Cybersecurity and Data Privacy

A rapidly-evolving area of law governs the collection, retention, use, sharing and protection of personal data and confidential information. Federal and state privacy laws target particular industries, such as financial services and healthcare. More general laws affect all U.S. businesses. Additionally, U.S. businesses may be subject to either or both of the very detailed and highly prescriptive European Union General Data Protection Regulation (GDPR) and the California Consumer Privacy Act, which affect many organizations that have no physical presence in Europe or in California, respectively. Every business needs to be aware of these laws and understand its obligations under them.

Our data privacy and cybersecurity attorneys serve clients in many industries, including:

  • Financial Services
  • Professional Services (including law firms, accounting firms and consulting firms)
  • Real Estate and Construction
  • Staffing
  • Health and Life Sciences
  • Cannabis
  • Hospitality

Navigating the complex and ever-changing web of federal, state and foreign privacy and breach notification laws requires experienced legal guidance that cannot be obtained from non-lawyer consulting firms. Moreover, engaging legal counsel to oversee pre-breach risk assessment and planning processes will preserve the attorney-client privilege to the greatest extent possible, which will be very important if your company experiences a data breach – as most companies do. If a company ultimately does suffer a data breach, it should engage counsel early on to develop a legal strategy to investigate and remediate the breach, working with IT and security consultants and the company’s accountants, all under the maximum available protection of the attorney-client privilege.

Tannenbaum Helpern assists its clients in a wide range of areas related to data privacy and security, including:

Data Privacy and Security Regulatory Advice

Our experienced team of data privacy and cybersecurity attorneys advise on a broad range of privacy and data protection matters, including:

  • Developing and implementing effective data privacy policies and procedures
  • Complying with U.S. federal and state privacy and data security laws, including:
    • The Federal Trade Commission Act
    • The Gramm-Leach-Bliley Act (GLBA) and accompanying regulations
    • The Health Insurance Portability and Accountability Act (HIPAA)
    • The Children’s Online Privacy Protection Act (COPPA)
    • The Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM)
    • The New York State Department of Financial Services Cybersecurity Regulation (23 NYCRR 500)
    • The California Consumer Privacy Act of 2018 (CCPA)
    • Data breach notification laws
  • Complying with the GDPR
  • Advising on cross-border data transfers

Pre-Incident Planning

No data security program is impenetrable, and vulnerabilities will always exist. Our attorneys help clients plan for the inevitable data incident by developing comprehensive yet user-friendly data breach incident response plans. If your company has already prepared an incident response plan, our attorneys can suggest any revisions that may be necessary.

We work hand-in-hand with the company’s management, information security and information technology professionals to ensure that the incident response plan covers all of the issues and considerations that must be addressed, including the company’s legal obligations.

Incident Response, Regulatory Investigations and Litigation Defense

After a data security incident does occur, our attorneys provide comprehensive assistance, including overseeing forensic investigations and crisis management activities, providing legally-required notifications to affected individuals and responding to federal and state regulatory inquiries. And if the need ever arises, we vigorously defend our clients in any post-breach litigation claims.

Vendor Agreements and Other Third Party Transactions

Vendor agreements present a latent risk to privacy and data security. It is important to make sure than vendors provide adequate data security and assume appropriate breach response obligations. Our attorneys counsel clients in connection with vendor contracts and business associate agreements. We also advise clients on cross-border data transfers.

Data Privacy and Cybersecurity Advice in Transactional Matters

Our attorneys help clients identify privacy and cybersecurity risks that may be lurking in a potential transaction. We perform privacy and cybersecurity legal due diligence to assess and address risk in the context of mergers and acquisitions and other transactions, and recommend purchase agreement provisions to reduce risk and provide appropriate protections for the client’s interests.

Review of Cyber Insurance Coverage

A complete understanding of your company’s insurance program is vital to maximizing protection against cyber risk. Our attorneys will review your company’s cyber insurance policies to assess whether they provide adequate coverage for data privacy or data security events. We can also assist you with completing data privacy and security representations and warranties that insurance companies may require in their underwriting process.

Sorry, there are no Case Studies related to this Practice Area.

