Cybersecurity, Data Protection and Privacy

Our Firm offers an interdisciplinary approach to cybersecurity, data protection and privacy that combines the expertise of attorneys and leading technology experts who collectively:

• Assess existing systems, processes and policies including incident prevention and response plans;
• Develop and implement technical, operational, and administrative safeguards against data breaches and cybersecurity incidents;
• Advise clients on the most efficient means of allocating financial resources for optimal cybersecurity and data protection purposes;
• Assist clients in vetting and conducting due diligence on vendors, systems and devices; and
• Resolve time sensitive issues. 

Our attorneys partner with recognized technology experts to:

• Provide comprehensive legal advice and corresponding technical assistance to help hospitality, pharmaceutical, financial services, retail, manufacturing, communication and emerging technology clients understand and proactively anticipate and mitigate risks in the area of Privacy and Cybersecurity to keep their businesses responsive, compliant and protected in an ever-changing environment.
• Advise clients on critical infrastructure, network security, workplace and employee privacy, consumer and telemarketing laws, big data, ecommerce and the Internet of Things (IoT).
• Assist clients in complying with federal, state, and international data security and privacy laws and regulations to solve and proactively guard against cybersecurity and data risks such as data breaches, disputes and litigation alleging data breaches or privacy law violations, regulatory investigations and enforcement actions, and cyber insurance issues.
• Advise clients on compliance obligations, transactional matters, governance, risk management and proposed legislation in Congress and state legislatures.

Our practice group’s areas of focus include:

We adhere to the all Privacy & Cybersecurity Compliance standards, including:

• European Union General Data Protection Act (GDPR)
• California Consumer Privacy Act (CCPA)
• New York SHIELD Act
• New York Department of Financial Services Cybersecurity Regulation
• Health Insurance Portability and Accountability Act (HIPAA)
• Gramm-Leach-Bliley Act (GLBA)

Representative Cases

• Spearheaded the internal review and data mapping and collection processes necessary to guide a publicly traded, global pharmaceutical company through GDPR compliance.
• Managed the creation and implementation for a publicly traded global healthcare technology company’s corporate policies and procedures for data processing and handling of a global Infrastructure as a Service provider headquartered in the United States to ensure compliance with GDPR requirements. 
• Managed technical and contractual guidance and negotiation for the formation of contracts and agreements for a major university to shift responsibility and management for a portion of their IT infrastructure to an outside organization.
• Facilitated the renegotiation of the Master Services Agreement between a logistics company and the organization that acquired the developers of legacy software application which was integral to the logistics company’s operations. 
• Negotiated the agreements and facilitated the restructuring of a leading manufacturing and fulfillment services organization to streamline processes and simplify their IT infrastructure and management structure.
• Coordinated the investigation of, and recovery from, a ransomware attack targeting a company's core infrastructure affecting multiple offices.