In today's data-driven economy, companies store and process more digital information than ever before. Though the advantages of high-speed information processing are numerous, data breaches at some of the world’s largest companies prove that failure to protect sensitive information can lead to significant financial and reputational damage. Companies large and small, public and private, must take proactive measures to safeguard sensitive information.
Hirschler Fleischer's multidisciplinary Cybersecurity & Data Privacy Practice advises clients on the evolving laws and industry standards that regulate collection, use and disclosure of personal data. We provide practical guidance on the development of formal policies related to information security, data protection, digital assets, social media and IT usage. Members of our group also assist clients in responding to data breaches and other cybersecurity incidents. We advise clients in a wide range of industries, including:
- Data services/technology
- Financial services
- Higher education
- Professional services
- Real estate
Among the questions we help clients answer:
- Are your data protection policies and procedures adequate?
- Do you have to comply with particular cybersecurity and data privacy laws?
- Do you have data protection obligations or potential liability by virtue of your contracts?
- Do you have procedures in place to assess and monitor vendors?
- What data protection issues should you consider when buying or selling a business?
- What actions should you take now to minimize the risk of a breach and limit liability if a breach occurs?
- How can you demonstrate to customers that you care about privacy and data security?
Key Service Areas
Hirschler Fleischer’s Cybersecurity & Data Privacy Practice routinely advises clients on compliance with state and federal data protection laws and related issues, including:
- Cybersecurity and data privacy provisions for vendor contracts
- Data breach coaching
- Fair Credit Reporting Act (FCRA)
- Gramm-Leach-Bliley Act (GLBA)
- Incident response plans
- New York Financial Services Cybersecurity Regulation
- Privacy and cybersecurity policy review
- Website terms and conditions, social media policies and IT usage policies
- Workplace privacy and data security
- Represent healthcare providers, including concierge medical practice and local government agency, with respect to HIPAA compliance, including patient consent and business associate agreements.
- Draft and negotiate data privacy and security provisions for complex vendor contracts, including brokerage agreement for large hospital chain and subservicing agreement for reverse mortgage lender.
- Represent multifamily acquisition and asset management firm in connection with data breach affecting residents of 27 states.
- Represent retail service provider in connection with security breach of its POS system.
- Advise utility company on Red Flags Rule Compliance and assist in preparation of its cyber incident response plan.
- Counsel provider of relocation services with respect to transfers of data from the EU under model clauses and Privacy Shield Framework.
- Draft privacy notices, website terms and conditions, social media policies, and IT usage policies.
- Counsel employers on privacy issues in connection with background checks and investigations of employee misconduct.