Cybersecurity, Data Protection & Privacy
Protection of the security and privacy of information and data presents an ongoing and growing challenge to businesses and enterprises of all sizes.
A comprehensive and interdisciplinary approach to data management is critical in today’s climate, in which all operations across all private and public sector verticals are becoming digitized, each with its unique data flows and information management opportunities and challenges. On the one hand, controlling data and exploiting its value can be a key ingredient to maintenance and increase in enterprise value. On the other hand, increased dependencies on digital devices and networks have been associated with increased vulnerability of data to breach due to systems deficiencies, human error, and malicious attack. These exposures have correlated with an intensification of regulatory oversight and enforcement and civil actions.
In this dynamic environment, the full array of corporate activities are increasingly being driven by the opportunities and risks associated with the collection, maintenance and dissemination of data. Compliance initiatives, mergers and acquisitions, cloud and other vendor contracts, consumer-facing e-commerce offerings, product development, software development, insurance and corporate reputation generally (just to name a few) are increasingly being driven by the opportunities and risks associated with data.
Clark Hill’s team approach to data protection brings together security and privacy attorneys with colleagues from our core practice groups and sector and service teams to tailor our services to each client’s unique data, privacy and security needs. Our team understands technology and the related legal issues and challenges and are accustomed to working with our clients’ own technical, business, marketing, compliance and other stakeholders.
Our counseling, transactional, compliance and remediation work covers a range of industries and corresponding regulatory regimes, including:
- Health Insurance Portability and Accountability Act (HIPAA)
- Gramm-Leach-Bliley (GLB)
- The Federal Trade Commission Act
- Federal Fair Credit Reporting Act
- Industry-specific requirements for financial services, health care, utilities, transportation, education, and government contractors
- State consumer data protection laws
- State data breach notice laws
- Safeguarding consumer credit information
- Identify theft “red flags”
- Secure disposal
Areas of Cybersecurity, Data Protection & Privacy Legal Services
Security Incidents: Preparation, Response and Remediation
- Response planning
- Analyze and evaluate cyber insurance coverage options
- Legal considerations in responding to security incidents and breaches
- Preparation of notice to affected individuals
- Dealing with law enforcement, insurers, public relations, and stakeholders
- Addressing claim and litigation issues
Technology Planning and Policies
- Inventories of systems, devices and data
- Risk assessments
- Consumer facing privacy and security policies
- Internal policies, including privacy and security policies, technology acceptable use policies, communications policies, BYOD (bring your own device) policies, retention and destruction policies, crisis management and breach policies, and facilities management policies.
- Compliance audits
Business and Consumer Transactions
- Optimizing ownership, rights and monetization of data
- Securing data rights in licenses and other transactions
- Due diligence on data management/compliance in M&A and other key transactions
- Negotiating risk allocation, warranties and other key provisions relative to data protection and disaster recovery in cloud services, software as service, hosting and other contracts.
- Negotiating contracts for security products and services
- Counseling on cross border data transfer and other international risks
- Negotiating website and app development agreements with reference to data protection design components and obligations
Our Cybersecurity, Data Protection & Privacy attorneys work closely with the professionals in Clark Hill's Information Governance and Discovery Services to provide multidisciplinary solutions for our clients.