Data Privacy & Cybersecurity

At Fey LLC, we use our legal and technical knowledge, experience, and creativity to help our clients design and implement solutions that meet their specific data privacy and cybersecurity obligations. Through the opportunities we have had over the years to assist multinational and U.S. corporations in a broad range of industries with a wide variety of privacy challenges, we have developed deep global data privacy expertise. Laura, who was in the inaugural class of International Association of Privacy Professionals (IAPP) Fellows of Information Privacy (FIP) and in the class of 27 U.S. lawyers selected into the inaugural class of Privacy Law Specialists (IAPP), and her team are well equipped to help clients address the multitude of challenges associated with meeting their regulatory and contractual privacy and cybersecurity obligations.

We conduct privacy and cybersecurity risk assessments for clients in a variety of industries. We gather and review relevant information, and interview key subject matter experts with knowledge of the organizations’ specific personal information collection, usage, and transfer practices. Then, with attention to each client’s specific set of privacy and cybersecurity obligations, culture, and approach to risk management, we develop phased risk remediation recommendations that are designed to improve our clients’ compliance with data privacy and cybersecurity obligations; to reduce associated legal risks and costs; and to meet their customers’ and employees’ reasonable privacy expectations. We advise clients on a broad range of U.S. and international data privacy and cybersecurity requirements and standards (e.g., PCI DSS).

We guide our clients as they design and implement administrative, physical, and technical safeguards to protect the personal information that they handle. We draft tailored data privacy and information security policies, procedures, and guidelines; checklists and workflows; and notice and consent forms. We assist clients in preparing data maps and data flows. We design and conduct training programs and prepare FAQs for our clients’ employees to help them understand their obligations to protect personal information and to avoid security incidents.

We assist our clients in developing risk-based procedures for selecting, contracting with, and monitoring vendors that will be processing personal information on our clients’ behalf. We draft and negotiate a broad variety of privacy and security agreements with our clients’ vendors.

We help our clients to select and implement technology solutions designed to enable them to better protect personal information. However, because not all data breaches can be prevented, we also provide comprehensive data breach response assistance to our clients. We help our clients develop data breach response programs and data breach training exercises. And, when breaches occur, we work closely with our clients as they implement their data breach response plans—from the initial investigation through notification and ultimately to an evaluation of the effectiveness of their breach response processes and implementation of identified improvements.