Search form

Overview

Reviewing and developing enterprise-wide strategies for safeguarding data and maintaining compliance, including data breach response.

Cybersecurity Assessments

Businesses, in particular those in heavily regulated industries such as health care, banking/finance and insurance, have an increasing need to understand and address their cybersecurity risk. Our group works with key stakeholders across the organization to identify legal, contractual, ethical and other compliance requirements, risks and vulnerabilities concerning confidential company data and personal information of customers and employees through cybersecurity assessments and analyses of company privacy and data security practices.

Written Information Security Program Development

A web of federal and state laws require businesses to develop written policies and procedures that provide administrative, physical, technological and organizational safeguards to protect personal information—known as a “written information security program” or “WISP.” Our attorneys guide clients through the process of developing comprehensive WISPs, a process which starts with designing an appropriate risk assessment program to identify areas of vulnerability, considering cost, sensitivity of data and complexity of information systems.

BYOD and Device Management – Policy Development and Implementation

Whether companies issue company-owned devices or have moved to a “Bring Your Own Device” structure, managing communications and data on personal devices, and the devices themselves, is a critical enterprise-wide risk. We work with clients to design appropriate device management strategies including BYOD eligibility, access management protocols, data security safeguards, device-wipe policies, employee stipend and reimbursement programs, data breach protocols and related issues.

Cybersecurity, Ransomware Breach Preparedness, Response and Litigation

We assist companies with implementing protocols to avoid a data breach, including preparing appropriate data breach response plans. Should a breach occur, our attorneys immediately step in to guide our clients through investigating the incident and determining whether a reportable breach occurred; notifying affected individuals and agencies; responding to agency inquiries; defending litigation brought by affected persons and others concerning the breach; managing vendors involved in the breach; and reassessing the company’s policies and procedures to avoid similar breaches in the future.

Cybersecurity Awareness and Training Programs for Executives and Employees

The training we provide ranges from high-level presentations for executives, management, Chief Information Officers, Chief Information Security Officers, Chief Privacy Officers, Chief Compliance Officers and others concerning the emerging data privacy and security landscape to practical discussions with front-line employees covering the nuts and bolts of the company’s particular policies and procedures.

Vendor Management and Data Security Agreement Drafting and Negotiation

Frequently, the most critical data security vulnerability for a company is not the company itself, but the vendors that service that company. We help clients identify these vendors and then work with the client to address the vulnerability, including negotiating and drafting appropriate agreements. Many of our clients are often vendors themselves and we assist them with the data privacy and security demands of their clients.

Government Contractor Compliance

Government contractors generally are subject to the same data privacy and security standards as the government agencies with which they contract. We counsel these contractors regarding compliance with all applicable privacy and data security mandates, including the Federal Information Security Management Act of 2002, the Privacy Act of 1974, agency mandates and state law.

Strategy Development for Going Paperless and Cloud Computing

Businesses are increasingly embracing technology to manage their documents, files and data, with the ultimate goal of eliminating paper. The advent of “cloud computing” and similar technologies has accelerated this progression by allowing companies to move in this direction often at significantly less cost. We regularly advise clients concerning these new technologies including identifying applicable risks, developing policies and procedures and vendor management.

See AllIn the News

Showing 1-3 of 9
Newest
Most Read
July 9, 2018
EVERFI

Jason Gavejian, Joseph Lazzarotti and Mary Costigan Discuss Successful Compliance With GDPR

July 9, 2018

Jason Gavejian, Joseph Lazzarotti and Mary Costigan discuss steps for businesses to take in the age of GDPR in "How the GDPR gives new meaning to established privacy and security principles," published by EVERFI. Subscription may be required to view article Read More

June 18, 2018
TechTarget

Gregory Alvarez and Victor Barkalov Discuss Jackson Lewis' Commitment to Technology-Enabled Transformation

June 18, 2018

Gregory Alvarez and Victor Barkalov discuss the firm's strategic plan to provide clients with leading-edge technologies via self-service apps, automated data-driven compliance assessments, artificial intelligence and soon, chatbots, in "Law firm makes case for technology-enabled transformation,"... Read More

November 24, 2017
BenefitsPRO.com

Joseph Lazzarotti Discusses Implications of New Digital Tracking Pill Approved by FDA

November 24, 2017

Joseph Lazzarotti discusses data security and patient consent concerns surrounding the first FDA approved digital pill in "New digital pill raises consent, data security issues," published by BenefitsPRO.com. Subscription may be required to view article Read More

Showing 1-3 of 9
Contact Us | Subscribe