Cybersecurity and Data Privacy
Overview
A rapidly-evolving area of law governs the collection, retention, use, sharing and protection of personal data and confidential information. Federal and state privacy laws target particular industries, such as financial services and healthcare. More general laws affect all U.S. businesses. Additionally, U.S. businesses may be subject to either or both of the very detailed and highly prescriptive European Union General Data Protection Regulation (GDPR) and the California Consumer Privacy Act, which affect many organizations that have no physical presence in Europe or in California, respectively. Every business needs to be aware of these laws and understand its obligations under them.
Our data privacy and cybersecurity attorneys serve clients in many industries, including:
- Financial Services
- Professional Services (including law firms, accounting firms and consulting firms)
- Real Estate and Construction
- Staffing
- Health and Life Sciences
- Cannabis
- Hospitality
Navigating the complex and ever-changing web of federal, state and foreign privacy and breach notification laws requires experienced legal guidance that cannot be obtained from non-lawyer consulting firms. Moreover, engaging legal counsel to oversee pre-breach risk assessment and planning processes will preserve the attorney-client privilege to the greatest extent possible, which will be very important if your company experiences a data breach – as most companies do. If a company ultimately does suffer a data breach, it should engage counsel early on to develop a legal strategy to investigate and remediate the breach, working with IT and security consultants and the company’s accountants, all under the maximum available protection of the attorney-client privilege.
Tannenbaum Helpern assists its clients in a wide range of areas related to data privacy and security, including:
Data Privacy and Security Regulatory Advice
Our experienced team of data privacy and cybersecurity attorneys advise on a broad range of privacy and data protection matters, including:
- Developing and implementing effective data privacy policies and procedures
- Complying with U.S. federal and state privacy and data security laws, including:
- The Federal Trade Commission Act
- The Gramm-Leach-Bliley Act (GLBA) and accompanying regulations
- The Health Insurance Portability and Accountability Act (HIPAA)
- The Children’s Online Privacy Protection Act (COPPA)
- The Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM)
- The New York State Department of Financial Services Cybersecurity Regulation (23 NYCRR 500)
- The California Consumer Privacy Act of 2018 (CCPA)
- Data breach notification laws
- Complying with the GDPR
- Advising on cross-border data transfers
Pre-Incident Planning
No data security program is impenetrable, and vulnerabilities will always exist. Our attorneys help clients plan for the inevitable data incident by developing comprehensive yet user-friendly data breach incident response plans. If your company has already prepared an incident response plan, our attorneys can suggest any revisions that may be necessary.
We work hand-in-hand with the company’s management, information security and information technology professionals to ensure that the incident response plan covers all of the issues and considerations that must be addressed, including the company’s legal obligations.
Incident Response, Regulatory Investigations and Litigation Defense
After a data security incident does occur, our attorneys provide comprehensive assistance, including overseeing forensic investigations and crisis management activities, providing legally-required notifications to affected individuals and responding to federal and state regulatory inquiries. And if the need ever arises, we vigorously defend our clients in any post-breach litigation claims.
Vendor Agreements and Other Third Party Transactions
Vendor agreements present a latent risk to privacy and data security. It is important to make sure than vendors provide adequate data security and assume appropriate breach response obligations. Our attorneys counsel clients in connection with vendor contracts and business associate agreements. We also advise clients on cross-border data transfers.
Data Privacy and Cybersecurity Advice in Transactional Matters
Our attorneys help clients identify privacy and cybersecurity risks that may be lurking in a potential transaction. We perform privacy and cybersecurity legal due diligence to assess and address risk in the context of mergers and acquisitions and other transactions, and recommend purchase agreement provisions to reduce risk and provide appropriate protections for the client’s interests.
Review of Cyber Insurance Coverage
A complete understanding of your company’s insurance program is vital to maximizing protection against cyber risk. Our attorneys will review your company’s cyber insurance policies to assess whether they provide adequate coverage for data privacy or data security events. We can also assist you with completing data privacy and security representations and warranties that insurance companies may require in their underwriting process.
