Privacy & Cybersecurity
Privacy & Cybersecurity compliance are some of the most important issues any company can face in the current legal environment. While the ease of transferring consumer and employee data, financial records and information of all kinds around the world in seconds, or less, has become invaluable to business operation and success, offering seemingly endless opportunities, it has likewise brought with in a multitude of new risks.
Perhaps the most significant of these is the potential for misuse of sensitive data – opening a company to vulnerability in the face of a benefit that is not just extremely valuable but crucial business success to our the present day environment. This has triggered a raft of legislative and regulatory action. Privacy laws are continually evolving and vary notably by jurisdiction. Not only is their interpretation and application uncertain, the regulations themselves are constantly changing.
The same can be said of cybersecurity, which is becoming increasingly complex and difficult to navigate. Regulatory sanctions can be severe, such as high fines, injunctions, government audits and potential criminal liability. In addition, companies that fail to meet privacy and cybersecurity standards find the themselves under intense media scrutiny and face the loss of market and consumer confidence.
Data breaches occur daily, and companies and employers must react accordingly to comply with various state and international laws and rules once breaches occur or face significant liability. Our team reacts immediately once a data breach occurs and counsels clients to reduce liability exposure and fulfill all legal obligations. These are some of the most difficult times a company may face, and our proven compliance experience and crisis management help us stand out. Our team will get you through the breach and set you up for success so that your company can go back to focusing on its core goals and mission.
Even when companies have done everything right once a breach occurs, they can still sometimes end up in subsequent litigation including class actions. Our team has the substantial litigation experience needed to defend these lawsuits including class actions to put our clients in the best possible position in any litigation.
At the same time, many businesses have legitimate needs to obtain and process personal information of employees, customers, and prospective customers. We assist companies with the myriad legal obligations regarding data collection and use of personal information. We help our clients draft and implement the must up to date privacy and cyber securities policies and practices. We also work with companies regarding agreements with their vendors and Business Associate Agreements to make sure they are properly drafted (and do the same for our vendor clients).
We also assist clients who are victims of cyber fraud or theft and help to recover stolen funds as much as possible by working with the banks at issue and “following the money” to determine where the stolen funds went after the initial fraud.
Genova Burns advises clients on the privacy laws of all fifty states as well as the various applicable federal laws including the Health Insurance Portability and Accountability Act (HIPAA), the Fair Credit Reporting Act (“FCRA”) the Family Educational Rights and Privacy Act (“FERPA”), the Gramm-Leach-Bliley Act, the Telephone Consumer Protection Act (“TCPA”), the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act, and the Children’s Online Privacy Protection Act (COPPA). We also counsel clients on investigations by State Attorney Generals, the Federal Trade Commission (FTC), the US Department of Health and Human Services’ Office of Civil Rights (OCR), and under the Sarbanes-Oxley Act. Genova Burns is CIPT certified and a member of the International Association of Privacy Professionals.
