About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Publication
CCS 2024
Conference paper
Understanding Legal Professionals’ Practices and Expectations in Data Breach Incident Reporting
Abstract
Legal professionals are essential in analyzing data breach incident reports and guiding the response to comply with data privacy laws and regulations. Their expertise helps mitigate privacy and security risks and prevents failures in privacy compliance. However, little research has been done to understand how legal professionals perceive, react to, and face challenges within the data breach incident reporting procedure. In this study, we conducted a simulated incident report assessment experiment and semi-structured interviews with 33 legal professionals who varied in age, gender, and legal background. We reported the criteria used by legal professionals to identify privacy-related items and also uncovered that the agreement among legal professionals on the concepts of privacy-related items is low. Furthermore, we presented findings regarding the perceptions and strategies of legal professionals concerning legal and regulatory compliance, as well as the key features of incident responses that facilitate efficient analysis of data privacy and security law compliance. After taking into account the challenges and suggestions provided by legal professionals, we concluded this study with recommendations for enhancing the effectiveness of legal compliance analysis for incident responses.