Abraham J. Rein of Post & Schell has a nice recap of some of the recurring themes at last week’s PHI Protection Network conference in Philadelphia. Here’s a snippet of his post from the section about about law enforcement’s message to attendees:
…. Michael Stawasz, Deputy Chief of the U.S. Department of Justice Computer Crime and Intellectual Property Section (“CCIPS”), and Rich Goldberg, Chief of the Economic Crimes Unit for the U.S. Attorney’s Office of the Eastern District of Pennsylvania, both worked to assuage corporate anxiety around reporting a data breach to law enforcement. Such anxiety is reasonable, given the risk of the company finding itself on the wrong end of enforcement scrutiny. But Stawasz and Goldberg both emphasized that, when a company suffers a data breach, “you [the company] are our victim” – indeed, “our goal is to protect you.” Companies need not be concerned, according to Stawasz, about turning information over to the government to assist in its investigation of the breach: “Your information will not be FOIA’d,” Stawasz told the audience; moreover, “it won’t be immediately shared with your regulators,” because “I’m not interested in holding you liable for unreasonable security.”
Read more on Post & Schell.