Data Privacy and Cybersecurity Challenges Companies Face
With rapidly evolving technologies transmitting and storing rapidly expanding volumes of data, including personal information, companies need a strong data privacy and cybersecurity program. Data privacy and protection is one of the fastest-changing, challenging areas of the law today. The risks of serious data breaches are high, and the costs of non-compliance with data privacy and protection obligations are significant. These costs include, among others, monetary damages, regulatory fines, and the loss of customers, goodwill and reputation. To stay on top of the ever-changing U.S. and international laws that regulate how they handle personal employee and customer data and manage cybersecurity risks, companies need an experienced, trusted data privacy and cybersecurity counselor.
How Fey|LLC Helps Companies Address Their Specific Challenges
At Fey|LLC, our legal and technical knowledge, experience, and creativity help our clients design and implement solutions that meet their specific data privacy and cybersecurity obligations. Laura Clark Fey is a Certified Information Privacy Professional, and she and her team are well equipped to help our clients address the multitude of challenges associated with managing and protecting the personal information of their customers and employees.
Our work includes conducting privacy and cybersecurity risk assessments, and developing phased recommendations for improving compliance with data privacy and cybersecurity obligations and reducing associated legal risks and costs. We have deep expertise advising clients on a broad range of U.S. and international data privacy and cybersecurity requirements, and on industry standards, such as PCI DSS.
We assist our clients in designing and implementing administrative, physical and technical safeguards to protect their personal information. We draft tailored data privacy and information security policies, procedures and guidelines; checklists and workflows; and notice and consent forms. We design and conduct training programs and prepare FAQs for our clients’ employees to help them understand their obligations to protect personal information and to help prevent security incidents. We assist clients in selecting vendors who have appropriate administrative, physical and technical safeguards in place to protect the personal and confidential data that our clients entrust to them, and in drafting contractual terms addressing personal data and cybersecurity. And we work closely with our clients as they implement technology solutions to enable them to better protect personal information.
Finally, because not all data breaches can be prevented, we provide comprehensive data breach response assistance to our clients. We help our clients develop their data breach response programs. In the event of a breach, we work closely with our clients as they implement their data breach response plans—from the initial investigation through notification and ultimately to an evaluation of the effectiveness of their breach response and implementation of identified improvements.
Fey|LLC offers clients a broad array of data privacy and cybersecurity assistance. We work closely with our clients as they develop and implement practical solutions to their specific data privacy and cybersecurity challenges. Our specific offerings include:
- Data privacy and cybersecurity risk assessments and phased remediation recommendations
- Data privacy and information security policies, procedures, guidelines, checklists and workflows (e.g., CalOPPA; Massachusetts Standards for the Protection of Personal Information; HIPAA/HITECH; GLBA; COPPA; FACTA; EU Data Protection Directive; PIPEDA)
- Notice and consent forms
- Validated protocols and procedures for the secure processing, culling and cross-border transfer of personal information in compliance with applicable regulations
- Data privacy and cybersecurity training and FAQs
- E-Commerce guidance (e.g., PCI DSS; NACHA; EU E-Commerce Directive)
- U.S. and international security incident and data breach response procedures
- Guidelines concerning whistleblowing hotlines and employee monitoring
- Vendor selection and contracts, including vendor checklists, cloud computing checklist and vendor negotiations