Cybersecurity and Data Privacy
Technological advances have allowed companies and individuals to produce, collect and analyze tremendous amounts of data as well as create numerous places to amass and store such data. Business entities may collect both internal data about their own operations as well as external data from their customers and from other businesses. More than ever it is essential that such data be secured and protected – both in terms of managing competitive business advantage and in protecting the private information of customers and clients. The GableGotwals Cybersecurity and Data Privacy Group has assisted clients in safeguarding and protecting sensitive data as required by law and based on best practices, but also in identifying their responsibilities should such data be breached and assisting them in fulfilling those obligations.
As the types of data available to companies and individuals have increased in number and complexity, so too have the number of statutes, regulations, and other requirements governing the collection and storage of such data. We assist clients in identifying not only their current legal responsibilities, but also customer, counterparty and industry expectations regarding how clients meet those obligations, which may exceed what is explicitly required under the law. We provide clients with a risk assessment based on the types of information they have and the requirements for each. Once those responsibilities and expectations are established and assessed, we work with clients to implement appropriate information governance policies, procedures and infrastructure tailored to their particular circumstances and resources.
Recognizing the role that employees play in a company’s information security program, we also provide training for all levels of company directors, officers, and staff to empower them with sufficient knowledge and confidence to meet not only their individual responsibilities but those of the company as well. We also provide similar training, as well as monitoring, oversight, and compliance reviews, for our client’s third party vendors, to ensure those third parties are aware of their own particular responsibilities and are fulfilling them as required by statute, regulation, or contract.
Should an incident arise where data may have been inappropriately accessed, exposed or obtained, we work with clients to determine to what extent such an incident may trigger additional affirmative reporting or notification responsibilities under the various federal and state laws governing such breaches. As part of the resolution of any information security incident, we work with clients to identify how company processes may be revised to avoid or reduce the risk of such an incident in the future.
The ever-expanding universe of information brings with it a similarly-expanding universe of rights, responsibilities, and risks. Through our particular experience and perspectives, we work to ultimately provide our clients with increased confidence in their information governance, decreased cost and response time in the event of a breach, and security for their businesses and their customers.
Primary Firm Contact(s) for this area of law: