Cybersecurity and Data Privacy
Overview
CyberTalk
CyberTalk is a vlog covering a wide range of cybersecurity and data privacy legal developments.
View VideosA rapidly-evolving area of law governs the collection, retention, use, sharing and protection of personal data and confidential information. Federal privacy laws target particular industries, such as financial services and healthcare. Broadly applicable state laws, such as the California Consumer Privacy Act (as amended by the California Privacy Rights Act) and similar laws recently enacted in other states, like Virginia and Colorado, are broad in scope, affecting businesses located in other jurisdictions. Almost every U.S. state has laws governing businesses’ responses to personal data breaches, with detailed (and sometimes inconsistent) timelines and notice requirements. Finally, many U.S. businesses are subject to the European Union General Data Protection Regulation (GDPR), even if they have no physical presence in Europe.
Every business needs to be aware of these laws and understand its obligations under them. Additionally, every business must have a plan to respond to data breaches, the risks of which have increased dramatically as ransomware attacks become more common.
Tannenbaum Helpern’s cybersecurity and data privacy attorneys serve clients in many industries, including:
- Financial Services
- Professional Services (including law firms, accounting firms and consulting firms)
- Real Estate and Construction
- Staffing
- Health and Life Sciences
- Cannabis
- Hospitality
Navigating the complex and ever-changing web of federal, state and foreign privacy and breach notification laws requires experienced legal guidance that cannot be obtained from non-lawyer consulting firms. Moreover, engaging legal counsel to oversee pre-breach risk assessment and planning processes will preserve the attorney-client privilege to the greatest extent possible, which will be very important if your company experiences a data breach – as most companies eventually do. If a company does suffer a data breach, it must engage counsel early on to develop a legal strategy to investigate and remediate the breach, working with IT and security consultants and the company’s accountants, all under the maximum available protection of the attorney-client privilege.
Tannenbaum Helpern assists its clients in a wide range of areas related to data privacy and security, including:
Data Privacy and Security Regulatory Advice
Tannenbaum Helpern’s experienced team of data privacy and cybersecurity attorneys advise on a broad range of privacy and data protection matters, including:
- Developing and implementing effective data privacy policies and procedures
- Complying with U.S. federal and state privacy and data security laws, including:
- The Federal Trade Commission Act
- The Gramm-Leach-Bliley Act (GLBA) and accompanying regulations
- The Health Insurance Portability and Accountability Act (HIPAA)
- The Children’s Online Privacy Protection Act (COPPA)
- The Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM)
- The New York State Department of Financial Services Cybersecurity Regulation (23 NYCRR 500)
- The California Consumer Privacy Act of 2018 (as amended by the California Privacy Rights Act), and similar laws recently enacted in Virginia and Colorado
- Data breach notification laws
- Complying with the GDPR
- Advising on cross-border data transfers
Pre-Incident Planning
No data security program is impenetrable, and vulnerabilities will always exist. Tannenbaum Helpern attorneys help clients plan for the inevitable data incident by developing comprehensive yet user-friendly data breach incident response plans. If your company has already prepared an incident response plan, we can review the plan and suggest any revisions that may be necessary.
We work hand-in-hand with the company’s management, information security and information technology professionals to ensure that the incident response plan covers all of the issues and considerations that must be addressed, including the company’s legal obligations.
Incident Response, Regulatory Investigations and Litigation Defense
After a data security incident does occur, Tannenbaum Helpern attorneys provide comprehensive assistance, including overseeing forensic investigations and crisis management activities, providing legally-required notifications to affected individuals and responding to federal and state regulatory inquiries. And if the need ever arises, we vigorously defend our clients in any post-breach litigation claims and regulatory investigations.
Vendor Agreements and Other Third Party Transactions
Vendor agreements present a latent risk to privacy and data security whenever such vendors receive personal data from a business. It is important to make sure that such vendors provide adequate data security and assume appropriate breach response obligations. Tannenbaum Helpern attorneys counsel clients in connection with vendor contracts and business associate agreements, as well as advising clients on cross-border data transfers.
Data Privacy and Cybersecurity Advice in Transactional Matters
Tannenbaum Helpern attorneys help clients identify privacy and cybersecurity risks that may be lurking in a potential transaction. Our attorneys perform privacy and cybersecurity legal due diligence to assess and address risk in the context of mergers and acquisitions and other transactions, and recommend purchase agreement provisions to reduce risk and provide appropriate protections for the client’s interests.
Case Studies
Sorry, there are no Case Studies related to this Practice Area.
Publications
- Video: CyberTalk - Schrems Redux - Part 2, Schrems Redux: Data transfers from Europe to the U.S.
- Video: CyberTalk - Schrems Redux - Part 1, Schrems Redux: Data transfers from Europe to the U.S.
- Schrems Redux: Data Transfers from Europe to the U.S. Just Became More Problematic
- Update on New York’s SHIELD Act - Cybersecurity Requirements on Businesses Now in Effect
- Video: New York's SHIELD Act Imposes Cybersecurity Requirements on Businesses
- New York’s SHIELD Act Expands Notification Laws and Imposes Strict Cybersecurity Requirements on Businesses
- What Businesses Outside California Should Know About the California Consumer Privacy Act
- The Proliferation of Biometric Data and Legislation to Regulate its Use
- Directors and Officers Beware: Your Company’s Violations of Privacy Laws May Cost You Personally
- Turndown Service with that Hack: Marriott Hotels Announce Massive Data Breach
- Are Your Website and Privacy Policy GDPR Compliant?
- GoDaddy the latest to leave S3 Bucket Unsecured
- Data Privacy Alert: California Consumer Privacy Act of 2018 Just Enacted
- What U.S.- Based Investment Advisers Should Know
- Data Security Issues for Staffing Firms After the Equifax Breach
- Using Per Diem Attorneys Plus An Addendum To The June Forum On Cybersecurity Ethics
- Law Firm Ethical Obligations and Cybersecurity
- Global Ransomware Attack: Basic Security Measures Every Business Should Adopt
- Overview of Data Privacy and Cybersecurity Regulatory Landscape for Investment Advisers and Other Financial Services Companies
- NY Businesses Reported a Record Number of Data Breach Incidents in 2016
- Cybersecurity Risk Update – Hackers Take Over Bank via DNS
- Recent Cyber Attack On Law Firms Serves As A Wake-Up Call For Professional Services Firms
- What’s New in the Revised New York State Proposed Cybersecurity Regulation?
- Actual-Intent Fraudulent Transfers and the Crime/Fraud Exception
- Proposed NYS DFS Cybersecurity Regulations to Significantly Impact FS Companies
- Cybersecurity and Staffing: Guarding Clients' and Job Candidates’ Information
CyberTalk
CyberTalk is a vlog covering a wide range of cybersecurity and data privacy legal developments.
View VideosA rapidly-evolving area of law governs the collection, retention, use, sharing and protection of personal data and confidential information. Federal privacy laws target particular industries, such as financial services and healthcare. Broadly applicable state laws, such as the California Consumer Privacy Act (as amended by the California Privacy Rights Act) and similar laws recently enacted in other states, like Virginia and Colorado, are broad in scope, affecting businesses located in other jurisdictions. Almost every U.S. state has laws governing businesses’ responses to personal data breaches, with detailed (and sometimes inconsistent) timelines and notice requirements. Finally, many U.S. businesses are subject to the European Union General Data Protection Regulation (GDPR), even if they have no physical presence in Europe.
Every business needs to be aware of these laws and understand its obligations under them. Additionally, every business must have a plan to respond to data breaches, the risks of which have increased dramatically as ransomware attacks become more common.
Tannenbaum Helpern’s cybersecurity and data privacy attorneys serve clients in many industries, including:
- Financial Services
- Professional Services (including law firms, accounting firms and consulting firms)
- Real Estate and Construction
- Staffing
- Health and Life Sciences
- Cannabis
- Hospitality
Navigating the complex and ever-changing web of federal, state and foreign privacy and breach notification laws requires experienced legal guidance that cannot be obtained from non-lawyer consulting firms. Moreover, engaging legal counsel to oversee pre-breach risk assessment and planning processes will preserve the attorney-client privilege to the greatest extent possible, which will be very important if your company experiences a data breach – as most companies eventually do. If a company does suffer a data breach, it must engage counsel early on to develop a legal strategy to investigate and remediate the breach, working with IT and security consultants and the company’s accountants, all under the maximum available protection of the attorney-client privilege.
