Cybersecurity Counseling and Compliance
Cybersecurity Counseling and Compliance
Cybersecurity is front page news.

High-profile data breaches, hacks and cyberattacks have affected millions of individuals and exposed companies from the biggest brand names to the smallest entities to government scrutiny and litigation.  Congress, the White House, government agencies, state attorneys general, the media, industry and consumers are all focused on cybersecurity—the regulations, the risks and the all-too-public failures of companies to keep consumer and employee data safe and secure.

Our Cybersecurity Counseling and Compliance team works with companies to prevent and, where necessary, optimally resolve data breaches in compliance with state, federal and industry regulations.

We counsel clients on privacy and data security laws, regulations and guidance governing the collection, use and protection of personal information, and on managing risks and reducing exposure to liability in connection with personal and employee data.  We also help clients develop and implement business practices to comply with all applicable industry self-regulatory requirements.  We counsel on all aspects of privacy and information security requirements, including the Federal Trade Commission (FTC) Act, the Gramm-Leach Bliley Act (GLBA), the Children’s Online Privacy Protection Act (COPPA), the Fair Credit Reporting Act (FCRA), the Health Insurance Portability and Accountability Act (HIPAA), the Federal Communications Commission (FCC), Customer Proprietary Network Information (CPNI) regulations, the Payment Card Industry Data Security Standard (PCI DSS), CAN-SPAM Act, state privacy and data security laws, the EU Data Protection Directive and other national and local privacy laws around the world.

Our attorneys help clients draft, review, revise and interpret their privacy, data security and CPNI policies and procedures, and develop appropriate, comprehensive enterprise-wide privacy and data security programs.  We conduct training for clients’ employees on data security practices and perform data security audits assessing compliance with existing laws, regulations and business policies.  We also help clients develop and implement oversight and monitoring policies and programs of third-party vendors handling consumer data, to ensure clarity with respect to the parties’ responsibilities and assignment of risk, promote compliance and reduce exposure in the event a third-party vendor mishandles personal data.

We not only help clients proactively develop policies and procedures to avoid data breaches, we ensure that they are prepared to meet their legal obligations in the event of a cyberattack or other cyber-event.  We advise on internal and third-party investigations to determine the source of the breach, assist in meeting the notification obligations, manage public relations and counsel on overall strategy to reduce the risk of resulting investigations and litigation.

We serve clients in all types of highly scrutinized industries, including consumer products and retail, hotel and leisure, and financial services, as well as telecommunications, broadband, technology and mobile services.  We also have particular strength at the intersection of privacy and communications law, helping clients with policy development and compliance assessments for companies active in the communications and Internet marketplace.  Our work leverages our deep knowledge of FCC, FTC and state privacy regulations, and how it relates to similar consumer-protection mandates, including the FCC’s open Internet regulations.  We also work extensively with foreign-owned entities on surveillance agreements known as National Security Agreements, with the U.S. government “Team Telecom” agencies and with the Committee on Foreign Investment in the United States.

 
 

Overview

Cybersecurity is front page news.

High-profile data breaches, hacks and cyberattacks have affected millions of individuals and exposed companies from the biggest brand names to the smallest entities to government scrutiny and litigation.  Congress, the White House, government agencies, state attorneys general, the media, industry and consumers are all focused on cybersecurity—the regulations, the risks and the all-too-public failures of companies to keep consumer and employee data safe and secure.

Our Cybersecurity Counseling and Compliance team works with companies to prevent and, where necessary, optimally resolve data breaches in compliance with state, federal and industry regulations.

We counsel clients on privacy and data security laws, regulations and guidance governing the collection, use and protection of personal information, and on managing risks and reducing exposure to liability in connection with personal and employee data.  We also help clients develop and implement business practices to comply with all applicable industry self-regulatory requirements.  We counsel on all aspects of privacy and information security requirements, including the Federal Trade Commission (FTC) Act, the Gramm-Leach Bliley Act (GLBA), the Children’s Online Privacy Protection Act (COPPA), the Fair Credit Reporting Act (FCRA), the Health Insurance Portability and Accountability Act (HIPAA), the Federal Communications Commission (FCC), Customer Proprietary Network Information (CPNI) regulations, the Payment Card Industry Data Security Standard (PCI DSS), CAN-SPAM Act, state privacy and data security laws, the EU Data Protection Directive and other national and local privacy laws around the world.

Our attorneys help clients draft, review, revise and interpret their privacy, data security and CPNI policies and procedures, and develop appropriate, comprehensive enterprise-wide privacy and data security programs.  We conduct training for clients’ employees on data security practices and perform data security audits assessing compliance with existing laws, regulations and business policies.  We also help clients develop and implement oversight and monitoring policies and programs of third-party vendors handling consumer data, to ensure clarity with respect to the parties’ responsibilities and assignment of risk, promote compliance and reduce exposure in the event a third-party vendor mishandles personal data.

We not only help clients proactively develop policies and procedures to avoid data breaches, we ensure that they are prepared to meet their legal obligations in the event of a cyberattack or other cyber-event.  We advise on internal and third-party investigations to determine the source of the breach, assist in meeting the notification obligations, manage public relations and counsel on overall strategy to reduce the risk of resulting investigations and litigation.

