Data Protection Strategies

A breach of sensitive or proprietary data can have costly legal, financial, and public relations consequences for a company. Unfortunately, due to constantly changing security threats, insulating a company’s valuable data from a breach can be extremely challenging. Even popular, new technologies—such as cloud computing—can raise data control and safety concerns.

Epstein Becker Green’s Privacy & Security Group is experienced at devising data protection strategies to help clients prevent or mitigate the occurrence of a data breach. For example, members of the Privacy & Security Group:

  • Advise on compliance with applicable data privacy and security, consumer protection, and marketing laws, regulations, and notification requirements, including, among others, the Health Insurance Portability and Accountability Act (“HIPAA”), the Federal Trade Commission’s Privacy Report, the Gramm-Leach-Bliley Act, the Children’s Online Privacy Protection Act, the Consumer Privacy Bill of Rights, the Payment Card Industry Data Security Standard (PCI DSS), the Telephone Consumer Protection Act (TCPA), the CAN-SPAM Act of 2003, and state data security and breach notification laws
  • Provide advice on how to identify potential internal and external data security threats and risks, and develop counter-strategies to protect against those threats and risks
  • Advise on risk-mitigation options, such as data encryption and access controls
  • Design and implement data privacy and security plans, policies, and procedures, including a data incident response and crisis management plan that considers potential shareholder and liability issues and law enforcement and regulatory interests, a data retention policy, and a plan to destroy or dispose of unwanted information
  • For staff awareness, create and implement education, and training programs on identifying and reporting suspected breaches
  • Establish data privacy and security standards for service providers and other vendors
  • Devise strategies for communicating about the crisis with clients, consumers, regulators, law enforcement, and the media
  • Advise on the legal issues and risks associated with outsourcing personal data processing operations, cloud computing, and other data storage options and discuss legal solutions to help clients take advantage of such cost-saving storage options