Information Security & Data Breach Response
Information security is one of the greatest challenges companies face today. We help our clients succeed with solutions that are legally sophisticated, technically savvy, and operationally practical.
Will You Be Ready if a Breach Occurs?
Our Information Security & Data Breach Response Team provides resources to help you develop your information security and incident response programs. For a more customized approach, contact a member of our team.
This guide is intended to provide general information and considerations when preparing for and responding to a ransomware attack.
IR workshops from our information security team can help you evaluate the risks and identify priorities that are unique to your organization.
Use this summary to help answer questions about state data breach notification requirements.
Our latest thinking on attorney-client privilege.
24/7 Breach Response Team
Assistance with assessing and responding to security incidents designed to limit legal liability, preserve system assets, and protect your business reputation.
Information security is one of the great challenges companies face today. We help our clients succeed with solutions that are legally sophisticated, technically savvy, and operationally practical.
Overview
Legal Expertise
We don't dabble in information security law—we live it every day. From broadly applicable data breach and security laws to technical, sector-specific requirements, our legal advice is shaped by years of experience focused on information security.
Technical Savvy
Understanding our clients' technology is essential to our practice. We believe that only by engaging with complex technical issues can an attorney truly understand the legal risks and challenges that technology creates. Where other attorneys throw up their hands, our team digs in.
Practical Approach
We deliver actionable legal guidance tailored to your organization. We can help you turn esoteric legal requirements into concrete policies and practices that support both your compliance needs and business goals. We'll help you evaluate your legal risks and develop solutions that make both legal and business sense.
24/7 Breach Response Team
Assistance with assessing and responding to security incidents designed to limit legal liability, preserve system assets, and protect your business reputation.
Privacy & Security Law Blog
- Represent telecommunications conglomerate in various information security matters, as well as investigating and responding to various incidents, some of which resulted in the disclosure of consumer information and required consumer and governmental notifications.
- Advised e-commerce companies on incident response plan for information security incidents and data breaches.
- Provided counsel on compliance with HIPAA and other health information privacy and security laws, including successfully resolution of investigation by the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) of a reported breach, which had the potential to result in millions of dollars in civil monetary penalties. Facilitated the client’s response and OCR closed its investigation without financial penalty or settlement.
- Assisted consumer products company investigate ransomware attack on website collecting personal information from European residents. Developed forensic evidence necessary to determine that personal information was not put at risk.
- Conducted incident response for medical services provider addressing a breach in a recently acquired asset. Guided medical services provider through analyzing network of acquired company, remediating security incident, and properly securing its own network from potential impact from acquired company.
- Conducted incident response for publisher that was victim of spear phishing campaign that compromised personal information of US and EU residents. Coordinated forensic investigation, breach notification, and regulator communication.
- Conducted incident response for software developer that was the subject of a ransomware attack. Assisted in payment of ransom and decryption of data, law enforcement coordination, transition to new network structure, and other remediation activities.
- Advised book publisher that mailed information to incorrect contractors. Coordinated breach notification, identity theft monitoring, and regulator communication.
- Identified spear phishing attack on a nonprofit client that suspected an employee was committing fraud and guided client through remediation.
- Advised religious institution that suffered an attack from a disgruntled employee. Drafted demand letter and recovered stolen data.
- Advised restaurant client on data misuse by franchise, including addressing data ownership issues not directly addressed in franchise agreement.
- Served as data breach counsel to a regional health plan for a series of potential data breaches that could have affected tens of thousands of the plan’s members, including analysing the breach notification obligations under HIPAA, the federal notification law, and the laws of all 50 states and a couple of territories. Also developed multiple notifications to individuals, government regulators, and consumer reporting agencies to meet all these requirements.
