Privacy and Data Security

Our multidisciplinary Privacy and Data Security team counsels clients along the entire privacy and data security spectrum, including pre-breach preparation and risk management, security and vulnerability assessments, policy and procedure creation and review, breach response planning and drills, table-top exercises, as well as board and management education on reducing cyber risk.

Industry-leading qualifications
The head of our team, F. Paul Greene, is recognized by the International Association of Privacy Professionals (IAPP), the global gold standard for privacy professionals, as a Certified Information Privacy Professional in both the United States (CIPP/US) and Europe (CIPP/E). In addition, he is a Distinguished Fellow of the Ponemon Institute, the pre-eminent research center dedicated to privacy, data protection and information security policy. Since 2015, Paul has been ranked by Chambers USA in the field of Litigation and he has been selected by his peers for inclusion in The Best Lawyers in America© in the field of Privacy and Data Security Law. Paul is backed by a team of exceptionally qualified attorneys, with experience at Am Law 100 firms, judicial clerkships, and handling high-stakes litigation.

Deep industry experience
We are trusted privacy and data security advisors to organizations of all sizes—from start-ups to Fortune 100 corporations—in numerous industries including retail, health care, financial services, defense manufacturing, critical infrastructure, information technology, software development and sales, higher education, not-for-profit organizations and more. This enables our team to provide deep insight across a number of regulatory spaces, giving our clients a broader view of how best to manage regulatory risk.

Efficiency, cost-effectiveness and plain talk
The deep knowledge of each of our team members allows us to provide robust analysis and advice, without multiple layers of review.  Moreover, clients tell us that we explain complex issues in a way they can understand, as we advise them on the full range of privacy and data security issues, such as:

  • Breach notification requirements under federal and state laws
  • Privacy and breach notification policies
  • Data security/Privacy risk assessments
  • Preparing for and avoiding a data breach or loss
  • Incident response tabletop exercises
  • Contracts with data security and privacy concerns
  • Organizational readiness for a breach
  • Comprehensive privacy management programs
  • Crisis management and remediation in response to a data breach
  • Internal investigations arising out of a data breach, including interaction with law enforcement and regulators
  • Indemnification and insurance claims
  • Potential litigation related to data breaches
  • Transactional due diligence concerning privacy and data security
  • Health Insurance Portability and Accountability Act (HIPAA)
  • California Consumer Privacy Act (CCPA)
  • The EU’s General Data Protection Regulation (GDPR)
  • The NY SHIELD Act
  • 23 N.Y.C.R.R. Part 500
  • Health Information Technology for Economic and Clinical Health Act (HITECH)
  • Payment Card Information Data Security Standard (PCI-DSS)
  • Family Educational Rights and Privacy Act (FERPA)
  • Gramm-Leach-Bliley Act (GLBA)
  • Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Fair and Accurate Credit Transactions Act (FACTA)
  • Freedom of Information Act (FOIA)
  • Fair Credit Reporting Act (FCRA)
  • Americans with Disabilities Act (ADA) 

For immediate access to our Privacy and Data Security team and their deep connections with information security professionals, forensic investigators, crisis communication professionals, with maximum protection offered by the attorney-client privilege, call our Cybersecurity Incident and Breach Response Line at 1-800-232-3021

What We See On the Horizon

For our latest insights, please visit the HSE Privacy and Data Security Blog. Among the issues we are following:

California Consumer Privacy Act (CCPA)
The most comprehensive and far-reaching data privacy law yet enacted in the U.S., CCPA took effect on January 1, 2020, with compliance obligations affecting businesses worldwide. Many of these obligations are novel, creating new requirements regarding data protection, responding to consumers, and reporting to regulators. HSE has developed CCPA and privacy management programs for clients in a number of industries including retail, financial services, adtech, information technology, and more.

State-Level Data Breach Notification Laws
All 50 states now have data breach notification laws – a web of sometimes conflicting regulations which can be difficult for companies to navigate. Our Insights on State Data Protection Laws webpage contains information to educate you on potential applicability and the impact the patchwork of state requirements may have on your business, as well as a summary of each state’s notification laws.

