An incident, and even more so, a breach of customer, supplier, or internal data can be a powerful hit to your budget, reputation and repeat business. Hackers are increasingly prolific, smart technology has us interconnected and networked, and businesses maintain ever-growing databases of confidential information. Every industry is vulnerable to internal and external threats, placing risk management, personnel training, due diligence and policy development high on the priority list for protecting your business.
Effective data privacy and protection solutions should be tailored to your company. One size does not fit all (or many). Whether you’re a health care provider, retailer, manufacturer, information or other technology provider, defense contractor or financial institution, you have specific needs for policy development, privacy impact assessment, personnel training, forensic audits, incident response, customer notification, insurance coverage and transactional due diligence. Employers and sponsors of employee benefit plans also have data at risk. Our cross-industry team helps you put in place systems and processes to help protect your business data and minimize risk.
We advise on, among other matters:
- General state privacy laws (CCPA/CPRA, VCDPA, etc.)
- Breach notification and incident response
- Cyber risk insurance coverage
- Employee training on personally identifiable information best practices and policies
- Corporate advice regarding enterprise-wide privacy policies and plans
- General Data Protection Regulation (GDPR) and other country-specific regulations and laws
Prevention and Risk Management
The most effective way to protect your data and your business is to institute proactive strategies to prevent inadvertent release or a breach. Our services are a combination of assessment and training. We inventory where and how data is collected, stored, shared, transferred and used, and the policies and procedures needed to manage these systems. We evaluate and establish compliance programs for operations in the U.S. and internationally, keeping tabs on their constantly evolving regulations and requirements.
Education and Training
People can be a company’s greatest vulnerability when it comes to data protection. Everyone who views or handles a company’s records and data must be trained to understand relevant privacy laws—federal, state and global—as well as appropriate handling of information. We create in-depth workshops and educational tools tailored to your specific privacy issues and the types of data your employees handle.
If a breach occurs, whether through personnel action, malware, vendor action or other cause, we respond immediately. Our team partners with you on the full range of notification requirements, coordinates with domestic and international law enforcement agencies, assists with insurance recovery, and provides representation if litigation ensues. We’ve advised both private and public companies and have experience with addressing SEC and corporate governance requirements and responsibilities. Knowing the impact of an incident on company image can be significant, our attorneys advise on media strategy and messaging from both PR and legal perspectives.
International Data Security Compliance
Customers, employees and business partners can be located and connected globally, requiring knowledge specific to all the jurisdictions your business touches. Our team stays on top of international privacy and data protection regulations to help ensure that you are in compliance. We have the benefit of being part of a global network of legal providers with experience we can tap into across the globe.
Transactional Due Diligence and Data Protection
Your company’s data protection strategies and diligence must extend to your vendors, contractual partners and acquisition targets. Every business relationship requires some use or exchange of data. We advise on privacy clauses and liability protections when writing contracts and other agreements—with specific protocols for agreements related to cloud storage and data processing. We also conduct data privacy and protection due diligence when working on investments, M&A transactions, and licensing agreements.