Incident response plans must be tested, privacy conference warned – IT World Canada

Adam Kardash

Feb 1, 2018

Osler partner Adam Kardash recently spoke at The Canadian Institute’s annual Privacy and Data Security Compliance Forum, which was held in Toronto on January 30-31, 2018. IT World Canada attended the forum and covered Adam’s presentation on cyber incident response plans in a recent article.

“The significance of [having] a response plan clearly can’t be overstated,” said Adam, who leads Osler’s Privacy and Data Management Practice Group. He also cautioned that if the response team hasn’t practiced what it will do – either through a tabletop exercise or a real test – the plan isn’t worth much. This is something that many security and privacy pros know, he added.

Adam also told conference attendees that a key part of an incident response plan is the composition of the response team. “If there’s a good group around the table and they buy in, it’s cross-functional and you really trust they’re not going to cover their behinds in the wake of an incident, that they’re constructive and engaged, you’re going to get good results most of the time.”

Adam also discussed the anticipated final version of the federal government’s mandatory data breach notification regulations. The article reports that Ottawa hasn’t set a date yet, but Adam said he believes it will be later this year. “We’re expecting it to have a pretty massive impact on the Canadian privacy arena.”

For more of Adam’s insight on incident response plans and the importance of testing, read Howard Solomon’s full article “Incident response plans must be tested, privacy conference warned.”