1 00118601 Emerging themes 2019 A4 AW v31 combined - Page 45

4.Notify insurers
Cyber breach insurance policies are already common
in the US and are increasingly being used in Europe
also. It is noteworthy that the Court of Appeal in
the Morrisons group litigation positively encouraged
firms to take out insurance for data breaches. Where
a firm has a policy, early notification is important to
ensuring coverage.
5.Consider data processors
If the breach has emanated from an external vendor,
you will need to call for/want information from them
quickly and you should therefore ensure that you have
contractual rights in your agreements. You will also
want your vendor to assume responsibility for all
response costs – although any indemnification which
purported to extend coverage to fines imposed on
the controller may fall foul of public policy grounds
and be in breach of regulatory rules.
6.Evaluate potential exposure
The €20m/4% of global turnover figures for financial
penalties have made headlines, but that is not the
only potential exposure in the case of data loss
incidents. Civil litigation could ensue and, whilst there
is no fully-fledged opt-out class action system in the
UK, there are other mechanisms for group litigation
which we have recently seen used in the Courts
following a data breach. In addition, there is always
the possibility of a collective redress scheme being
imposed by the financial regulators.
Partner, Chicago
Firms now face a reality of “when,
not if” data they hold might be
lost, stolen, encrypted or otherwise
In summary
The best thing you can do to prepare for a data
breach is to assess the full range of consequences well
before any breach occurs. Otherwise, you can end up
grappling with important issues for the first time in
a pressurised and fast-moving environment. It can be
helpful to “war-game” how you would react to a breach
with your key stakeholders. Something we regularly do
with our clients. Practising responses and strategising
different reactions when you have the time and
freedom to consider all the ramifications will stand
you in good stead when you do face a significant
data loss event for real.
Senior Associate,


Powered by

Full screen Click to read
Paperturn flip book
Download as PDF
Shopping cart
Full screen
Exit full screen