We serve clients in all types of highly scrutinized industries, including consumer products and retail, hotel and leisure, and financial services, as well as telecommunications, broadband, technology and mobile services.  We also have particular strength at the intersection of privacy and communications law, helping clients with policy development and compliance assessments for companies active in the communications and Internet marketplace.  Our work leverages our deep knowledge of FCC, FTC and state privacy regulations, and how it relates to similar consumer-protection mandates, including the FCC’s open Internet regulations.  We also work extensively with foreign-owned entities on surveillance agreements known as National Security Agreements, with the U.S. government “Team Telecom” agencies and with the Committee on Foreign Investment in the United States.

Partner
Email (202) 342-8588(202) 342-8588
Dana Rosenfeld chairs the firm’s Privacy and Information Security practice.  A former assistant director of the Federal Trade Commission (FTC) Bureau of Consumer Protection and attorney...
Partner
Email (973) 503-5920(973) 503-5920
Joseph Boyle focuses his practice on class actions and commercial litigation.  His experience includes various areas of consumer class action litigation and litigation involving telecommunica...
Partner
Email (202) 342-8518(202) 342-8518
Thomas Cohen’s practice focuses on providing legal counsel to further the business interests of entities engaged in the provision of wireline and wireless telecommunications, cable (video) a...
Partner
Email (202) 342-8544(202) 342-8544
John Heitmann, chair of the Communications practice, counsels wireless, wireline and cable broadband and telephony service providers, and other entities, large and small, international and domesti...
Partner
Email (202) 342-8603(202) 342-8603
Alysa Hutnik delivers comprehensive expertise in all areas of privacy, data security and advertising law.  Her experience ranges from counseling to defending clients in FTC and state attorney...
Partner
Email (212) 808-5145(212) 808-5145
Jeff Jacobson defends consumer, privacy and securities class actions, and represents media, technology and other companies in general commercial litigation. With nearly two decades in private prac...
Partner
Email (202) 342-8811(202) 342-8811
Bill MacLeod chairs the firm’s Antitrust and Competition practice group.  The Immediate Past Chair of the Antitrust Section of the American Bar Association, Bill is a former bureau...
Partner
Email (973) 503-5910(973) 503-5910
Lauri Mazzuchetti’s practice focuses on commercial litigation and consumer-oriented class action defense, representing clients in FTC and state attorneys general investigations and other liti...
Partner
Email (202) 342-8576(202) 342-8576
Gonzalo Mon’s practice is focused on marketing and advertising law.  He advises a wide range of companies in all aspects of promoting their brands, and works closely with them to find p...
Partner
Email (202) 342-8821(202) 342-8821
Lew Rose serves as managing partner of Kelley Drye, and is a member of the firm’s Executive Committee. Lew also served as managing partner of the Washington, D.C. office and past chair ...
Partner
Email (202) 342-8633(202) 342-8633
Christie Grymes Thompson chairs the firm’s Advertising and Marketing and Consumer Product Safety practice groups.  Named the 2016 Washington, D.C. advertising “Lawyer of the Year&...
Partner
Email (202) 342-8423(202) 342-8423
A member of the firm’s Executive Committee, John Villafranco provides litigation and counseling services, with a focus on advertising law matters and consumer protection. John is highly resp...
Of Counsel
Email (202) 342-8646 (202) 342-8646
Jodie Bernstein is of counsel in the firm’s Washington, D.C. office. She is widely respected among consumer groups, industry organizations and the private bar as one the country’s leadi...
Special Counsel
Email (202) 342-8429(202) 342-8429
Chris Loeffler has a transactional and regulatory practice focused on advertising, privacy, data security, licensing, sponsorships, e-commerce and other consumer protection issues.  He helps c...
Senior Associate
Email (202) 342-8466(202) 342-8466
Spencer Elg is an attorney in the firm’s Washington, D.C., office. A former litigation attorney for the Federal Trade Commission, Mr. Elg focuses his practice on helping clients navigate con...
Senior Associate
Email (202) 342-8592(202) 342-8592
Sherrie Schiavetti is a Certified Information Privacy Professional for the United States (CIPP/US) by the International Association of Privacy Professionals (IAPP).  Her practice includes liti...
Senior Associate
Email (310) 712-6467 (310) 712-6467
Crystal Skelton is an associate in the firm’s Los Angeles office. Her practice includes representing a wide array of clients – from tech startups to established companies – in pr...
Associate
Email (212) 808-7678(212) 808-7678
Jameson Dempsey counsels wireless, wireline, cable and advanced communications service providers on federal and state privacy, information security, and communications issues.  He draws on a ...
Associate
Email (202) 342-8534(202) 342-8534
Ilunga Kalala is an associate in the firm’s Washington, D.C. office. His practice focuses on advertising and marketing, privacy and information security, and other consumer protection law ma...
Associate
Email (202) 342-8645(202) 342-8645
Donnelly McDowell is an associate in the firm’s Washington, D.C. office. Donnelly’s practice focuses on advertising and marketing, food and drug law, consumer financial protection matt...
Associate
Email (202) 342-8635(202) 342-8635
Ross Slutsky is an associate in the firm’s Washington, D.C. office. His practice focuses on communications, technology policy, privacy, data security, and emerging technology matters. Throug...
Associate
Email (202) 342-8557(202) 342-8557
Katie Townley is an associate in the firm’s Washington, D.C. office. Her practice focuses on advertising and marketing, privacy and information security, product safety, and other consumer p...