The Arc of a Cyber Incident and Strategies for Enterprise Response, with Lisa Sotto

Episode notes

In this episode of Privacy In Practice, hosts Kellie du Preez and Danie Strachan welcome Lisa Sotto, Chair of the Global Privacy and Cybersecurity Practice at Hunton Andrews Kurth, and a Star Performer for Privacy and Data Security (Chambers and Partners), for a detailed, practitioner-level conversation on how cyber incidents actually unfold, from first anomaly detection through board notification and the regulatory long tail that follows. The discussion traces what Sotto calls “the arc of an incident”: mobilizing the response team under privilege, retaining forensic investigators and extortion negotiators, coordinating with law enforcement agencies, and managing global notification obligations. Kellie raises the practical complexity of locating affected data subjects when address data is unavailable, the cost dynamics of cyber insurance, and why controllers remain responsible for regulatory notification even when the breach originates with a vendor.

• Are Privacy Myths Shaping Your Business Decisions?52 / 100
• Privacy in M&A: Getting Acquisition-Ready52 / 100
• Empowering Teams to Exercise Judgement in Privacy Decisions47 / 100
• California Is Watching: Unpacking Enforcement Trends with Daniel Goldberg
• How CBPR Certification Builds Trust and Enables Global Scale, with Charmian Aw