Jacey Kaps on Preparing for and Responding to Data Breaches
Jacey Kaps on Preparing for and Responding to Data Breaches
In a cybersecurity industry article, Jacey Kaps shared insight on how courts evaluate liability when law firms, and potentially other organizations. experience data breaches involving sensitive client information.
Jacey explained that breach-related claims rarely turn on the cyberattack alone. Instead, courts focus on whether a firm took reasonable, well-documented steps to protect sensitive data and whether its security practices were proportionate to the volume and sensitivity of the information it maintained. Key considerations include limiting internal access to high-risk data, encrypting sensitive information, managing system vulnerabilities, and maintaining a tested incident-response plan.
“Courts evaluating law-firm breaches look for reasonableness, documentation, and proof that the firm took proactive steps commensurate with the volume and sensitivity of the information it holds.”
He also emphasized the importance of timely detection and notification following a suspected breach. Even where an intrusion may not have been preventable, how a firm investigates, documents, and communicates after the incident can significantly influence legal exposure.