Search form


Reviewing and developing enterprise-wide strategies for safeguarding data and maintaining compliance, including data breach response.

Cybersecurity Assessments

Businesses, in particular those in heavily regulated industries such as health care, banking/finance and insurance, have an increasing need to understand and address their cybersecurity risk. Our group works with key stakeholders across the organization to identify legal, contractual, ethical and other compliance requirements, risks and vulnerabilities concerning confidential company data and personal information of customers and employees through cybersecurity assessments and analyses of company privacy and data security practices.

Written Information Security Program Development

A web of federal and state laws require businesses to develop written policies and procedures that provide administrative, physical, technological and organizational safeguards to protect personal information—known as a “written information security program” or “WISP.” Our attorneys guide clients through the process of developing comprehensive WISPs, a process which starts with designing an appropriate risk assessment program to identify areas of vulnerability, considering cost, sensitivity of data and complexity of information systems.

BYOD and Device Management – Policy Development and Implementation

Whether companies issue company-owned devices or have moved to a “Bring Your Own Device” structure, managing communications and data on personal devices, and the devices themselves, is a critical enterprise-wide risk. We work with clients to design appropriate device management strategies including BYOD eligibility, access management protocols, data security safeguards, device-wipe policies, employee stipend and reimbursement programs, data breach protocols and related issues.

Cybersecurity, Ransomware Breach Preparedness, Response and Litigation

We assist companies with implementing protocols to avoid a data breach, including preparing appropriate data breach response plans. Should a breach occur, our attorneys immediately step in to guide our clients through investigating the incident and determining whether a reportable breach occurred; notifying affected individuals and agencies; responding to agency inquiries; defending litigation brought by affected persons and others concerning the breach; managing vendors involved in the breach; and reassessing the company’s policies and procedures to avoid similar breaches in the future.

Cybersecurity Awareness and Training Programs for Executives and Employees

The training we provide ranges from high-level presentations for executives, management, Chief Information Officers, Chief Information Security Officers, Chief Privacy Officers, Chief Compliance Officers and others concerning the emerging data privacy and security landscape to practical discussions with front-line employees covering the nuts and bolts of the company’s particular policies and procedures.

Vendor Management and Data Security Agreement Drafting and Negotiation

Frequently, the most critical data security vulnerability for a company is not the company itself, but the vendors that service that company. We help clients identify these vendors and then work with the client to address the vulnerability, including negotiating and drafting appropriate agreements. Many of our clients are often vendors themselves and we assist them with the data privacy and security demands of their clients.

Government Contractor Compliance

Government contractors generally are subject to the same data privacy and security standards as the government agencies with which they contract. We counsel these contractors regarding compliance with all applicable privacy and data security mandates, including the Federal Information Security Management Act of 2002, the Privacy Act of 1974, agency mandates and state law.

Strategy Development for Going Paperless and Cloud Computing

Businesses are increasingly embracing technology to manage their documents, files and data, with the ultimate goal of eliminating paper. The advent of “cloud computing” and similar technologies has accelerated this progression by allowing companies to move in this direction often at significantly less cost. We regularly advise clients concerning these new technologies including identifying applicable risks, developing policies and procedures and vendor management.

See AllIn the News

Showing 1-3 of 7
Most Read
November 24, 2017

Joseph Lazzarotti Discusses Implications of New Digital Tracking Pill Approved by FDA

November 24, 2017

Joseph Lazzarotti discusses data security and patient consent concerns surrounding the first FDA approved digital pill in "New digital pill raises consent, data security issues," published by Subscription may be required to view article Read More

November 3, 2017
Law 360

Lisa Marrello Discusses Anoush Koroghlian-Scott Joining Jackson Lewis

November 3, 2017

Lisa Marrello discusses Anoush Koroghlian-Scott recently joining Jackson Lewis, focusing her practice on health care and data security in "Health Hires: Jackson Lewis, EBG, Spencer Fane, AMRI," published by Law360. Subscription may be required to view article Read More

July 21, 2016
Copyright & New Media Law

Jason Gavejian Authors "Social Media Use By Applicants and Employees: The Conundrum"

July 21, 2016

Jason Gavejian authored "Social Media Use By Applicants and Employees: The Conundrum," published by Copyright and New Media Law.     Read More

Showing 1-3 of 7