Cohen Business Law Group, apc
Privacy & Data Security

Data Breach Response

Privacy and data security counsel for over two decades. When a breach occurs, the first 24 hours determine the rest of the response. Cohen Business Law Group works with companies to plan, contain, disclose, and prevent — before, during, and after an incident.

Our Process

Four-Step Breach Response

A structured, prioritized response that balances technical, legal, and communication considerations.

Step 1 · Secure Your Content

Activate your response team — technical, operational, legal, marketing, and management. Reach consensus that the content is secure before any further action. Early involvement of experienced privacy counsel helps protect the communications among your team members who need to communicate frankly about the nature and extent of the disclosure.

Step 2 · Remove & Repair Vulnerabilities

Examine, patch, protect, preserve. Work with operations, technology, and outside vendors to isolate, remove, and repair code injections, outdated code, and unpatched plugins or templates. Forensic experts double-check the team. Counsel ensures all versions are retained to establish exactly what occurred, when, and how.

Step 3 · Determine & Disclose

Each potential breach is different. Some require consumer or attorney-general disclosure depending on the nature of the breach and the home state of affected consumers; others do not. The data disclosed and the customer groups affected drive different notice content and timing. Only comprehensive legal evaluation determines the right path.

Step 4 · Evaluate & Prevent

Correcting existing vulnerabilities is only half the job. Examine internal and external technologies, privacy policies, and privacy practices to reduce the likelihood of future incidents. Interview the response team and anyone with knowledge of the incident. Stay open to creative and innovative solutions.

Top Data Breach Risk Factors

An at-a-glance audit. If any of these apply to your organization, you are over-exposed.

No comprehensive custom data-breach plan

A polished, practiced, and regularly updated response plan is the baseline standard of care.

Inadequate access controls

Both initial access and timely termination — who can see what, and what happens when they leave.

Unnecessary retention or transmission of customer data

Data you do not have cannot be breached. Retention should be principled, not default.

Improper disposal of physical records

Paper and decommissioned media require the same disposal rigor as live systems.

Inadequate control of electronic storage and devices

Laptops, phones, removable media, and cloud storage all warrant tracked custody.

No annual review of vendor and contractor privacy practices

Third-party privacy posture is part of yours — review it at least annually.

Already in an Incident?

If you have or believe you have a current breach, time is the critical factor. Contact us now and we will help you assemble a response team and protect the privileged communications you and your team need to have.

Request Assistance Now Call (310) 469-9600

Plan Now, Not During the Incident

The best response plan is the one already in place. We help companies build, test, and maintain breach-response programs before they are needed.

Schedule a Consultation Call (310) 469-9600