Skip to content
 

Pinsent Masons’ specialist cyber team can coordinate and manage security incidents and data breaches in the UK, Europe and worldwide.

Responding to a breach

A breach may cross borders and involve more than one jurisdiction. It is essential that the response (including all experts) is joined up and coordinated, with specialist and experienced lawyers at the hub for the purposes of legal professional privilege.

Pinsent Masons’ specialist cyber team would advise on legal issues, e.g. notification obligations to regulators and affected individuals, manage IT forensic investigations, deal with any regulatory investigations, manage customer and third party claims, advise on cyber extortion threats; coordinating all workstreams and third parties. In the event of a significant breach affecting more than one jurisdiction, we would manage the response from the UK by working with colleagues and partner firms in other European and international offices together with other experts such as forensic investigators and PR/crisis management specialists, as required.

Pinsent Masons would take on a central role in any breach response. We would offer our cyber crisis management service. Our service is designed to proactively manage any incident involving an information security or data breach in order to minimize legal exposure and maximize an effective response.
cyber

Why Pinsent Masons

We are cyber specialists. We have a wealth of experience of managing breaches for clients, built up over the last ten plus years. Members of our cyber team have worked for insurers and developed cyber products for insurer clients, so we can also fulfil monitoring and coverage counsel roles, as required.

Using its offices and partners, across all 28 European countries and worldwide, Pinsent Masons is able to offer a global solution.

Pinsent Masons’ specialist cyber team operates as part of a Tier 1 rated TMT Practice, allowing us to bring considerable technological knowledge and expertise to accompany our breach knowledge. Recent instructions include:

  • Advising a household name which suffered a significant data breach in summer 2015. Certain data was compromised following a third party attack on its IT systems. We engaged various IT forensics firms and advised in relation to regulatory investigations led by the Information Commissioner’s Office and the Financial Conduct Authority together with a criminal investigation brought by the Met Police (Cyber Crime Unit).
  • Managing approximately 20 customer claims following a significant data breach and cyber extortion threats after a client in the technology sector was attacked and over 40 of its clients were targeted. We acted for the insurer and its insured, and instructed an IT forensic firm to investigate the breach. Our experience of managing such breaches and technology expertise enabled us to closely manage the scope and costs of the forensic investigation.
  • Advising a global technology provider and its insurer following a targeted cyber attack by an unknown third party attacker, believed to be state-sponsored. This included advising on legal requirements to notify the Information Commissioner’s Office, customers and various third parties, together with coordinating advice from multiple jurisdictions, in particularly unusual circumstances.

Instructing solicitors to coordinate and manage breaches means that communications with third party experts, when facilitated through a law firm such as Pinsent Masons, may attract privilege and the protections that such status may afford. When dealing with claims in litigation and/or regulatory investigations led by a data protection authority (e.g. the Information Commissioner’s Office) or a financial regulator (e.g. the Financial Conduct Authority), such protections can be a key consideration. Other (non-legal) advisers cannot provide the same potential protections.

Our response service

Responding to a breach

Pinsent Masons would take on a central role in any breach response with our cyber crisis management service. Our service is designed to proactively manage any incident involving an information security or data breach in order to minimize legal exposure and maximize an effective response.

On discovery of a breach event your first step will be to notify us. We could make a dedicated email address available and explore whether a dedicated phone number might be set up including working with a third party provider.

Once notified, we’ll instruct a forensics firm to assist investigate the breach. Instructing solicitors to coordinate and manage breaches means that communications with third party experts, when facilitated through a law firm such as Pinsent Masons, may attract privilege and the protections that such status may afford. When dealing with claims in litigation and/or regulatory investigations led by a data protection authority (e.g. the Information Commissioner’s Office) or a financial regulator (e.g. the Financial Conduct Authority), such protections can be a key consideration. Other (non-legal) advisers cannot provide the same potential protections.

From the point of notification, Pinsent Masons’ specialist cyber team will advise on legal issues, e.g. notification obligations to regulators and affected individuals, manage IT forensic investigations, deal with any regulatory investigations, manage customer and third party claims, advise on cyber extortion threats; coordinating all workstreams and third parties. In the event of a significant breach affecting more than one jurisdiction, we would manage the response from the UK by working with colleagues and partner firms in other European and international offices together with other experts such as forensic investigators and PR/crisis management specialists, as required.

Network of Experts

From our extensive experience of managing breaches, we have developed good working relationships with a number of third party experts that we can call on, as required. Details of the IT Forensics, Credit Monitoring, PR Crisis Communications and Logistics/Notification firms we would consider engaging are available on request.

The response process

We have identified five key workstreams common to every incident or breach, which often operate in parallel. We would manage a number of required activities from those workstreams in order to deal with and manage the key areas and issues, as indicated below.

