Privacy and Information Security

According to recent surveys, cybersecurity is the number one business priority. And it should be. Any company, regardless of size or industry, is vulnerable, especially if your business involves collecting, storing, or utilizing the financial and personal information of your clients and employees.

Jennings Strouss works with companies to ensure they have the necessary policies, procedures, and safeguards in place to minimize the risk of and effectively respond to cyber threats and breaches. Our clients represent a broad range of industries, including aerospace defense, e-commerce, education, financial services, government, healthcare, retail, technology, telecommunications, and utilities.

The firm’s multi-disciplinary team of attorneys helps clients understand and comply with data protection and privacy laws, including:

• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• the Gramm-Leach-Bliley Act
• Sarbanes-Oxley
• Federal Trade Commission Act
• the Fair Credit Reporting Act (FCRA)
• Controlling the Assault of Non-Solicited Pornography And Marketing (CAN-SPAM)
• Health Insurance Portability and Accountability Act (HIPAA) 
• the Payment Card Industry Data Security Standard
• The Health Information Technology for Economic and Clinical Health (HITECH) Act
• Children’s Online Privacy Protection Act (COPPA)
• Executive Order on Improving Critical Infrastructure
• state and federal security breach notification laws
• other federal and state regulations

Our attorneys are also well-versed in the European Nation’s (EU) General Data Protection Regulation (GDPR), which will likely have an impact on U.S. businesses that collect and process personally identifiable information of individuals located in the EU, particularly those businesses that offer goods and services to the EU and/or monitor the behavior of individuals in the EU.

One of the first things a company is asked after a breach is whether it took “reasonable measures” to secure its data. What constitutes a reasonable measure may vary depending on many factors, such as the source of the breach (i.e., internal or external), the exposure or loss of data, and the regulatory agency involved in the investigation. Jennings Strouss assists companies with privacy and security assessments to ensure measures are in place to minimize the risk of a breach and develop an incident response plan should a breach occur. We also work with the client to create, implement and communicate written policies and procedures for collecting, storing, securing and distributing sensitive and proprietary data. Also, our attorneys help companies evaluate their business insurance and the options available for cybersecurity coverage.

Should a breach occur, our attorneys can assist clients with the implementation of an incident response plan, including when and how to report the breach to the appropriate regulatory agencies and the individuals and businesses that may be affected. In the event the breach results in litigation, the attorneys in the firm’s litigation practice will guide clients through every step of the process, providing the most efficient and cost-effective solution.