Click “Subscribe Now” to get attorney insights on the latest developments in a range of services and industries.
Your data is valuable. Dickinson Wright can help ensure your data’s value is not lost. Dickinson Wright’s Data Privacy and Cybersecurity attorneys offer full-spectrum services to identify, address, and respond to statutory, regulatory, contractual, and best-practice information privacy obligations. Whether an organization is subject to privacy and cybersecurity requirements arising from the Health Insurance Portability and Accountability Act, the Gramm-Leach-Bliley Act, the Sarbanes-Oxley Act, the Stored Communications Act, or any of the countless other federal and state mandates, we can help identify and anticipate risks and obligations, design and implement form-fitting and customized plans and policies, proactively develop and implement data incident response procedures, and advise on how to respond when you suspect a data incident or breach.
Are your unused server ports closed? What risks accompany your BYOD policies? Would a ransomware attack on your company be a major disruption or a minor annoyance? Do any former employees still have log-on access? Cybersecurity is no longer just an “I.T.” issue; it requires proactive and consistent involvement from the C-suite down. Dickinson Wright’s Cybersecurity practice helps clients understand the intersection of law and technology, identify threat vectors, and implement policies designed to satisfy best-practice standards, minimize the risk of cybersecurity events, and respond quickly and efficiently to any incidents that may arise.
Data Breach Prevention, Response, and Remediation
Despite best practices, data security incidents still occur. Risks can be minimized with proper policies, training, and safeguards designed to meet an organization’s unique needs and circumstances. Our attorneys evaluate clients’ specific obligations to develop proactive procedures designed to protect the confidentiality, integrity, and accessibility of your data and to implement strategic response plans to identify, evaluate, and respond to data security incidents.
Our data incident response attorneys draw from a unique collective background that includes experts in techno-legal issues, digital forensics, cybercrime investigations, healthcare law, employment law, government and regulatory investigations, and litigation. We have helped entities analyze and respond to suspected data breaches, ransomware attacks, identity theft issues, improper system access matters, network intrusions and data exfiltration, and to navigate the various states’ data breach notification laws and reporting obligations.
Complex and ever-changing federal and state information privacy and data security laws and regulations affect nearly everyone who controls or possesses personal data. Understanding these laws and regulations can be complicated, and failing to comply with them can carry stiff penalties. Dickinson Wright’s interdisciplinary data privacy and cybersecurity team helps clients understand and comply with laws addressing the privacy and security of personally identifiable information, protected health information, and confidential or proprietary information. Our attorneys regularly counsel clients on their risks and obligations under laws and regulations relevant to their data, and offer strategic, best-practices guidance on the many day-to-day issues associated with assuring the privacy and security of your data.
General Data Protection Regulation (GDPR) Compliance
Effective May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) officially takes effect to replace the EU’s former Data Protection Directive. The Regulation applies to all organizations located within the EU as well as those outside the EU that have employees or workers in the EU, or that offer goods or services to, or monitor the behavior of, EU residents. Any company that processes and holds the personal data of subjects residing in the EU, regardless of the company’s location, must be GDPR compliant. Companies falling under GDPR obligations should be aware of the consent obligations affecting their collection of personal information, the retentions obligations surrounding that data, new obligations relating to data breaches involving GDPR-covered personal information, and numerous other new obligations that could lead to hefty fines and penalties if they are not appropriately followed. Dickinson Wright’s data privacy attorneys can help you update your policies and ensure your activities are GDPR compliant.
Even if your organization is not suspected of criminal wrongdoing, it can still find itself the target of a search warrant, subpoena, or court order mandating the disclosure of sensitive and confidential information. Even less compulsory governmental requests for information must be considered in the context of privacy obligations stemming from laws such as the Stored Communications Act, the Health Insurance Portability and Accountability Act, and Constitutional and statutory safeguards. Dickinson Wright’s data privacy and cybersecurity attorneys help clients respond to government information requests for confidential or proprietary information. Our team includes former state and federal law enforcement personnel, prosecuting attorneys, and other governmental attorneys who provide invaluable perspectives when reviewing and counseling clients through such responses and intervening on a client’s behalf to interact with government agents while preserving the client’s business continuity and protecting their proprietary information.
Dickinson Wright’s strong litigation experience is a capstone service for clients with data security needs. Whether representing clients in regulatory actions, defending clients against individual or class action lawsuits, or seeking to enforce data security related obligations or indemnification provisions, Dickinson Wright’s seasoned team of litigators bring extensive courtroom experience to protect clients’ rights, enforce obligations owed to our clients, and help clients meet their legal goals in an efficient and straightforward manner.
Your Privacy and Cybersecurity needs don’t stop at the border, and neither does our experience. The Dickinson Wright Canada-U.S. Platform eliminates the traditional need to retain multiple legal service providers in both the U.S. and Canada to ensure compliance with data transfers, M&A transactions and other cross border privacy related matters. Dickinson Wright can help you navigate Canada’s federal and provincial privacy laws.