Privacy and Data Security
Our multidisciplinary Privacy and Data Security team counsels clients along the entire privacy and data security spectrum, including pre-breach preparation and risk management, security and vulnerability assessments, policy and procedure creation and review, breach response planning and drills, table-top exercises, as well as board and management education on reducing cyber risk.
What We Provide
Industry-leading qualifications
Several members of our team are recognized by the International Association of Privacy Professionals (IAPP), the global gold standard for privacy professionals, as a Certified Information Privacy Professional in both the United States (CIPP/US) and Europe (CIPP/E). In addition, F. Paul Greene, head of our team, is a Distinguished Fellow of the Ponemon Institute, the pre-eminent research center dedicated to privacy, data protection and information security policy. Our exceptionally qualified attorneys have experience at Am Law 100 firms, judicial clerkships, handling high-stakes litigation, and have earned many accolades in respected law firm ranking programs, including Chambers USA, The Best Lawyers in America®, Best Lawyers: Ones to Watch in America, and Super Lawyers.
Deep industry experience
We are trusted privacy and data security advisors to organizations of all sizes—from start-ups to Fortune 100 corporations—in numerous industries including retail, health care, financial services, defense manufacturing, critical infrastructure, information technology, software development and sales, higher education, not-for-profit organizations and more. This enables our team to provide deep insight across a number of regulatory spaces, giving our clients a broader view of how best to manage regulatory risk.
Efficiency, cost-effectiveness and plain talk
The deep knowledge of each of our team members allows us to provide robust analysis and advice, without multiple layers of review. Moreover, clients tell us that we explain complex issues in a way they can understand, as we advise them on the full range of privacy and data security issues, such as:
- Breach notification requirements under federal and state laws
- Privacy and breach notification policies
- Data security/Privacy risk assessments
- Preparing for and avoiding a data breach or loss
- Incident response tabletop exercises
- Contracts with data security and privacy concerns
- Organizational readiness for a breach
- Comprehensive privacy management programs
- Crisis management and remediation in response to a data breach
- Internal investigations arising out of a data breach, including interaction with law enforcement and regulators
- Indemnification and insurance claims
- Potential litigation related to data breaches
- Transactional due diligence concerning privacy and data security
- Health Insurance Portability and Accountability Act (HIPAA)
- California Consumer Privacy Act (CCPA)
- The EU’s General Data Protection Regulation (GDPR)
- The NY SHIELD Act
- 23 N.Y.C.R.R. Part 500
- Health Information Technology for Economic and Clinical Health Act (HITECH)
- Payment Card Information Data Security Standard (PCI-DSS)
- Family Educational Rights and Privacy Act (FERPA)
- Gramm-Leach-Bliley Act (GLBA)
- Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)
- Fair and Accurate Credit Transactions Act (FACTA)
- Freedom of Information Act (FOIA)
- Fair Credit Reporting Act (FCRA)
- Americans with Disabilities Act (ADA)
For immediate access to our Privacy and Data Security team and their deep connections with information security professionals, forensic investigators, crisis communication professionals, with maximum protection offered by the attorney-client privilege, call our Cybersecurity Incident and Breach Response Line at 1-800-232-3021.
What We See On the Horizon
California Consumer Privacy Act (CCPA)
The most comprehensive and far-reaching data privacy law yet enacted in the U.S., CCPA took effect on January 1, 2020, with compliance obligations affecting businesses worldwide. Many of these obligations are novel, creating new requirements regarding data protection, responding to consumers, and reporting to regulators. HSE has developed CCPA and privacy management programs for clients in a number of industries including retail, financial services, adtech, information technology, and more.
State-Level Data Breach Notification Laws
All 50 states now have data breach notification laws – a web of sometimes conflicting regulations which can be difficult for companies to navigate. Our Insights on State Data Protection Laws webpage contains information to educate you on potential applicability and the impact the patchwork of state requirements may have on your business, as well as a summary of each state’s notification laws.
Continued Reputation and Financial Risk Related to Privacy and Cyberattacks
Your regulatory obligations in the event of a breach depend on the types of data that hackers are able to access, and each generation of malware varies in the sorts of data it seeks to access. Because we work continuously with data security experts, we stay up to date with current threats and can advise you quickly about your legal obligations in the event of a breach.
Key Contacts
-
F. Paul Greene, CIPP/US, CIPP/E, CIPM, FIP
Partner
Rochester and New York City
585.231.1435
fgreene@hselaw.com -
Daniel J. Altieri
Partner
Buffalo
716.844.3741
daltieri@hselaw.com
Team
-
Ryan C. Altieri
Associate
Buffalo
716.844.3726
raltieri@hselaw.com -
John (Jack) W. Brill
Partner
Buffalo
716.844.3742
jbrill@hselaw.com -
Claire A. L. Fallone
Counsel
Rochester
585.231.1271
cfallone@hselaw.com -
Brian M. Feldman
Partner
Rochester
585.231.1201
bfeldman@hselaw.com -
Philip R. Fileri
Senior Counsel
Rochester
585.231.1225
pfileri@hselaw.com -
Amy L. Hemenway
Partner
Buffalo and Corning
716.844.3737
ahemenway@hselaw.com -
John G. Horn
Partner
Buffalo and New York City
716.844.3728
jhorn@hselaw.com -
Thomas J. Hurley
Partner
Buffalo
716.844.3732
thurley@hselaw.com -
Kyra Tichacek Keller
Counsel
Rochester
585.231.1108
kkeller@hselaw.com -
Anna S. M. McCarthy
Senior Associate
Buffalo
716.844.3748
amccarthy@hselaw.com -
Benjamin E. Mudrick
Partner
Rochester
585.231.1421
bmudrick@hselaw.com -
Christopher M. Potash
Partner
Rochester and Buffalo
585.231.1278
cpotash@hselaw.com -
Michael Roche
Senior Associate
Rochester
585.231.1364
mroche@hselaw.com -
Laura K. Schwalbe, CIPP/US, CIPP/E
Senior Associate
Buffalo and Rochester
716.844.3752
lschwalbe@hselaw.com -
Brian B. Shaw
Partner
Rochester
585.231.1193
bshaw@hselaw.com -
Edward (Ted) H. Townsend
Partner
Rochester
585.231.1254
etownsend@hselaw.com -
Richard T. Yarmel
Retired Partner
Rochester
585.231.1268
ryarmel@hselaw.com
According to our clients:
“Paul is a luminary in privacy and data security. Our Institute recently had the opportunity to work with him on our recent study on Countdown to Compliance: Is the Financial Services Industry Ready for New York State’s Cybersecurity Regulations? His insights and knowledge about the impact of these regulations on corporations were key to the success of this research.”
“They are a great team of bright, talented people who are incredibly knowledgeable, very customer-oriented and very good at meeting deadlines.”