Cybersecurity & Data Privacy

Overview

Companies face an ever-shifting threat to their digital assets, whether as a result of malicious attacks, structural failures, human errors, or natural disasters, that can lead to a compromise of confidential information. Robust cybersecurity and data privacy policies and procedures work hand-in-glove to protect companies and their data, customers, and shareholders from the risks and ramifications posed by these data breaches.

Whether it is complying with government regulations, preparing for and managing cyber events, negotiating data protection agreement provisions, evaluating cyber-insurance policies, handling cyber incident litigation or dispute resolution, or satisfying auditors, our attorneys have the necessary experience to prepare and advise clients on their risks and obligations and successfully guide them through serious security incidents should one occur.

Our multidisciplinary team of leading cybersecurity and data privacy professionals advises clients on the potential consequences of cybersecurity threats and how to implement comprehensive measures for mitigating cyber risks, prepares customized strategy and action plans, and provides ongoing support and maintenance to promote cybersecurity awareness. 
 

How We Can Help

We not only know the law, we know the businesses and industries in which our clients operate. This helps us understand and achieve their business objectives.

Maritime

Mitigating cyber risk is one of the biggest challenges currently facing the maritime industry. Our team provides comprehensive solutions for protecting your company’s property and reputation from the unprecedented cybersecurity challenges present in today’s global digital economy. We address cybersecurity issues associated with both land-based systems and systems onboard ships, including the implementation of the Industry Guidelines on Cyber Security Onboard Ships and the IMO Guidelines on Maritime Cyber Risk Management.

Healthcare and Life Sciences

Federal and state laws afford special protection to health information, and enforcement of privacy and security laws applicable to health information is on the rise. Our attorneys work with clients to evaluate complex privacy and security matters involving health information for health care providers, payors, business associates, and life sciences companies. We advise on compliance with HIPAA, HITECH, the FTC Act, the FDCA, the Common Rule, state mental health privacy laws, and federal and state privacy laws regarding drug and alcohol treatment in addition to coaching our clients through security breaches.

Insurance Recovery

Our insurance recovery attorneys have significant experience helping clients maximize the value of their policies in the area of cyber risk. Through a combination of proactive counseling and vigorous advocacy work, our team has helped numerous insureds enhance their cyber coverage and respond to attempts by insurers to deny coverage for cyber losses.

Government Contracts

We assist government contractor clients in protecting Unclassified Controlled Technical Information (“UCTI”), Covered Defense Information (“CDI”), export controlled information, and trade secrets. Importantly, we offer a privileged relationship through which our clients can identify and manage their security risks, protect their digital assets, quickly respond to cyber threats, and determine whether mandatory reporting of cyber incidents to the government is required. 

Cloud Services, Websites, Mobile Applications

Many websites, software applications, cloud services, and other network technologies process personally identifiable information and, as a result, may be subject to various federal and state privacy and security laws. Our attorneys help draft privacy policies for websites and mobile applications, advising businesses on their internal corporate policies for processing personal information, negotiating software licenses and technology services agreements, and prosecuting and analyzing patents that relate to data privacy and cybersecurity systems. 

Experience

  • Counseled largest independently-owned food processor in the eastern United States with respect to security breach by payroll processor resulting in unauthorized access to human resources data about employees in 10 states, including negotiating for settlement with payment processor, reviewing individual notices, and interacting with insurance carrier. 
  • Advised top U.S. accounting firm regarding loss of sensitive customer data, including notifying and negotiating with customers, preparing individual notices, arranging for identity theft protection service, interacting with insurance carrier, and counseling on communications plan.
  • Developed and implemented global privacy and security compliance program for Fortune 500 international pharmaceutical, medical device, and consumer company, including working closely with the client’s internal privacy team to assess the company’s business practices, develop a company-wide privacy policy, draft business-unit level policies and procedures, create and negotiate privacy language in contracts and permission documents, and train company personnel.
  • Represented health care provider in evaluating possible unauthorized access to electronic medical records system through investigation of electronic medical record provider.
  • Advised client with respect to response to ransomware attack where sensitive personal information was the subject of the attack, including engaging for independent forensic investigation. 
  • Represented vendor to online retailers regarding response to a breach involving the inadvertent misconfiguration of a firewall that was taken advantage of by attackers and resulted in release of payment card information, including advising on notices to payment card companies, individual notifications, and notifications to regulatory bodies.
  • Counseled employer regarding response to spam phishing attack involving malicious e-mail resulting in theft of W-2 forms from employees in several states.
  • Assisted major shipping company with cyber-breach response regarding receipt of fraudulent e-mails and payment to cybercriminal.
  • Successfully arbitrated on behalf of one of the world’s leading suppliers of bunker fuel regarding failure to receive funds/payment due to cyber breach and payment to cybercriminal.
  • Provide annual cybersecurity compliance training and policy review for one of the largest transportation and distribution companies in the United States. 
  • Provided a Global 500 professional services firm with strategic advice regarding insurance coverage for cybersecurity and privacy risks. The Firm analyzed the entire suite of insurance policies that the company holds, detailing where there may be coverage for cybersecurity and privacy risks. The Firm also provided strategic advice to the company regarding the purchase of cyberinsurance policies. As a result of the work that the Firm performed to customize the off-the-shelf cyberinsurance policies for this client’s risks, $90 million in losses from a breach were covered by insurance that would not have otherwise been covered. 
  • Performed top-to-bottom review of a Fortune 500 company’s insurance policies to identify gaps in coverage for cyber risks in response to boardroom-level inquiry. The Firm also helped the company review and select proposed cyberinsurance policies and recommended changes to selected cyberinsurance policy with respect to costs arising from a cyber or privacy event, business interruption, regulatory actions, liability, and cyber extortion.
  • Provided comprehensive review of Fortune 100 manufacturing company’s cyberinsurance policies to identify areas for improvement and customization to the company’s unique risk profile. 
  • Represented manufacturer that suffered monetary losses after hackers infiltrated a vendor’s network and sent fraudulent e-mails to the manufacturer directing it to send payment to fraudulent accounts. The Firm assisted the chemical manufacturer with providing notice to its insurer and responding to insurer’s coverage positions. 
  • Represented a company that suffered a data breach after hackers sent fraudulent e-mails to company. The Firm assisted the company with providing notice to its insurers and the FBI and complying with breach notification requirements.
  • Represented government contractor with providing its insurer with notice of a data breach and advising it on the scope of coverage available under its insurance policies.
  • Advised consumer-facing web-based service company with the purchase and renewal of cyberinsurance policy.
  • Advised pharmaceutical company with recommendations and advice concerning the purchase and renewal of cyberinsurance policy.
  • Handled a suspected cyber incident targeting a defense contractor’s IT system, including managing the incident response and recovery, notifications, and insurance coverage issues.
  • Reviewed and revised security policies for global manufacturer and retailer of chocolates.
  • Advised global company with respect to worldwide data protection strategy, including transfer of data from Europe to United States.
     

Team

News & Views

See all News and Views