PRACTICES

Privacy & Data Security

The McNees Privacy & Data Security team develops programs to bring organizations into compliance with U.S. and international privacy regulations and limit the risk of data security breaches, and helps clients respond quickly and effectively to mitigate financial and reputational harm following cyberattacks and other data exposure events.

Businesses and institutions have a vital responsibility to protect data from hacking and other security threats. Every organization that collects and stores personally-identifiable information belonging to customers, employees, or other individuals must implement appropriate policies and protections to assure the privacy of those stakeholders.

Attacks by hackers and other data breaches pose a tremendous risk to businesses today. A single data breach can ruin business relationships and create substantial liabilities. Entities collecting and maintaining personally-identifiable information must be prepared to respond quickly, and in compliance with state, federal, and where applicable, international laws, to address any potential data breach.

McNees has assembled a collaborative team of attorneys with the varied skills needed in order to develop and implement practical solutions to privacy threats across many industries. The group’s leader, Devin Chwastyk, has earned the designation of Certified Information Privacy Professional (CIPP/US) from the International Association of Privacy Professionals, which accredits lawyers and other professionals. Our cybersecurity lawyers help manage risk by advising clients how to protect data and prepare as fully as possible to respond in the event of a breach.

As legal leaders in this practice area, group members frequently publish articles, offer podcasts, and present seminars to clients and business groups on data security topics.

The Privacy & Data Security Group offers knowledgeable and experienced representation in all aspects of data security, including:

  • Creation of data security policies and data breach response plans required for compliance with state and federal laws;
  • Compliance with specialized data security requirements across industries, including:
    • HIPAA compliance for hospitals, doctors, and other health care providers;
    • Gramm-Leach-Bliley and other mandates applicable to banks, credit unions, and other financial institutions;
    • Fair Credit Reporting Act (FCRA) limitations on lenders and debt collectors
    • Payment Card Industry Data Security Standards (PCI-DSS) compliance for businesses that accept credit card transactions.
  • Analysis of rapidly-developing state, national, and international data privacy laws, including GDPR compliance and Privacy Shield certifications for cross-border data transfers;
  • Data breach prevention strategies, training, and war-game simulations for corporate response teams;
  • Data security for local government entities;
  • Cybersecurity for lawyers and law firms;
  • Navigation of the interrelationship between employment law and data security, such as:
    • Compliance with HIPAA privacy rules and HITECH security audits
    • Meeting ADA standards for reasonable accommodations in website design and mobile applications;
  • Advice on safeguarding funds and financial data from online threats;
  • Cybersecurity due diligence in corporate mergers and other transactions;
  • Negotiation of contracts with third-party information vendors, including cloud storage and other document management services;
  • Data breach litigation, including:
    • Defense of businesses in Federal Trade Commission and Federal Communications Commission enforcement  actions regarding consumer privacy;
    • Defense of businesses in class action lawsuits arising from alleged privacy violations.

Related Practices/Industries

News

Events

Publications

PRACTICE CONTACTS