Publication
CCS 2024
Conference paper

Understanding Legal Professionals’ Practices and Expectations in Data Breach Incident Reporting

Abstract

Legal professionals are essential in analyzing data breach incident reports and guiding the response to comply with data privacy laws and regulations. Their expertise helps mitigate privacy and security risks and prevents failures in privacy compliance. However, little research has been done to understand how legal professionals perceive, react to, and face challenges within the data breach incident reporting procedure. In this study, we conducted a simulated incident report assessment experiment and semi-structured interviews with 33 legal professionals who varied in age, gender, and legal background. We reported the criteria used by legal professionals to identify privacy-related items and also uncovered that the agreement among legal professionals on the concepts of privacy-related items is low. Furthermore, we presented findings regarding the perceptions and strategies of legal professionals concerning legal and regulatory compliance, as well as the key features of incident responses that facilitate efficient analysis of data privacy and security law compliance. After taking into account the challenges and suggestions provided by legal professionals, we concluded this study with recommendations for enhancing the effectiveness of legal compliance analysis for incident responses.

Date

Publication

CCS 2024

Authors

Topics

Share