Data Security and Privacy

Overview

Companies now recognize the immense opportunities—and responsibilities—of data in today’s always-connected world. We partner with you in maintaining the trust of customers, investors and business partners.

Each year, there are more than 1.5 million cyber-attacks on U.S. businesses. Increasingly, these attacks target small and medium-sized businesses, without regard to industry. Perhaps more importantly, everyday access to data can result in losses even without an attack: devices can be lost or stolen, for example; or employees can send an email to the wrong audience. Every data incident has the potential to become a legal matter and can result in financial losses, litigation and erosion of investor and customer confidence. We advise clients on compliance with government regulations, internal assessment and planning, and response to incidents and litigation.

In addition to securing their data, American businesses of all sizes must increasingly focus on data privacy issues. New rules in the US and elsewhere are changing the way we think about data: whose it is and what rights a business has to it. Access to valuable data—your own, your employees’, and your customers’—means that compliance with federal and state privacy laws is becoming increasingly complex. Non-compliance can create significant exposure. We provide industry-specific guidance in health care, financial services, consumer marketing, telecommunications and other segments. We also counsel on use of online and "cloud-based" networking capabilities and the specific risks and opportunities they can present.

Most companies benefit from a cross-functional team, including legal counsel, IT professionals and C-suite executives, that addresses risk management and best practices in order to limit exposure. Our breadth of experience is the perfect complement to your internal cross-functional team. Likewise, we have assembled a multi-disciplinary team of attorneys who work with clients to manage risks in advance of any problems, and respond quickly if an incident occurs.

Experience

Experience

  • CCPA

    Advise on CCPA readiness and draft appropriate policies.

  • Data processing arrangements

    DPAs and other data processing arrangements for retailers, service providers, B2B information technology companies, staffing companies, and other sectors.

  • Privacy and security commitments

    Evaluation of privacy and security commitments in diligence and sale of privately-held enterprises. 

  • GDPR

    Assess GDPR readiness and provide ongoing counsel.

  • IoT/Smart device launch

    Advise global appliance manufacturer on IoT/smart device launch.

  • Data collection, processing, and transmission

    Advised global manufacturer and service provider on data collection, processing, and transmission regarding Chinese and other international operations.

  • Breach of credit card information

    Respond to breaches of client credit card information in multiple states; research state requirements and interface as required with state law enforcement officials or others.

  • Privacy Policy

    Creation and review of privacy policies and procedures for media, healthcare, and other clients.

  • Disposition of patient records

    Advise and counsel on sale of health care practices including disposition/transition of patient records and other clinic documentation.

  • Document retention policy

    Consult on creation and implementation of corporate document retention policies and procedures, including electronic storage and records management.

  • Release of Employee Banking Information

    We immediately collected information in response to client’s identification of release of employee data by contractor. We researched relevant state laws and advised the client regarding an appropriate external and internal response. The response was successful, and no disputes or suits resulted from this incident.

  • Business associate agreements

    Advise covered entities on business associate agreements to manage risk.

  • Data disposal following sale of healthcare practices

    Advice on data disposal following sale/wind-down of healthcare practices

  • Board of National Industry ISAC

    Counsel to Board of National Industry-Specific Information Sharing and Analysis Center.

  • Retail and consumer credit card security and fraud

    Represent various retail clients regarding PCI compliance, credit card fraud and loss, and fraudulent e-commerce orders.

  • Data breach response

    Coordinate response to loss of protectable or sensitive data in electronic form, including personal credit information, vendor account credentials and customer payment authorizations.

  • Consumer law statutes advice

    Advised companies regarding compliance with the Fair Debt Collection Practices Act (FDCPA), Telephone Consumer Protection Act (TCPA), Georgia Fair Business Practices Act (FBPA) and Florida Consumer Collection Practices Act (FCCPA).

Newsroom

Headlines

Publications

Events

Speaking Engagements

Videos

Video thumbnail of Cyber Security Planning in the Wake of Equifax

For any company, no matter its size, formulating a cyber security plan is in its best interest. Listen to our experienced panel as they launch into an engaging, enlightening, and at times humorous, discussion on what you can do to plan for your company's future.

Blogs

Areas Of Focus

Related Services

Attorneys

×
media_files/video/Cyber%20Security%20Planning%20in%20the%20Wake%20of%20Equifax.mp4