We provide comprehensive services to small and medium-sized enterprises, including:
US Privacy & Data Security Compliance Programs
- Advise on legal requirements and best practices for safeguarding financial, health and consumer information and guarding against security breaches. We develop policies and guides for companies and institutions as well as for their websites, applications and devices.
- Analyze corporate cyber liability and advise on the most appropriate safeguards, conducting data audits and classification projects as well as preparing information security programs, incident and data breach response plans, and data disposal and destruction protocols.
- Negotiate and draft the terms for vendor and employment agreements involving the sharing of sensitive information and conduct due diligence reviews.
- Manage compliance with US State and federal privacy and data management laws and standards, including the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), the Electronic Communications Privacy Act (ECPA), the California Consumer Privacy Act (CCPA), Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act, the Children’s Online Privacy Protection Act (COPPA), New York State Department of Financial Services Cybersecurity Regulation (23 NYCRR part 500 and the Fair Credit Reporting Act (FCRA). We also advise on international data transfers and assist U.S. companies to comply with the EU General Data Protection Regulation (GDPR) and the ePrivacy Directive.
Security Incident Preparedness and Response Advisory Services
- Advise on proactive incident response preparedness and help in the assessment of and the response to data breaches. This includes coordinating the response and interacting with technology consultants, law enforcement and regulatory bodies and advising in the capacity of crisis managers. We also analyze and provide counsel on the procurement of cybersecurity insurance.
- Advise on responses to regulatory inquiries and investigations and help clients respond to customer or employee complaints, coordinating with other corporate advisors.
Cyber Investigation Services
- Investigatory services and remediation to victims of cyber-attacks, cyber-defamation, cybersquatting cyberstalking and other forms of on-line harassment as well as the theft of intellectual property.
- Coordinate and lead larger scale investigations with forensic and tech teams to control and contain damage to data, privacy and reputation.