Data Security, Privacy and Information Law

Information is the lifeblood of business. And today more than ever, the business world is awash with information. No matter its size, complexity or sophistication, virtually every business organization accumulates large swaths of data. Harnessed effectively, that data can provide an edge in an increasingly competitive world.

But data is a risk catalyst as well. Companies in every industry are subject to a complex legal landscape governing their accumulation, storage and disposition of data. Those obligations stem from any number of sources: contractual relationships, decisional case law as well as a host of various state, federal and international statutory and regulatory requirements. As data continues to permeate every facet of a business’ operations in new and expanding ways, those obligations – and risks – will only continue to broaden. Absent a comprehensive approach to information management and incident response, companies may be unknowingly ignoring what could be their greatest vulnerability – in business and in potential litigation.

We help our clients take control. We educate, counsel and represent clients on all aspects of data security, privacy and information law, all with a view towards helping them manage and minimize the risks associated with their storage, use and retention of data. And should the need arise, our attorneys have the knowledge and experience necessary to represent organizations in litigation stemming from those issues. In so doing, we empower our clients to re-focus on the business value of that information.

We counsel and represent clients in the following types of matters:

  • Data security standards (ISO 27001, SOC1, SOC2, PCI-DSS, PCI-PA)
  • Application and extension of data security and privacy policies to vendors
  • DFARS defense contractor and subcontractor data breach registration and notification requirements
  • BYOD/BYOI and other employment-related policies
  • Social media counseling and planning
  • Information governance, data retention policies and litigation “preparedness”
  • E-discovery and internal investigations
  • Privacy policies
  • Statutory financial privacy requirements, including the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act, the Fair and Accurate Credit Transactions Act and the Fair Credit Extension Uniformity Act
  • Security and privacy of health-related information, including:
    • HIPAA privacy and security policies, including policies that reflect HITECH requirements
    • Notice of Privacy Practices, Business Associate Contracts and related documentation
    • Breach Notification Analysis Flowcharts as well as internal procedures for addressing suspected HIPAA breaches
    • HIPAA inventories, individual rights (such as access, accountings, restrictions and additional confidentiality)
    • Business Associate Contracts and their interaction with underlying services agreements
    • HIPAA training for senior management and front-line employees
  • Data privacy and security litigation, including matters governed by state law as well as the Fair Credit Reporting Act, the Computer Fraud and Abuse Act, state Unfair and state-specific Deceptive Trade Practices Acts and Uniform Trade Secret Acts

Whether you are undertaking a complete overhaul of your organization’s information governance practices, facing a discrete issue in the context of a commercial transaction or suddenly facing a data security breach, we can help. Our team utilizes a lean, multi-disciplinary approach that enables us to identify – and quickly respond to – the full range of our clients’ needs. Armed with that knowledge, our clients can focus on using information to fuel their business.