HALOCK’s services help outside counsel serve clients as a strategic advisor. Because our risk management services are based on definitions of duty of care, our clients are well-prepared to defend themselves against charges of negligence with strong evidence of due care. This helps clients directly reduce their risk of litigation and regulatory fines even after a breach.
Based on research conducted by NetDiligence® and others, litigation and regulatory costs generally exceed initial response costs, such as hiring response experts, forensics, investigation, recovery costs, and credit monitoring services . Because HALOCK’s risk management services implement due care oversight by definition, our clients have been able to easily defend their safeguards as reasonable both during regulatory audits, and during post-breach investigations. Outside counsel plays an important advisory role in these engagements. Because our clients want certainty that their evaluation, prioritization, and acceptance of risk is sound, they look to specialized counsel to advise them during multi-year risk management programs, recurring risk assessments, and implementation of security programs.
HALOCK enables our attorney partners to directly discuss Duty of Care Risk Analysis with their clients using a simple DoCRA Gap Assessment. The assessment, a non-technical questionnaire, introduces clients to concepts of due care in their cybersecurity practice. Through the Q and A format of the gap assessment interview, attorneys introduce their clients to management oversight, evaluation of the internal and external impact of foreseeable attacks, and the balanced burden of alternative safeguards. Client responses lead to discussions about services that the attorney’s firm and HALOCK can provide them to demonstrate due care before regulatory oversight actions or a data breach occurs. Law firms who wish to partner with HALOCK may work with us directly on regulatory, litigation, or strategic matters, or may choose to undergo training and introduce their clients to DoCRA through the gap assessment.
Reasonable Security is Now Defined
The Sedona Conference – an influential think tank that advices attorneys, regulators, and judges on challenging technical matters – just released its Commentary on a Reasonable Security Test. The Commentary is the first document of its kind that provides the legal community with a clear definition of a “reasonable” security control.
HALOCK is headquartered in Schaumburg, IL, in the Chicago area and advises clients on reasonable information security strategies, third-party risk management, risk assessments, penetration testing, security management and architecture reviews, and HIPAA, Privacy, & PCI compliance, incident response and forensics throughout the US.