Data Privacy & Cyber Security
– 24/7/365 – ANY TIME, ANY WHERE... 24/7 Data Breach Response Hotline: 844.312.3961 24/7 Data Breach Response Team Email: email@example.com
– 24/7/365 – ANY TIME, ANY WHERE...
24/7 Data Breach Response Hotline: 844.312.3961
24/7 Data Breach Response Team Email: firstname.lastname@example.org
Sean Hoar, a former federal cyber attorney for the Department of Justice, heads Lewis Brisbois’ national Data Privacy & Cyber Security Practice. Our lawyers understand complex technology and are devoted to customer service. We assist companies in every business sector and respond to data security incidents, from simple data theft to complex and catastrophic data compromises. Our team employs a holistic approach to data privacy and cyber security, offering a suite of services to help clients keep their data private and secure, providing a rapid response to any digital crisis, and delivering defensive litigation services when necessary.
The Lewis Brisbois team is available 24/7/365 and is geographically distributed across the nation to help clients protect their data, and to respond and remediate any type of data security incident.
INCIDENT RESPONSE SERVICES
Incident response management: The Lewis Brisbois team has extensive experience managing responses to information security incidents. This includes access to Lewis Brisbois' 24/7 data breach hotline and complete project management of the breach response process. Lewis Brisbois attorneys work closely with cyber insurance brokers and carriers to maximize client access to appropriate resources. The rapid response process involves an initial assessment of the data security problem and facilitation of all legal agreements and services to contain, analyze, investigate and remediate the incident. This often includes digital forensics, crisis management and communications, consumer notification, and credit monitoring and/or identity protection services. The process also involves an assessment of consumer and regulatory notification obligations, and, if such obligations apply, our attorneys assist in drafting consumer and regulatory notification, and responding to inquiries from the media and regulatory officials. The Lewis Brisbois national breach response team is best in class and ready to immediately respond to any type of data security incident at anytime, anywhere.
Data breach-related defensive litigation: Our attorneys have extensive experience representing clients in complex litigation arising from data breach-related matters. Whether it is a third-party demand or a class action complaint, Lewis Brisbois attorneys are particularly well suited to defend clients in all business sectors. Lewis Brisbois has extensive litigation resources covering major markets across the nation, ensuring that clients are well represented in all defensive litigation matters.
Data breach-related affirmative litigation: Clients who fall victim to a data breach often incur harm from third parties. The lawyers in Lewis Brisbois’ Data Privacy & Cyber Security Practice and its Commercial Litigation Practice guide clients through their options in resolving difficult and complex problems — including the recovery of substantial losses from third parties and the recovery and seizure of private data stolen during a data breach — and provide strong affirmative litigation services when necessary.
Website and mobile application accessibility defensive litigation services: Litigation surrounding website accessibility under Title III of the Americans with Disabilities Act (ADA) has significantly increased in recent years. Perhaps due to uncertainty about pending federal regulations, businesses have been caught off guard when confronted with third party demands or lawsuits. The lawyers in Lewis Brisbois’ Data Privacy & Cyber Security Practice and its ADA Compliance and Defense Practice guide clients through their obligations under Title III of the ADA and provide strong defensive litigation services when necessary.
PROACTIVE DATA PRIVACY & CYBER SECURITY (RISK MITIGATION) SERVICES
Compliance counseling: Lewis Brisbois assists clients in all business sectors to assess regulatory obligations and develop compliance programs to meet them. Our attorneys have expertise in a wide variety of state and federal regulatory statutes pertaining to data privacy and cyber security. These statutes include over 50 state and territorial data breach notification statutes, regulatory provisions in the communications, energy, financial, and healthcare sectors, and international data protection laws. These provisions include the Computer Fraud and Abuse Act (CFAA), the Fair Credit Reporting Act (FCRA), the Fair Debt Collection Practices Act (FDCPA), the Gramm Leach Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA) and its amendment, the Health Information Technology for Economic and Clinical Health Act (HITECH), the Stored Communications Act (SCA), the Telephone Consumer Protection Act (TCPA), and the E.U. Data Protection Directive.
Incident response planning: Lewis Brisbois attorneys assist clients in all business sectors to develop and draft incident response plans that are mapped to the National Institute of Standards and Technology Computer Security Incident Handling Guide, Special Publication 800-61 Rev. 2. The planning process includes the identification and involvement of key stakeholders, the acquisition of cyber liability insurance, the facilitation and execution of Master Service Agreements with breach response service providers (digital forensics services, consumer notification/call center services, credit monitoring/identity protection services, etc.), and introductions to appropriate law enforcement personnel. We recognize that preparation is a critical phase in the incident response life cycle, and are well versed in helping clients prepare for all types of data security incidents.
Table top exercises: We help clients test their incident response plans by facilitating enterprise-wide digital crisis response exercises. These exercises involve key stakeholders and assist them to identify and experience their roles and responsibilities in responding to a data security incident before an actual crisis occurs. Our attorneys recognize that “experiencing” a data security incident before it actually occurs accelerates an organization’s ability to effectively contain and remediate an incident. The exercises also help to identify and resolve gaps in incident response plans and enhance an organization’s enterprise security posture.
Data security policy development and review: Our team helps clients review existing information security policies and procedures, recommends revisions to existing policies and procedures, and drafts policies and procedures if none exist. These policies are often mapped to the Critical Security Controls, which are now managed by the Center for Internet Security.
Document retention policy development and review: Because of the data explosion caused by the advent of electronically created and stored information, management of data has become critical for business processes, regulatory compliance and data security. Focused data retention and destruction policies are an important component of information security and information management systems. Our lawyers regularly counsel on document retention and destruction policies for public and private companies.
Mergers and acquisitions due diligence assistance: Information systems are an increasingly important part of any merger, acquisition, or sale. For buyers, it is critical that due diligence be conducted to avoid the purchase of a data breach. For sellers, it is critical to ensure that representations and warranties about the security of information systems are accurate. Lewis Brisbois attorneys understand these dynamics and regularly work with clients to conduct the due diligence necessary to guide them through the merger, acquisition, or sale process.
Employee/Board/Executive training: We also assist clients to identify and prioritize employee training needs, develop customized training to educate employees about network security awareness, and develop customized presentations for Boards and Executives about information security threats and risks while addressing the business case for information security.
Facilitation of confidential third-party technology projects: Our team facilitates confidential third-party technology engagements to ensure they are covered by the attorney-client privilege to the extent permitted by law. These projects may involve system vulnerability assessments, system penetration testing, and forensics investigations. Our attorneys assist clients to identify an appropriate vendor, determine appropriate scope, facilitate and execute pertinent contracts, oversee the various projects to ensure they remain within scope and budget, and review and edit preliminary reports to ensure they are accurate and in a format acceptable for regulators should they need to be produced.
General information security consulting: We regularly counsel clients in all business sectors on commercially reasonable practices to enhance their enterprise security posture. This includes reviewing information security practices, facilitating self-assessments, and helping to identify and reduce system vulnerabilities to mitigate the risk and scale of a breach.
THE LEWIS BRISBOIS TEAM IS ALWAYS AVAILABLE TO RESPOND: Lewis Brisbois attorneys are available 24/7/365 and geographically distributed throughout the United States to immediately and effectively respond and remediate any type of data security incident – any type, anytime, anywhere.