Continued Reputation and Financial Risk Related to Privacy and Cyberattacks
Your regulatory obligations in the event of a breach depend on the types of data that hackers are able to access, and each generation of malware varies in the sorts of data it seeks to access. Because we work continuously with data security experts, we stay up to date with current threats and can advise you quickly about your legal obligations in the event of a breach.

Key Contacts

Team

Resources

Data Protection Institute

Event Date: June 16, 2021

Department of Labor Issues Cybersecurity Recommendations for Benefit Plans

Written by Harter Secrest & Emery LLP
Published: April 19, 2021

The Dangers of Dirty Data

Written by F. Paul Greene, CIPP/US, CIPP/E
Published: March 25, 2021

Panel of Experts: How to Use Big Data Analytics

Written by Buffalo Business First
Published: March 25, 2021

Proposed New Rule Tightens Cyber Incident Notification Window for Banks and Bank Service Providers

Written by Laura K. Schwalbe, Esq.
Published: January 26, 2021

Breach Defense Continues to Be a Cybersecurity Focal Point

Written by Buffalo Business First
Published: January 15, 2021

New Data Privacy Laws for Doing Business in Canada Could Soon Be in Play

Written by Buffalo Business First
Published: January 14, 2021

N.Y. Privacy Bill Carries Litigation, Enforcement Hike Potential

Written by Bloomberg Law
Published: January 8, 2021

F. Paul Greene Earns Prestigious European Data Protection Law Certification

Written by Harter Secrest & Emery LLP
Published: December 17, 2020

Laura K. Schwalbe Appointed to WNY Heroes, Inc. Board of Directors

Written by Harter Secrest & Emery LLP
Published: November 16, 2020

DFS Pursuing First Enforcement Action After Fortune 500 Company Ignores Warnings of Security Shortcomings

Written by Anna S.M. McCarthy, Esq.
Published: July 24, 2020

CCPA Final Regulations Submitted for Expedited Review

Written by Michael R. Staszkiw, Esq.
Published: June 9, 2020

DFS Issues Guidance in Light of COVID-19 Cyber Risks

Written by Anna S.M. McCarthy, Esq.
Published: April 22, 2020

Two (and a Half) Weeks In: Ongoing Data Protection Concerns in Light of the COVID-19 Pandemic

Event Date: April 1, 2020

Privacy and Data Security Risks During COVID-19 Pandemic

Written by Laura K. Schwalbe, Esq.
Published: March 31, 2020

Privacy and Data Security Risks During COVID-19 Pandemic

Written by Harter Secrest & Emery LLP
Published: March 30, 2020

Managing Privacy & Data Security Risk During the COVID-19 Pandemic

Event Date: March 20, 2020

Laura K. Schwalbe Earns Distinguished Privacy Certification

Written by Harter Secrest & Emery LLP
Published: February 27, 2020

California Legislation Changes the Data Privacy Game

Written by Harter Secrest & Emery LLP
Published: August 2, 2019

Governor Cuomo Signs New York SHIELD Act Into Law: A Host of Breach Notification and Data Security Changes are Coming

Written by Harter Secrest & Emery LLP
Published: July 30, 2019

SEC Identifies Cybersecurity Compliance Issues Following Examinations

Written by Harter Secrest & Emery LLP
Published: May 3, 2019

Harter Secrest & Emery Partner F. Paul Greene Earns Distinguished Privacy Certification

Written by Harter Secrest & Emery LLP
Published: March 19, 2019

23 NYCRR 500: What lies ahead for 2018?

Event Date: April 5, 2018

F. Paul Greene Named Fellow to Premier Privacy and Data Security Institute

Written by Harter Secrest & Emery LLP
Published: November 15, 2017

View All Resources

Disclaimer

This website presents only general information not intended as legal advice. Although we encourage calls, letters and emails from prospective clients, please keep in mind that merely contacting Harter Secrest & Emery LLP (HSE) does not establish an attorney-client relationship between us. Confidential information should not be sent to HSE until you have been notified in writing by HSE that a formal attorney-client relationship has been established. Information sent to us before then may not be treated as confidential by HSE or the court.

I have read this and agree     Cancel

Our website uses cookies. By continuing to use our site, you agree to our use of cookies in accordance with our Privacy Policy.

Continue