Overview
A company’s data is one of its most valuable assets. A breach of sensitive or proprietary data can have costly legal, financial, and public relations consequences for a company.
Unfortunately, due to constantly changing security threats, insulating a company’s valuable data from unauthorized or unwarranted use or disclosure can be extremely challenging. Additionally, increasing state and national government scrutiny has raised the stakes in data protection.
Epstein Becker Green’s Privacy, Cybersecurity & Data Asset Management Group is experienced at devising client-specific data protection strategies to help clients prevent or mitigate the occurrence of a data breach, safeguard confidential and proprietary information, and comply with applicable laws.
Our Services
We provide legal advice and guidance on all aspects of data protection. For example, our services include:
- advising on compliance with applicable data privacy and security, consumer protection, and marketing laws, regulations, and notification requirements, including, among others, the CAN-SPAM Act of 2003, the Children’s Online Privacy Protection Act, the Consumer Privacy Bill of Rights, the European Union’s General Data Protection Regulation, the Federal Trade Commission’s Privacy Report, the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act of 1996, the Payment Card Industry Data Security Standard, the Telephone Consumer Protection Act, and state data security and breach notification laws;
- drafting and counseling on implementing compliant contracting strategies to protect data rights and support data sharing and use;
- advising on identifying and managing internal and external data security threats and risks;
- conducting privacy impact assessments and other security risk assessments based on industry standards frameworks that examine IT systems and data flows to evaluate the sufficiency of existing protections and options to strengthen privacy and security safeguards;
- designing and implementing privacy and data protection plans, policies, and procedures to place clients in a defensible posture;
- creating and implementing education and training programs related to privacy, cybersecurity, and data asset management;
- conducting privacy and security due diligence of service providers, and supporting ongoing vendor management activities;
- devising strategies for communicating about a crisis with clients, consumers, regulators, law enforcement, and the media; and
- advising on the legal issues and risks associated with outsourcing personal data processing operations, cloud computing, offshoring, and other data storage options.
Read less
Focus Areas
Experience
Contacts
Member of the Firm
Member of the Firm
General Counsel / Chief Privacy Officer
Media
Events
Upcoming Events
Past Events
- June 17 and 21, 2024
Insights
Insights
- BlogsVideo: Can the President Fire NLRB Members Without Cause? SCOTUS May Decide - Employment Law This Week3 minute read
- BlogsVideo: Artificial Intelligence Regulations for Employers - Employment Law This Week3 minute read
- PublicationsAI and Ethics in the Legal Profession
- PublicationsProposed HIPAA Security Rule Updates May Significantly Impact Covered Entities and Business Associates20 minute read
- PublicationsEmbrace the Chaos: AI Regulation in the US Remains in Flux2 minute read
- Media CoverageAdam S. Forman Quoted in “4 Tips for Using Wearable Tech Following EEOC Guidance”2 minute read
- PublicationsUSA: Health Data Laws - State Privacy Laws Relating to Reproductive Health and to Children2 minute read
- Media CoverageLisa Pierce Reisz Quoted in “New Health Apps May Pose Challenges to Patient Privacy”3 minute read
- PublicationsUSA: Health Data Laws - Navigating State Regulations2 minute read
- BlogsOCR Withdraws Appeal of District Court Order Declaring Unlawful and Vacating the “Proscribed Combination” Portion of ...4 minute read
- PublicationsThe Challenge of AI Governance: The Blessing and the Curse of Safeguarding Personal Data15 minute read
- BlogsVideo: New DOL Guidance - ERISA Plan Cybersecurity Update - Employment Law This Week3 minute read
- BlogsVideo: New HIPAA Final Rule - Key Changes to Reproductive Health Care Privacy – Thought Leaders in Health Law3 minute read
- PublicationsUSA: Health Data Laws - Update and Impact on Organizations2 minute read
- Media CoverageBrian Cesaratto Quoted in “New Jersey Legislation to Watch: A Midyear Report”3 minute read
- Firm AnnouncementsEpstein Becker Green Again Earns ISO 27001 and 27017 Certifications, Highest Accreditation for Data Security and Client ...3 minute read
- Blogs
Privacy Officer's Roadmap: Data Breach and Ransomware Defense – Speaking of Litigation Video Podcast
42 minute read - Media CoverageAlaap Shah Quoted in “Don’t Worry, You (Probably) Won’t Have to Deal with ONC: Algorithm Transparency Rule May Have ...2 minute read
- BlogsVideo: California's Upcoming Cyber Audit and Automated Tech Rules - Employment Law This Week2 minute read
- Media CoverageAlaap Shah Quoted in “2024 Outlook: The Cybersecurity Trends Health System Leaders Need to Know”3 minute read
- PublicationsUSA: Future of Cybersecurity Law and Regulation2 minute read
- Media CoverageAlaap Shah Featured in “You Gotta Get the Data Right! Talking EMPI”2 minute read
- BlogsWhite House Releases National Cybersecurity Strategy Implementation Plan7 minute read
- BlogsWhite House Releases National Cybersecurity Strategy Implementation Plan7 minute read
- Media CoverageRobert Hearn Quoted in “Surveying Laboratory Tests from a Health IT Perspective”3 minute read
- Media CoverageAlaap Shah Featured in AHLA Podcast, “Health Care Data Governance: How to Build a Culture of Compliance”2 minute read
- Media CoverageLisa Pierce Reisz Featured in “People on the Move”1 minute read
- Media CoverageLisa Pierce Reisz Featured in “Wake Up Call: Laterals, Moves, In-House”1 minute read
- Media CoverageLisa Pierce Reisz Featured in “Epstein Becker Brings On Health Care Atty in Ohio”2 minute read
- Firm AnnouncementsHealth Care Attorney Lisa Pierce Reisz Joins Epstein Becker Green in Columbus4 minute read
- PublicationsTwitter Whistleblower Claim Is Cautionary Tale for Employers2 minute read
- PublicationsUSA: Employee Monitoring and Regulatory Frameworks for Keylogging Technology2 minute read
- Media Coverage
Alaap Shah Featured in AHLA Connections Magazine: Member Spotlight
3 minute read - Media CoverageAlaap Shah Quoted in "Source: FDA Guidance Takes More Nuanced Approach to Cybersecurity"1 minute read
- Media CoverageAlaap Shah Quoted in “HHS Guidance Addresses HIPAA and Emergency Protective Orders”3 minute read
- Firm Announcements
Epstein Becker Green’s Brian Cesaratto and Francesco DeLuca Named 2022 BTI Client Service All-Stars
3 minute read - PublicationsDOJ’s Civil Cyber-Fraud Initiative: What Contractors Need to Know About Novel Use of False Claims Act3 minute read
- PublicationsThe Employers Guide to Privacy and Requiring Proof of Employee Vaccination2 minute read
- Media CoverageThe Ransomware Plague Continues, but the Response Model Is Changing2 minute read
- Media CoverageAlaap Shah Provides Insight on Data Stewardship as Truveta and Microsoft Form Cloud AI Partnership with Strategic ...4 minute read
- PublicationsHealth Cos. Must Prepare for Growing Ransomware Threat2 minute read
- Media CoverageAlaap Shah Quoted in “Wanted: Your Respiratory Data, But Not Without Privacy Risks”5 minute read
- PublicationsDesigning a Trusted Framework for the Application of AI in Health Care2 minute read