Our information security professionals assist clients in understanding their rights and responsibilities with respect to the protection of confidential information. We work with companies to identify security risks and vulnerabilities and to implement comprehensive data security programs.
When incidents occur, our team, which includes former officials at federal and state investigatory and enforcement agencies, has the technical, legal and practical experience in conducting data security investigations to identify the root cause, advise clients on how to respond, and develop and implement remediation plans to prevent similar incidents from occurring in the future. Our lawyers also advise clients on appropriate notifications to consumers and regulatory agencies and steps to take to mitigate the short-term and long-term legal impact of the incident.
We are also there to represent and advise clients as they deal with any civil or criminal proceedings that may result from a data security incident. Our lawyers have experience untangling the web of federal, state and international data protection laws that may apply to a particular incident and have handled complex litigation in jurisdictions throughout the United States.
Our information security services include:
- Conducting data security risk assessments to identify vulnerabilities and recommend safeguards.
- Working with clients to investigate data security incidents to isolate and remedy the problem, to determine whether notification to governmental authorities and/or data subjects is prudent or required, and, if so, to handle the notification.
- Negotiating Consent Decrees with governmental authorities and providing counseling in the construction and implementation of post-settlement oversight.
- Representing clients in disputes involving security breaches, disposal of personal information, and data theft.
- Develop procedures and response plans to guide the implementation of IT security and use policies
- Counsel clients that develop mobile applications on data security issues
- Monitor breach notification and other consumer protection laws in all 50 states, as well as pending and anticipated legislation worldwide
Additional Offerings from the Information Privacy, Security and Governance Team
- Act as the “Virtual Privacy Security Officer (VPSO)” for clients without a chief privacy officer to project manage and train personnel to implement programs internally
- Scalable assessments for privacy, security and information governance (from quick hits to holistic assessments)
- Tool Box – Draft and/or revise company policies around information privacy, security, and/or governance – OBA, digital marketing agreements, etc.
- Information Governance Framework design and implementation
- Information Inventory – work with IT to understand all ways information is created and maintained
- Litigation support, including through Drinker Biddle’s wholly-owned eDiscovery subsidiary, Tritura IG
- Data Strategy – using content governance as a tool to design data flows for improved/optimal use of data
- Data Analytics
- Data Migration and Classification
- Compliance Programs
- Technology Consulting
- Training – CLE, employee onboarding, boards
Data Breach and Ransomware Response
We guide clients through data breach preparation, response and ongoing prevention measures. We provide services to:
- Prepare clients with an incident response plan for a data breach, including ransomware readiness preparation
- Investigate data incidents and breaches in conjunction with forensic experts where necessary and oversee the implementation of appropriate remedial measures
- Provide real-time breach/ransomware response and support with execution of incident response plan
- Assist clients in preventing data breaches via vulnerability assessment management, transactional counselling, CISA information sharing, and security policies
- Counsel clients in connection with data incidents and breaches regarding the implementation of contingency plans and notification efforts to affected persons and relevant law enforcement authorities
- Defend companies in class actions and other enforcement proceedings and develop settlement programs involving thousands of claimants
- Negotiate consent decrees and post-settlement oversight with regulatory authorities
- Engage with cyber-liability insurers as needed to implement remediation plans that protect clients from future breaches
We have managed collective efforts to advance science and policy for pharmaceutical, biotechnology and medical device industries for more than 20 years through our Consortia Management team.
"The legal system has yet to sort out who is responsible for damages in the case of a breach. In the case of routers, 'is it the fault of the guy who made the router, or the guy who stole the information (from customers)? If somebody breaks into your house, can you sue the guy who made the lock?'"
— Jay Brudz, "The IoT Liability Jumble" 2016