High-profile data breaches, hacks and cyberattacks have affected millions of individuals and exposed companies from the biggest brand names to the smallest entities to government scrutiny and litigation. Congress, the White House, government agencies, state attorneys general, the media, industry and consumers are all focused on cybersecurity—the regulations, the risks and the all-too-public failures of companies to keep consumer and employee data safe and secure.
Our Cybersecurity Counseling and Compliance team works with companies to prevent and, where necessary, optimally resolve data breaches in compliance with state, federal and industry regulations.
We counsel clients on privacy and data security laws, regulations and guidance governing the collection, use and protection of personal information, and on managing risks and reducing exposure to liability in connection with personal and employee data. We also help clients develop and implement business practices to comply with all applicable industry self-regulatory requirements. We counsel on all aspects of privacy and information security requirements, including the Federal Trade Commission (FTC) Act, the Gramm-Leach Bliley Act (GLBA), the Children’s Online Privacy Protection Act (COPPA), the Fair Credit Reporting Act (FCRA), the Health Insurance Portability and Accountability Act (HIPAA), the Federal Communications Commission (FCC), Customer Proprietary Network Information (CPNI) regulations, the Payment Card Industry Data Security Standard (PCI DSS), CAN-SPAM Act, state privacy and data security laws, the EU Data Protection Directive and other national and local privacy laws around the world.
Our attorneys help clients draft, review, revise and interpret their privacy, data security and CPNI policies and procedures, and develop appropriate, comprehensive enterprise-wide privacy and data security programs. We conduct training for clients’ employees on data security practices and perform data security audits assessing compliance with existing laws, regulations and business policies. We also help clients develop and implement oversight and monitoring policies and programs of third-party vendors handling consumer data, to ensure clarity with respect to the parties’ responsibilities and assignment of risk, promote compliance and reduce exposure in the event a third-party vendor mishandles personal data.
We not only help clients proactively develop policies and procedures to avoid data breaches, we ensure that they are prepared to meet their legal obligations in the event of a cyberattack or other cyber-event. We advise on internal and third-party investigations to determine the source of the breach, assist in meeting the notification obligations, manage public relations and counsel on overall strategy to reduce the risk of resulting investigations and litigation.
We serve clients in all types of highly scrutinized industries, including consumer products and retail, hotel and leisure, and financial services, as well as telecommunications, broadband, technology and mobile services. We also have particular strength at the intersection of privacy and communications law, helping clients with policy development and compliance assessments for companies active in the communications and Internet marketplace. Our work leverages our deep knowledge of FCC, FTC and state privacy regulations, and how it relates to similar consumer-protection mandates, including the FCC’s open Internet regulations. We also work extensively with foreign-owned entities on surveillance agreements known as National Security Agreements, with the U.S. government “Team Telecom” agencies and with the Committee on Foreign Investment in the United States.