Our Cybersecurity & Data Privacy lawyers provide comprehensive privacy compliance and data security risk-management services to clients worldwide.
Today’s businesses face an increasing demand to address critical cybersecurity, data protection, and privacy law issues. Drawing on the resources of our transactional, regulatory, and litigation practices as needed, our agile team helps implement security programs, plans, policies, procedures, and compliance infrastructures that reduce the strategic and financial risk of data loss without the fear of increasing your liability from regulatory enforcement or litigation. We also provide practical guidance on information-related management and risk before, during, and after data breaches and cyber incidents, leveraging our cross-disciplinary network of forensic, public relations, and crisis management business partners as needed.
After a comprehensive analysis of potential cyber and privacy risks, we develop, execute, and maintain tailored solutions, including jurisdiction-specific information security policies. We also establish compliant intrusion detection and incident response procedures, advise management and boards of directors on cyber-risk insurance policies, examine cybersecurity as part of merger and acquisition due diligence, coordinate on the discovery and production of sensitive personal information in litigation, and negotiate transactions for technologies and services requisite to compliance.
From advice and counseling when issues or concerns are identified to defense of class-action litigation and government enforcement actions, we offer a comprehensive scope of cybersecurity and data privacy services, including:
- Big data and analytics involving everything from acquisition to storage and use
- Federal Contractor assistance in crafting and implementing regulatory cybersecurity requirements (FAR, DFARS, NIST, etc.), including express obligations imposed on both Defense Department and civilian contractors and their subcontractors
- Creation and revisions to internal and online privacy notifications and policies to address evolving requirements found in the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and like statutes and regulations across the globe.
- Commercial data collection and use related to marketing, sweepstakes, and promotions
- Operational compliance in regulated and nonregulated industries, including HIPAA, FINRA, PCI-DSS, SSAE, Shine-the-Light, NIST Cybersecurity regiments, and the Cybersecurity Maturity Model Certification
- Breach and incident response, working closely with or defending against law enforcement and regulatory authorities
- Insurance coverage, including insurance policy audits, evaluating existing coverage versus potential risks, and submitting claims on behalf of policyholders
- Insurance recovery for first-party losses and third-party liability through negotiations and litigation