Attorneys
Case Studies
Sorry, there are no Case Studies related to this Practice Area.
Publications
- What Businesses Outside California Should Know About the California Consumer Privacy Act
- The Proliferation of Biometric Data and Legislation to Regulate its Use
- Directors and Officers Beware: Your Company’s Violations of Privacy Laws May Cost You Personally
- Turndown Service with that Hack: Marriott Hotels Announce Massive Data Breach
- Are Your Website and Privacy Policy GDPR Compliant?
- GoDaddy the latest to leave S3 Bucket Unsecured
- Data Privacy Alert: California Consumer Privacy Act of 2018 Just Enacted
- What U.S.- Based Investment Advisers Should Know
- Data Security Issues for Staffing Firms After the Equifax Breach
- Using Per Diem Attorneys Plus An Addendum To The June Forum On Cybersecurity Ethics
- Law Firm Ethical Obligations and Cybersecurity
- Global Ransomware Attack: Basic Security Measures Every Business Should Adopt
- Overview of Data Privacy and Cybersecurity Regulatory Landscape for Investment Advisers and Other Financial Services Companies
- NY Businesses Reported a Record Number of Data Breach Incidents in 2016
- Cybersecurity Risk Update – Hackers Take Over Bank via DNS
- Recent Cyber Attack On Law Firms Serves As A Wake-Up Call For Professional Services Firms
- What’s New in the Revised New York State Proposed Cybersecurity Regulation?
- Actual-Intent Fraudulent Transfers and the Crime/Fraud Exception
- Proposed NYS DFS Cybersecurity Regulations to Significantly Impact FS Companies
- Cybersecurity and Staffing: Guarding Clients' and Job Candidates’ Information
- SEC Adopts Rules for Equity Crowdfunding
- What Law Firms Should Know about Data Security Right Now
- Mobile Devices, Hotspots and preserving attorney-client confidentiality
Cybersecurity and Data Privacy
A rapidly-evolving area of law governs the collection, retention, use, sharing and protection of personal data and confidential information. Federal and state privacy laws target particular industries, such as financial services and healthcare. More general laws affect all U.S. businesses. Additionally, U.S. businesses may be subject to either or both of the very detailed and highly prescriptive European Union General Data Protection Regulation (GDPR) and the California Consumer Privacy Act, which affect many organizations that have no physical presence in Europe or in California, respectively. Every business needs to be aware of these laws and understand its obligations under them.
Our data privacy and cybersecurity attorneys serve clients in many industries, including:
- Financial Services
- Professional Services (including law firms, accounting firms and consulting firms)
- Real Estate and Construction
- Staffing
- Health and Life Sciences
- Cannabis
- Hospitality
Navigating the complex and ever-changing web of federal, state and foreign privacy and breach notification laws requires experienced legal guidance that cannot be obtained from non-lawyer consulting firms. Moreover, engaging legal counsel to oversee pre-breach risk assessment and planning processes will preserve the attorney-client privilege to the greatest extent possible, which will be very important if your company experiences a data breach – as most companies do. If a company ultimately does suffer a data breach, it should engage counsel early on to develop a legal strategy to investigate and remediate the breach, working with IT and security consultants and the company’s accountants, all under the maximum available protection of the attorney-client privilege.
