Daily headlines let us know that cyber attacks aren’t going anywhere. What the reporting doesn’t disclose are the complex identity management and privacy issues that arise during the incident response investigation. A thorough IR investigation relies on both identity management and privacy expertise from internal stakeholders and legal counsel. The root cause of many cyber attacks – including ransomware, data exfiltration, MFA bypass, and wire fraud – result from the exploitation of compromised credentials. And the impact of many cyber attacks can involve significant privacy and data protection ramifications. To conduct the investigation, forensic analysts will need support and collaboration with the impacted organization’s identity management stakeholders to understand how credentials are provisioned, how authorization is managed, and the access rights associated with any compromised credentials. As the investigation progresses, the privacy implications of the event must be assessed: what data was accessed or exfiltrated? Were any legal or regulatory notification requirements triggered? The organization’s identity management and privacy stakeholders, in tandem with legal counsel, will seek the answers to these questions, often quickly as notification timelines vary widely by industry and jurisdiction. This panel will feature a cybersecurity attorney, an in-house privacy counsel, and an incident response expert who have all been in the trenches working through these thorny issues on a wide range of cyber incidents. They will share their experience to help attendees understand how to best anticipate and prepare for their role in an inevitable cyber attack.