"Whether it's a malicious Flame attack, a Trojan enhanced Simurgh compromise or a compromise caused by an improperly installed security patch, a data breach and information loss almost always causes immediate big league finger pointing and blame attribution. From a legal point of view, this reaction is understandable, completely counterproductive, wastes critical time and exponentially increases the likelihood of corporate downstream liability and loss of shareholder value. It's part of the problem, not part of the answer. This presentation will discuss how to deal with data breaches in a way that effectively defines the problem and the response in a way that meets the company's legal obligations and minimizes the impact of the intrusion on the corporation. The discussion will include best practices in light of new SEC disclosure guidelines, GLB, SOX, Canada's PIPEDA, HIPAA/HITECH, State breach notification laws and the newly proposed EU Data Privacy Provisions. Learn the pros and cons of NIST's just-released guide to handling computer security incidents."