Data Security and Privacy
- Data Security and Privacy
Companies now recognize the immense opportunities—and responsibilities—of data in today’s always-connected world. We partner with you in maintaining the trust of customers, investors and business partners.
Each year, there are more than 1.5 million cyber-attacks on U.S. businesses. Increasingly, these attacks target small and medium-sized businesses, without regard to industry. Perhaps more importantly, everyday access to data can result in losses even without an attack: devices can be lost or stolen, for example; or employees can send an email to the wrong audience. Every data incident has the potential to become a legal matter and can result in financial losses, litigation and erosion of investor and customer confidence. We advise clients on compliance with government regulations, internal assessment and planning, and response to incidents and litigation.
In addition to securing their data, American businesses of all sizes must increasingly focus on data privacy issues. New rules in the US and elsewhere are changing the way we think about data: whose it is and what rights a business has to it. Access to valuable data—your own, your employees’, and your customers’—means that compliance with federal and state privacy laws is becoming increasingly complex. Non-compliance can create significant exposure. We provide industry-specific guidance in health care, financial services, consumer marketing, telecommunications and other segments. We also counsel on use of online and "cloud-based" networking capabilities and the specific risks and opportunities they can present.
Most companies benefit from a cross-functional team, including legal counsel, IT professionals and C-suite executives, that addresses risk management and best practices in order to limit exposure. Our breadth of experience is the perfect complement to your internal cross-functional team. Likewise, we have assembled a multi-disciplinary team of attorneys who work with clients to manage risks in advance of any problems, and respond quickly if an incident occurs.
Advise on legal risks associated with penetration testing, gap assessment, and information governance audits and assessments, both internal and third-party.
Oversee all elements of response to a data incident, including coordination with forensic investigators, law enforcement, communications, and insurance provider.
Advise on CCPA readiness and draft appropriate policies.
DPAs and other data processing arrangements for retailers, service providers, B2B information technology companies, staffing companies, and other sectors.
Evaluation of privacy and security commitments in diligence and sale of privately-held enterprises.
Assess GDPR readiness and provide ongoing counsel.
Advise global appliance manufacturer on IoT/smart device launch.
Advise on data collection, processing, and transmission regarding domestic and international operations, including use and sharing of employee data, consumer data, and business partner data gathered via “smart” devices, in connection with marketing efforts, and through service provider relationships. Advise on creation and use of aggregated, anonymized, and deidentified data.
Respond to breaches of client credit card information in multiple states; research state requirements and interface as required with state law enforcement officials or others.
Creation and review of privacy policies and procedures for media, healthcare, retail, service, and other clients in conjunction with findings from security audits and pursuant to emerging regulations such as the CCPA.
Advise and counsel on protection of PHI and other personal patient information in connection with sale of practice, disposition of records, distribution of consumer and commercial healthcare apps and devices, and in daily operations under the CCPA. Oversee response to healthcare technology data breaches.
Consult on creation and implementation of corporate document retention policies and procedures, including electronic storage and records management.
We immediately collected information in response to client’s identification of release of employee data by contractor. We researched relevant state laws and advised the client regarding an appropriate external and internal response. The response was successful, and no disputes or suits resulted from this incident.
Advise covered entities on business associate agreements to manage risk.
Advice on data disposal following sale/wind-down of healthcare practices
Privacy, Cyber, and General Counsel to the Board of a National Industry-Specific Information Sharing and Analysis Center.
Represent various retail clients regarding PCI compliance, credit card fraud and loss, and fraudulent e-commerce orders.
Coordinate response to loss of protectable or sensitive data in electronic form, including personal credit information, vendor account credentials and customer payment authorizations.
Advised companies regarding compliance with the Fair Debt Collection Practices Act (FDCPA), Telephone Consumer Protection Act (TCPA), Georgia Fair Business Practices Act (FBPA) and Florida Consumer Collection Practices Act (FCCPA).
