The Fine Line Between Expert Data Breach Guidance and Legal Advice

As a practitioner in Kroll’s cyber security group focusing on data breach response, I am regularly faced with a variety of client questions that arise during a data breach event: “Can you determine what data was exposed by the breach?”; “How long was the malware present on our network?”; and, “Can you determine what was on the laptop at the time it was stolen?” are all common.

Kroll is well equipped to answer these questions — even when the client doesn’t like our answer.

However, as a former practicing attorney, I am much less comfortable responding to another type of question that frequently arises: “What states require notification in this situation?”; “What does the notification letter have to say?”; and “What type of identity monitoring solution do regulators expect us to provide?” are also essential questions to ask in a notification event.