Attorneys Warn of “Too Much” Data Breach Disclosure

Alfa Photo | Shutterstock

The “forced disclosure” requirements companies face after a cyberattack may be a double-edged sword, alerting prospective victims of similar threats, all the while making the affected business vulnerable to additional attacks or SEC sanctions.

A panel of Baker McKenzie cybersecurity experts and former government officials spoke at the firm’s “Cybersecurity Planning in Unpredictable Times” briefing. They agreed that cyberattacks are here to stay, and the communication around them has to keep pace. However, some attorneys wonder how much disclosure may be too much, especially when regulatory bodies like the SEC get involved. “Anything that you give to the government, anything that you disclose, is automatically not privileged so you have to be very strategic and careful about what you disclose,” remarked Baker McKenzie attorney Jessica Nall.