Technology: Assessing the risks and obligations of network intrusions

How to know if you’re at risk for litigation and how to protect your company

Our first two articles discussed how to prevent and prepare for a network intrusion and what steps to take immediately upon discovering an intrusion to mitigate harm and re-secure your network. This article provides a framework for identifying and assessing the risks and obligations your company may face as a result of a network intrusion.

Companies may face three types of risks arising out of a network intrusion: legal risks, commercial risks and reputational risks. When your company discovers a network intrusion or other security breach, you should systematically identify, assess and address these risks and obligations so that you can minimize litigation, mitigate damage and protect your company's bottom line.

Federal laws also impose data security and, in some cases, breach notification requirements on certain regulated industries including the nuclear energy industry; the maritime, aeronautical, and rail transportation industry; the chemical manufacturing industry; the telecommunications industry and any industry that may bring companies into contact with national defense information. Violations of these provisions can result in regulatory investigation, civil penalty, loss of government contracts and, in certain cases, criminal prosecution.

Nearly all 50 states have adopted breach notification laws requiring companies to notify individuals whose personal identifying information may have been exposed as the result of a network intrusion. State consumer protection laws also often offer a cause of action for litigants who allege harm resulting from a network intrusion.

Contributing Author

author image

Todd Hinnen

Todd Hinnen is a partner in Perkins Coie's Privacy & Security practice. Prior to joining Perkins Coie, Todd was the Acting Assistant Attorney General for...

Bio and more articles

Contributing Author

author image

Michael Sussmann

Michael Sussmann is a partner in Perkins Coie's Privacy & Security practice, where his practice covers Internet-related crimes, electronic surveillance, regulatory compliance, white collar defense,...

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.