Government Investigations

The manner in which a company responds to a government investigation of a cyber event may determine if it will survive the breach and continue business as usual. Government entities on all levels have authority to investigate cyber events, and different laws have different reporting requirements and obligations. Government investigations often require businesses to provide information about their customers and employees, as well as their cybersecurity practices. The business is often forced to navigate conflicting legal obligations arising out of multiple privacy and cybersecurity laws. Moreover, an evaluation of the results of an investigation could result in a recommendation to take administrative action or bring a case in court. Businesses must determine when and how to cooperate with any government investigation and how best to do so.

Based on the nature of a data breach, we work with clients to determine if they are obligated to inform law enforcement, or federal and state regulatory agencies, of the breach, and if so, the manner in which they should cooperate with a resulting investigation.