PROTECT YOUR BUSINESS FROM A DATA BREACH
Increasing cyber threats and subsequent data regulations are impacting how companies do business. The business and legal implications of data security breaches are complex and serious, from loss of customer loyalty, to regulatory and compliance issues, to litigation.
Prince Lobel’s multidisciplinary team helps you review your data protection practices and policies to achieve compliance with vast state, federal, and international laws and regulations. Our attorneys draw upon their broad experience in the fields of law, compliance, information technology, finance, and public policy to assist clients with effective data privacy protection plans and breach responses.
DATA PRIVACY AND SECURITY
We advise clients on business compliance implications and the protection of data under applicable privacy and/or data protection acts, regulations, or rulings, such as:
- The Gramm-Leach-Bliley Act of 1999 and related rules and regulations;
- The U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA), and its Privacy, Security, and Breach Notification Rules;
- The General Data Protection Regulation (officially Regulation 2016/679) (GDPR), the EU Cookie Directive, and the (proposed) E-Privacy Regulation;
- Data security law and regulations in Singapore, Hong Kong, Russia, and the Middle East;
- Regulations of the Securities and Exchange Commission, the Federal Trade Commission, the Financial Industry Regulatory Authority, Inc., and the United Kingdom’s Financial Services Agency; and
- The reconciliation of the Cybersecurity Information Sharing Act, the Protecting Cyber Networks Act, and the National Cybersecurity Protection Advancement Act.
Other services provided by our Data Privacy and Security Group include:
- Advising clients on industry “best practices” for data privacy preservation and protection for corporate risk management and compliance programs;
- Advising clients anticipating the results of the Presidential Policy Directive (PPD) on Critical Infrastructure Security and Resilience;
- Reviewing and negotiating Business Associate Agreements on behalf of health care providers and contractors to health care providers;
- Providing Massachusetts Written Information Security Plan (WISP) training and compliance;
- Representing employers and businesses (including retailers) that have experienced internal, external, and third-party vendor data security compromises, breaches, and/or network or device intrusions;
- Reviewing and negotiating cyber liability insurance coverages;
- Drafting and updating HIPAA policies and procedures;
- Advising clients responding to HIPAA privacy and security breaches;
- Advising clients in compliance with data breach notification statutes and regulations and preparation of all required notices to regulators, law enforcement personnel, and any affected individuals concerning any reportable event;
- Representing businesses, including retailers that have experienced security breaches and intrusions, facing regulatory enforcement or civil litigation (including civil class action litigation);
- Defending businesses, (including retailers, against regulatory enforcement actions or civil litigation (including civil class action litigation) in all state and federal courts;
- Assisting business clients with crisis response, customer relations guidance, call-center establishment, and customer interface information; and
- Advising and assisting clients in forensic investigations of the cause of potentially criminal and/or fraudulent data security compromises, breaches and/or network or device-based intrusions and facilitating proper cooperation, communication, and reporting to federal, state and local law enforcement or other investigative personnel.
Data Privacy and Security
Insurance and Reinsurance
Closely Held Business
Insurance and Reinsurance
Robert A. Bertsche
John F. Bradley II
William F. Burke
Steven H. Gans
William S. Rogers Jr.
Joseph S. Sano
Kathryn Stone Conroy
William A. Worth
Sheila K. Meagher
Katherine A. Surprenant