As fruitful targets, far too many service providers have found themselves victims of a breach. Effective data breach response is important in any attack, but when it involves a service provider there are additional complexities to consider. At a Privacy+Security Forum Fall Academy panel, Troutman Pepper attorneys along with Kroll’s global head of threat intelligence discussed third-party incident response issues and practical ways to address them. In this second installment of our two-part series distilling the insights offered, we cover notifications, containment, restoring service and preserving attorney-client privilege. Part one examined messaging, forensic investigations and navigating the dark web. See our two-part series on a ransomware tabletop’s 360-degree incident response view: “Days One to Four” (Jan. 4, 2023), and “Day Five Through Post-Mortem” (Jan. 11, 2023).