Data Privacy & Cyber Security

Practice Area

Data Privacy & Cyber Security

– 24/7/365 – ANY TIME, ANY WHERE...

24/7 Data Breach Response Hotline: 844.312.3961

24/7 Data Breach Response Team Email: breachresponse@lewisbrisbois.com

Sean Hoar, a former federal cyber attorney for the Department of Justice, heads Lewis Brisbois’ national Data Privacy & Cyber Security Practice. Our lawyers understand complex technology and are devoted to customer service. We assist companies in every business sector and respond to data security incidents, from simple data theft to complex and catastrophic data compromises. Our team employs a holistic approach to data privacy and cyber security, offering a suite of services to help clients keep their data private and secure, providing a rapid response to any digital crisis, and delivering defensive litigation services when necessary.

The Lewis Brisbois team is available 24/7/365 and is geographically distributed across the nation to help clients protect their data, and to respond and remediate any type of data security incident.

INCIDENT RESPONSE SERVICES

Incident response management: The Lewis Brisbois team has extensive experience managing responses to information security incidents. This includes access to Lewis Brisbois' 24/7 data breach hotline and complete project management of the breach response process. Lewis Brisbois attorneys work closely with cyber insurance brokers and carriers to maximize client access to appropriate resources. The rapid response process involves an initial assessment of the data security problem and facilitation of all legal agreements and services to contain, analyze, investigate and remediate the incident. This often includes digital forensics, crisis management and communications, consumer notification, and credit monitoring and/or identity protection services. The process also involves an assessment of consumer and regulatory notification obligations, and, if such obligations apply, our attorneys assist in drafting consumer and regulatory notification, and responding to inquiries from the media and regulatory officials. The Lewis Brisbois national breach response team is best in class and ready to immediately respond to any type of data security incident at anytime, anywhere.

Data breach-related defensive litigation: Our attorneys have extensive experience representing clients in complex litigation arising from data breach-related matters. Whether it is a third-party demand or a class action complaint, Lewis Brisbois attorneys are particularly well suited to defend clients in all business sectors. Lewis Brisbois has extensive litigation resources covering major markets across the nation, ensuring that clients are well represented in all defensive litigation matters.

PROACTIVE DATA PRIVACY & CYBER SECURITY (RISK MITIGATION) SERVICES

Compliance counseling: Lewis Brisbois assists clients in all business sectors to assess regulatory obligations and develop compliance programs to meet them. Our attorneys have expertise in a wide variety of state and federal regulatory statutes pertaining to data privacy and cyber security. These statutes include over 50 state and territorial data breach notification statutes, regulatory provisions in the communications, energy, financial, and healthcare sectors, and international data protection laws. These provisions include the Computer Fraud and Abuse Act (CFAA), the Fair Credit Reporting Act (FCRA), the Fair Debt Collection Practices Act (FDCPA), the Gramm Leach Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA) and its amendment, the Health Information Technology for Economic and Clinical Health Act (HITECH), the Stored Communications Act (SCA), the Telephone Consumer Protection Act (TCPA), and the E.U. Data Protection Directive.

Incident response planning: Lewis Brisbois attorneys assist clients in all business sectors to develop and draft incident response plans that are mapped to the National Institute of Standards and Technology Computer Security Incident Handling Guide, Special Publication 800-61 Rev. 2. The planning process includes the identification and involvement of key stakeholders, the acquisition of cyber liability insurance, the facilitation and execution of Master Service Agreements with breach response service providers (digital forensics services, consumer notification/call center services, credit monitoring/identity protection services, etc.), and introductions to appropriate law enforcement personnel. We recognize that preparation is a critical phase in the incident response life cycle, and are well versed in helping clients prepare for all types of data security incidents.

Table top exercises: We help clients test their incident response plans by facilitating enterprise-wide digital crisis response exercises. These exercises involve key stakeholders and assist them to identify and experience their roles and responsibilities in responding to a data security incident before an actual crisis occurs. Our attorneys recognize that “experiencing” a data security incident before it actually occurs accelerates an organization’s ability to effectively contain and remediate an incident. The exercises also help to identify and resolve gaps in incident response plans and enhance an organization’s enterprise security posture.

Data privacy policy development and review: Lewis Brisbois assists clients to identify and develop necessary data privacy policies pertaining to data collection, employment, online marketing, and sector specific requirements. Data collection is a critical aspect of many business models, and regulation of data collection practices is constantly increasing. We help businesses navigate the ever-evolving privacy regulatory landscape.

Data security policy development and review: Our team helps clients review existing information security policies and procedures, recommends revisions to existing policies and procedures, and drafts policies and procedures if none exist. These policies are often mapped to the Critical Security Controls, which are now managed by the Center for Internet Security.

Employee/Board/Executive training: We also assist clients to identify and prioritize employee training needs, develop customized training to educate employees about network security awareness, and develop customized presentations for Boards and Executives about information security threats and risks while addressing the business case for information security.

Facilitation of confidential third-party technology projects: Our team facilitates confidential third-party technology engagements to ensure they are covered by the attorney-client privilege to the extent permitted by law. These projects may involve system vulnerability assessments, system penetration testing, and forensics investigations. Our attorneys assist clients to identify an appropriate vendor, determine appropriate scope, facilitate and execute pertinent contracts, oversee the various projects to ensure they remain within scope and budget, and review and edit preliminary reports to ensure they are accurate and in a format acceptable for regulators should they need to be produced.

General information security consulting: We regularly counsel clients in all business sectors on commercially reasonable practices to enhance their enterprise security posture. This includes reviewing information security practices, facilitating self-assessments, and helping to identify and reduce system vulnerabilities to mitigate the risk and scale of a breach.

THE LEWIS BRISBOIS TEAM IS ALWAYS AVAILABLE TO RESPOND: Lewis Brisbois attorneys are available 24/7/365 and geographically distributed throughout the United States to immediately and effectively respond and remediate any type of data security incident – any type, anytime, anywhere.

Chair(s)