Privacy & Data Security Law
Data privacy and cyber security are topics that have not only grabbed news headlines, but also have become chief among the concerns of corporate officers and directors. Corporations now recognize that cyber security is not an “IT problem,” but a business risk.
For corporations of all sizes, these risk management activities now include security incident preparedness and response, business continuity (cyber resilience), regulatory compliance and Government relations, privacy and information security policies, insider threat mitigation, cyber insurance, training and awareness, and inclusion of officers and directors.
There are several advantages in looking to a qualified law firm for not only counsel, but also assessment and implementation: many of the activities associated with managing these risks will be subject to the attorney client privilege.
What separates Pasky Gruber from all or most other law firms is that our staff is not only attorneys with a passion for the law, but also technologists, with diverse backgrounds in digital forensics, privacy, information security, intellectual property, and corporate governance.
03 Mar 2015 Electronic Spying and Tracking Spouses in Divorce Cases: What's Legal in the Digital World? (Strafford Pub. CLE)
13 Jan 2015 The NIST Cyber Security Framework: Implications for Your Clients (Minnesota State Bar Ass’n Computer & Technology Section CLE)
06 Jan 2015 Retaliatory Hacking (a/k/a active defense and “hack back”) Winter 2015 Mid Pacific ICT Educator Conference, San Francisco
14 May 2014 “Hack Back or Active Defense?” (Secure360 conference)
01 May 2014 Hack Back”: Legitimate Corporate Security or Risky Business? (U.S. Cyber Crime Conference)
28 Jun 2012 Employee-owned Devices in the workplace: Legal & Technological Risks (Ramsey County Bar Ass’n)
Cyber Security Active Defense: Playing with Fire or Sound Risk Management? 20 Rich. J.L. & Tech 12 (2014)
"Hacking Back": Legitimate Corporate Security or Risky Business? THE CIP REPORT, George Mason Univ. Center for Infrastructure Protection & Homeland Security (October, 2013)
Our team will help you with the following:
Data Asset Infrastructure Audit
Identifying your cyber security regulatory obligations (e.g., SEC, FCC, FTC, OCC, FFIEC, FDIC, FINRA,GLBA, HIPAA, FERPA, FISMA, DFARS, etc.)
Establishing or improving your company’s written information security program, information security policies, and information security and awareness training
Drafting your company’s acceptable use policy, terms of service, etc.
Conducting an information security audit
Implementing information security systems and controls
Identifying your company’s “risk appetite,” minimum standard of due care, and fiduciary obligations to employees, shareholders, customers, and the public.
Implementing the NIST Cybersecurity Framework, mapped to one or more of the control sets (ISO 27001, NIST 800-53, COBIT 5, ITIL)
Developing and facilitating cyber tabletop exercises
Responding to regulators’ inquiries
Negotiating and drafting contracts with appropriate information security provisions
Developing plans for security incident response and disaster recovery
Facilitating data breach notifications
Defending or prosecuting under the Computer Fraud and Abuse Act or Electronic Communications Privacy Act
Counseling on development of Web sites and mobile apps for legal compliance (e.g., privacy statements, COPPA, CAN-SPAM, etc.)
Performing due diligence in mergers and acquisitions
Directing forensic investigations concerning insider threats, employee misconduct, cybercrimes, and network intrusions
Facilitating the development and implementation of an information security risk management program, including individual risk assessments on processes, tools, or vendors (i.e., “supply chain” or “third party” assessments).