Driven by regulatory requirements, litigation risk, risk of reputational harm, retaining a competitive advantage, and concern for customers, companies in all sectors are investing in data security. But data security incidents—breaches by hackers, inadvertently disclosed data, and ransomware attacks—can and do happen even to the most tech-savvy of companies. In light of these risks and realities, data security planning cannot rest in the hands of competent IT people alone. Instead, avoiding and planning for data beaches and security incidents are issues for a well-informed and well-advised leadership.
We help clients spot and avoid legal risks associated with data security. Our firm’s strong roots in the telecom world uniquely position us to assist with the data security needs of communications providers, and we have helped regulated entities develop FCC-approved System Security and Integrity Plans and advised clients on implementing CSRIC recommendations. But we also have developed cross-industry experience. We help companies in a wide swath of industries to identify and mitigate data-security-related risks during mergers and acquisitions, answer key questions during product and service development, negotiate sensible vendor agreements that take data security into account, and develop comprehensive cybersecurity risk assessment and mitigation plans.
We also assist clients—including other law firms—with data security incident response. Our team has the ability to speak tech and work with key client contacts to triage and respond in the event of an emergency. We help navigate the complex web of data breach response laws to determine whether and when law enforcement and consumers must be notified—and develop strategies to reduce the accompanying risks from regulators and consumer class actions.
Our firm is also experienced in shaping regulators’ responses to data security concerns. We have led industry negotiations with the White House and federal agencies regarding critical infrastructure data collection, and successfully advocated before key regulators regarding clients’ need for flexibility when implementing data security solutions. In conjunction with our international trade and investment practice, we have shepherded numerous foreign investments that implicate data security concerns through the regulatory approval process.