Data breaches are a concern for all companies, regardless of the size or the industry. As we store more and more information in the digital realm – including trade secrets and other intellectual property, financial information, company know-how, and the like – our networks become greater targets for thieves, competitors, and hackers. In addition to external threats, data breaches are often the result of insiders acting either innocently or maliciously. Regardless of the nature of a breach, without proper planning the effects can be devastating, subjecting victims to regulatory penalties, litigation, and severe reputational harm.
Now more than ever, companies need a skilled cybersecurity and data privacy team backing their operations. Our firm strives to stay abreast of relevant regulations such as the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act (HIPAA), the Electronic Communications Privacy Act (ECPA), CAN-SPAM, the Children’s Online Privacy Protection Act (COPPA), the Fair Credit Reporting Act (FCRA), the Federal Trade Commission Act, Sarbanes-Oxley, breach notification laws, and other federal and state laws and best practices. Clients depend on us to:
- Develop relevant policies. Having appropriate policies in place is more than just a good idea. We help clients individually tailor policies, such as: incident response, acceptable use, mobile tools / BYOD, code of conduct, social media, record retention, and more.
- Plan for the inevitable attack. It is commonly said that there are two types of companies: those that have fallen victim to a data breach, and those that will. We advise key company personnel regarding risk assessment and planning, help to tailor an incident response plan, advise clients regarding risk mitigation measures such as cyberinsurance, and coordinate with vendors to test and maintain company servers in hopes of preventing an attack;
- Incident response. We coordinate with forensic and crisis PR teams to understand and quickly address a data breach, to answer the relevant questions, and to develop an incident response strategy that is tailored to the client’s individual risk profile;
- Deal with potential regulatory issues and litigation. Once a data breach occurs, we will analyze the requirements for breach notifications, agency reporting requirements, and the like. We’ll also help respond to inquiries and investigations by regulatory agencies such as the FTC, and authorities such as state attorneys general. Finally, in the event of litigation, we can help defend against a variety claims that may arise, including privacy, regulatory, and class action claims.