Cybersecurity & Data Privacy

Representative Experience

• Served as breach counsel for higher education, health care, manufacturing, and retail clients
• Investigated data security incidents for clients, including coordination with insurers, retention of experts, interaction with governmental and regulatory authorities, preparation of post-incident reports, and advising clients regarding post-incident remediation
• Advised clients, including online retailers, on data security matters including data security program compliance
• Counseled global manufacturing and engineering firm on domestic U.S. and EU GDPR compliance and program implementation
• Responded to energy, health care, higher education, retail, and financial services industry clients’ data breaches and potential security incidents involving hacking, ransomware, and phishing and whaling attacks, providing breach notification assistance and advice on cybersecurity information-sharing
• Oversaw bank-wide compliance of the Gramm-Leach-Bliley Act of 1999, including implementation of entity-wide compliant data security and privacy program for a large regional financial institution
• Drafted data privacy and security policies, procedures, and notices for a myriad of commercial and consumer-facing businesses
• Handled security incident investigations and responses, including data breach notifications to regulatory authorities, state authorities, and individuals
• Addressed data privacy and security issues in contract negotiation
• Reviewed cyber insurance policies and provided coverage advice
• Represented banks relating to financial privacy, Bank Secrecy Act, and customer and fiduciary issues

Highlights

The Steptoe & Johnson Cybersecurity and Data Team helps clients:

• Understand and comply with data privacy and cybersecurity laws and regulations
• Plan and develop compliant organization-wide data security programs
• Plan for and respond to any breach and re-evaluate existing cybersecurity plans following a breach