  1. Fact Finding
  • Establish who, what, where, when
  • Identify key facts, as known, at the outset
  • Identify questions and develop plan for obtaining information to plug gaps
  1. Governance
  • Who are the key stakeholders?
  • Review/create Incident Response Team
  • Establish who needs to be kept informed and to what timescales
  1. Containment
  • Identify relevant third parties i.e. clients/customers, sub-contractors and suppliers (e.g. hosting providers)
  • Establish cause, assess impact, identify immediate containment measures
  • Decide whether external IT forensic consultants need to be engaged
  1. Assessment (Legal & Regulatory)
  • Establish whether to notify regulators (e.g. ICO/FCA) and effected individuals
  • Assess whether to compensate affected individuals (financially or with credit monitoring services)
  • Analyse legal exposure/liability (e.g. claims by third parties
  • Review third party contract and identify potential claims/recoveries against third parties
  1. Communications (PR & Crisis Management)
  • Manage internal and external communications
  • Communicate with employees, customers, press (news/trade) and market as a whole
  • Manage reputation
  • Contain a crisis

Cyber Readiness

Cyber Readiness is a solution based on a simulation exercise designed to help firms prepare their business for a cyber incident in order that reputation is protected and fines are minimised. Following a preparatory fact finding meeting, and utilising our breach response experience, we would tailor a hypothetical simulation exercise for the Incident Response Team. Following that simulation exercise we would issue a written report based on observations noted during that simulation exercise which enables a firm to prepare to:

  • Comply with information laws on a global scale (including relevant Financial Conduct Authority, Critical National Infrastructure and Data Protection Act requirements).
  • Manage risk in the supply chain.
  • Act appropriately in a cyber breach or crisis.

Please see our brochure here.

Case Study

Over half a million CVs were stolen from a recruitment agency’s database which was hosted by its outsource service provider. An organised crime syndicate, working with an insider at the service provider, perpetrated the attack with the intention of selling the stolen personal data on the dark net.

We assisted our client from initial assessment of the issues and their prioritisation right through to a subsequent investigation in which the ICO and the police were involved.

We supported our client in devising website FAQs for affected individuals, developing contact centre scripts and facilitating the provision of credit monitoring services to individuals affected. We retained forensic advisers to investigate the service provider’s technical environment and personnel vetting procedures, and liaised with the ICO on their enquiries following initial notification to them through to a finding (many months later) that no enforcement action was necessary. We worked closely with the PR team as the incident became public and was subject to intense press scrutiny.

Photo of Marc Dautlich

Marc Dautlich

United Kingdom
Global Head of Information Law
t: +44 (0)20 7490 6533
e: Marc.Dautlich@pinsentmasons.com
Expertise: Cyber
Photo of Ian Birdsey

Ian Birdsey

United Kingdom
Partner
t: +44 (0)20 7490 6446
e: Ian.Birdsey@pinsentmasons.com
Expertise: Social media, Cyber
Photo of Cerys Wyn Davies

Cerys Wyn Davies

United Kingdom
Partner
t: +44 (0)121 625 3056
e: Cerys.Wyn-Davies@pinsentmasons.com
Expertise: Information Law; Cyber
Photo of Kathryn Wynn

Kathryn Wynn

United Kingdom
Senior Associate
t: +44 (0)131 225 0043
e: kathryn.wynn@pinsentmasons.com
Expertise: Information Law; Cyber
Photo of Stephan Appt

Stephan Appt

Germany
Partner
t: +49 89 203043 561
e: Stephan.Appt@pinsentmasons.com
Expertise: Information Law; Cyber
Photo of Annabelle Richard

Annabelle Richard

France
Partner
t: +33 1 53 53 02 23
e: Annabelle.Richard@pinsentmasons.com
Expertise: Information Law; Cyber; Data protection
Photo of Paul Haswell

Paul Haswell

Hong Kong
Partner
t: +852 2294 3315
e: Paul.Haswell@pinsentmasons.com
Expertise: Cyber, confidentiality crisis
Photo of Bryan Tan

Bryan Tan

Singapore
Partner
t: +65 6305 8490
e: Bryan.Tan@pinsentmasons.com
Expertise: Cyber
Photo of Roger Phillips

Roger Phillips

Doha
Legal Director
t: +974 442 69206
e: Roger.Phillips@pinsentmasons.com
Expertise: Cyber

News from Out-Law.com

Supreme Court president: UK privacy law “may have to be reconsidered” due to rise of social media

The pace of technological change and rise of social media “may make it inevitable” that UK privacy laws need to be revised and updated, the country’s most senior judge has said.

Report: communications laws need to be reformed to account for social media age

UK communications laws should be reformed to account for the social media age, a civil liberties group has said.



Cookies on the Reputation management website

This website uses cookies to allow us to see how the site is used. The cookies cannot identify you. If you continue to use this site we will assume that you are happy with this.

If you want to use the sites without cookies or would like to know more, you can do that here.