Protecting the privacy and security of individuals’ data needs to be a key part of a company’s business operations. Any company that fails to take proper measures to adequately protect such data may face not only severe legal ramifications but also potentially devastating economic and reputational harm.

Epstein Becker Green understands the importance of keeping a client’s sensitive data safe and secure. That’s why the firm obtained ISO 27001 certification, the highest level of security-related accreditation that a business can achieve and the most widely adopted information security standard in the world. This certification requires Epstein Becker Green not only to uphold strict global standards and best practices for information security, but also to continually review and improve the firm’s security posture. Our Privacy & Security Group includes industry-recognized privacy and security professionals, litigators, transactional lawyers, and a core member of the government relations and privacy and security working groups of the Information Sharing Analysis Organization (ISAO) Standards Organization, which is operating under a Department of Homeland Security grant pursuant to a presidential executive order. We have the skills, knowledge, and experience necessary to assist entities in such regulated spaces as financial services, health care, hospitality, retail, and telecommunications, among others, in controlling, defending, and leveraging such data. We also utilize the valuable insight gained through becoming ISO 27001-certified to better help our clients manage their own data security systems and risks.

Our Privacy & Security Group offers legal services relating to all aspects of data privacy and protection, including, among other things:

  • Advising clients on compliance with the numerous and complicated international, federal, and state privacy and security laws, rules, and regulations that apply to their business operations, and the standards and best practices established by the industries in which these clients operate
  • Analyzing and revising a client’s existing policies, practices, and procedures (and developing new ones, where needed) to ensure that sensitive data is properly protected
  • Conducting privacy and security risk assessments and creating policy development tools and services
  • Creating privacy use and disclosure compliance inventories
  • Conducting client educational and training seminars on various privacy and security issues
  • Providing cutting-edge and innovative strategies designed to expose our clients to new business opportunities within existing privacy and security parameters
  • Performing privacy and security due diligence for corporate transactions
  • Assisting with data breach preparedness and responses to security breaches in order to mitigate the impact of, and reduce or prevent, identity theft
  • Providing representation through government investigations/audits and enforcement actions
  • Defending clients in individual and class action lawsuits and in state attorneys general suits following a data breach