The Importance of Privacy & Data Security in a Changing World

Transcription

1 Cyber, PrivaCy & Data SeCurity 360

2 about our PraCtiCe Data is the lifeblood of our global economy. Collected, stored and transmitted, digital data not only imparts great opportunities, but unprecedented privacy and security challenges for businesses in all industry sectors. Privacy and cyber risks require businesses to contend with a complex web of state, federal and international laws. Best practices and self-regulatory standards further complicate the picture for companies attempting to navigate the cyber, privacy and data security maze. With the government giving companies security and privacy practices greater scrutiny, businesses need to be prepared to meet their evolving obligations in these fields. Constantly changing technology affects the competitive environment and privacy and security requirements. Failure to respect privacy and data security may lead not only to serious economic consequences, but adverse publicity and loss of business. Businesses therefore increasingly consult professionals with expertise to meet the challenges of the cyber, privacy and data security environment. Morris Polich & Purdy LLP s Cyber, Privacy & Data Security team collaborates closely with clients to take a comprehensive approach to managing, responding and mitigating privacy and data security risks. Our team proactively develops, implements and assesses privacy and data security for companies in numerous business sectors. From preparing initial policies and procedures governing privacy and data security and performing baseline privacy and risk assessments, to implementing programs and performing compliance analyses, the team s expertise allows it to respond effectively and efficiently. Our team is equipped to respond to government inquiries, investigate and comply with data breach notification requirements and to handle any litigation or regulatory actions arising from alleged privacy violations or data breaches. MPP s Cyber Privacy & Data Security team is comprised of attorneys specializing in the key areas of cyber and social media law, professional liability, insurance coverage, health and long term care, litigation, employment, commercial transactions, electronic discovery and intellectual property. The team works on a national basis and has knowledge and experience regarding a wide variety of laws affecting privacy and data security. The team is involved in advising and providing litigation support for numerous federal provisions, including the Computer Fraud and Abuse Act (CFAA), the US/EU Safe Harbor, the Fair Credit Reporting Act (FCRA), the Health Information Portability and Accountability Act (HIPAA), the Children s Online Privacy Protection Act (COPPA), the Gramm-Leach-Bliley Act (GLB), the Electronic Communications Privacy Act (ECPA), the

3 about our PraCtiCe (ContinueD) Stored Communication Act (SCA), the Red Flags Rule, and a myriad of other provisions. Team members have also been involved in numerous matters involving state law, including those arising under California s Song-Beverly Act, the California Medical Information Act (CMIA), the California Invasion of Privacy Act (CIPA), the California Online Privacy Protection Act (CalOPPA), and the California Shine the Light law, among others. MPP s lawyers have also been involved in handling matters dealing with legal provisions relating to cyber security and data breaches, including federal and state laws relating to data breach notification, laws mandating security and encryption, and best practices and self-governing security standards, such as the Payment Card Industry Data Security Standards (PCI DSS). Because digital data is today readily transmitted across national boundaries, members of MPP s team are also knowledgeable regarding international privacy and data security laws, including those of the European Union (EU), Canada, Mexico and Asia. The team is headed by a lawyer who is a United States Certified Information Privacy Professional (CIPP/US) and a European Union Certified Information Professional (CIPP/E) and team members regularly monitor legal developments affecting businesses operating domestically and internationally. Privacy and data security matters are constantly evolving as technology continues to develop. MPP s Cyber, Privacy & Data Security team has both the technical and legal knowledge to monitor these changes and advise clients regarding resulting risks. The team has handled matters involving cloud computing, Big Data, biometric identifiers, the Internet of Things (i.e. smart devices), social media, online behavioral advertising (OBA), and other technologies. Team members have also advised and assisted with numerous privacy issues in the workplace, including Bring Your Own Device (BYOD), pre-employment screening, internal investigations, employee use of social media and electronic devices, employee monitoring, and other aspects of the employment relationship. Complimentary to their work in privacy and data security, MPP s Cyber, Privacy & Data Security team also has expertise in other aspects of cyber law in addition to their work in privacy and data security. The team includes attorneys specializing in trademark and copyright law, intellectual property, the Digital Millennium Copyright Act (DMCA), government subpoenas of electronic information, trade secrets, and protection of proprietary information. Team members have also handled a wide variety of other cyber matters, including licensing disputes,

4 about our PraCtiCe (ContinueD) preservation of electronic evidence, protection of intellectual property against piracy, and registration of domain names. The team has also dealt with numerous e-discovery issues, particularly those regarding the interplay between electronic collection of documents and relevant privacy and security requirements. To provide leading information and updates on important changes in the cyber, privacy and data security arena, the team launched their specialist website which includes a library of reference sources, articles, and details of services available.

5 a CroSS SeCtion of our experience Services provided by our Cyber, Privacy & Data Security team include: responding to Data breaches and Security incidents: Designing and implementing Corporate risk analyses and Strategies: Baseline privacy and data security surveys and analyses, including privacy and security of personal and proprietary information collected, maintained and distributed by businesses Privacy and security risk audits and assessments Privacy and data security practices and procedures Response protocols and contingency plans for privacy and security breaches Establishing appropriate corporate privacy and data protection infrastructure Training to promote and comply with best practices in privacy and data security, including privacy by design Compliance with ongoing requirements and best practices in light of changing technological and legal requirements Establishing data breach notification procedures Complying with breach notification requirements of relevant federal and state jurisdictions Working with investigators, consultants, and law enforcement authorities to analyze and contain breach and security incidents Mitigating damages and remediating harm from breach incidents Providing notices to affected individuals Revising practices and procedures to help prevent future breach incidents implementing business Solutions: Negotiating and drafting contracts, including HIPAA business associate agreements, vendor agreements, and agreements involving cloud computing providers Selecting and managing vendors and other third parties handling personal or proprietary information

6 a CroSS SeCtion of our experience (ContinueD) Protecting personal information of employees, customers, and consumers Protecting privacy and security of personal health information (PHI) under HIPAA and HITECH, including HIPAA Omnibus Rule Use of social media and electronic devices in the workplace Use of personal information for marketing and advertising purposes, including online behavioral advertising and COPPA compliant websites Online privacy notices and user agreements Management of privacy security of electronic information, including proper document retention procedures and compliance with electronic discovery obligations Evaluating insurance coverage issues E-Discovery evaluation and compliance

7

8 attorneys at Law M a i n C o n t a C t: timothy J. toohey ttoohey@mpplaw.com o f f i C e L o C a t i o n S: Los angeles 1055 West Seventh Street, Suite 2400, Los Angeles, California T: F: San Diego One America Plaza, 600 West Broadway, Suite 500, San Diego, California T: F: San francisco One Embarcadero Center, Suite 400, San Francisco, California T: F: Las vegas 500 South Rancho Drive, Suite 17, Las Vegas, Nevada T: F: