Privacy & Data Security Law

Data privacy and cyber security are topics that have not only grabbed news headlines, but also have become chief among the concerns of corporate officers and directors. Corporations now recognize that cyber security is not an “IT problem,” but a business risk.

For corporations of all sizes, these risk management activities now include security incident preparedness and response, business continuity (cyber resilience), regulatory compliance and Government relations, privacy and information security policies, insider threat mitigation, cyber insurance, training and awareness, and inclusion of officers and directors.

There are several advantages in looking to a qualified law firm for not only counsel, but also assessment and implementation: many of the activities associated with managing these risks will be subject to the attorney client privilege.

What separates Pasky Gruber from all or most other law firms is that our staff is not only attorneys with a passion for the law, but also technologists, with diverse backgrounds in digital forensics, privacy, information security, intellectual property, and corporate governance.


03 Mar 2015 Electronic Spying and Tracking Spouses in Divorce Cases: What's Legal in the Digital World? (Strafford Pub. CLE)

13 Jan 2015 The NIST Cyber Security Framework: Implications for Your Clients (Minnesota State Bar Ass’n Computer & Technology Section CLE)

06 Jan 2015 Retaliatory Hacking (a/k/a active defense and “hack back”) Winter 2015 Mid Pacific ICT Educator Conference, San Francisco

14 May 2014 “Hack Back or Active Defense?” (Secure360 conference)

01 May 2014 Hack Back”: Legitimate Corporate Security or Risky Business? (U.S. Cyber Crime Conference)

28 Jun 2012 Employee-owned Devices in the workplace: Legal & Technological Risks (Ramsey County Bar Ass’n)


Cyber Security Active Defense: Playing with Fire or Sound Risk Management? 20 Rich. J.L. & Tech 12 (2014)

"Hacking Back": Legitimate Corporate Security or Risky Business? THE CIP REPORT, George Mason Univ. Center for Infrastructure Protection & Homeland Security (October, 2013)

Our team will help you with the following:

Data Asset Infrastructure Audit

Identifying your cyber security regulatory obligations (e.g., SEC, FCC, FTC, OCC, FFIEC, FDIC, FINRA,GLBA, HIPAA, FERPA, FISMA, DFARS, etc.)

Establishing or improving your company’s written information security program, information security policies, and information security and awareness training

Drafting your company’s acceptable use policy, terms of service, etc.

Conducting an information security audit

Implementing information security systems and controls

Identifying your company’s “risk appetite,” minimum standard of due care, and fiduciary obligations to employees, shareholders, customers, and the public.

Implementing the NIST Cybersecurity Framework, mapped to one or more of the control sets (ISO 27001, NIST 800-53, COBIT 5, ITIL)

Developing and facilitating cyber tabletop exercises

Responding to regulators’ inquiries

Negotiating and drafting contracts with appropriate information security provisions

Developing plans for security incident response and disaster recovery

Facilitating data breach notifications

Defending or prosecuting under the Computer Fraud and Abuse Act or Electronic Communications Privacy Act

Counseling on development of Web sites and mobile apps for legal compliance (e.g., privacy statements, COPPA, CAN-SPAM, etc.)

Performing due diligence in mergers and acquisitions

Directing forensic investigations concerning insider threats, employee misconduct, cybercrimes, and network intrusions

Facilitating the development and implementation of an information security risk management program, including individual risk assessments on processes, tools, or vendors (i.e., “supply chain” or “third party” assessments).