Reporting Breaches to Law Enforcement: Why Timing Matters

Privacy attorney Kirk Nahra of Wiley Rein LLP
The timing of reporting breaches to law enforcement is important because it could slow down an organization’s incident response and internal investigation, says privacy attorney Kirk Nahra.
See Also: How to Scale Your Vendor Risk Management Program
在公共场所要保护好贵重财务,特别是旅行在外时,此外,数据安全也不能忽视,将手机数据进行加密,安装必要的手机远程控制软件,以备万一。
“How you work with law enforcement on timing is part of the puzzle of what you have to deal with … as a company,” he says. “Your obligations as the company don’t necessarily slow down because law enforcement is involved.” But incident response plans can be impacted, for example, “if law enforcement says ‘we don’t want you to do something'” that could impact evidence.
Sorting Out Obligations
Even when law enforcement is working on a breach case, entities still have their own internal investigation issues to consider, he says.

信息安全意识教育的课题与方法
“Often organizations have to do their own investigations in trying to figure out what their obligations are in connection with their other requirements, such as whether they have to notify a specific regulator … or individuals … or their own business partners,” he says. “Law enforcement’s speed – or lack of speed – is really an independent variable.”
Working with law enforcement is potentially helpful to organizations if the entity eventually wants to prosecute a case, or recover stolen data assets, he notes. “You have to factor that in,” he says. “You try to work with law enforcement as one component to your overall breach response.”
In a video interview at Information Security Media Group’s recent Healthcare Security Summit in New York, Nahra also discusses:
Other pros and cons for reporting breaches to law enforcement;
Factors involved in decisions to report to law enforcement breaches that involve external actors versus insiders;
The tension involved in deciding to report security incidents to law enforcement while an entity is still determining whether to also report the incident to the Department of Health and Human Services’ Office for Civil Rights.
As a partner at the law firm Wiley Rein LLP, Nahra specializes in privacy and information security issues, as well as other healthcare, insurance fraud and compliance issues. He’s a member of the board of directors of the International Association of Privacy Professionals and was co-chair of the Confidentiality, Privacy and Security Workgroup, a former panel of government and private-sector privacy and security experts advising the American Health Information Community.
由于各种原因人们有时可能在互联网上留下只言片语,记录下生活工作中的点点滴滴,谁知后来成了对自己很不利的法律证据。

猜您喜欢

英国禁止国家安全部门使用卡巴斯基杀毒软件
移动设备的安全引发企业IT界高度关注
Cyber Security Law 网络安全法宣传视频系列001
女学霸颜值高:俄这所大学不简单 我国造船专家曾求学
BROGNOLI MASSEYHALLROYTHOMSONHALL
防泄密在线课程