Few tasks are as important to businesses as keeping electronic and customer data secure. After all, a data breach can not only lead to significant financial damage, but also tarnish your company’s hard-earned reputation.
Data Privacy involves far more than an evaluation of your cybersecurity practices, but a holistic in-depth dive into the entire data life-cycle including development, collection, processing, storage, retention and finally organized destruction of your data. Cyber Counsel can help minimize your data risk by a comprehensive assessment of your policies and procedures for handling data both within the company and with third-party vendors.
Data Breach Investigation & Response
Cyber attacks, stolen laptops and missing thumb drives have one thing in common: data in jeopardy. With expertise in both the legal and technical side of Digital Forensics, the presence of legal counsel on an incident response team (CIRT) is invaluable to a determination of the source and scope of a breach, as well evaluating legal requirements for reporting the breach. Moreover, having counsel with heightened expertise in digital forensic investigation may permit a higher level of protection of the investigatory conclusions if litigation results.
Cybersecurity & Cybercrime
Investigating intrusion incidents can raise issues of violations of criminal statutes, including the Computer Fraud and Abuse Act (CFAA), the Children’s Online Privacy Protection Act (COPPA), and violation of crimes involving pornography and exfiltration of data, among others. Guidance in the Digital Forensic aspect of these situations can make a significant different to a client’s ability to defend and explain their actions.
Knowing what electronic information can be obtained and where that information might be located is half of the battle in civil litigation, especially as evidence is more often natively digital – it never lives in the “paper world.” Expertise in formulating discovery requests to locate the Digital Evidence sought as well as guidance in the identification, collection, preservation, analysis, production and presentation of Digital Evidence can be critical to pursuing or defending a lawsuit.
Information Security Policy/Procedures
When it comes to information security, businesses may not be doing as well as they think in protecting their and their clients’ confidential information. Information Security requires both proper Policies (the legal aspect) and Procedures (the technical aspect). Lacking either, a company can be left without direction when a security incident occurs.
Business Privacy Legal Compliance
Multiple state and federal laws require privacy compliance in different sectors including the Health Insurance Portability and Accountability Act (HIPAA) as amended by the Health Information Technology for Economic and Clinical Health Act (HITECH), the Gramm-Leach- Bliley Act (GLBA), the US PATRIOT Act, the Fair Credit Reporting Act (FCRA) as amended by the Fair and Accurate Credit Transactions Act (FACTA), the Telephone Consumer Protection Act (TCPA), the Electronic Communications Privacy Act (ECPA) and the Stored Communication Act (SCA), among others. Navigating the information privacy requirements of this acronym alphabet soup requires a competent guide.