Cybersecurity and Data Privacy

A rapidly-evolving area of law governs the collection, retention, use, sharing and protection of personal data and confidential information. Federal and state privacy laws target particular industries, such as financial services and healthcare. More general laws affect all U.S. businesses. Additionally, U.S. businesses may be subject to either or both of the very detailed and highly prescriptive European Union General Data Protection Regulation (GDPR) and the California Consumer Privacy Act, which affect many organizations that have no physical presence in Europe or in California, respectively. Every business needs to be aware of these laws and understand its obligations under them.

Our data privacy and cybersecurity attorneys serve clients in many industries, including:

  • Financial Services
  • Professional Services (including law firms, accounting firms and consulting firms)
  • Real Estate and Construction
  • Staffing
  • Health and Life Sciences
  • Cannabis
  • Hospitality

Navigating the complex and ever-changing web of federal, state and foreign privacy and breach notification laws requires experienced legal guidance that cannot be obtained from non-lawyer consulting firms. Moreover, engaging legal counsel to oversee pre-breach risk assessment and planning processes will preserve the attorney-client privilege to the greatest extent possible, which will be very important if your company experiences a data breach – as most companies do. If a company ultimately does suffer a data breach, it should engage counsel early on to develop a legal strategy to investigate and remediate the breach, working with IT and security consultants and the company’s accountants, all under the maximum available protection of the attorney-client privilege.

Tannenbaum Helpern assists its clients in a wide range of areas related to data privacy and security, including:

Data Privacy and Security Regulatory Advice

Our experienced team of data privacy and cybersecurity attorneys advise on a broad range of privacy and data protection matters, including:

  • Developing and implementing effective data privacy policies and procedures
  • Complying with U.S. federal and state privacy and data security laws, including:
    • The Federal Trade Commission Act
    • The Gramm-Leach-Bliley Act (GLBA) and accompanying regulations
    • The Health Insurance Portability and Accountability Act (HIPAA)
    • The Children’s Online Privacy Protection Act (COPPA)
    • The Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM)
    • The New York State Department of Financial Services Cybersecurity Regulation (23 NYCRR 500)
    • The California Consumer Privacy Act of 2018 (CCPA)
    • Data breach notification laws
  • Complying with the GDPR
  • Advising on cross-border data transfers

Pre-Incident Planning

No data security program is impenetrable, and vulnerabilities will always exist. Our attorneys help clients plan for the inevitable data incident by developing comprehensive yet user-friendly data breach incident response plans. If your company has already prepared an incident response plan, our attorneys can suggest any revisions that may be necessary.

We work hand-in-hand with the company’s management, information security and information technology professionals to ensure that the incident response plan covers all of the issues and considerations that must be addressed, including the company’s legal obligations.

Incident Response, Regulatory Investigations and Litigation Defense

After a data security incident does occur, our attorneys provide comprehensive assistance, including overseeing forensic investigations and crisis management activities, providing legally-required notifications to affected individuals and responding to federal and state regulatory inquiries. And if the need ever arises, we vigorously defend our clients in any post-breach litigation claims.

Vendor Agreements and Other Third Party Transactions

Vendor agreements present a latent risk to privacy and data security. It is important to make sure than vendors provide adequate data security and assume appropriate breach response obligations. Our attorneys counsel clients in connection with vendor contracts and business associate agreements. We also advise clients on cross-border data transfers.

Data Privacy and Cybersecurity Advice in Transactional Matters

Our attorneys help clients identify privacy and cybersecurity risks that may be lurking in a potential transaction. We perform privacy and cybersecurity legal due diligence to assess and address risk in the context of mergers and acquisitions and other transactions, and recommend purchase agreement provisions to reduce risk and provide appropriate protections for the client’s interests.

Review of Cyber Insurance Coverage

A complete understanding of your company’s insurance program is vital to maximizing protection against cyber risk. Our attorneys will review your company’s cyber insurance policies to assess whether they provide adequate coverage for data privacy or data security events. We can also assist you with completing data privacy and security representations and warranties that insurance companies may require in their underwriting process.

Sorry, there are no Case Studies related to this Practice Area.

Print
This Page