Cybersecurity and Data Privacy
Technological advances have allowed companies and individuals to produce, collect and analyze tremendous amounts of data as well as create numerous places to amass and store such data. Business entities may collect both internal data about their own operations as well as external data from their customers and from other businesses. More than ever it is essential that such data be secured and protected – both in terms of managing competitive business advantage and in protecting the private information of customers and clients. The GableGotwals Cybersecurity and Data Privacy Group has assisted clients in safeguarding and protecting sensitive data as required by law and based on best practices, but also in identifying their responsibilities should such data be breached and assisting them in fulfilling those obligations.
As the types of data available to companies and individuals have increased in number and complexity, so too have the number of statutes, regulations, and other requirements governing the collection and storage of such data. We assist clients in identifying not only their current legal responsibilities, but also customer, counterparty and industry expectations regarding how clients meet those obligations, which may exceed what is explicitly required under the law. We provide clients with a risk assessment based on the types of information they have and the requirements for each. Once those responsibilities and expectations are established and assessed, we work with clients to implement appropriate information governance policies, procedures and infrastructure tailored to their particular circumstances and resources.
Recognizing the role that employees play in a company’s information security program, we also provide training for all levels of company directors, officers, and staff to empower them with sufficient knowledge and confidence to meet not only their individual responsibilities but those of the company as well. We also provide similar training, as well as monitoring, oversight, and compliance reviews, for our client’s third party vendors, to ensure those third parties are aware of their own particular responsibilities and are fulfilling them as required by statute, regulation, or contract.
Should an incident arise where data may have been inappropriately accessed, exposed or obtained, we work with clients to determine to what extent such an incident may trigger additional affirmative reporting or notification responsibilities under the various federal and state laws governing such breaches. As part of the resolution of any information security incident, we work with clients to identify how company processes may be revised to avoid or reduce the risk of such an incident in the future.
The ever-expanding universe of information brings with it a similarly-expanding universe of rights, responsibilities, and risks. Through our particular experience and perspectives, we work to ultimately provide our clients with increased confidence in their information governance, decreased cost and response time in the event of a breach, and security for their businesses and their customers.
Diana Vermeire and Tom Vincent analyze the European Union Court of Justice’s Safe Harbor ruling in Sunday’s Tulsa World Business Viewpoint
Diana Vermeire details Oklahoma’s Security Breach Notification Act in the Journal Record
Tom C. Vincent II talks with the Tulsa World about Cybersecurity Law
Law Firm Now Has Cybersecurity Program
The Employee’s Role in Cybersecurity: Know, Then Do By Tom C. Vincent II
Tom C. Vincent II Says Proper Management Can Help Businesses Fill Cybersecurity Gaps in The Journal Record Article
Client Alert: Reminders for Public Companies on Cybersecurity by Tom C. Vincent, II
Diana Vermeire discusses how employees can help protect company data in the Journal Record.
GableGotwals attorney Tom Vincent II says a proactive data security plan can reduce the likelihood and costs of a data breach.
GableGotwals attorney Tom C. Vincent II discusses small business data security in the Oklahoman Business Q&A.
Primary Firm Contact(s) for this area of law: