INFORMATION SECURITY AND DATA PRIVACY
SBRS attorneys provide the full spectrum of counseling and litigation capabilities in information security, data privacy, and cybersecurity. The transition from paper documents to electronically stored and transmitted information has aided public and private organizations and businesses in running more efficient operations but the cyber age has also created many new risks to these entities. If an organization stores personal information for customers, employees, students or patients, a breach of that personal information exposes the organization to various forms of potential liability.
The trend over the last few years has demonstrated a proliferation of regulations and laws aimed at protecting Personal Information and an ever expanding scope of what constitutes Personal Information. Courts reviewing what constitutes Personal Information have continued to expand the concept beyond the language of existing statutes. The result is that an appropriate breach plan and response are as necessary to an organization as the customers themselves.
Many organizations also maintain vast quantities of data in sophisticated, often proprietary, technological infrastructures. A host of complex statutory and regulatory issues confront these organizations when they develop appropriate protocols to safeguard this data. SBRS’s Information Security and Data Privacy Group helps our clients navigate and comply with this evolving landscape as well as respond to and defend alleged breaches of private data.
SBRS’s Information Security and Data Privacy Group regularly advise its clients on the steps they need to take to comply with security regulations including The Gramm-Leach-Bliley Act, FACTA, FISMA, the SEC Guidelines and those imposed pursuant to the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act as well as other federal statutes and regulations. Our HIPAA and HITECH practice focuses on organizations who are covered entities and their business associates, including other law firms and companies that offer secure file transfer services.
In addition, we advise our clients on steps that they must take to comply with state-specific statutes and regulations. We coordinate and draft the required notices, and frequently asked questions for call centers, we liaison with law enforcement and regulatory officials and provide crisis management services to our clients who suffer a data breach event.
Payment Card Industry
When payment cards are involved, we can assist our clients in reducing fines and costs imposed by the Payment Card Industry following a breach. We are experienced in dealing with industry experts in forensics to aid our clients in determining the scope and severity of the data breach event and to achieve compliance with laws and regulations regarding notification and remediation. We also advise our clients as to what steps they may take and policies they may enact and enforce to decrease the possibility of data security breaches. SBRS’s Information Security and Data Privacy Group also will perform audits of a company’s data privacy and response policies.
Despite best efforts and appropriate safeguards, breaches of data security may occur. We have counseled numerous clients on how to respond to a breach of data security, including how to coordinate strategies in communicating with federal and state regulators and how to minimize the economic consequences thereof. In addition, we counsel clients who face class action or serial litigation arising out of data privacy breaches.