A company’s data is one of its most valuable assets. A breach of sensitive or proprietary data can have costly legal, financial, and public relations consequences for a company. Unfortunately, due to constantly changing security threats, insulating a company’s valuable data from unauthorized or unwarranted use or disclosure can be extremely challenging. Additionally, increasing scrutiny from governments, including state and national, has raised the stakes in data protection.
Epstein Becker Green’s Privacy, Cybersecurity, and Data Asset Management Group is experienced at devising client-specific data protection strategies to help clients prevent or mitigate the occurrence of a data breach, safeguard confidential and proprietary information, and comply with applicable laws.
Members of the Privacy, Cybersecurity, and Data Asset Management Group:
- Advise on compliance with applicable data privacy and security, consumer protection, and marketing laws, regulations, and notification requirements, including, among others, the CAN-SPAM Act of 2003, the Children’s Online Privacy Protection Act, the Consumer Privacy Bill of Rights, the European Union’s General Data Protection Regulation, the Federal Trade Commission’s Privacy Report, the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act of 1996, the Payment Card Industry Data Security Standard, the Telephone Consumer Protection Act, and state data security and breach notification laws, including the California Consumer Privacy Act
- Draft and advise on implementing compliant contracting strategies to protect data rights and support data sharing and use
- Advise on identifying and managing internal and external data security threats and risks
- Conduct privacy impact assessments and other security risk assessments based on industry standards frameworks that examine IT systems and data flows to evaluate the sufficiency of existing protections and options to strengthen privacy and security safeguards
- Design and implement privacy and data protection plans, policies, and procedures to place clients in a defensible posture
- Create and implement education and training programs related to privacy, cybersecurity, and data asset management
- Conduct privacy and security due diligence of service providers and support ongoing vendor management activities
- Devise strategies for communicating about a crisis with clients, consumers, regulators, law enforcement, and the media
- Advise on the legal issues and risks associated with outsourcing personal data processing operations, cloud computing, offshoring, and other data storage options