Compliance Assessments, Audits and Investigations, Security Breach Programs

We help our clients navigate the complex web of rapidly changing information privacy and data security laws in the United States and worldwide. Data breaches typically expose victim companies to financial losses, civil litigation, regulatory investigations, fines and reputational harm. In addition, regulators now focus not only on data breach consequences, but also on the company’s or firm’s preparedness for security incidents and compliance with minimum industry practices. The Federal Trade Commission and state attorneys general have deemed inadequate privacy measures to be unfair and deceptive business practices. Recent amendments to federal privacy laws and pending bills indicate that increased federal regulation of this area is likely for most businesses and particularly “critical infrastructure” industries such as finance, telecommunications and utilities. Our clients come to our privacy lawyers for practical, up-to-date guidance in addressing the risks of emerging privacy law regimes around the world. Recent representative projects include:

Privacy and Security Compliance Assessments

  • Comprehensive reviews of internal and public-facing privacy and data security policies and practices for several large financial services, healthcare and health insurance companies
  • Privacy impact assessments in connection with mergers and acquisitions, outsourcing, technology upgrades and changes in laws and regulations

Audits and Regulatory Investigations of Privacy Practices

  • Assisting a California-based insurance company in a full-scale audit of privacy and information security practices conducted by the state insurance regulator
  • Advising a major U.S. financial brokerage firm on compliance with SEC regulations regarding affiliate information sharing and data security compliance

Security Breach Preparedness and Response

  • Representing several global financial services companies in responding to 50-state data security breaches
  • Creating security breach preparedness and response programs for clients in the insurance, media, telecommunications, consumer products and public utilities industries