As one of
the country's leading civil defense litigation law firms, the attorneys in
Marshall Dennehey's Privacy & Data Security Practice Group are focused on
helping clients reduce cyber risk exposures and guiding them through incident
response, containment, and compliance measures after a data breach occurs.
Staffed to respond to time critical situations with 24/7 availability, the firm
has handled over 100 data breaches and privacy claims for clients in the
technology, health care, education, financial, banking, retail, energy,
consumer protection, and other industry sectors.
A
Customized Approach
In the
arena of privacy and data security, there is no one-size-fits-all response. At
Marshall Dennehey, we partner with each client to develop a customized
approach, with a focus on how decisions may impact a future defense to
litigation or regulatory action. Whether it is a breach involving hundreds of
individuals, or millions, we counsel clients in a way that is cost-effective,
compliant with the law and protective of a company's brand.
Data
breaches often involve multiple areas of a client's business. When a breach
involves the theft or disclosure of trade secrets, or the violation of a
company's social media policy, attorneys in our Employment Law and Technology,
Media and Intellectual Property Litigation Practice Groups are available to
provide critical and immediate counsel. This counsel includes assisting clients
in appropriately and effectively communicating with employees who may be
suspected of involvement with the breach incident.
INDUSTRIES
WE SERVE
Health
Care
Privacy
and data security matters in the health care sector require significant
knowledge of how health care systems work on both regulatory and administrative
levels. The attorneys in our Health Law Practice Group are also members of the
Privacy and Data Security Practice Group and, as such, play a critical role in
helping health care clients avoid, prepare for, and respond to data breach
events. Beginning with HIPAA/HITECH compliance, our attorneys provide counsel
on interpretation of federal and state privacy/security laws and regulations,
and assist clients in investigations by governmental agencies, including the
state attorneys general and the Department of Health and Human Services Office
for Civil Rights. We additionally help clients develop risk management
procedures and policies that are not only required by law, but that also help
to educate and prepare providers, insurers and business associates on ways
sensitive patient health information can be safeguarded.
Education
Universities,
colleges and other institutions of higher education across the country are
increasingly the target of computer hackers. Marshall Dennehey has provided
legal counsel to educational entities of all sizes in the aftermath of data
breach events. Our services focus on incident response development and
notification as well as containment and compliance measures, including
appropriate usage of social media channels to communicate incident updates to
internal and external audiences. Our client representation in this sector has
included working with the U.S. Department of Education in investigating breach
incidents.
Financial
and Banking
Security
breaches and computer hacking incidents at financial institutions have become
alarmingly common. Our firm routinely works with banking and financial
institutions in responding to data breaches. From compliance with the
Gramm-Leach-Bliley Act requirements to working with forensic investigators in
the critical initial stages, we are experienced in counseling clients through
every stage of these sensitive, and often, high-profile, engagements. When
necessary, we are also accustomed to working with governmental agencies such as
local and state law enforcement as well as the Secret Service and the FBI to
help respond to, or investigate, a breach event.
Retail,
Energy, Utility and Service Industries
From
e-commerce web retailers to insurance companies and their nationwide brokers,
we have assisted companies in the investigation and response to data breaches
as well as Payment Card Industry-Data Security Standards (PCI-DSS) compliance.
With extensive experience in defending business entities in consumer-related
litigation, we have the attorney resources to manage every aspect of a data
breach event.
Areas of
Experience
Data
breach incident response and notification
- Data security and retention
policies
- Defense of numerous state
lawsuits involving federal and state law privacy breaches
- Review of Vendor Agreements
and Business Associate Agreements
- HIPAA/HITECH violation
responses
- Investigations and audits by
Department of Health and Human Services Office for Civil Rights
- Counseling to respond to
U.S. Department of Health and Human Services Centers for Medicare &
Medicaid Services (CMS), state Medicaid agencies, state departments of
health and insurance and state/professional licensing boards
- Gramm-Leach-Bliley Act
(GLBA) requirements
- PCI-DSS compliance, requirements
and other payment card data issues
- Claims and litigation
involving point of sale (POS) software and hardware
Our attorneys are available at any time to
discuss potential legal matters, or the development of workshops and
educational seminars for your company or organization.
