Data Security & Privacy
Companies face significant challenges as sensitive information is increasingly maintained electronically. Shook, Hardy & Bacon has a practice group dedicated entirely to data security and data privacy legal issues. The group helps our clients implement proactive and reactive solutions to minimize the risks associated with the collection, use, storage, and disposal of sensitive information such as personally identifiable information, financial information, protected health information, payment card information, and trade secret/proprietary information.
As companies increasingly store this information electronically, they are more susceptible than ever to experiencing a data breach, and because electronic information often transcends state, federal, and international borders, the laws that govern data protection are complex. Breaches can include intentional acts (e.g., cyber attacks, “inside jobs,” theft), employee negligence (lost mobile devices and flash drives, misdirected emails), and service provider breaches. Whether a data breach is caused by a sophisticated intruder or a lost employee hard drive, such an event can expose a company to significant liability under numerous domestic and foreign laws, industry standards, and government regulations.
SHB helps our clients proactively adopt administrative, technical and physical safeguards to minimize the risk of a breach. Examples of these safeguards include:
- undertaking an initial risk assessment of the information collected and stored, and security measures already in existence;
- drafting policies and procedures that govern the collection, use, storage, and disposal of sensitive information;
- implementing controls on the access and sharing of information;
- training our clients’ employees about their obligations and best practices to keep information secure; and
- drafting contractual provisions that ensure vendors are securely handling shared sensitive information and limiting liability should a vendor experience a breach.
Should our clients suspect a data breach, SHB’s reactive services include:
- determining whether our clients have experienced a breach and the legal obligations that accompany the breach;
- notifying affected third parties and regulatory authorities as required by law;
- liaising with law enforcement during the investigation stage of a breach;
- communicating with state and federal regulatory authorities throughout the breach response phase; and
- representing our clients in regulatory investigations, administrative proceedings and civil lawsuits that may follow from a significant breach.
Our group includes Certified Information Privacy Professionals, accredited by the International Association of Privacy Professionals. The members of this group regularly present and write about data security and privacy issues, and clients of the group receive Alerts that are tailored to the security and privacy concerns of their specific industry.
Practice Area Contacts
Amor A Esteban
Related Practice Areas
Data Security & Privacy AlertSupreme Court Confirms Stringent Article III Standing Requirement for Privacy Cases
The White House Executive Order on Cybersecurity
Private Lawsuits Arising from Data Breaches - The Eleventh Circuit Weighs In
New Texas Law Imposes Requirements On Companies That Maintain Protected Health Information
Why You May Have Suffered a Data Breach and Not Even Know It
Can A Company Be Liable for Its Employee Installing File-Sharing Software
Data Security Questions Companies Should Consider
News & Events
- Saikali Presents at Law Consortium on Electronic Information Law
- SHB Attorneys to Present at Carmel Valley eDiscovery Retreat
- Saikali Presents on Emerging Data Security and Privacy Risks in 2013
- Tanner to Address Cloud Computing Issues at SecureWorld Expo
- Saikali, Wajert Join Law360 Editorial Advisory Boards
- Saikali Provides Data Breach Insights to InsideCounsel Magazine
- SHB’s Data Security & Privacy Practice Featured by Law360
- South Florida Business Journal Features Saikali, SHB’s Data Security & Privacy Practice
- Saikali Explains Significance of $22-Million FTC Penalty Against Google in Law360 Article
- Esteban to Address Cloud-Related Risks at Carmel Valley eDiscovery Retreat
- Florida Super Lawyers Recognizes 12 SHB Attorneys