Overview

One of the fastest changing areas in law and business today is the protection of business data. Corporations are continuously developing new ways to protect sensitive data. Data thieves are simultaneously becoming more sophisticated in their ability to unlawfully access this data, and their attacks are resulting in more harmful consequences. In an attempt to manage the situation, regulators are imposing additional requirements and standards at an accelerated pace, causing further compliance challenges. New types of unpredictable litigation are also beginning to emerge due to the quickly changing laws and lack of precedent in this area.

The cybersecurity and data privacy team at HunterMaclean helps clients take a practical and strategic approach to managing the legal, business, and reputational risks associated with sensitive data. Our approach is methodical and individualized. We advise clients on a wide range of issues and help strategically prioritize and manage data privacy and cybersecurity risks in a proactive and coordinated manner. Below we outline some of the services we provide.

Incident Preparation & Breach Response

  • Help clients comprehensively assess the specific data they hold and the unique risks and legal obligations associated with that data.
  • Assist clients in the development of written information governance, privacy, security, and incident response plans, as well as evaluating and strengthening those plans through tabletop and other exercises. Examples include drafting:
    • Data Transfer Agreements
    • Data Processing Agreements
    • Privacy and Security Policies
    • Data Governance Policies
    • Business Associate Agreements
    • Website Terms and Conditions
    • Incident Response Plans
    • Bring Your Own Device (BYOD) Policies
  • Counsel clients on creating procedures for whistleblowers to report data privacy and cybersecurity incidents internally.
  • Participate as members of incident response teams to achieve the best possible outcome:
    • Guide investigations
    • Work with law enforcement
    • Advise on notification obligations (or advise if no such obligations exist)
    • Prepare notification letters
    • Preserve privilege
    • Manage crisis communications
  • Participate in regularly scheduled meetings to discuss security incidents and recent developments in data privacy and security law and determine appropriate strategy and next steps.

Corporate Governance

  • Work with senior management and corporate boards to formulate policies and provide oversight processes that address emerging data privacy and cybersecurity risks.
  • Evaluate the effectiveness of existing internal cyber and privacy governance mechanisms to create a better, more efficient process.
  • Advise on industry standards and best practices for similarly situated organizations.

Regulatory & Compliance

  • Advise clients on regulatory and compliance obligations throughout the United States and the world. These regulations are too numerous to list (and changing daily), but some of the better-known ones include:
    • Health Information Portability and Accountability Act (HIPAA) and related legislation, including Health Information Technology for Economic and Clinical Health (HITECH)
    • Financial Services Modernization Act or Gramm-Leach-Bliley Act and its implementing regulations
    • Fair Credit Reporting Act and its Fair and Accurate Credit Transactions Act (FACTA) amendment
    • Electronic Communications Privacy Act and the Computer Fraud and Abuse Act
    • Federal Trade Commission Act and the US Federal Trade Commission (FTC)
    • Driver’s Privacy Protection Act
    • Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM Act)
    • Telephone-Consumer Protection Act (TCPA) and associated regulations.
    • Children’s Online Privacy Protection Act (COPPA)
    • Video Privacy Protection Act (VPPA)
    • Right to Financial Privacy Act
    • Judicial Redress Act
    • European Union General Data Protection Regulations (GDPR), including the EU-US Privacy Shield
    • State privacy and breach notification requirements, including the California Consumer Privacy Act of 2018
    • Pending legislation, including bills that would expand privacy regulation
    • Clarifying Lawful Overseas Use of Data Act, or CLOUD Act of 2018 (and subsequent Executive Agreements)
  • Help clients comply with a myriad of laws and regulations restricting international data transfers, such as International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR).
  • Assist in privacy audits (and the changes necessary as the result of those audits) to decrease legal, business, and reputational risk.
  • Advise on data retention and data destruction requirements for applicable data and draft policies related to the same.
  • Provide advice on training employees to understand the risks and to protect the company’s data.

Contracting and Supply Chain Management

  • Advise clients on the legal risks created by the use of third party vendors and approaches to mitigate this risk.
  • Draft various agreements to help ensure proper privacy and security protections are utilized by third party vendors.
  • Structure relationships with outside experts to access privacy and cybersecurity risks without putting the corporation further at risk.
  • Draft vendor assessment questionnaires to assist in third party vendor due diligence.

Litigation

  • Defend clients after a breach of privacy and cybersecurity incidents.
  • Litigate cutting edge data privacy and cybersecurity issues, including use of drones.
  • Respond to government agency investigations.
  • Represent clients in administrative and regulatory proceedings.

Publications & Presentations

Publications

COVID-19 and Artificial Intelligence: How the pandemic has re-ignited a focus on the software

In their article for Savannah Morning News, Diana McKenzie and Nicole Pope discuss how the COVID-19 pandemic has increased the focus on AI as developers rush to create software that can help businesses reduce the risks for employees returning to work.

Read more »

14 Cybersecurity Clauses to Know for Healthcare Technology Contracts

While we are now seeing more security-related provisions in healthcare IT agreements than we once did, most vendor form agreements still lack necessary provisions that customers should require. Diana McKenzie and Nicole Pope discuss this problem further in their article for Law.com.

Read more »

Healthcare Hacks

Diana J. P. McKenzie discusses the cybersecurity challenges facing hospitals today in this article by Kenna Simmons, published in the December 2019 issue of Georgia Trend.

Read more »

Cybersecurity Basics for Board of Directors

This article by Diana McKenzie and Nicole Pope discusses some of the practical steps a responsible board of any size company should take to reduce cybersecurity risks.

Read more »

Cyber Security for Commercial Real Estate Businesses and Professionals

Cyber attacks of business computer systems and websites are increasingly common. This article discusses security measures that can help protect against attacks.

Read more »

Do You (or Does Your Vendor) Need Cyber-Liability Insurance?

As our world becomes increasingly networked and Internet-centric, data and security breaches are more frequent and commonplace. HunterMaclean attorney Milt Petersen discusses how companies can prepare for and mitigate the resulting damages of a security breach in his article for Business in Savannah.

Read more »

What Business Owners Should Know About Security Breaches

The increase in data breaches, as well as their associated costs, are frightening statistics for any business, not just nationwide chains. Diana J. P. McKenzie discusses a few ways companies can be proactive about protecting assets both before and after a security breach.

Read more »


Expand Collapse

Presentations

Cyber Liability and Business Risk

Nicole Pope participated in this panel discussion hosted by Infinity, Inc., on February 19, 2020, in Savannah, Georgia. Cyber risk is an ongoing issue for many businesses, and awareness is a key factor in preparation.

Read more »

HunterMaclean Brunswick Critical Issues Forum on Cybersecurity

Diana J. P. McKenzie served as the moderator at HunterMaclean’s Brunswick Critical Issues Forum on Cybersecurity on October 12, 2017, at the College of Coastal Georgia in Brunswick, Georgia.

Read more »

HunterMaclean Critical Issues Forum on Cybersecurity

Diana J. P. McKenzie served as the moderator at the HunterMaclean Critical Issues Forum on Cybersecurity on April 27, 2017, at the Savannah Technical College in Savannah, Georgia.

Read more »

We've Lost a Laptop: Navigating the Patchwork of Security Breach Notification Laws

Presented at the CBA Cyberlaw & Data Privacy Committee in Chicago, Illinois, in May 2008 by Diana J. P. McKenzie.

Read more »


Expand Collapse