Any Florida company that maintains a data base of customers containing vital identifying information on those individuals may be subject to a future cyber-attack. Such an event could open the company to class action lawsuits requesting damages on behalf of customers whose information was compromised in any way. Such business litigation claims are generally expected to be based on breach of contract and negligence legal theories.
Preparing in advance is absolutely recommended for a business that could otherwise be devastated by the results. As a general rule, the company will have to bring in outside counsel to handle the defense of litigation, the resolution of claims and the restoration of the company’s affairs back to an even keel. During that process, forensic consultants will also likely be a necessary resource.
The company should accordingly respect the separate job functions of the lawyer and the forensic consultants. Mixing the two roles is a weak and potentially disastrous way to approach the problem. Forensic experts can be used in such a way that they cannot be questioned by the other side. Thus, if the expert is working to assist defense counsel in preparation for litigation, it may be possible to prevent the expert from being examined by the other side.
Outside counsel will be also able to explain to management the nature and impact of the cyber-attack and its context within applicable Florida law. This will help top management personnel to better understand the issues and make decisions. Experienced outside counsel will also help the company to devise new and more effective strategies and procedures for the future. Other uses of counsel will be important, such as assistance with insurance coverage issues, review of contracts that may have been affected and advice about document retention issues in the event of potential business litigation.
Source: cybersecuritybusiness.com, “4 Tips for Involving Legal Counsel in Cyber Security Investigations“, Phil Schenkenberg, May 13, 2015