Data security and breach notification

Effectively managing data security breaches is critically important to business credibility. We assist clients in developing data security breach notification procedures before any breach might occur. If a breach occurs, our attorneys help clients to implement their plans and take action in a decisive, responsive manner and in compliance with law. We help clients navigate the data breach notification laws that are effective in 46 states, the District of Columbia, Puerto Rico and the Virgin Islands, as well as other state identity theft and privacy laws.

Clients facing data security breaches rely on us to coordinate notification strategies, including notification to regulatory agencies and consumers. We also work closely with clients to conduct internal data security audits to uncover security weaknesses and to develop policies to prevent future security breaches. We assist clients in developing data security breach notification procedures before any breach might occur, so that the client is ready with a response plan.

In addition to counseling clients responding to a data breach, we provide clients counseling regarding preventive, proactive measures regarding data security such as implementing corporate privacy policies and procedures, providing employee training and information regarding the client’s privacy policies, drafting employee confidentiality agreements, and analyzing the client’s data security protocols.

Our experience includes:

  • Our attorneys have up-to-date experience with both the legal and practical aspects of data breaches. We have advised companies when they have been the victims of computer hacking. These data breaches have involved anywhere from several hundred records to more than 90,000 records involving residents of all 50 states.
  • In one circumstance, hackers had accessed personally identifiable information of employees and drained their bank accounts by using the information. We advised the client concerning not only notification requirements, but also worked with local law enforcement and the FBI in the investigation.
  • We have also helped clients recover from the theft or loss of company laptops that stored hundreds of medical records and thousands of employee records. Working with legal requirements as diverse as HIPAA, HITECH and state data-breach notification obligations, we helped our clients determine whether notification was necessary and whether any other recordkeeping requirements were needed.
  • Because not all data breaches are electronic, we also help clients that lose or improperly manage hard-copy documents. In one instance, our client discovered that an undetermined number of paper records had simply been lost. We worked with that client to provide data-breach notification pursuant to the Federal Trade Commission Disposal Rule and to develop more stringent safeguards to prevent further losses.