One of the fastest changing areas in law and business today is the protection of business data. Corporations are continuously developing new ways to protect sensitive data. Data thieves are simultaneously becoming more sophisticated in their ability to unlawfully access this data, and their attacks are resulting in more harmful consequences. In an attempt to manage the situation, regulators are imposing additional requirements and standards at an accelerated pace, causing further compliance challenges. New types of unpredictable litigation are also beginning to emerge due to the quickly changing laws and lack of precedent in this area.
The cybersecurity and data privacy team at HunterMaclean helps clients take a practical and strategic approach to managing the legal, business, and reputational risks associated with sensitive data. Our approach is methodical and individualized. We advise clients on a wide range of issues and help strategically prioritize and manage data privacy and cybersecurity risks in a proactive and coordinated manner. Below we outline some of the services we provide.
Incident Preparation & Breach Response
Help clients comprehensively assess the specific data they hold and the unique risks and legal obligations associated with that data.
Assist clients in the development of written information governance, privacy, security, and incident response plans, as well as evaluating and strengthening those plans through tabletop and other exercises. Examples include drafting:
Data Transfer Agreements
Data Processing Agreements
Privacy and Security Policies
Data Governance Policies
Business Associate Agreements
Website Terms and Conditions
Incident Response Plans
Bring Your Own Device (BYOD) Policies
Counsel clients on creating procedures for whistleblowers to report data privacy and cybersecurity incidents internally.
Participate as members of incident response teams to achieve the best possible outcome:
Work with law enforcement
Advise on notification obligations (or advise if no such obligations exist)
Prepare notification letters
Manage crisis communications
Participate in regularly scheduled meetings to discuss security incidents and recent developments in data privacy and security law and determine appropriate strategy and next steps.
Work with senior management and corporate boards to formulate policies and provide oversight processes that address emerging data privacy and cybersecurity risks.
Evaluate the effectiveness of existing internal cyber and privacy governance mechanisms to create a better, more efficient process.
Advise on industry standards and best practices for similarly situated organizations.
Regulatory & Compliance
Advise clients on regulatory and compliance obligations throughout the United States and the world. These regulations are too numerous to list (and changing daily), but some of the better-known ones include:
Health Information Portability and Accountability Act (HIPAA) and related legislation, including Health Information Technology for Economic and Clinical Health (HITECH)
Financial Services Modernization Act or Gramm-Leach-Bliley Act and its implementing regulations
Fair Credit Reporting Act and its Fair and Accurate Credit Transactions Act (FACTA) amendment
Electronic Communications Privacy Act and the Computer Fraud and Abuse Act
Federal Trade Commission Act and the US Federal Trade Commission (FTC)
Driver’s Privacy Protection Act
Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM Act)
Telephone-Consumer Protection Act (TCPA) and associated regulations.
Children’s Online Privacy Protection Act (COPPA)
Video Privacy Protection Act (VPPA)
Right to Financial Privacy Act
Judicial Redress Act
European Union General Data Protection Regulations (GDPR), including the EU-US Privacy Shield
State privacy and breach notification requirements, including the California Consumer Privacy Act of 2018
Pending legislation, including bills that would expand privacy regulation
Clarifying Lawful Overseas Use of Data Act, or CLOUD Act of 2018 (and subsequent Executive Agreements)
Help clients comply with a myriad of laws and regulations restricting international data transfers, such as International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR).
Assist in privacy audits (and the changes necessary as the result of those audits) to decrease legal, business, and reputational risk.
Advise on data retention and data destruction requirements for applicable data and draft policies related to the same.
Provide advice on training employees to understand the risks and to protect the company’s data.
Contracting and Supply Chain Management
Advise clients on the legal risks created by the use of third party vendors and approaches to mitigate this risk.
Draft various agreements to help ensure proper privacy and security protections are utilized by third party vendors.
Structure relationships with outside experts to access privacy and cybersecurity risks without putting the corporation further at risk.
Draft vendor assessment questionnaires to assist in third party vendor due diligence.
Defend clients after a breach of privacy and cybersecurity incidents.
Litigate cutting edge data privacy and cybersecurity issues, including use of drones.
Respond to government agency investigations.
Represent clients in administrative and regulatory proceedings.
HunterMaclean’s corporate law practice group represents clients in securities transactions, private equity and venture capital investments, mergers and acquisitions, recapitalizations, and business and asset dispositions.
By Diana J. P. McKenzie, published on Law.com In recent years, data breaches have become more prevalent, and cybercriminals have continued to develop more sophisticated tools to gain unauthorized access…
Diana McKenzie, Chair of the IT & Outsourching Practice Group As hospitals become more dependent on technology, the risk of cybersecurity threats grows. Diana J. P. McKenzie discusses the cybersecurity…
HunterMaclean teamed up with Sterling Seacrest Partners, Ad Specialty Services, and Infinity, Inc. for a panel discussion about the impacts of COVID-19 on information technology. The webinar took place via…
https://www.youtube.com/watch?v=4To7s6_X4c0 HunterMaclean teamed up with Sterling Seacrest Partners, Ad Specialty Services, and Infinity, Inc. for a panel discussion about the impacts of COVID-19 on information technology. The webinar took place…
As published in Savannah CEO on February 20, 2020 Matt Scully, Datto; John McBride, Green Cloud Technologies; Cindy Robinett, Sterling Seacrest Partners; Nicole Pope, HunterMaclean; Chuck Brown, Infinity Infinity, Inc.…