Real-World Data Privacy and Cybersecurity Counseling
Information is a vitally important asset in today’s digital age. Companies are collecting and processing unprecedented amounts of data, much of which is sensitive employee and customer information. Often, companies rely upon the assistance of third parties to secure this data. The consequences of a loss or inadvertent disclosure of data can be catastrophic to a company’s credibility and, in some cases, its existence. Yet nearly every day, we are faced with worldwide reports of data breaches at corporations and other organizations by those seeking customer credit card numbers, user passwords, internal documents and emails. Not only are there cyber threats to mitigate, but companies must also comply with increasingly complex frameworks of data privacy laws on state, federal and international levels.
Saul Ewing’s Cybersecurity & Privacy team (including 13 Certified Information Privacy Professionals) works collaboratively to ensure that our clients are supported at all stages and from all angles — from response planning for cyber-attacks, to crisis management during an occurrence, to proceeding after a cyber-attack or breach occurs. Our interdisciplinary approach means that attorneys in different legal fields — corporate, insurance, intellectual property, labor and employment, white collar, and litigation — provide clients with well-rounded, innovative solutions.
On the preparedness side, our team is experienced at reviewing response plans, coordinating with brokers and insurers on coverage of cyber risks, and working with security specialists to review and identify technology weaknesses on behalf of clients. If the client does not yet have a plan in place, our attorneys will outline procedures and develop a plan to help prepare the client for an external attack and reduce the risk of future intrusions. In the event of an attack or breach, our attorneys and network of external professionals work together to minimize exposure and protect client confidences. We counsel clients on liabilities potentially associated with the attack or breach and represent clients in related litigation when needed.
For data privacy matters, we help clients understand and meet the requirements stipulated by a variety of laws — such as the Health Insurance Portability and Accountability Act (HIPAA), the General Data Protection Regulation (GDPR), the Family Education Rights and Privacy Act (FERPA), and the Gramm-Leach-Bliley Act (GLBA) — and construct processes and policies to comply with these regulations to protect data and avoid substantial fines.
Our team helps clients during each stage of a privacy program, cybersecurity preparedness, and data-related incident or breach:
Data Privacy Compliance and Pre-Cybersecurity Incident Preparation
- Regulatory matters and internal compliance programs, including compliance with state, federal and international data privacy laws (GDPR)
- Corporate data privacy and information governance programs
- Strategic counseling and board governance
- Big data governance and privacy in technology development
- Security breach preparation and response planning
- Insurance coverage evaluation to ensure that appropriate cyber-risks are appropriately covered
- Referral of a forensic data specialist to review and identify technology weaknesses
- Referral of a PR firm to prepare or evaluate the crisis management plan
- Drafting and reviewing employee and vendor agreements
Post-Cybersecurity Incident Defense
- Post-loss economic recovery (Attacker, Employee/Contractor, Insurer, Counter-Party)
- Defense of government investigation/proceedings
- Data privacy and cybersecurity litigation
- Loss/damage mitigation
- Forensic data analysis
- Ongoing PR assistance
Cybersecurity Incident Response and Investigation
- Immediate (24/7) consultation through our legal team with a forensic data technology specialist to minimize the effects of an attack or breach
- Consultation with insurance attorneys regarding coverage and assistance with making an insurance claim
- Advice and assistance with engaging with law enforcement, if appropriate
- Advice and assistance with reporting to regulators and data protection authorities, if required
- As-needed referral to and engagement with a PR firm to manage messaging to clients and media