Tannenbaum Helpern assists its clients in a wide range of areas related to data privacy and security, including:
Data Privacy and Security Regulatory Advice
Tannenbaum Helpern’s experienced team of data privacy and cybersecurity attorneys advise on a broad range of privacy and data protection matters, including:
- Developing and implementing effective data privacy policies and procedures
- Complying with U.S. federal and state privacy and data security laws, including:
- The Federal Trade Commission Act
- The Gramm-Leach-Bliley Act (GLBA) and accompanying regulations
- The Health Insurance Portability and Accountability Act (HIPAA)
- The Children’s Online Privacy Protection Act (COPPA)
- The Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM)
- The New York State Department of Financial Services Cybersecurity Regulation (23 NYCRR 500)
- The California Consumer Privacy Act of 2018 (as amended by the California Privacy Rights Act), and similar laws recently enacted in Virginia and Colorado
- Data breach notification laws
- Complying with the GDPR
- Advising on cross-border data transfers
Pre-Incident Planning
No data security program is impenetrable, and vulnerabilities will always exist. Tannenbaum Helpern attorneys help clients plan for the inevitable data incident by developing comprehensive yet user-friendly data breach incident response plans. If your company has already prepared an incident response plan, we can review the plan and suggest any revisions that may be necessary.
We work hand-in-hand with the company’s management, information security and information technology professionals to ensure that the incident response plan covers all of the issues and considerations that must be addressed, including the company’s legal obligations.
Incident Response, Regulatory Investigations and Litigation Defense
After a data security incident does occur, Tannenbaum Helpern attorneys provide comprehensive assistance, including overseeing forensic investigations and crisis management activities, providing legally-required notifications to affected individuals and responding to federal and state regulatory inquiries. And if the need ever arises, we vigorously defend our clients in any post-breach litigation claims and regulatory investigations.
Vendor Agreements and Other Third Party Transactions
Vendor agreements present a latent risk to privacy and data security whenever such vendors receive personal data from a business. It is important to make sure that such vendors provide adequate data security and assume appropriate breach response obligations. Tannenbaum Helpern attorneys counsel clients in connection with vendor contracts and business associate agreements, as well as advising clients on cross-border data transfers.
Data Privacy and Cybersecurity Advice in Transactional Matters
Tannenbaum Helpern attorneys help clients identify privacy and cybersecurity risks that may be lurking in a potential transaction. Our attorneys perform privacy and cybersecurity legal due diligence to assess and address risk in the context of mergers and acquisitions and other transactions, and recommend purchase agreement provisions to reduce risk and provide appropriate protections for the client’s interests.
Sorry, there are no Case Studies related to this Practice Area.
- Video: CyberTalk - Schrems Redux - Part 2, Schrems Redux: Data transfers from Europe to the U.S.
- Video: CyberTalk - Schrems Redux - Part 1, Schrems Redux: Data transfers from Europe to the U.S.
- Schrems Redux: Data Transfers from Europe to the U.S. Just Became More Problematic
- Update on New York’s SHIELD Act - Cybersecurity Requirements on Businesses Now in Effect
- Video: New York's SHIELD Act Imposes Cybersecurity Requirements on Businesses
- New York’s SHIELD Act Expands Notification Laws and Imposes Strict Cybersecurity Requirements on Businesses
- What Businesses Outside California Should Know About the California Consumer Privacy Act
- The Proliferation of Biometric Data and Legislation to Regulate its Use
- Directors and Officers Beware: Your Company’s Violations of Privacy Laws May Cost You Personally
- Turndown Service with that Hack: Marriott Hotels Announce Massive Data Breach
- Are Your Website and Privacy Policy GDPR Compliant?
- GoDaddy the latest to leave S3 Bucket Unsecured
- Data Privacy Alert: California Consumer Privacy Act of 2018 Just Enacted
- What U.S.- Based Investment Advisers Should Know
- Data Security Issues for Staffing Firms After the Equifax Breach
- Using Per Diem Attorneys Plus An Addendum To The June Forum On Cybersecurity Ethics
- Law Firm Ethical Obligations and Cybersecurity
- Global Ransomware Attack: Basic Security Measures Every Business Should Adopt
- Overview of Data Privacy and Cybersecurity Regulatory Landscape for Investment Advisers and Other Financial Services Companies
- NY Businesses Reported a Record Number of Data Breach Incidents in 2016
- Cybersecurity Risk Update – Hackers Take Over Bank via DNS
- Recent Cyber Attack On Law Firms Serves As A Wake-Up Call For Professional Services Firms
- What’s New in the Revised New York State Proposed Cybersecurity Regulation?
- Actual-Intent Fraudulent Transfers and the Crime/Fraud Exception
- Proposed NYS DFS Cybersecurity Regulations to Significantly Impact FS Companies
- Cybersecurity and Staffing: Guarding Clients' and Job Candidates’ Information