Data Breach & Incident Response
While the importance of ensuring information security/cybersecurity has been growing, it is said that there is no perfect security, and in reality, it is extremely difficult to completely prevent any data breach incidents. Although "security" is a simple word, its objects are extensive, and therefore, in addition to external attacks, such as cyberattacks, and internal attacks by employees or other staff, it is necessary to be ready to address various scenarios, including one where an outsourcing party would suffer adverse effects due to the insufficient security measures being taken by the outsourced party. Such circumstance undeniably also makes it difficult to achieve perfect security.
In the event of a data breach incident, it is necessary to promptly confirm the relevant facts, including "what happened for what reason and to what extent," make the necessary reports to the relevant authorities, notify the relevant data subjects, make public announcements on the website or the like, and take other necessary measures, with the cooperation of the relevant internal persons. In this regard, it is not uncommon that the legal compliance division and the security division would have different understandings in such event, and depending on the circumstances, it may be difficult to respond to the incident based on a common understanding.
We are experienced in responding to data breaches in various types of businesses, and can offer legal support to explain the circumstances to the relevant parties and formulate response policies, as well as make the necessary reports to the relevant authorities, notify the relevant data subjects, make public announcements, and take any other measures that would subsequently be required. We also have a wealth of experience in responding to overseas data breaches and are able to offer excellent services, including in emergencies, such as collaborating with experts in Japan and overseas.