Protecting the privacy and security of individuals’ data needs to be a key part of a company’s business operations. Any company that fails to take proper measures to adequately protect such data may face not only severe legal ramifications but also potentially devastating economic and reputational harm. This is particularly important to clients now, as they must meet the requirements of interoperability and be able to facilitate the seamless sharing of data.

Epstein Becker Green understands the importance of keeping a client’s sensitive data safe and secure. That’s why the firm obtained ISO 27001 certification, the highest level of security-related accreditation that a business can achieve and the most widely adopted information security standard in the world. This certification requires that Epstein Becker Green uphold strict global standards and best practices for information security and continually review and improve the firm’s security posture.

Our Privacy, Cybersecurity, and Data Asset Management Group includes industry-recognized privacy and security professionals, litigators, transactional attorneys, and a core member of the government relations and privacy and security working groups of the Information Sharing Analysis Organization (ISAO) Standards Organization, which is operating under a Department of Homeland Security grant pursuant to a presidential executive order. We have the skills, knowledge, and experience necessary to assist entities in such regulated spaces as financial services, health care, hospitality, retail, and telecommunications, among others, in controlling, defending, and leveraging such data. We also utilize the valuable insight gained through becoming ISO 27001-certified to better help our clients manage their own data security systems and risks.

Our Services

Our Privacy, Cybersecurity, and Data Asset Management Group offers legal services relating to all aspects of data privacy and protection. These services include, but are not limited to:

  • Counseling clients on COVID-19 privacy and cybersecurity issues related to return to in-office work, including daily screening, social distancing and contact tracing, and employee privacy and data security
  • Advising clients on compliance with the numerous and complicated international, federal, and state privacy and security laws, rules, and regulations that apply to their business operations, and the standards and best practices established by the industries in which these clients operate
  • Analyzing and revising a client’s existing policies, practices, and procedures (and developing new ones, where needed) to ensure that sensitive data is properly protected
  • Assisting clients in reaching compliance with recent rules set out by the Centers for Medicare & Medicaid Services and the Office of the National Coordinator for Health Information Technology
  • Conducting privacy and security risk assessments, and establishing policy development tools and services
  • Creating privacy use and disclosure compliance inventories
  • Conducting client educational and training seminars on various privacy and security issues
  • Providing cutting-edge and innovative strategies designed to expose our clients to new business opportunities within existing privacy and security parameters
  • Performing privacy and security due diligence for corporate transactions
  • Assisting with data breach preparedness and responses to security breaches in order to mitigate the impact of, and reduce or prevent, identity theft
  • Providing representation through government investigations/audits and enforcement actions
  • Defending clients in individual and class action lawsuits and in state attorneys general suits following a data breach