Cybersecurity and Data Privacy
Data is everywhere and everything. It is a resource and a currency; it is a lock and a key; it makes up environments and identities. Businesses in every industry recognize data as an endless stream of opportunity. Too often, they fail to recognize the risk.
The Goldberg Segalla Cybersecurity and Data Privacy Practice Group is a multidisciplinary team of attorneys working across the country to counsel, train, and defend clients in numerous industries facing all conceivable cybersecurity and data-related matters. With verdict-tested trial lawyers, preeminent intellectual property litigators, and leading regulatory attorneys collaborating to provide 360-degree cyber counsel, our team helps industry-leading companies, their executives and IT professionals, and their insurers to:
- Assess and address data security risks and cyber coverage
- Prepare for cyberattacks and data breaches
- Create policies and procedures to mitigate risk and minimize liability
- Respond quickly and comprehensively to data security incidents
- Defend against post-breach claims and legal proceedings, as well as legal challenges to data-related business practices
- Navigate regulatory, statutory, and contractual requirements at every level
- Anticipate the future flashpoints that will define the fields of cybersecurity, data privacy, and intellectual property
Data Breach Prevention, Management, and Litigation — Comprehensive Cyber Counsel
Because businesses collect and employ data at every level, technological vulnerabilities, outdated practices and policies, and human errors create risks at every level. Some of these risks include:
- Loss of personally identifiable information — from customers and employees
- Theft of business and trade secrets and other intellectual property
- Attacks on networks and operating systems and resulting business disruption
- Challenges to business practices involving collection and usage of information about customers and the disclosure of those practices
- Exposures stemming from service providers, business partners, and employees
As many companies have learned through experience, the task of managing cyber threats does not begin — or end — with the initial response to a data breach. The company that reacts to a cybersecurity incident is positioned for loss, liability, and business disruption. Our approach, by contrast, is comprehensive: By providing counseling and training on how to anticipate risks, assess coverage needs, prepare for breaches, and execute response plans, we’ve been able to help our clients avoid serious incidents, limit liability, and implement the best workplace cybersecurity policies and practices.
When attacks or breaches do occur, we help clients respond and recover more quickly and efficiently. Our attorneys are ready to spring into action at a moment’s notice to oversee or assist a client’s internal incident response team. In addition, clients can rely on our deep bench of accomplished trial lawyers, equipped with experience defending high-profile consumer class actions and multidistrict litigation, to defend any claims that might arise in the aftermath of an attack or breach.
Our approach to data breach preparedness and cybersecurity practices is comprehensive, proactive, and adaptable to the global industries and markets in which our clients do business. More importantly, we tailor that approach to fit each client’s size and structure, IT resources, business philosophies and practices, and unique risks and vulnerabilities.
Assessing Risks, Maximizing Coverage, and Limiting Liability
Our services often begin with a comprehensive technology liability audit. Our experienced attorneys will identify risks at every level, translating complex legal, technology, security, and information governance issues into plain English and offer practical advice on eliminating, limiting, or mitigating those risks.
Drawing on the experience and resources of our Global Insurance Services practice group — comprising attorneys who have worked at the cutting-edge of cyber risk policy development and coverage litigation, and regularly offer cyber coverage opinions to the world’s leading insurers — we also review and recommend cyber risk coverage policies to our clients in finance, entertainment and media, life sciences, high-tech manufacturing, and other industries. Comfortable working in this ever-evolving area of insurance coverage, we regularly negotiate or rewrite policies to include our commitment to represent the client in the event of a data breach or other claim.
We help businesses of all sizes and structures develop policies and procedures to maximize their security and minimize the potential for a data breach; choose the right insurance policies to match their needs and potential risks; and take steps to limit potential liability related to a hacking attack or virus, a data security breach, cybercrime, or other data-related incident.
Data Collection and Privacy Practices and Regulatory Compliance
Our attorneys are deeply versed in the latest regulatory compliance requirements covering data security, breach preparedness and response, and privacy, and we closely watch the judicial decisions and communications from administrative bodies at every level that indicate how the regulatory landscape is shifting.
We frequently conduct regulatory compliance audits, covering state, federal, and international requirements. We advise companies on requirements pertaining to the collection, storage, and destruction of personally identifiable information, and help realign noncompliant policies or practices.
Our regulatory experience covers:
- Federal and state privacy-related laws and regulations, including:
- Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)
- Children’s Online Privacy Protection Act (COPPA)
- Federal Information Security Management Act (FISMA)
- Support Anti-Terrorism by Fostering Effective Technologies Act (SAFETY Act)
- Fair and Accurate Credit Transaction Act (FACTA)
- Telephone Consumer Protection Act (TCPA)
- Controlling the Assault of Non-Solicited Pornography And Marketing Act (CAN-SPAM)
- California’s Shine the Light Law, Online Privacy Protection Act, and Confidentiality of Medical Information Law
- State-specific data security and breach response laws
- Federal agency cybersecurity guidelines, including those issued by the FTC, FDA, FCC, and the NIST cybersecurity framework
- International data protection laws, including EU and Latin American requirements
In addition, we leverage our knowledge and experience to assist clients with more complex and industry-specific regulatory requirements, including:
- Compliance with Payment Card Industry Data Security Standards (PCI-DSS) pre-incident and post-data breach obligations
- Conducting due diligence and advising on compliance with privacy and data security laws in the sale and acquisition of company assets, including customer lists and databases containing personally identifiable information
- Auditing multitiered contractual privacy obligations pertaining to third-party online ad-serving companies and instituting policies and procedures for data collection, use, and disclosure
Security Policies and Contracts
We help businesses develop internal, client-facing, and third-party privacy and security policies.
We counsel management on workplace privacy issues, including employee monitoring, whistleblower laws, safeguarding of employees’ personal data, Fair Credit Reporting Act requirements in employee screening and investigations, and faithless servant data theft litigation.
In addition, our team can assist with contracts, agreements, indemnification clauses, and other vehicles to protect against liability. We develop and negotiate security agreements to ensure vendors defend and indemnify our clients on privacy and security issues, and we have experience with agreements involving cloud service providers, co-location facilities, outsourced services, and other entities.
Data Breach Protocols and Crisis Coaching
We work with management, IT professionals, and in-house counsel to help our clients develop and train computer security incident response teams (CSIRTs). This includes conducting tabletop exercises and war games and teaching CSIRTs how to administer broader incident response training programs for other employees.
With our cutting-edge crisis coaching, our clients are prepared to act quickly and decisively, preserving digital evidence, meeting changing and immensely complex notification requirements, and managing public relations to minimize reputational harm and help restore confidence in the company.
Committed to providing clients with dynamic, adaptable, and cost-efficient legal service, we are equally capable of working as an auxiliary to a client’s CSIRT and in-house counsel or taking the lead and managing every aspect of the response. This is why scores of clients of all sizes and across industries make Goldberg Segalla their first call after discovering a cybersecurity incident.
As trial lawyers, we understand that every decision made before an incident and during a data breach response — from the first call through closing the incident — can dramatically impact potential liability and the course of future litigation. Our comprehensive cyber crisis management services include:
- Coordination of the forensic investigation
- Evidence preservation
- Working with law enforcement
- Advising on multi-state notification requirements
- Advising on HIPAA notification requirements
- Responding to Office for Civil Rights (OCR) investigations and other regulatory and administrative inquiries
Post-Breach Regulatory Compliance
In addition to compliance with regulations pertaining to general data collection and privacy, we also guide clients through the intensely complicated regulatory demands triggered when a breach occurs. These include:
- Federal Trade Commission’s Children’s Online Privacy Protection Act (COPPA)
- Gramm-Leach-Bliley and Dodd-Frank Acts
- Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Act
- New European Union data protection laws
- Disclosure guidelines imposed and enforced by the Securities and Exchange Commission (SEC) as well as multiple state and international insurance industry regulatory authorities
Policy Reassessment and Public Relations
It is impossible to predict and prevent every breach. Sony, the Democratic National Committee, Experian, Ukranian power authorities, and too many others to count offer ample evidence. However, businesses and institutions that respond well to breaches can emerge even stronger after the recovery.
Our post-breach services include working with management, public relations teams, and outside consultants to develop and execute a media and public relations plan that minimizes reputational harm and restores confidence in the company while maintaining compliance with applicable regulatory requirements.
We also help clients seize on the post-breach opportunity to strengthen data protections, running comprehensive post-breach cybersecurity audits and recommending changes to policies, procedures, and response plans as needed.
Even the strongest and most effective response to a cybersecurity incident leaves open the possibility of costly lawsuits. While companies can take significant steps to limit liability and cut off avenues of plaintiffs’ attacks, they may still need the representation of a proven trial team with deep experience in the evolving legal issues unique to cybersecurity and data protection.
As a firm founded by trial lawyers, we bring to each matter the savvy and successful track record of our Commercial Litigation, Product Liability, Professional Liability, Global Insurance Services, and other litigation teams. We also bring extensive experience litigating other matters involving technology, including both prosecuting and defending business-to-business litigation involving website use, data transfer, and data storage issues.
Class Action Defense
Our Class Action Litigation Practice Group has successfully defended Fortune 500 companies as lead counsel in national and state-wide class actions, including high-risk, multimillion-dollar litigation.
A sampling of our trial and litigation experience includes:
- Representing a telephone company in actions challenging the company’s use of fax communications as violative of the Junk Fax Prevention Act
- Representing a health care company against a class action lawsuit alleging a data breach of personal health information
- Representing numerous retailers, hospitality and other clients in putative class action lawsuits brought pursuant to the Telephone Consumer Protection Act
- Representing a cellular telephone company in individual and putative class actions challenging the company’s debt collection practices under the Telephone Consumer Protection Act
Drawing on the combined experience of our Cybersecurity and Data Privacy Practice Group as well as our Global Insurance Services Practice Group — a renowned insurance and reinsurance practice ranked by market leaders and top global publications as one of the world’s biggest and best practices serving this market — we have helped leading insurers and reinsurers anticipate and adapt to emerging risks and meet the growing need for new products. We also assist with reevaluating existing products and pricing models.
Our Cyber Risk Coverage group is prepared to assist insurers and reinsurers with:
- Policy wordings and negotiations
- Underwriting guidelines and coverage counsel
- Reputational risk coverage
- Coverage dispute defense
Goldberg Segalla’s Cybersecurity and Data Privacy Practice Group conducts legal audits to help our clients assess their potential liability exposures associated with cyber risks across all potential access points, including firewalls, phishing and whaling, mobile technology, cloud computing, and social media. Clients have found this service to be particularly valuable not only in terms of its risk-management benefits, but also its tendency to give leadership insight into potentially unknown aspects of their day-to-day operations.
Our team conducts a comprehensive review of the company’s systems, policies, and procedures, both technological and administrative, to determine potential exposures and weaknesses. We then work closely with our clients to develop and implement guidelines and controls specifically calibrated for their unique needs and risks.
Technology Use Audits
Some of the issues we have addressed in audits for companies in a wide range of industries, along with insurers and reinsurers, are:
- Internal security controls and policies, including use of mobile devices and remote access
- Security addendums, risk shifting, contract provisions, and vendor liability agreements
- Information management and electronic discovery strategies
- Employment issues
- Marketing and branding
- Underwriting procedures
- Managing intellectual property and implementing controls to avoid infringement issues
- Defamation avoidance
- Guidance for insurance agents and brokers on the use of social media
- Use of social media in claims investigation and handling, and avoiding bad faith issues
- Regulatory compliance and market conduct
Our services include providing in-house training, implementing risk management programs, and monitoring progress following the audit to maximize efficiency and effectiveness.
Social Media Policy Guidance
We routinely advise insurers, reinsurers, businesses, and professionals on mitigating the risks associated with social media generally while maximizing their use of social media tools to increase brand awareness and achieve marketing and business development goals.
Our experience includes advising and developing institutional social media strategies and policies for some of the largest insurance companies and professional organizations in the world. Our Employment and Labor Practice Group is well versed in helping employers navigate the new and unique challenges presented by social media.
We can assist with the full range of social media concerns, including:
- Social media training for executives and their employees
- Conducting a legal review of company and employee use of social media
- Developing strategies to minimize corporate liability and defamation risk
- Drafting and implementing a company-wide social media policy
- Avoiding or handling employment-related disputes
- Responsibly handling advertising, contests, and promotions through social media
- Social media website terms and conditions of use
Showing 0 of 0 results
March 4, 2019
January 28, 2019
January 21, 2019
December 20, 2018