Alston & Bird write:
On Wednesday, April 29, 2015, the Department of Justice Computer Crime and Intellectual Property Section (CCIPS) Cybersecurity Unit issued new, detailed guidance on data breach incident response best practices. The document was announced at an invitation-only round table hosted by DOJ and provides guidance on what DOJ regards as “best practices for victims and potential victims to address the risk of data breaches, before, during and after cyber-attacks and intrusions.” The document was prepared with input from federal prosecutors as well as private sector companies that experienced cybersecurity incidents.
Read more on Privacy & Data Security Law BLOG.
So, can this guidance now become a standard to reference in data breach litigation? I know a guidance does not have the force of regulation or law, but like HIPAA, is this setting a best practices standard that plaintiffs can point to?