If you collect data in any part of your business — financial, health, human resources, online behavioral data, private user communications and images — you face increasing financial and regulatory pressures to protect it. Threats come from all directions – disgruntled employees, lost laptops, organized crime syndicates, underground hacker groups, and foreign governments. The cost of a security breach is significant. You could lose intellectual property or trade secrets, sensitive consumer data, or customers’ trust and confidence. Running afoul of regulators and privacy watchdog groups is just as perilous to your bottom line.
We develop consumer-facing and internal privacy and security policies and incident response plans that can bring your company into compliance with applicable laws and help you keep pace with developing industry standards. Specifically, we help our clients with:
- Compliance with the EU General Data Protection Regulation (GDPR), Data Privacy Framework (DPF), HIPAA, COPPA, Gramm-Leach Bliley, FCRA, FTC Rulings and Consent Decrees, and compliance with other federal, state, and international privacy laws.
- Development of privacy policies that articulate corporate practices in a way that satisfies legal requirements and meets industry best practice guidance for plain language and transparency.
- Development of written information security programs and incident response plans.
- Internal mechanisms to facilitate the transfer of data to affiliates, foreign data storage locations, service providers, partners, and advertisers.
- Internal reviews and checklists for determining compliance with regulatory requirements.
- Contract provisions regarding data protection requirements.
- Compliance plans for sensitive data, including data related to children, health, or other sensitive areas.
- Employee training.
We can also help:
- Advise on security breach investigations, user requirements, and defend resulting regulatory inquiries and civil litigation.
- Conduct information security assessments.
- Develop and implement policies and procedures to minimize vulnerabilities, including incident response plans, data breach notification procedures, record retention, and related policies.
- Advise on the security requirements of HIPAA, COPPA, GLB, FCRA, state and local security breach notification laws, and other U.S. state, federal, and international security requirements.
- Perform information security due diligence for corporate acquisitions or equity investments.