Master Breach Response with Confidence

Guided by **Liisa** Thomas, a law firm partner and experienced data security and privacy practitioner, this program is designed for in-house lawyers and privacy professionals who want to understand not just what the law says about breaches, but how to operate as trusted advisors in the heat of a real incident. It combines short lessons with practical tools, templates, and exercises you can apply to help your organization coordinate its breach response in real-world scenarios. If you answer yes to any of these, this course is for you: - You want to do more than memorize breach statutes—you want to apply the law to realistic, messy facts and client demands. - You need to quickly assess which breach notice or security laws apply, and when notifications are truly triggered. - You want to develop the counselor skills that matter:  listening, distilling complex rules into clear guidance, and managing client communications. - You seek hands-on understanding of how to evaluate and draft breach notices, make difficult judgment calls, and defend your recommendations. - You want to be ready for what comes next—post-breach inquiries, lawsuits, and the wider fallout for your clients. Rather than walking through high-level reviews or static checklists, this course puts you in the action. In Module 1, you will orient to the logic of breach notice and data security laws—mapping how to identify which laws apply, understanding what kinds of events count as breaches, and organizing risk factors. You’ll build tools for deciphering law applicability, coverage, and insurance as you move. In Module 2, you will break down the varied definitions of personal and sensitive information in different industries and jurisdictions, organizing them into a toolkit that works in real incidents. Module 3 immerses you in defining when an incident rises to the level of a breach, navigating core tests around access, acquisition, and harm. You’ll evaluate exceptions, work through assignments to organize gray areas, and practice explaining nuanced legal outcomes to “clients.” Module 4 covers the investigation process: how to manage internal reviews, engage with outside vendors, and preserve privilege, then organize and relay findings as trusted counsel. Module 5 focuses on notifications—what to say, when, how, and to whom. You’ll practice providing notice, debating whether to notify when it’s not mandatory, and responding to client and authority demands. Module 6 tackles the post-notification world: managing regulatory inquiries, lawsuits, public relations challenges, and the creation of safe harbors and clear post-breach stories. By the end of the course, you will have a practical,  roadmap to breach response: you’ll know how to identify and evaluate breach law coverage, make defensible calls under pressure, communicate clearly with clients, and withstand the real-world scrutiny that follows every incident. You’ll build the toolkit, experience, and judgment that help organizations not merely survive a breach, but respond as leaders.