The world of protected, sensitive, and commercially valuable data can be a dangerous place. With the ever increasing frequency of data breaches in a variety of industries, many organizations must now look inward and ask tough questions about their own data, policies, and ability to respond when a breach occurs. Our multidisciplinary Privacy and Data Security team counsels our clients concerning the risks, regulatory implications, and potential litigation arising from misuse or improper storage or transmission of protected, sensitive, or commercially valuable data, whether it be Payment Card Information, Protected Health Information, Personally Identifiable Information, or trade secrets. Specifically, we counsel our clients concerning:
- federal and state data protection and breach notification requirements;
- compliance and reporting under federal and state securities laws;
- best practices for preparing for and avoiding a data breach or loss, including privacy and breach notification policies, contracts with security vendors, cyber and data risk insurance, and organizational readiness for a breach;
- crisis management and remediation in response to a data breach;
- internal investigations arising out of a data breach, including interaction with law enforcement and regulators;
- indemnification and insurance claims; and
- potential litigation and regulatory action.
Timing is Crucial When You Are Under Attack
Quick and experienced breach response is essential to getting back on track and minimizing legal risk. An organization that is slow to respond to a cyberattack or inefficient in its response faces disruption, confusion, increased harm to its systems and customers, as well as possible regulatory enforcement and civil liability.
The HSE Privacy and Data Security team is available 24/7 to provide experienced incident and breach coach guidance, including breach response and remediation support, crisis management and communication, post-breach reporting and notice, and advice and representation concerning potential litigation and regulatory enforcement. Call our Cybersecurity Incident and Breach Response Line at 1-800-232-3012 for immediate access to our Privacy and Data Security team and their deep connections with information security professionals, forensic investigators, crisis communication professionals, with maximum protection offered by the attorney-client privilege.
Plan Ahead to Defend
The risk is real. It is no longer a question of if, but when, an incident will occur. Planning before an attack can be the best defensive move an entity can take. Every year hackers become bolder and more sophisticated. Entities that once thought they were safe from a cyberattack are now finding that they either have been hacked or are under attack. Our Privacy and Data Security lawyers can help you assess your security status, review your practices and procedures to evaluate and remedy any potential weaknesses, including breach response planning and table-top drills, all under the protection of the attorney-client privilege.
Learn more about your cyber risk by clicking here and completing our Legal/Regulatory Risk Inventory Assessment Survey.
State Data Breach Notification Laws Map
There are currently 48 different state-level data breach notification laws across the U.S., including one in the District of Columbia, creating a web of regulation that is difficult to traverse. For entities doing business in multiple states, or for entities with customers, employees, or even former employees in multiple states, the variations in these laws, and the conflict between them, can make responding to a data breach in a timely and correct manner a treacherous exercise. Our State Regulations Map contains a summary of each state’s notification laws, providing a baseline comparison between the states of the various requirements your entity could face.
Our Experience
Our Privacy and Data Security attorneys have years of in-depth experience in dealing with various federal and state laws and regulations impacting the privacy and security of information, including, but not limited to:
- Health Insurance Portability and Accountability Act (HIPAA);
- Health Information Technology for Economic and Clinical Health Act (HITECH);
- Federal and state data protection and breach notification requirements;
- Payment Card Information Data Security Standard (PCI-DSS);
- Family Educational Rights and Privacy Act (FERPA);
- Gramm-Leach-Bliley (GLB) Act;
- Fair and Accurate Credit Transactions Act (FACTA);
- Freedom of Information Act (FOIA);
- Fair Credit Reporting Act (FCRA);
- Americans with Disabilities Act (ADA); and
- Red Flags Rule.
Our Clients
- Fortune 100 Companies
- Financial Services Companies
- Retail Merchants
- Public & Private Health Care Systems and Hospitals
- Long Term Care Facilities
- Physicians and Other Care Providers
- Public & Private Colleges & Universities
- Public & Private Companies
- Information Technology Companies
- Software Developers & Vendors
- Not-for-Profit Organizations