- July 3, 2020
- September 6, 2019
- February 12, 2019
- January 2, 2019
- Harry Dixon Selected As a Fellow of the American Bar Foundation, Daily Report and the Metro Atlanta CEODecember 10, 2018
- October 10, 2018
- IPWatchdog, February 21, 2018
- December 28, 2017
- October 11, 2017
- April 6, 2017
- January 20, 2017
- November 16, 2016
- June 17, 2016
- January 27, 2016
- September 18, 2015
- June 9, 2015
- WSB-TV Channel 2 Interview with Mitzi Hill on Cyber Ransom Attacks and Hackers Targeting Home ComputersFebruary 12, 2015
- December 29, 2014
- May 31, 2014
- March 19, 2013
- September 5, 2019
- March 19, 2019
- March 18, 2019
- January 24, 2019
- January 22, 2019
- November 27, 2018
- November 12, 2018
- Theft Prevention: Information Security When Employees Leave, VAR Insights, MSP Insights and Software Business GrowthSeptember 5, 2018
- Daily Report, July 9, 2018
- December 29, 2017
- July 10, 2017
- "Maintaining Individual Liability in AML and Cybersecurity at New York's Financial Institutions," Penn State Journal of Law & International AffairsApril 2017
- July 19, 2016
- "Safeguarding IT and Communications Systems: Or How to Stop Worrying and Love Being Big Bro," InsideCounselJune 20, 2016
- April 20, 2016
- February 1, 2016
- April 27, 2015
- October 21, 2014
- October 21, 2014
- November 4, 2019
- Hacking Scheme Affects More Than 15 Million Customers From the Restaurant, Gaming, and Hospitality IndustriesAugust 8, 2018
- By: Mitzi L. HillJune 7, 2018
- October 6, 2015
- April 16, 2014
- July 28, 2020
- April 28, 2020
- January 28, 2020
- December 23, 2019
- August 15, 2019
- Advanced Mergers and Acquisitions: Veteran Attorney Tips for Strategizing, Negotiating and Executing M&As, National Business InstituteMarch 4, 2019
- Georgia State University Law Knowles Conference Center, April 24 – 28, 2018
- "Cyber For Growth: Plan Your Cyber Security. Protect Your Company. Secure Your Growth," 2018 ACC Value Challenge, April 10, 2018April 10, 2018
- "How Corporate Culture Can Support Enterprise Risk Management," 2018 ACC Value Challenge, April 10, 2018April 10, 2018
- March 30, 2018
- February 24, 2018
- Institute of Continuing Legal EducationNovember 17, 2017
- Untangling Data Ownership, Provenance, and Privacy, 2017 Data Intelligence ConferenceMcLean, Virginia, June 23, 2017
- Ethics of Artificial Intelligence and Paying Ransoms to Hackers, Cyber Talk RadioSan Antonio, Texas, May 27, 2017
- "Best Business Practices in Corporate Cyber Security," Georgia Society of CPAs, 2017 Decision Makers ConferenceAtlanta, Ga., April 20, 2017
- March 21, 2017
- Atlanta, Ga., February 9, 2017
- "Preventing Inadvertent Email Contracts: Best Practices for Your Clients," Webinar, National Constitution CenterOctober 6, 2016
- Atlanta, Ga., September 15, 2016
- "Ethical and Privacy Considerations for Contemporary Technology," eDiscovery and Use of Technology CLEAtlanta, Ga., October 29, 2015
- January 29, 2015
- October 30, 2014
- October 16, 2014
- 2020: The Year of Personal Privacy Mitzi L. Hill
- U.S. Companies Should Increase Cyber Awareness In Light Of U.S./Iran Posture Mitzi L. Hill
- IoT Product Liability Risks: Medtronic Defibrillators Vulnerable to Hacking Jonathan B. Wilson
- Profiting from Privacy Mitzi L. Hill
- New California Privacy Laws: U.S. Meets GDPR-Like Consumer Rights Mitzi L. Hill
- Vendor Management and Cyber Planning: Why Equifax Shows “What Not to Do” Mitzi L. Hill
- Cyber Insurance: A Common Exclusion Tested in Court Mitzi L. Hill
- Demystifying the Rules Surrounding GDPR and Your Business Mitzi L. Hill
- View More
- Threat Actor in Iran Acting Against Certain VPN Products Mitzi L. Hill
- EU Data Transfers Under Fire Mitzi L. Hill
- New Phishing Scam Targeting Remote Workers Mitzi L. Hill
- California Consumer Privacy Act Implementing Regulations Now Final Mitzi L. Hill
- CCPA Now Enforceable by California AG; New Regulations Require Attention Mitzi L. Hill
- Some Legal Considerations for Zoom and Teleconference Meetings Mitzi L. Hill
- Clearview AI Sued for Civil Rights Violations in Facial Recognition Data Breach Mitzi L. Hill
- CCPA Regulations One Step Closer Mitzi L. Hill
- View More
- Ransomware a Persistent Threat to School Districts Deborah A. Ausburn, Mitzi L. Hill