Skip to Navigation

Cyber Security, Data Management & Privacy

Business:
Privacy and Data Risks for Business

In today's hyper-connected world, organizations of every stripe have an insatiable appetite for data and other electronic content.  It can separate your enterprise from the rest of the pack, and help you grow your business and reach your goals faster, better and more efficiently.  While the reasons for collecting more and more data are obvious, the obligations and risks that arise from doing so may not be. 

That's where WTP's cybersecurity and privacy lawyers come in.  We understand that those who collect, store, transmit or access personally identifiable information or other confidential information are subject to an ever-growing and complex web of state, federal and foreign laws, regulatory schemes and industry standards intended to protect the public by holding you responsible for establishing, implementing and supporting appropriate privacy and data security standards and for mitigating the harm of any breach.  We also understand that data and privacy compliance may require your business to meet standards set forth in a host of contracts, with your customers, members, vendors and others.

Our Cybersecurity and Privacy lawyers can guide your compliance with those laws and contract duties, and help you manage, use and dispose of information in a way that is practical and cost-effective.  In the event of a breach, we walk our clients through all facets of the crisis, including by assisting with internal and external forensic investigations, communicating with law enforcement, determining the extent of any required notices to government authorities, affected people and others, ensuring that notices and other actions comply with applicable laws, mitigating the harm done, managing the damage to your reputation, and defending your business against regulatory penalties and lawsuits.

WTP's Cyber lawyers understand both the technology and the law of cybersecurity, data privacy, e-commerce and cyber insurance. We have combined our attorneys' experience and skills in business, trial and technology law with their substantive knowledge of data security breach, privacy and information security laws that govern the collection, use and protection of personal information, such as HIPAA, COPPA, GLBA, the European Privacy Directive, and various state data security procedures and notice laws. One of the group’s leaders is a Certified Information Privacy Professional (CIPP/US).

Use our experience to protect your business

  • Compliance:  The alphabet soup of laws that you have to comply with may include Gramm-Leach-Bliley, HIPAA, CAN-SPAM, the Children's Online Privacy Protection Act, FISMA, FERPA, fair credit laws or others -- and that is only at the U.S. national level.  Most of the states where you have locations, members, customers or data have similar laws, and, if you deal across country lines, so do most nations in the world.
  • Industry standards:  You may also be subject to binding industry standards, such as the Payment Card Industry -- Data Security Standards (PCI-DSS), which apply to any business that accepts credit or debit card payments.
  • Understand where you are today: We have developed a comprehensive information governance audit/privacy audit to help you get a comprehensive overview of your information governance processes and policies and determine which aspects may be vulnerable or out of compliance with applicable legal and industry requirements.
  • Vendor contracts:  Outside of your own facilities and processes, you may be vulnerable because of your agreements with vendors, such as cloud service providers and web hosting firms.  We will review your existing contracts and negotiate or renegotiate your contracts to ensure that they comply with the standards that apply to your company and that you are protected if the vendor defaults.
  • Policies and processes:  Your company's policies are a first line of defense against both a breach and liability.  Employees need to be trained to respect the vulnerability of your data -- weak passwords, flash drives and memory sticks, laptops loaded with unprotected confidential data, these are all ways that a careless employee can expose you to a breach. Your policies and processes should reinforce the training: impose penalties for carelessness; use two-factor authentication; prevent employees from downloading apps and software programs onto the company's devices.  And remember that a disgruntled employee can cause a lot of damage.  Just as you may require two officers to sign off on major contracts or big payments, your IT department should not vest too much authority in any one employee acting alone. Finally, we partner with computer and system experts to ensure that you have the proper technical, administrative and physical safeguards in place.
  • Insurance policy assessments: The major insurance companies are beginning to jump into the arena of offering businesses insurance against the cost of a breach.  However, no industry standards have been agreed on yet. On the one hand, this can be terribly confusing, since each policy you will be offered can be quite different from the others.  On the other hand, as long as you fully understand the policy language and how it would apply in the event of a breach, there is still a lot of room to negotiate with the insurance companies because they don’t yet speak with a united front.  However, the key fact here is whether you -- and the company -- truly understand the policy and the reality of the risks.
  • Practical, pragmatic advice: As business lawyers, we understand that you need to balance risk against costs, and run a successful business, which includes collecting, using, and storing important data.  We keep the big picture of your business needs firmly in mind, because your compliance with privacy and data security laws has to fit into your company's data governance needs.  And we can help you balance the different needs and interests of your internal stakeholders, such as accounting, marketing, human resources, IT and legal, to get the most value of out of the data you collect. These internal constituents need to be able to access the data they use in their daily work, but avoid the "silo" mentality that would prevent them from cooperating to protect the company as a whole.

And if a data breach does occur...

A security breach will lead to financial, reputational, operational, physical and legal costs, so it is important to react swiftly and comprehensively when a breach occurs.  Our Cybersecurity team has developed strategies to effectively manage the risks that follow a breach, from crisis management and emergency response techniques, to responding to governmental inquiries and investigations.

We can represent you in negotiated settlements, crisis management, investigations by state and federal regulators, and, should it reach that point, litigation.