Tannenbaum Helpern assists its clients in a wide range of areas related to data privacy and security, including:
Data Privacy and Security Regulatory Advice
Our experienced team of data privacy and cybersecurity attorneys advise on a broad range of privacy and data protection matters, including:
- Developing and implementing effective data privacy policies and procedures
- Complying with U.S. federal and state privacy and data security laws, including:
- The Federal Trade Commission Act
- The Gramm-Leach-Bliley Act (GLBA) and accompanying regulations
- The Health Insurance Portability and Accountability Act (HIPAA)
- The Children’s Online Privacy Protection Act (COPPA)
- The Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM)
- The New York State Department of Financial Services Cybersecurity Regulation (23 NYCRR 500)
- The California Consumer Privacy Act of 2018 (CCPA)
- Data breach notification laws
- Complying with the GDPR
- Advising on cross-border data transfers
Pre-Incident Planning
No data security program is impenetrable, and vulnerabilities will always exist. Our attorneys help clients plan for the inevitable data incident by developing comprehensive yet user-friendly data breach incident response plans. If your company has already prepared an incident response plan, our attorneys can suggest any revisions that may be necessary.
We work hand-in-hand with the company’s management, information security and information technology professionals to ensure that the incident response plan covers all of the issues and considerations that must be addressed, including the company’s legal obligations.
Incident Response, Regulatory Investigations and Litigation Defense
After a data security incident does occur, our attorneys provide comprehensive assistance, including overseeing forensic investigations and crisis management activities, providing legally-required notifications to affected individuals and responding to federal and state regulatory inquiries. And if the need ever arises, we vigorously defend our clients in any post-breach litigation claims.
Vendor Agreements and Other Third Party Transactions
Vendor agreements present a latent risk to privacy and data security. It is important to make sure than vendors provide adequate data security and assume appropriate breach response obligations. Our attorneys counsel clients in connection with vendor contracts and business associate agreements. We also advise clients on cross-border data transfers.
Data Privacy and Cybersecurity Advice in Transactional Matters
Our attorneys help clients identify privacy and cybersecurity risks that may be lurking in a potential transaction. We perform privacy and cybersecurity legal due diligence to assess and address risk in the context of mergers and acquisitions and other transactions, and recommend purchase agreement provisions to reduce risk and provide appropriate protections for the client’s interests.
Review of Cyber Insurance Coverage
A complete understanding of your company’s insurance program is vital to maximizing protection against cyber risk. Our attorneys will review your company’s cyber insurance policies to assess whether they provide adequate coverage for data privacy or data security events. We can also assist you with completing data privacy and security representations and warranties that insurance companies may require in their underwriting process.
Sorry, there are no Case Studies related to this Practice Area.
- What Businesses Outside California Should Know About the California Consumer Privacy Act
- The Proliferation of Biometric Data and Legislation to Regulate its Use
- Directors and Officers Beware: Your Company’s Violations of Privacy Laws May Cost You Personally
- Turndown Service with that Hack: Marriott Hotels Announce Massive Data Breach
- Are Your Website and Privacy Policy GDPR Compliant?
- GoDaddy the latest to leave S3 Bucket Unsecured
- Data Privacy Alert: California Consumer Privacy Act of 2018 Just Enacted
- What U.S.- Based Investment Advisers Should Know
- Data Security Issues for Staffing Firms After the Equifax Breach
- Using Per Diem Attorneys Plus An Addendum To The June Forum On Cybersecurity Ethics
- Law Firm Ethical Obligations and Cybersecurity
- Global Ransomware Attack: Basic Security Measures Every Business Should Adopt
- Overview of Data Privacy and Cybersecurity Regulatory Landscape for Investment Advisers and Other Financial Services Companies
- NY Businesses Reported a Record Number of Data Breach Incidents in 2016
- Cybersecurity Risk Update – Hackers Take Over Bank via DNS
- Recent Cyber Attack On Law Firms Serves As A Wake-Up Call For Professional Services Firms
- What’s New in the Revised New York State Proposed Cybersecurity Regulation?
- Actual-Intent Fraudulent Transfers and the Crime/Fraud Exception
- Proposed NYS DFS Cybersecurity Regulations to Significantly Impact FS Companies
- Cybersecurity and Staffing: Guarding Clients' and Job Candidates’ Information
- SEC Adopts Rules for Equity Crowdfunding
- What Law Firms Should Know about Data Security Right Now
- Mobile Devices, Hotspots and preserving attorney-client confidentiality