Data Privacy & Cybersecurity
DATA PRIVACY & CYBERSECURITY
Businesses and organizations of all sizes and industries are facing increased threats to their data stewardship on the one hand, and constantly evolving regulatory requirements and growing prosecutorial regimes on the other. And it’s only getting more challenging.
Our Data Privacy and Cyber Security team provides counsel on threat prevention and mitigation in the context of your key business drivers: Intellectual Property, Financial/Fiduciary, Regulatory/Compliance, Operational, Growth/Opportunity, Strategy, Human Capital and Reputation/Brand.
We employ an integrated approach focused on 1) preventing attacks through proactive mitigation programs; 2) monitoring and detecting potential cyber risks; and 3) responding to breaches and other adverse events. We customize our Data Privacy and Cyber Security services to your business—size, industry, technologies, stakeholders, and compliance regimes.
Our platform starts with your business needs and “ends” with an intense focus on helping you “get back to business” and drive enterprise value. It’s a comprehensive, business-minded, intelligent approach to managing, mitigating and responding to cyber threats.
Trends we’re watching in 2015-16
- Business leaders (not just IT departments) will be increasingly held directly accountable for data privacy controls and response to breaches.
- Incident response plans will need to consider how to instantly email those affected and reset user passwords on a massive scale.
- Wearable technologies and internet of things (IoT) will continue to proliferate, expanding the number of access points to and vulnerability of Protected Health Information (PHI) and other sensitive data.
- Terms of Service and vendor agreements will increasingly require provisions to mitigate liability and protocol for privacy matters.
- Employees will continue to be the biggest threat to cyber security, predominantly through negligence, requiring increased security training programs.
- State-level regulations will increase, providing a patch-work of data privacy and breach laws, making compliance increasingly difficult.
- Consumers will increasingly reach “data breach fatigue,” taking less action to protect themselves, requiring businesses to re-think their pre- and post-breach communications.
- Commercial drone use will continue to proliferate, putting some companies under both aviation and privacy regulations for the first time.
Who we work with
- All businesses, organizations and government entities that collect, transmit or store sensitive or personally identifiable information
- All industries including technology, health care, finance, infrastructure, defense, energy, big data, social media, data storage and professional services
- Companies using mobile apps, websites and social media. Whether communicating with, collecting information from, advertising to or doing business with clients and customers, they and others are impacted by the Telephone Consumer Protection Act (TCPA) and the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM)
- Health care providers, insurance companies, pharmacies, clearinghouses, business associates and others impacted by the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH) and the Omnibus Rule
- Those who market goods or services to children under the age of 13 and others impacted by the Children’s Online Privacy Protection Act (COPPA)
- All companies that receive and store the personal financial information of their clients and customers, and others impacted by the Gramm-Leach-Bliley Financial Services Modernization Act (GLBA) and state data security laws
- Law firms, accounting firms and other professional advisors working with sensitive client information
- Law enforcement agencies
- Recognized by Chambers USA as a nationwide leader in the Field of Privacy Law
- Defended a client in litigation involving the theft of 1.7 million patient records
- Provided emergency response and compliance strategy for clients following the theft or loss of large amounts of sensitive information. Recent examples include:
- A lost laptop containing the personal information of over 11,000 individuals from 31 different states
- Website hacking incident involving the personally identifiable information of over 3,000 individuals
- Represented numerous clients in privacy violation investigations by the Office for Civil Rights and state regulatory entities
- Provide ongoing privacy and security counsel to a large utility
- Counseled a pharmaceuticals company in corporate privacy and security issues and provided worldwide employee privacy training
- Built enterprise-wide privacy and security framework for startup companies in the health care industry, municipalities and large corporations
- Assisted clients with their applications for “safe harbor” under the Federal Communications Commission (FCC)
- Developed and implemented website privacy policies and terms and conditions of use for a variety of clients in diverse industries
- Laws Try to Resolve Employer-Employee Social Media Conflicts
Wall Street Journal | May 28, 2015
Providence Commercial Litigation counsel Steven Richard is quoted in this article discussing how state laws on social media are impacting employer-employee relations in the absence of an overarching federal law.
- Are Employers Responsible for an Employee's Unauthorized Review of a Patient's Confidential Health Information?
Journal of the American College of Radiology | May 1, 2015
This contributed column discusses employer liability for employees who improperly access confidential patient information. This piece is authored by Albany Health Care partners Laurie Cohen and Peter Millock, counsel Barbara Asheld and Long Island associate Brooke Lane.
- Future of FTC Data Security Enforcement Hinges on Forthcoming Wyndham Ruling
Bloomberg BNA Privacy and Data Security Law Resource Center | January 2, 2015
Providence partner and leader of the firm’s Privacy & Data Protection group
Linn Freedman is quoted in this article discussing a matter before the U.S.
Court of Appeals which presents an unprecedented opportunity to define the
Federal Trade Commission's authority to police the data security practices of