Tannenbaum Helpern Syracuse & Hirschtritt, LLP
About Us Careers Contact Us Search
Home Practice Areas Industries Case Results Attorneys Publications Events Press Room

Cybersecurity and Data Privacy

A rapidly-evolving area of law governs the collection, retention, use, sharing and protection of personal data and confidential information. Federal and state privacy laws target particular industries, such as financial services and healthcare. More general laws affect all U.S. businesses. Additionally, U.S. businesses may be subject to either or both of the very detailed and highly prescriptive European Union General Data Protection Regulation (GDPR) and the California Consumer Privacy Act, which affect many organizations that have no physical presence in Europe or in California, respectively. Every business needs to be aware of these laws and understand its obligations under them.

Our data privacy and cybersecurity attorneys serve clients in many industries, including:

  • Financial Services
  • Professional Services (including law firms, accounting firms and consulting firms)
  • Real Estate and Construction
  • Staffing
  • Health and Life Sciences
  • Cannabis
  • Hospitality

Navigating the complex and ever-changing web of federal, state and foreign privacy and breach notification laws requires experienced legal guidance that cannot be obtained from non-lawyer consulting firms. Moreover, engaging legal counsel to oversee pre-breach risk assessment and planning processes will preserve the attorney-client privilege to the greatest extent possible, which will be very important if your company experiences a data breach – as most companies do. If a company ultimately does suffer a data breach, it should engage counsel early on to develop a legal strategy to investigate and remediate the breach, working with IT and security consultants and the company’s accountants, all under the maximum available protection of the attorney-client privilege.

Tannenbaum Helpern assists its clients in a wide range of areas related to data privacy and security, including:

Data Privacy and Security Regulatory Advice

Our experienced team of data privacy and cybersecurity attorneys advise on a broad range of privacy and data protection matters, including:

  • Developing and implementing effective data privacy policies and procedures
  • Complying with U.S. federal and state privacy and data security laws, including:
    • The Federal Trade Commission Act
    • The Gramm-Leach-Bliley Act (GLBA) and accompanying regulations
    • The Health Insurance Portability and Accountability Act (HIPAA)
    • The Children’s Online Privacy Protection Act (COPPA)
    • The Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM)
    • The New York State Department of Financial Services Cybersecurity Regulation (23 NYCRR 500)
    • The California Consumer Privacy Act of 2018 (CCPA)
    • Data breach notification laws
  • Complying with the GDPR
  • Advising on cross-border data transfers

Pre-Incident Planning

No data security program is impenetrable, and vulnerabilities will always exist. Our attorneys help clients plan for the inevitable data incident by developing comprehensive yet user-friendly data breach incident response plans. If your company has already prepared an incident response plan, our attorneys can suggest any revisions that may be necessary.

We work hand-in-hand with the company’s management, information security and information technology professionals to ensure that the incident response plan covers all of the issues and considerations that must be addressed, including the company’s legal obligations.

Incident Response, Regulatory Investigations and Litigation Defense

After a data security incident does occur, our attorneys provide comprehensive assistance, including overseeing forensic investigations and crisis management activities, providing legally-required notifications to affected individuals and responding to federal and state regulatory inquiries. And if the need ever arises, we vigorously defend our clients in any post-breach litigation claims.

Vendor Agreements and Other Third Party Transactions

Vendor agreements present a latent risk to privacy and data security. It is important to make sure than vendors provide adequate data security and assume appropriate breach response obligations. Our attorneys counsel clients in connection with vendor contracts and business associate agreements. We also advise clients on cross-border data transfers.

Data Privacy and Cybersecurity Advice in Transactional Matters

Our attorneys help clients identify privacy and cybersecurity risks that may be lurking in a potential transaction. We perform privacy and cybersecurity legal due diligence to assess and address risk in the context of mergers and acquisitions and other transactions, and recommend purchase agreement provisions to reduce risk and provide appropriate protections for the client’s interests.

Review of Cyber Insurance Coverage

A complete understanding of your company’s insurance program is vital to maximizing protection against cyber risk. Our attorneys will review your company’s cyber insurance policies to assess whether they provide adequate coverage for data privacy or data security events. We can also assist you with completing data privacy and security representations and warranties that insurance companies may require in their underwriting process.

Like us on FaceBook Follow us on Twitter Get LinkedIn with us Pin It! Email Us Print this Page

Sitemap |Terms of Use | Privacy | Attorney Advertising

Tannenbaum Helpern Syracuse & Hirschtritt LLP provides legal advice only to individuals or entities with which it has established an attorney-client relationship and such advice is based on the particular facts and circumstances of each matter. Contacting us through this site, or otherwise, will not establish an attorney-client relationship with us. Any e-mail or other communication sent to THSH or its lawyers through this site will not be treated as subject to the attorney-client privilege or as otherwise confidential and you should not include any confidential information in any such communication.