One of these days you’re going to grab some coffee, turn on your computer and start your work day and, while dutifully reading this blog, get an email from your IT person informing you that your credit union has been hacked. You don’t know exactly how much data has been exposed, but there’s a pretty good chance a third party gained access to your member’s personally identifiable information.
You spring into action by pulling out your credit union’s Data Breach Protocols, which will of course have just been updated a few months ago as part of the credit union’s on-going planning. The Data Breach Response Team is called into action and everyone knows exactly what to do. Of course, you quickly want to nail down exactly what has happened. So even before you contact your outside counsel, you reach out to a third party information security team that you know has experience dealing with data breaches.
Since contracts are always important and closely adhered to, your outside counsel quickly drafts a contract for the IT team and it quickly gets to work. Within days the IT consultant reports back with a written document describing what happened and why, some of which doesn’t paint the credit union in the best light. You contact your regulators and notify your members that a data breach has occurred and quicker than the coronavirus can spread through a bunch of drunk college kids on Spring Break, the first class-action lawsuit has been filed against your credit union.
continue reading »