Data breach and Security Incidents

Overview

Expertise

Bird & Bird has unrivalled expertise in data breach and security incidents. We have acted on many front-page data breaches, assisting with immediate follow-up, breach notification requirements and late regulatory investigations. We have also assisted clients on a pre-emptive basis, developing global data breach policies and procedures.

We have an in-depth knowledge in: (i) general data breach notification requirements; (ii) sectorial obligations (e.g. obligation on providers of public electronic communications services); (iii) duties provided by industry standards (e.g. PCI DSS); and (iv) general local security obligation (e.g. French critical infrastructure providers).

Why Bird & Bird?

As soon as an organisation has reason to believe that an incident might have occurred, Bird & Bird can immediately help with:

  • Sorting out the legal implications of the incident: Whether there are breach notification requirements, liability considerations, PCI obligations, criminal investigation, our experts are here to help.
  • Offering legal privilege over all incident related communication with the company: Involving Bird & Bird is the best way to offer legal privilege over all the communications relating to the incident regardless of the countries in scope.
  • Providing a secure archiving and sharing platform: We provide a centralised depository and/or secure client online platform where all communications and documents relating to the incident can be accessed and shared. This is especially useful if multiple people and different third party providers are involved in resolving the issue.
  • Accessing forensic experts with whom we have standard T&Cs in place: We have a pre-established relationship with forensic providers ready to help in case of an incident. This may be particularly useful if the company faces limited internal resources. Our established relationships help us and our clients to reduce start-up time and organizational tasks, so that we can concentrate immediately on the causes or suspicions around the incident.

Our incident response team

Our team includes lawyers that are experts in a wide spectrum of issues facing a company at such a critical time. This goes from data protection law considerations to law enforcement expertise. We have dedicated lawyers in each jurisdiction. Do reach out if you have questions or would like to know how we can help. 

Contacts

Ruth Boardman

Partner
UK

Call me on: +44 (0)20 7415 6000
vCard Location

Ariane Mole

Partner
France

Call me on: +33 (0)1 42 68 6000
vCard Location
Voisin-Gabriel

Gabriel Voisin

Partner
UK

Call me on: +44 (0)20 7415 6000
vCard Location

Related materials and downloads

News & Events

  1. 1209-2018

    British Airways: the need to find blame

    BA's confirmation last week that hackers had accessed customer data by breaching its website and mobile app security has brought a host of unwelcome media attention on the airline and set off a flurry of pointing ...

  2. 2306-2015

    Substantial revision of the Dutch Data Protection Act: higher fines, specific obligations for data breaches and more

    On 26 May 2015, a number of amendments to the Dutch Data Protection Act (Wet bescherming persoonsgegevens) were passed in Parliament.

  3. 1203-2015

    Office's security breach: lessons to be learnt by franchisors

    In January of this year, shoe retailer Office was required by the Information Commissioner's Office (ICO), the UK data protection regulator, to sign a formal undertaking to improve its data protection compliance after a ...