Several years ago the National Institute of Standards and Technology (NIST) published its "Computer Security Incident Handling Guide", a document which has grown in importance as cybersecurity events have continued to increase. All business owners, officers, and managers should do a quick read of the Guide. One dominant theme is that proper incident response doesn't happen automatically - it requires forethought and planning. Given the patchwork of state and federal cyber-related laws, failing to plan could not only increase the risk to your corporate infrastructure, but could lead to legal liability as well.
Comprehensive plans require the collaboration of a variety of stakeholders, not the least of which is legal counsel. Whether you're starting from scratch or looking to update your plan in light of changes in the law, it's advisable to consult with legal counsel early on.
This post is informational and should not be considered legal advice.