Spencer Fane provides steady guidance for any organization looking to build an effective data privacy and cybersecurity program that identifies, assesses, and mitigates risk related to data collection. When incidents occur, Spencer Fane provides a calming force that actively helps clients respond in a manner that minimizes financial exposure and reputational damage.
Our attorneys prioritize keeping clients out of crisis mode. This proactive approach includes helping our clients assess their overall cyber and data-related risks and developing a strategic plan for mitigating those risks. It also includes assisting with evaluation of cyber insurance policies, development of incident response plans, and analysis of breach notification requirements.
We provide consistent and timely review of all policies, procedures, contractual terms, training programs, and data security strategies to make sure all aspects of a program remain up to date. This includes an increased focus on third-party risk management to help ensure vendors and other partners don’t create unnecessary vulnerability.
We don’t view cybersecurity as tack-on measures. Instead, we integrate best practices into the workflow and generate essential response plans aligned with current business operations. Our attorneys build knowledge of our clients’ risk and risk tolerance, and tailor our input and guidance to meet those specific needs. This includes both protecting a client’s data and protecting clients from their data and the damage that can be done when proper protocols aren’t followed in handling information collected on both employees and customers.
Our team is equipped to handle the urgent and unexpected. Our attorneys have helped clients through these incidents multiple times, so we know the best way for organizations to react to the situation. When facing a cybersecurity incident or data breach that threatens critical functions, systems, and data, we are in quick command. We provide clients with identifiable action plans that move them toward normalcy. We work with clients on management of notification obligations and resolution of resulting regulatory investigations or litigation.
Data and privacy issues have become core aspects of operations in the business world, and our attorneys have experience with HIPAA, 42 CFR Part 2, HITECH, Gramm-Leach Bliley, FDIC Guidance, PCI-DSS, EU GDPR, and state cybersecurity and data protection laws such as California’s CCPA, allowing them to identify the legal requirements applicable to an organization’s use, disclosure, and safeguarding of personal information.
Our Data Privacy and Cybersecurity areas of focus include: