Even savvy companies can fall victim to enterprising cyber-thieves and disgruntled or careless employees, putting financial, medical and employment data in jeopardy. Such failures call into question the adequacy of internal procedures and improperly designed compliance procedures in this area may be per se violations of federal and/or state law. Marshaling the resources of our transactional, regulatory and litigation practices, including Intellectual Property/Information Technology; Corporate; Securities and Financial Institutions; Health Care; Insurance Coverage; Government Investigations and White Collar Criminal Defense; and Labor and Employment, McCarter provides comprehensive privacy compliance and data security risk management services to clients worldwide.
The Task Force is skilled in drafting and implementing jurisdiction-specific information security policies; establishing compliant intrusion detection and incident response procedures; advising management and boards of directors on cyber-risk insurance policies and related insurance coverage; and negotiating the transactions for procurement and implementation of the technologies and services requisite to compliance.
Our broad privacy compliance and data security risk management counseling includes:
- Big data and analytics (acquisition, appending, storage, transmission and use)
- Commercial data collection and use (advertising, marketing, sweepstakes and promotion)
- Operational compliance in both regulated and nonregulated industries (e.g., HIPAA, FINRA, PCI-DSS, SSAE, Shine-the-Light, the NIST Cybersecurity Framework)
- Breach and incident response (working closely with, or defending against, law enforcement and regulatory authorities)
- Insurance coverage (conducting insurance policy audits, evaluating scope of existing insurance coverage relative to clients’ potential risks, and submission of claims on behalf of policyholders)
- Insurance recovery for first-party losses and third-party liability through negotiations and litigation
Data breaches set in motion a complex set of reporting and remediation requirements. When such an event occurs, we employ our mastery of the various applicable state and federal laws – as well as wide-ranging industry knowledge – to assist clients with regulators and crisis management, if needed, including drawing on our extensive network of forensic, public relations and crisis management business partners. McCarter lawyers advise retailers, health care providers and financial services companies on day-to-day matters and represent them in connection with the most challenging issues presented by data security breaches: defending against consumer class actions, pursuing insurance recovery through negotiations and litigation, and government surveillance and regulation, to name a few.