Cybersecurity & Privacy
Cybersecurity & Privacy
Gill Ragon Owen’s attorneys approach cybersecurity and privacy concerns a little differently than most firms. We meet clients where they are in their information governance process, and we help them become better informed and more secure. We understand both the law and the technology governing healthcare privacy, data breaches, cyber-liability insurance, cloud computing contracts, federal, state, European regulations, and more.
A Comprehensive Approach to Cybersecurity
Privacy and cybersecurity laws and technologies emerge and grow at breakneck speed.
Whether they realize it or not, all businesses have (probably unwritten) policies and procedures, which may or may not meet their industry’s best practices for cybersecurity. Every business should write down their policies and procedures and review them at least once a year to ensure that they (1) are being followed, (2) are still accurate, and (3) comply with all applicable laws and regulations. We help clients begin and continue that process. Merely changing a few terms on old legal forms does not meet the needs of this dynamic landscape. For example, companies need to make sure their website terms of service and privacy statements are accurate and comply with ever-changing state laws. Data security is not a “set it and leave it” concept. Good cybersecurity requires careful consideration and ongoing reviews and modifications.
New technological opportunities appear everyday that can make a business’s operations much more efficient and lower operating overhead. These new technologies come with risks and new possibilities for liability. Cloud computing, for example, did not even exist just a few years ago. Negotiating cloud-computing agreements such as Software-as-a-Service agreements requires both technical currency and industry awareness.
Our cybersecurity team helps clients consider new technologies and whether or not a given technology’s benefits outweigh its risks. We help draft and negotiate the vendor agreements that allocate the risks and liabilities of a vendor relationship.
Preventative Cybersecurity Services
Data security assessments—designed to give clients a snapshot of their cybersecurity profile before a breach occurs.
Risk management consultation—we help you maintain an appropriate balance of risk avoidance, risk mitigation, risk sharing, and risk acceptance. For example, we can help you and your insurance broker ensure your cyber-insurance policy actually does what you want it to.
We help clients from a wide range of industries and professions. We have experience dealing with security and privacy concerns in the following industries:
- Professional Services
Our clients must meet the requirements of myriad laws, regulations, and standards. These compliance frameworks include the following, among others:
- Health Insurance Portability and Accountability Act
- California Consumer Privacy Act and California Privacy Rights Act
- State Data Breach Notification laws
- Payment Card Industry Cybersecurity Standards
- Communications Decency Act
- Electronic Communications Privacy Act
- Family Educational Rights and Privacy Act
- Children’s Online Privacy Protection Act
- Fair Credit Reporting Act
- Federal Trade Commission Act
- Gramm-Leach-Bliley Act
- And other federal and state laws
A guiding principle underlying each regulatory framework is that businesses that handle personal information should take reasonable steps to protect it. Unfortunately, long gone are the days when a firewall and anti-virus software were considered “adequate protection.”
To be good stewards of sensitive information, businesses must implement and maintain policies, practices, and protocols that meet current industry standards – including external assessments and periodic reviews.
We advise small-to-medium-sized businesses on meeting these obligations using standard control frameworks—such as COBIT, ISO, and NIST—that match the nature, complexity, and ambition of their business objectives and needs.
Companies have to protect themselves from internal threats, like employee theft and sabotage, in addition to external threats, such as the exfiltration of proprietary secrets and intellectual property.
Data Breach Response Services
If you do experience a data breach, Gill Ragon Owen can help. Breach responses require a fast and focused response based on a well-planned, well-documented set of actions. Missteps can be costly, and an emergency is not the time to let intuition be your guide.
Unplugging an infected computer, for example, can result in the loss of valuable forensic information. And ignoring or covering up a cyber-attack may only increase the harm. We offer guidance with forensic investigations, public relations responses, regulatory disclosures, notification obligations, insurance claims, and suits against responsible third parties.
If your business operates in a highly regulated industry or handles sensitive customer data, you should consider developing written cybersecurity and privacy policies and procedures. Contact Gill Ragon Owen to learn more.