Federally imposed information security provisions are found in laws impacting the healthcare and financial sectors. In addition, the Federal Trade Commission brings actions against companies misrepresenting their information security practices or failing to provide “reasonable procedures” to protect personal information. In addition, several states have passed laws requiring companies to implement information security measures to protect citizens’ sensitive information. Our firm assists clients by assessing the applicability of these laws to their organization, and provides guidance that allows them to achieve compliance with information security standards.
We also help clients with privacy incident management including:
- Prevention & Analysis, –
- Creating and developing: an incident response plan, and practicing the plan through table top exercises; a Business Continuity Plan; and a Disaster Recovery Plan.
- Conducting cyber risk assessments
- Triage and Investigation
- Working with information security and forensics to investigate a security incident
- Regulatory Research
- Researching regulations pertaining to data breaches and assessing applicability to your organization
- 3rd Party Contractual Obligations
- Surveying contracts for contractual notice obligations to third parties
- Breach Decision
- Assisting organizations in making the determination of whether a breach has occurred.
- Remediation
- Implementing effective follow-up methods to mitigate the risk of harm for individuals affected by the breach,, such as additional training, internal self-assessments, and third party audits where needed. These assessments should analyze the breach itself as well as the response plan and should identify deficiencies.
- Notification
- Drafting notices, as applicable to affected individuals, regulatory agencies, law enforcement, state attorneys general, and media.