In today's information economy, no company is completely safe from
potential data security breaches, denial-of-service attacks, hacking, thefts of
trade secrets and intellectual property, and other losses of or threats to
highly sensitive corporate and customer information. Equally varied are the
perpetrators of these crimes, a diverse assembly of lone-wolf hackers, business
competitors, organized crime, foreign adversaries, and terrorist groups.
Further complicating the picture, companies targeted by cyber attackers are
often penalized twice: first as a direct result of the initial breach, then subsequently
by lawmakers, regulators, and the public, who often blame the victim of the
crime for having insufficient safeguards in place.
The Privacy & Data Security Team at Jones Walker LLP helps clients
identify, prevent, and respond to the full spectrum of data-breach and privacy
risks. Our inter-disciplinary team brings together highly experienced attorneys
with professional backgrounds in the banking and financial services,
healthcare, technology and telecommunications, energy, petrochemical, maritime,
government, and retail sectors. We help our clients:
- Achieve their business
objectives by formulating practical, cost-effective solutions to their
data challenges, whether they concern security, international data
transfers, records management, or government information requests and
subpoenas
- Mitigate the risk that they
will become a cybercrime victim by helping them comply with national and
international privacy and data protection standards
- Avoid litigation by
proactively managing consumer and employee privacy expectations and
complaints by working with them to develop policies and terms and
conditions suitable for their websites, social media, and marketing
platforms
- Develop and implement crisis
response protocols so their leadership and employees know what to do and
how to deploy critical resources when network intrusions happen
- Resolve criminal and
regulatory investigations associated with data security or export controls
whether they arise in a single jurisdiction or across borders in the US,
EU, or Asia
- Defend themselves against
consumer class actions and high-stakes business disruption litigation
arising from data breach incidents
Preparing for and Avoiding a Breach or Data Theft
We advise clients on their compliance obligations under all privacy-related
U.S. federal and state laws, including the Health Insurance Portability and
Accountability Act (HIPAA), the Children’s Online Privacy Protection Act
(COPPA), the Federal Information Security Management Act (FISMA), the
Gramm-Leach-Bliley Act, the Fair Credit Reporting Act (FCRA), the Federal
Communications Act of 1934, SEC disclosure guidelines, FTC data/privacy
regulations, the CAN-SPAM Act, and other data-breach, privacy, and
cybersecurity laws. Additionally, as the global regulatory environment for privacy
and data becomes increasingly complicated and our clients expand
internationally, our attorneys help clients adapt their existing data
management practices to meet these new compliance changes without stressing
their resources.
Our attorneys help clients better understand their data, where it is
located, and where and with whom it is shared. We assess, develop, and revise
information collection, storage, disposal, and sharing policies and procedures
to make sure they meet regulatory obligations without compromising business
workflows, data security and integrity, and identify potential threats and
compliance issues. We also help clients develop and implement comprehensive
security programs that document policies and procedures clearly and limit access
to personally identifiable information, electronic health records, and other
key data.
Rapid Response & Litigation Following a Breach or Data Theft
When a data security breach or data theft occurs, we respond to the
event quickly and effectively. We help clients stop or contain the incident,
analyze the facts and impact of the situation, and ensure compliance with
federal and state notice requirements. Our attorneys assemble teams of key
in-house staff, outside IT and public-relations experts, and data security
professionals to develop a plan for preventing future thefts or breaches and to
communicate with the public in an appropriate manner.
A company victimized by a data breach can quickly become the target of
litigation and state or federal investigations. Jones Walker attorneys
represent clients in related privacy and data security disputes and litigation,
such as with shareholders, customers, and credit card agencies. We also
represent our clients in related regulatory proceedings.
Follow-on disputes, including shareholder and class-action litigation
against corporations and their directors and officers, often arise after a data
breach. Our experienced litigators and trial lawyers help clients resolve
disputes in federal and state court, as well as through alternative procedures
such as arbitration and negotiated settlements.
