In the world where data breach, ransomware, social engineering, and cyberfraud are daily news headlines, the ability of an organization to identify, assess, and mitigate its data risks is key to success. Through coordination of attorneys across industry areas, we provide our clients the foundation on which to build an effective privacy and security program.
Using our experience with HIPAA, HITECH, Gramm-Leach Bliley, FDIC Guidance, PCI-DSS, EU GDPR, and state data laws, we are able to identify the legal requirements applicable to an organization’s use, disclosure, and safeguarding of personal information. With those requirements in mind, we develop policies and procedures, contractual terms, training programs, and security strategies to manage data consistent with the organization’s risk structure.
Security incidents have become a matter of when, not if, and our attorneys provide the necessary support to survive the incident when it does occur, including evaluation of cyberinsurance policies, development of incident response plans, analysis of breach notification requirements, management of notification obligations, and resolution of resulting regulatory investigations or litigation.