Practice/Organization Description
A breach or release of customer data can be a powerful hit to your budget, reputation and repeat business. Hackers are increasingly prolific, smart technology has us interconnected and networked, and businesses maintain ever-growing databases of confidential information. Every industry is vulnerable to internal and external threats, placing risk management, personnel training, due diligence and policy development high on the priority list for protecting your business.
Effective data privacy and protection solutions should be tailored to the industry your business serves. Whether you’re a health care provider, retailer, defense contractor or financial institution, you have specific needs for policy development, personnel training, forensic audits, breach response, customer notification, insurance coverage and transactional due diligence. Employers and sponsors of employee benefit plans also have data at risk. Our cross-industry team includes attorneys certified by the International Association of Privacy Professionals who help you put in place systems and processes to protect your business data and prevent unintended releases.
We advise on
HIPAA
Breach notification and incident response
Cyber risk insurance coverage
Advice on model contract clauses to indemnify and hold harmless
Employee training on personally identifiable information best practices and policies
Corporate advice regarding enterprise-wide privacy policies and plans
Vendor privacy policy review
European Union Data Protection Directive and General Data Protection Regulation (GDPR) Attestations
EU- US Privacy Shield Assessment and Certification
CAN-SPAM, UK Data Protection Act, Privacy Act Canada, PIPEDA, and other country-specific regulations
Prevention and Risk Management
The most effective way to protect your data and your business is to institute proactive strategies to prevent inadvertent release or a breach. Our services are a combination of assessment and training. We inventory where and how data is collected, stored, shared, transferred and used, and the policies and procedures needed to manage these systems. We evaluate and establish compliance programs for operations in the U.S. and internationally, keeping tabs on their constantly evolving regulations and requirements.
Education and Training
People can be a company’s greatest vulnerability when it comes to data protection. Everyone who views or handles a company’s records and data must be trained to understand relevant privacy laws—federal, state and global—as well as appropriate handling of information. We create in-depth workshops and educational tools tailored to your specific privacy issues and the types of data your employees handle.
Incident Response
If a breach occurs, whether through personnel action, malware, vendor action or other cause, we respond immediately. Our team partners with you on the full range of notification requirements, coordinates with domestic and international law enforcement agencies, assists with insurance recovery, and provides representation if litigation ensues. We’ve advised both private and public companies and have experience with addressing SEC and corporate governance requirements and responsibilities. Knowing the impact of an incident on company image can be significant, our attorneys advise on media strategy and messaging from both PR and legal perspectives.
International Data Security Compliance
Customers, employees and business partners can be located and connected globally, requiring knowledge specific to all the jurisdictions your business touches. Our team stays on top of international privacy and data protection regulations to ensure that you are in compliance. We have the benefit of being part of a global network of legal providers with experience we can tap into across the globe.
Transactional Due Diligence and Data Protection
Your company’s data protection strategies and diligence must extend to your vendors, contractual partners and acquisition targets. Every business relationship requires some use or exchange of data. We advise on privacy clauses and liability protections when writing contracts and other agreements—with specific protocols for agreements related to cloud storage and data processing. We also conduct data privacy and protection due diligence when working on M&A transactions and licensing agreements.
