the development of such a plan. It has been created by thought leaders in the industry and reflects both the practical lessons learned and legal experience gained by the drafters from direct experience responding to incidents, from representation of affected clients, and from the promulgation of rules and guidelines on national and international levels, and is intended to provide general guidance on the topic.

A couple of interesting and curious things about this guide, compared to other TSC guides we’ve covered in the past:

• The Public Comment version of the Guide was developed way back in March 2018, almost two years ago
• The guide starts on page 124 and goes to page 262?!? At least in the version I just downloaded this weekend.  Hmmm…

Regardless, there are essentially seven parts in the 139-page(!) (PDF) Commentary (after the Introduction, Part I), plus six appendices.  The Guide covers various topics like pre-incident planning, the incident response plan and executing it, key collateral issues and basic notification requirements.  The appendices include a Model Incident Response Plan and Model Notification Letter and Model Attorney General Breach Notification examples.

You can download a copy of the Commentary here (login required, which is free).  BTW, do you know how many states have security breach notification laws?  You might be surprised!

So, what do you think?  Does your organization have a incident response plan for data security?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.