We’re a team of privacy wonks and security experts who look locally and globally for data driven risk. We combine the energy and innovation of a startup with the experience and resources of a 128+ year old law firm.
We have experience in a variety of industries, including energy, healthcare, banking/finance, technology, manufacturing, and municipal sectors. Whether publicly traded or privately held, we help businesses ranging from the Fortune 10 to startups navigate privacy and cyber risks. Our cyber and data privacy team often works with startups on the cutting edge of technology, with experience working with artificial intelligence (AI), autonomous vehicles and drones, biotech, and software built on blockchain.
We understand what it takes to protect data across your business and know how to navigate from the server room to the board room
Here are a few examples of how we help businesses with cyber and privacy risk:
- Technology contract review, including negotiation of complex data protection addendums and information security agreements
- Incident response and incident response planning
- Drafting and reviewing website privacy policies and procedures, including cookie compliance and ad tech concerns
- Cybersecurity insurance review and counseling, including incident concierge advice to help businesses navigate the complex arena of incident response vendor selection
- Determinations of “sale” or “sharing” of data in nuanced compliance scenarios
- Data subject / consumer access request responses and reviews
- Transfer impact assessment / data protection impact assessment review and drafting
- Assessing risk in mergers and acquisitions, including drafting cyber/privacy representations and warranties related to acquisitions and assisting counsel with privacy related diligence review
- Payment Card Industry (PCI) Compliance, including card manufacturer-based compliance obligations
- Regulatory compliance, including obligations under numerous federal, state, and international laws including but not limited to GLBA, HIPAA, GDPR, NERC-CIP, CCPA/CPRA, and CDPA
- Assisting publicly traded companies in their risk factor determinations and notification obligations in their 10-Qs or with urgent 8Ks.
In-house Counsel Privacy / Cybersecurity Staff Augmentation
We routinely navigate privacy and cyber questions and agreements for sophisticated in-house legal departments, augmenting their teams as if we were embedded in the business. We support legal departments as “overflow” during contract negotiations and major privacy compliance projects. During times of legal or privacy office transitions, our team can serve as “fractional” data privacy officers or privacy counsel, helping businesses while they seek new teammates.
Cyber Incident Planning
Cybersecurity incidents aren’t the only thing that keeps leadership in your organization up at night. You may need to answer to shareholders, regulators, or investors regarding the strategic cyber and privacy compliance steps you’ve taken. Not only can we help develop risk management plans, but our team can also create customized cybersecurity and data privacy training for your board, your c-suite leaders, and your staff based on the real-world incidents and problems we solve daily.
Cybersecurity Rapid Incident Response
When you are in the midst of an incident, every moment counts. From breach notification requirements to working with law enforcement to notifying the media, we know how to help. We’re ready with 24/7 support and counsel. You can email us at firstname.lastname@example.org if you need support during a cyber incident.
If you are in the depths of an incident and unsure of whether you have cyber insurance coverage, we can help you navigate the complicated world of cybersecurity incident response vendors and engagements. When a potential catastrophe looms, we can quickly assemble incident response, digital forensics, and media support teams to assist you during your crisis.
Privacy Program Building
Staffed with Certified Information Privacy Professionals who navigate privacy regulations daily, our team can evaluate your current privacy compliance program or help build one from the ground up.
We have experience drafting Data Privacy Impact Assessments (DPIAs / PIAs) and delving into the nuances of day-to-day privacy program management.
Cybersecurity & Data Privacy Executive and Board Training
Responsibility for cybersecurity and data privacy is an enterprise-wide issue.
A data breach is not only a concern for the CISO or the CIO, but the entire company. Executives and board members are in leadership roles because they are adept at managing a company through significant challenges. Today, every director and officer must understand the fundamentals of both cybersecurity and privacy on state, national, and global levels. Companies with dedicated cybersecurity and privacy strategies have a competitive advantage in this new age. Our executive and board training, designed specifically for your company, is the first step.
From tactics posed by threat actors to the needs of data regulators, we help you unravel the flow of information and evaluate how to protect you from data’s biggest risk: legal liability. We help you build an arsenal against emerging threats in cybersecurity and the complicated world of data privacy while using attorney-client privilege as a protective shield.
- Cannabis Law
- Community Associations
- Credit Unions
- Government Contracts
- Health Law
- International Trade
- Beth Waller Offers ‘Buyer Beware’ on Incident Response Coverage, Mandiant Cyber Snapshot, Issue 3
- Beth Waller Highlights Uniqueness of Virginia Consumer Data Protection Act (VCDP)
- Reviewing Online Tracking Technologies Could Keep HIPAA-Regulated Entities Out of Hot Water
- HIPAA Security Rule: What are “Recognized Security Practices” and why are they important?
- Biometric Privacy Trial Is a Milestone in Privacy Law