In this Information Age, sensitive information can easily be compromised and privacy violated. As new and more rigorous federal and state regulations emerge, the reputational and strategic risk of a data breach is greater than ever before. Businesses need to be vigilant in understanding what’s at stake in the areas of privacy and data security.
Reducing risk, protecting brands
Carmody helps companies navigate the increasingly complex environment surrounding the collection, use and protection of corporate and personal data. Our integrated legal team understands the risks and benefits of the technologies of the digital economy, such as social media, the cloud, and smartphones, and we can help you protect your brand.
We learn what sensitive information is a part of your business and how it is used. Armed with that knowledge, we develop customized policies and practices to help you avoid costly data breaches and privacy violations. We also ensure that contractual arrangements protect the integrity, availability and security of sensitive information. In the event sensitive data is lost or misappropriated, we work with you to mitigate potential exposure by managing required reporting to regulators, communicating appropriately with affected individuals, and, when necessary, by litigation.
Our Data Privacy and Cybersecurity group offers the following services:
- Information Governance
- Regulatory compliance counseling/auditing: HIPAA, HITECH, FCRA, FACTA, GLBA, FERPA, COPPA, Dodd-Frank, etc.
- HIPAA privacy notices
- Employee/customer use policies
- IP/Trade secret counseling
- Law firm records best practices and policies
- Data retention, destruction and security policies
- Incident response plans
- Payment Card Industry (PCI) compliance
- Risk Mitigation
- Contract drafting/review (E-commerce, SaaS, Website/software development, NDAs, HIPAA Business Associate agreements, M&A transactions)
- Employer/Health Provider/Health Plan/Law Firm counseling
- Employee training
- Cyber insurance counseling
- Cyber risk coverage negotiation/manuscripting
- Incident Response
- Breach notification counseling
- Administrative investigation/action defense
- Professional grievance defense
- Consumer/employee action defense
- Cyber insurance coverage/indemnity litigation
- Loss recovery for stolen or destroyed data and IP