“When it comes to protecting corporate data and networks, there’s no such thing as being too proactive,” says John Stephens, chair of Goldberg Segalla’s Cybersecurity and Data Privacy Practice Group. John has spent nearly two decades ahead of the wave when it comes to technology and the law, and became an International Association of Privacy Professionals (IAPP) Certified Information Privacy Professional in the U.S. (CIPP/US) before cyber became the top risk management headline buzzword. John has helped companies across the U.S. comply with new cybersecurity laws and regulations, adapt to advancing technologies, prepare for a potential data breach, and perform routine data privacy and security assessments.

An east coast native, John moved to southern California after law school to escape the cold, embrace his inner surfer, and dive head-first into the world of technology and entertainment law. At the start of 2018, John joined Goldberg Segalla to lead the firm’s cross-country expansion as head of the Los Angeles office. “My experience with cyber, as well as media and entertainment, is well-suited for the west coast. My goal is to help the firm create momentum along the Pacific, while building on the cybersecurity and industry-specific strengths Goldberg Segalla is already known for.”

Those strengths John refers to come in the form of thousands of hours of litigation and transactional experience across a range of businesses that includes technology companies, retailers, professional services, and more. “We have the skillset to assist with everything from breach preparation and management to insurance planning and coverage. Because of that, we have the ability create a full-circle cyber experience for our clients,” says John.

“I like to refer to it as Cyber 360. On the surface it sounds like a lofty goal, but it’s really not when you look at the depth of experience and knowledge found across Goldberg Segalla.”

As part of Cyber 360, John leverages the in-depth knowledge of other GS attorneys who focus on industries such as construction, health care, food and beverage, retail and hospitality, sports and entertainment, life sciences, higher education, and intellectual property. By approaching cyber preparedness through an industry-focused lens, John is able to help clients develop comprehensive security plans and policies that meet each clients’ unique needs.

One industry-determined need is the creation of a breach response plan. “While breach response is important, how a company prepares before a breach occurs is crucial to its long-term success. Recent, high-profile breaches involving some of our most sensitive information — like the ones that occurred at Anthem BlueCross BlueShield and Equifax — have put cybersecurity at top of mind for both consumers and government officials. As a result, some states are enacting laws requiring companies to publish cybersecurity protocols and develop detailed plans that outline how it will respond should it ever face a data breach,” says John.

As of March 1, 2017, all financial services companies in New York state are required to implement a cybersecurity program, appoint a chief information security officer, and monitor the cybersecurity policies of businesses they partner with. According to John, “The kind of regulation we see in New York is going to become standard across states and industries over the next few years. Right now, I’m encouraging all of our clients to stay ahead of the curve and begin the process of establishing their own breach response protocols.”

In addition to implementing cybersecurity policies, John also encourages clients to plan ahead for the European Union General Data Protection Regulation (GDPR) going into effect May 25, 2018. “It is going to impact how data is viewed worldwide,” says John. “Any company doing business in Europe must comply with the GDPR no matter where they are located. The law is written to protect the individual — it emphasizes their rights, secures their data, and gives them legal means to remove any information they do not want out there.” The GDPR also requires explicit explanations as to how an individual’s information will be used, along with timely notification of any data exchange or sale.

The cybersecurity and data privacy field is constantly evolving, and the needs of businesses around the world are changing with it. While it is impossible to be 100 percent protected from a data breach or cybersecurity incident, proactive companies will find themselves better prepared to handle the legal, technical, and public relations impacts of a breach.

For more information on how Goldberg Segalla can help with your cybersecurity and data privacy needs, contact John Stephens at jstephens@goldbergsegalla.com or 213.415.7201.