Data security is of paramount importance in the modern age. Customers, industry standards, laws, regulations and good business practice demand that today’s companies guard data like never before. And even with state-of-the-art protections and protocols in place, human error, evolving technology and creative hacking leave secure systems vulnerable to attack. Stradley Ronon’s cyber & privacy practice attorneys have the experience to advise clients on a wide range of cyber-related issues. We regularly represent businesses across numerous industries in cybersecurity matters, including regulatory compliance, data security policies and procedures, insurance and other contract counseling, data breach investigation and response, and data breach notification compliance and litigation.
Security Policies & Counseling
Adhering to a cybersecurity program is necessary to protect critical data and information. The Stradley Ronon team can assist with the development and implementation of policies and procedures with respect to data security, including policies that touch on HR issues, data retention and destruction, and IT best practices. We will make recommendations and assist in developing new policies and procedures where necessary. We will also work with clients to strengthen, supplement and implement all policies and procedures involving:
• access to data
• data destruction
• data storage
• managing HIPAA-protected information
• partners and vendors that may have access to, or store, sensitive data
• security audits
• security vulnerabilities
• transfer of data
We also provide comprehensive pre-breach counseling. Our attorneys have extensive experience with the state and federal laws governing the protection of confidential, personally identifiable information, personal health information, and other private records – and what steps are required in the event of unauthorized access. We use this knowledge to help clients assess, prioritize and address their current risks, create and implement best- in-market policies and procedures, develop incident response plans, create training programs and conduct training, assess cyber insurance policies, and review and negotiate vendor and other third- party agreements to ensure data protection and compliance with applicable laws and regulations.
Regulation & Compliance
Our cyber & privacy team provides advice to clients regarding privacy and data protection laws, compliance with those laws and risk mitigation practices across numerous industries, including insurance, financial, health care, education, retail and consumer data. In addition, we counsel clients on the implication of compliance obligations in transactions, such as corporate governance, risk management and corporate transactions. We work to protect clients before and after a data breach – from preparing privacy and security policies to swift guidance on responding to a data breach and issuing requisite breach notifications. Once a cyber incident investigation is underway, where a breach triggers regulatory disclosures and possible fines or penalties, our attorneys and government affairs professionals interface with state and federal law enforcement and other regulators, as well as any counter- parties to whom a disclosure obligation is owed, in order to ensure legal compliance and minimize damages.
Data Breach Response
Stradley Ronon’s dedicated data breach response team understands the importance of a prompt and proper data breach investigation and response. We and our technology partners help our clients take the quick and prudent actions necessary in the hours, days and weeks following a data breach or incident to understand the scope of the compromise, evaluate the parameters and elements of unauthorized access, movement or exfiltration of data, and assess the actions needed to maintain legal compliance and mitigate damages. Our attorneys recognize that there is no standard approach for a data breach response because there is no standard data breach. Information technology systems vary from business to business, the geneses of breaches vary widely (from criminal hacking or data theft to equipment failure or human error), and legal requirements arising from a data compromise vary from state to state, industry to industry and breach to breach, often depending on the types of information compromised.
Litigation
We work to protect our clients’ corporate reputation at every stage in the breach response. When a breach spurs lawsuits, our experienced litigation attorneys are ready to defend our clients against all claims, both serious and spurious, that may be asserted. Our team has handled numerous data breach response incidents across a wide range of industries. We have represented clients in state and federal privacy litigation and enforcement actions. If someone else caused the breach, we have significant experience representing clients as individuals or class action plaintiffs. We also assist clients with managing business risk before litigation and, when the time comes, effectively preserve, collect, analyze and produce its data, including providing advice regarding the best practices for managing data sources, forming an information governance policy, and navigating all phases of the electronic discovery process in a manner that achieves the best possible results while keeping costs predictable.
Cyber Insurance
Stradley Ronon’s cyber insurance team can help you evaluate and select coverage, walk you through the ins and outs of your existing coverage to ensure that it will protect your company in the event of data loss. We will work with you proactively to safeguard your data before an incident occurs, and provide counsel after a data breach regarding your existing insurance coverage, as well as any statutory notification requirements. In addition, to protect our clients against the devastating consequences of an important data loss, we assist in structuring insurance coverage as part of a comprehensive risk-management package. We review and compare insurance programs and advise on risk management issues, premium financing, and broker and agent matters.