CLE - Defensible Data Breach Response

Austin Hagen

Vice President, Operations
austin.hagen@proteusdiscovery.com

Austin leads the client services team, overseeing the strategy and execution of forensics, ESI hosting, and managed review. His 15 years of eDiscovery experience include project management, training, and consulting. Austin is responsible for process creation and documentation, workflow automation, and ensuring Proteus’ growth is geared to maintain the white-glove service Proteus clients have come to expect.

B.S., Computer Systems, University of Wisconsin-Superior, 2005
Brainspace Certified Analyst
Brainspace Certified Specialist
Reveal Review
Reveal Administrator
Relativity Analytics Specialist
‍Relativity Review Management Specialist
Relativity Certified Administrator (RCA)
Relativity Expert

Ryan Rieff

Director, eDiscovery Services
ryan.rieff@proteusdiscovery.com

Ryan leads our core eDiscovery services, including ESI processing, productions, and database administration. He is a Relativity Master, a feat achieved by only about 250 of Relativity's 250,000 global users.

Prior to joining Proteus, he worked as a document review attorney, becoming proficient in platforms including Relativity, Viewpoint, and Nuix and working extensively in first pass, QC, and privilege reviews.

B.A., History, Indiana University, 2007
J.D., Indiana University Robert H. McKinney School of Law, 2015
Relativity Review Management Specialist
RelativityOne Certified Pro (ROCP)
Relativity Certified Administrator (RCA)
Relativity Master

Gary Smith

Senior Project Manager
gary.smith@proteusdiscovery.com

Scott Collins

Senior Project Manager
scott.collins@proteusdiscovery.com

Scott has honed his eDiscovery skills while managing projects at Proteus since 2015. Prior to joining the team, he was a document review attorney with Black Letter Discovery, and a staff attorney in Barnes & Thornburg LLP’s litigation department from 2012 to 2014. Scott has also worked as a law clerk and associate attorney for other Indianapolis-area firms practicing in the areas of personal injury, criminal defense, family law, and property law.

Scott’s practice involves regular management and delivery of eDiscovery and Information Governance services to a wide variety of local, regional, and national clients. He enjoys serving as an intermediary between clients, outside counsel, eDiscovery vendors, and document review teams. For over five years, Scott has engaged in various high-profile document review projects, including as a first line reviewer, a QC reviewer, a team leader, and a project manager. He has worked on projects ranging from medical device litigation for a Fortune 100 subsidiary to contract litigation for a multinational chemical corporation.

B.A., Mass Communications and History, Anderson University, 1999
J.D., Indiana University Robert H. McKinney School of Law, 2010
RelativityOne Certified Pro (ROCP)

Sarah Barth

Senior Project Manager
sarah.barth@proteusdiscovery.com

Sarah draws on a decade of legal experience to help her clients navigate large-scale discovery matters. She brings her affinity for detail-oriented work to each stage of the process, leveraging her background as first pass reviewer, quality control reviewer, compliance counsel, project attorney, and project manager to ensure her clients' needs are translated and implemented throughout the project lifecycle.

Prior to joining Proteus, Sarah's background included facilitating large commercial real estate transactions, global enterprise regulatory compliance, and class action settlement administration.

B.A., Social Sciences, Washington State University, 2010
J.D., Environmental and Natural Law Certificate, University of Denver Sturm College of Law, 2013

Sarah Whitney

Project Manager
sarah.whitney@proteusdiscovery.com

B.A., International Studies, Bradley University, 2008
J.D., Western Michigan University Cooley Law School, 2012

Darryl Durham

Associate Project Manager
darryl.durham@proteusdiscovery.com

B.A., Journalism, Columbia College Chicago, 1982

Travis Morgenstern

Associate Project Manager
‍travis.morgenstern@proteusdiscovery.com

B.A., Business Administration, Fort Hays State University, 2022

Ryan Short

Vice President, Revenue
ryan.short@proteusdiscovery.com

Ryan leads business development and consults with clients to design engagements that are right-sized with respect to services, software, and cost. He is a Certified eDiscovery Specialist and holds certifications from multiple hosting and review platforms.

He also leads commercialization efforts for DiscoveryMaster, a Relativity integration developed by the Proteus leadership team, now licensed to law firms, managed services providers, consulting firms, and corporate legal teams across the globe.

B.A., Telecommunications, Indiana University, 2011
M.B.A., Kelley School of Business, Indiana University, 2020
Certified eDiscovery Specialist (CEDS)
Relativity Certified Sales Professional
Reveal Sales Certified
‍

Defensible Data Breach Response: Legal Strategies for Managing Cyber Incidents

Data breaches are no longer a question of if but when. With cyber threats growing in sophistication, legal teams must be prepared to respond quickly, mitigate risk, and ensure compliance with complex notification laws. Mishandling a data breach can lead to regulatory penalties, reputational damage, and costly litigation. That’s why Proteus Discovery Group offers Defensible Data Breach Response, a Continuing Legal Education (CLE) course designed to help legal professionals navigate the legal, technical, and strategic challenges of cybersecurity incidents.

Why Data Breach Response Matters

Cyberattacks are on the rise, with high-profile breaches affecting corporations, law firms, and government agencies alike. A 141% increase in personally identifiable information (PII) and protected health information (PHI) breaches occurred between 2019 and 2020 alone. The financial impact is staggering:

• Uber (2016): $148 million
• Equifax (2017): $575 million
• SolarWinds (2020): >$100 billion
• Yahoo (2013): $85 million

Beyond financial loss, organizations face regulatory scrutiny, lawsuits, and consumer trust erosion when breaches are mismanaged. Understanding state and federal data breach laws and implementing a defensible response strategy is critical.

Course Overview

The Defensible Data Breach Response CLE course equips legal professionals with the knowledge needed to manage cybersecurity incidents effectively. Key topics include:

• Legal Considerations Post-Breach – Understanding state-specific notification laws and federal regulations such as HIPAA, GLBA, and GDPR.
‍
• Identifying and Classifying PII & PHI – How different jurisdictions define personal information and what obligations arise when data is compromised.
‍
• Incident Response Methodology – Best practices for investigating breaches, securing data, and mitigating legal risk.
‍
• Developing a Disclosure Program – Crafting a legally sound strategy for notifying affected individuals, regulators, and business partners.
‍
• Real-World Case Studies – Analyzing breaches like Equifax (2017), SolarWinds (2020), and Uber (2016) to understand legal pitfalls and best practices.

Key Steps for a Defensible Data Breach Response

Contain the Breach

Work with IT and cybersecurity teams to limit exposure and prevent further data loss.

Assess Legal Obligations

Determine notification requirements based on affected jurisdictions and data types.

Notify Affected Individuals and Regulators

Ensure timely, compliant disclosure to impacted consumers and regulatory bodies.

Mitigate Harm and Prevent Future Attacks

Implement security upgrades, update policies, and conduct breach response drills.

Real-World Example: The Cost of a Mishandled Data Breach

One of the most infamous examples of a poorly handled data breach is the Equifax (2017) incident. Hackers exploited a known vulnerability, exposing the personal information of 147 million consumers. Instead of acting swiftly, Equifax delayed public disclosure for six weeks, failed to properly notify affected individuals, and ultimately faced $575 million in regulatory fines and settlements. The fallout from this case underscores why organizations must have a clear, legally defensible breach response plan to minimize risk and liability.

Who Should Take This Course?

This CLE is ideal for attorneys and legal professionals responsible for cybersecurity, compliance, and risk management, including:

• In-house counsel handling corporate security policies and breach response
‍
• Litigation attorneys involved in data breach lawsuits
‍
• Privacy and compliance professionals managing regulatory risk
‍
• IT and cybersecurity legal advisors

Stay Ahead of Cyber Threats

Cyber incidents are inevitable, but a poorly handled response is not. Proteus Discovery Group’s Defensible Data Breach Response CLE course provides actionable insights to help legal professionals protect their organizations, clients, and reputations from the fallout of data breaches.

Interested in scheduling this course for your firm or legal department? Contact us today to learn more!