Skip to Content

Catastrophe Day 1 What’s your plan?

If you don’t have one, it’s time to think about being prepared for the worst.

A man holds his head in his hands.

Are you good in a crisis?

If you’re an in-house counsel, there’s a very good chance that your answer to that question depends on the strength – or even the existence – of a company crisis-management plan that can be implemented as soon as there’s a problem.

If you don’t have a crisis plan the organization becomes paralyzed within the first 24 hours

Here’s a tip – if your company doesn’t have a crisis-management plan, it should develop one. Right away.

A panel discussion at the 2019 CCCA conference in Toronto underlined the need to be prepared for the worst through a case study – a hypothetical company experiences a data breach that affects all of its customers. What do you do on Day 1?

Arden Furlotte, Vice-President Legal and Corporate Secretary of SNC-Lavalin, says her company knows a thing or two about dealing with a crisis. “We tend to be highly organized when it comes to something like this,” says Furlotte.

The first thing SNC-Lavalin would do is engage external counsel. It would go full W5 – who, what, where, when and why, plus how – on the breach, and control the information as much as possible.

What a lot of companies would do as a second-step response to the crisis, SNC-Lavalin does up-front—let the board know there’s something going on, put a litigation hold on all documents so nothing is changed, modified or destroyed until the company knows where it stands.

Monique Jilesen, a partner with Lenczner Slaght, said it would be a “treat” as external counsel to be advised of a problem on Day 1, because it’s not unheard of for cause of action in a lawsuit to be based on something that was done after the fact.

She says first steps would be to notify the insurer and get some advice on what disclosure to make and when to make it to minimize harm to the stakeholders. She recommends coordinating the communications strategy with the legal strategy in order to inform customers without increasing the risk to the company.

“If you don’t have a crisis plan the organization becomes paralyzed within the first 24 hours,” says Domenic Marino, partner and national leader – forensics and disputes with PwC Canada. Being able to get in front of the social media wave and being able to move very quickly is vital.

He also warns about copy-cat attacks in data breaches – perpetrators can get in the Dark Web and steal the ability to compromise the system.

Osgoode Hall professor Poonam Puri moderated the panel, which also included Naomi Loewith, investment manager and legal counsel with Bentham IMF. Puri summed up thusly: have a plan, have a process.