Overview
Reviewing and developing enterprise-wide strategies for safeguarding data and maintaining compliance, including data breach response.
Cybersecurity Assessments
Businesses, in particular those in heavily regulated industries such as health care, banking/finance and insurance, have an increasing need to understand and address their cybersecurity risk. Our group works with key stakeholders across the organization to identify legal, contractual, ethical and other compliance requirements, risks and vulnerabilities concerning confidential company data and personal information of customers and employees through cybersecurity assessments and analyses of company privacy and data security practices.
Written Information Security Program Development
A web of federal and state laws require businesses to develop written policies and procedures that provide administrative, physical, technological and organizational safeguards to protect personal information—known as a “written information security program” or “WISP.” Our attorneys guide clients through the process of developing comprehensive WISPs, a process which starts with designing an appropriate risk assessment program to identify areas of vulnerability, considering cost, sensitivity of data and complexity of information systems.
BYOD and Device Management – Policy Development and Implementation
Whether companies issue company-owned devices or have moved to a “Bring Your Own Device” structure, managing communications and data on personal devices, and the devices themselves, is a critical enterprise-wide risk. We work with clients to design appropriate device management strategies including BYOD eligibility, access management protocols, data security safeguards, device-wipe policies, employee stipend and reimbursement programs, data breach protocols and related issues.
Cybersecurity, Ransomware Breach Preparedness, Response and Litigation
We assist companies with implementing protocols to avoid a data breach, including preparing appropriate data breach response plans. Should a breach occur, our attorneys immediately step in to guide our clients through investigating the incident and determining whether a reportable breach occurred; notifying affected individuals and agencies; responding to agency inquiries; defending litigation brought by affected persons and others concerning the breach; managing vendors involved in the breach; and reassessing the company’s policies and procedures to avoid similar breaches in the future.
Cybersecurity Awareness and Training Programs for Executives and Employees
The training we provide ranges from high-level presentations for executives, management, Chief Information Officers, Chief Information Security Officers, Chief Privacy Officers, Chief Compliance Officers and others concerning the emerging data privacy and security landscape to practical discussions with front-line employees covering the nuts and bolts of the company’s particular policies and procedures.
Vendor Management and Data Security Agreement Drafting and Negotiation
Frequently, the most critical data security vulnerability for a company is not the company itself, but the vendors that service that company. We help clients identify these vendors and then work with the client to address the vulnerability, including negotiating and drafting appropriate agreements. Many of our clients are often vendors themselves and we assist them with the data privacy and security demands of their clients.
Government Contractor Compliance
Government contractors generally are subject to the same data privacy and security standards as the government agencies with which they contract. We counsel these contractors regarding compliance with all applicable privacy and data security mandates, including the Federal Information Security Management Act of 2002, the Privacy Act of 1974, agency mandates and state law.
Strategy Development for Going Paperless and Cloud Computing
Businesses are increasingly embracing technology to manage their documents, files and data, with the ultimate goal of eliminating paper. The advent of “cloud computing” and similar technologies has accelerated this progression by allowing companies to move in this direction often at significantly less cost. We regularly advise clients concerning these new technologies including identifying applicable risks, developing policies and procedures and vendor management.
