PilieroMazza’s Cybersecurity & Data Privacy practice pulls together lawyers from across all of our practice groups to advise and assist clients with a comprehensive approach to managing cybersecurity, information privacy, and data protection risks; establishing compliant and effective safeguards; and responding to cybersecurity and privacy incidents when they do occur. This is especially true for federal contractors, where cybersecurity is both a compliance requirement and an increasingly important driver in gaining competitive advantage for the award of defense and civilian agency contracts.
Cybersecurity, information privacy, and data protection issues have rapidly become an area of great importance for companies across all industries as the marketplace has become increasingly interconnected and digitized. International headlines highlight how essential it is to maintain effective up-do-date cybersecurity and data privacy measures and routinely test and verify the efficacy of such measures, as well as how far-reaching the impact can be when a breach occurs.
Creating, maintaining, and auditing company policies, procedures, and digital and physical infrastructure are critical to ensuring compliance with a complex regulatory landscape and limiting liability exposure.
PilieroMazza’s Cybersecurity & Data Privacy services include:
- Analysis of cybersecurity compliance under the National Institute of Standards and Technology Cybersecurity (NIST) Framework and prevailing Federal Trade Commission guidance and precedent.
- Review and development of information security programs, including employee and personnel-related handbooks and training, independent contractor policies, and proprietary information policies.
- Data breach incident response policies and procedures, tabletop exercises, management training, and general preparedness.
- Breach response management, including governmental and customer notifications, governmental investigations, and audits.
- Breach litigation strategy and defense, including class action and shareholder derivative suit defense.
- Cybersecurity diligence and negotiation in M&A and other corporate transactions.
- Review and development of contract templates and federal contract “flow down” provisions to address cybersecurity requirements applicable to vendors; vendor due diligence and management plans; evaluation of cybersecurity and data access risk in contracting and vendor relationships.
- Preparation and submission of variance requests, requests for equitable adjustment, and contract claims to procuring agencies related to cybersecurity requirements in government contracts.
- Review of cybersecurity insurance policies and indemnification exposure.
- General Data Protection Regulation (GDPR) and other international data transfer compliance programs including the use of model contractual clauses, binding corporate rules, and the EU-US Privacy Shield.
- Biometric privacy notices, consents, and policies
- Compliance policies for the safeguarding of personally identifiable information and personally identifiable health information, including HIPPA compliance.
- Regulatory filings, governmental disclosures, and communications.
- Representation before government investigators, including Department of Justice and Inspectors General.
- Access to trusted resource partners, including cyber forensics firms, technical audit firms, and public relations firms.