Data Privacy and Cybersecurity
Over the years, McAfee & Taft lawyers have represented clients with various privacy and cybersecurity issues specific to certain industries or matters. This representation has included assistance with the Health Insurance Portability and Accountability Act (HIPAA) for clients in the healthcare industry, providing legal expertise for financial institutions pertaining to the Gramm-Leach-Bliley Act and the Fair Credit Reporting Act, and consultation and guidance for clients’ compliance efforts with the CAN-SPAM Act and the Children’s Online Privacy Protection Act (COPPA) and their impact on online marketing and promotion. In recent years, privacy and cybersecurity compliance has grown more complex due to technological advancements and an ever-changing legal landscape. Today, in addition to assisting with legal issues specific to certain business sectors, the firm assists clients with data breaches, updating externally facing privacy policies to comply with applicable law, and revising internal policies and data governance policies.
The firm’s Data Privacy and Cybersecurity Group is made up of numerous attorneys practicing in a broad range of disciplines that regularly encounter issues in this niche area of law. Leveraging our industry-specific command of privacy and cybersecurity issues, McAfee & Taft has customized solutions and advice to meet each client’s business needs. This is made possible by years of experience encountering clients’ privacy and cyber security issues as well as additional training and certifications by firm attorneys in this area. Three of the firm’s attorneys have earned a Certified Information Privacy Professional (CIPP/US) designation from the International Association of Privacy Professionals, and two have earned the credential of being a Certified Information Privacy Manager (CIPM).
Comprehensive Legal and Business Services
Legal Compliance and Transactional
As technology becomes more complex in how data may be collected and analyzed, so too has the legal framework governing that collection and use. Currently, there is no federal law that generally concerns all data use and collection, so compliance requires an in-depth knowledge of the patchwork of federal, state, and potentially foreign laws that may apply to your business. McAfee & Taft assists clients in identifying and assessing its legal risk and strategic needs in collecting, using, storing, and securing information of its customers and employees that covers three aspects of our clients’ businesses:
- Review of internal practices and procedures for comprehensive and customized privacy and cybersecurity policies that address business needs.
- Implementation of public-facing policies that inform employees and customers of your data practices in a manner that addresses applicable legal requirements.
- Consultation on contingency plans for management of any possible data breach, including manners to mitigate business risk in the event of an incident.
McAfee & Taft attorneys have reviewed internal and external policies across numerous business sectors concerning data and cybersecurity issues, including the impact of the General Data Protection Regulation (GDPR) on global data collection issues. Our data and cybersecurity representation has been for Fortune 100 companies as well as start-ups concerning the constantly changing universe of rights, responsibilities, and risks that accompany data collection in the modern world.
In addition to assistance with day-to-day operations, McAfee & Taft assists clients with data privacy and cybersecurity issues related to business transactions. Our services have included due diligence for privacy, data security and information rights, and negotiating representations, warranties, and risk allocation concerning the same in business transactions, including merger and acquisition transactions.
Data Breach Litigation and Investigations
Our attorneys also work closely with clients in security breach matters, ensuring swift, effective, and confidential response plans. We have assisted numerous clients with data breach incidents affecting employees and consumers throughout the United States. We assist in all aspects of a data breach, from the initial response, to working with forensic companies to ascertain the cause of the breach in a manner to maintain privilege, to providing notification to those affected by a data breach.
Our team also advises clients when purchasing cybersecurity coverage to ensure that a policy matches a business’s specific needs. Today, many policies are not tailored toward cybersecurity issues, or explicitly exclude them. Leveraging our expertise and professional relationships, our attorneys work with clients to understand their own coverage and to find policies that may be better suit their needs. As a result, in the unfortunate event of a data breach, we can help you navigate the legal and practical hurdles of cybersecurity forensics, insurance coverage, and – where necessary – preparing notifications mandated by state and federal law.