Data Privacy & Cybersecurity

Data Privacy and Cybersecurity Challenges Organizations Face

With rapidly-evolving technologies collecting ever-expanding volumes of personal information, rapidly-evolving uses of such personal information, and rapidly-evolving global privacy laws, organizations need a strong data privacy and cybersecurity program now more than ever. The risks of data breaches are high, and the costs of non-compliance with data privacy and protection obligations are significant. These costs include, among others, monetary damages, regulatory fines, and the loss of customers, goodwill, and reputation. To stay on top of the ever-changing U.S. and international laws that regulate how entities handle personal information concerning their customers and employees and to manage evolving cybersecurity risks, organizations need experienced, responsive, trusted data privacy and cybersecurity counsel.

How Fey LLC Helps Organizations Address Their Specific Challenges

At Fey LLC, we use our legal and technical knowledge, experience, and creativity to help our clients design and implement solutions that meet their specific data privacy and cybersecurity obligations. Through the opportunities we have had over the years to assist multinational and U.S. corporations in a broad range of industries with a wide variety of privacy challenges, we have developed deep global data privacy expertise. Laura, who was in the inaugural class of International Association of Privacy Professionals (IAPP) Fellows of Information Privacy (FIP) and in the class of 27 U.S. lawyers selected into the inaugural class of Privacy Law Specialists (IAPP), and her team are well equipped to help clients address the multitude of challenges associated with meeting their regulatory and contractual privacy and cybersecurity obligations.

We conduct privacy and cybersecurity risk assessments for clients in a variety of industries. We gather and review relevant information, and interview key subject matter experts with knowledge of the organizations’ specific personal information collection, usage, and transfer practices. Then, with attention to each client’s specific set of privacy and cybersecurity obligations, culture, and approach to risk management, we develop phased risk remediation recommendations that are designed to improve our clients’ compliance with data privacy and cybersecurity obligations; to reduce associated legal risks and costs; and to meet their customers’ and employees’ reasonable privacy expectations. We advise clients on a broad range of U.S. and international data privacy and cybersecurity requirements and standards (e.g., PCI DSS).

We guide our clients as they design and implement administrative, physical, and technical safeguards to protect the personal information that they handle. We draft tailored data privacy and information security policies, procedures, and guidelines; checklists and workflows; and notice and consent forms. We assist clients in preparing data maps and data flows. We design and conduct training programs and prepare FAQs for our clients’ employees to help them understand their obligations to protect personal information and to avoid security incidents.

We assist our clients in developing risk-based procedures for selecting, contracting with, and monitoring vendors that will be processing personal information on our clients’ behalf. We draft and negotiate a broad variety of privacy and security agreements with our clients’ vendors.

We help our clients to select and implement technology solutions designed to enable them to better protect personal information. However, because not all data breaches can be prevented, we also provide comprehensive data breach response assistance to our clients. We help our clients develop data breach response programs and data breach training exercises. And, when breaches occur, we work closely with our clients as they implement their data breach response plans—from the initial investigation through notification and ultimately to an evaluation of the effectiveness of their breach response processes and implementation of identified improvements.

Fey LLC Service Offerings

Fey LLC offers clients a broad array of data privacy and cybersecurity assistance. We work closely with our clients as they develop and implement practical solutions to their specific data privacy and cybersecurity challenges.

Our specific data privacy and cybersecurity offerings include:

  • Conducting global data privacy and cybersecurity risk assessments
  • Preparing phased remediation recommendations
  • Drafting website privacy policies, cookie policies, and terms of use
  • Preparing data privacy and information security policies, procedures, guidelines, checklists, and workflows
  • Conducting data protection impact assessments
  • Drafting notice and consent forms
  • Preparing data subject rights procedures, checklists, and workflows
  • Providing assistance in responding to data subject rights requests
  • Giving guidance on and drafting appropriate safeguards to support lawful cross-border data transfers
  • Preparing validated protocols and procedures for the secure processing, culling, and cross-border transfer of personal information in connection with cross-border eDiscovery
  • Drafting data privacy and cybersecurity training and FAQs
  • Providing guidance on legally compliant marketing communications (e.g., telemarketing and email and text message marketing)
  • Preparing security incident and data breach response procedures and training
  • Providing security incident and data breach response assistance
  • Giving guidance on employee monitoring activities
  • Drafting guidelines concerning whistleblowing hotlines
  • Preparing guidance and documents to support biometric privacy compliance
  • Providing recordkeeping guidance
  • Drafting vendor selection, contracting, and auditing procedures, checklists, and workflows
  • Assisting with customer/client and vendor contract drafting, review, updating, and negotiation
  • Conducting cyber insurance policy review, identification of coverage issues, and recommendations
  • Providing guidance on privacy and security obligations in connection with mergers and acquisitions
  • Assisting with privacy and security due diligence in M&A transactions
  • Drafting social media privacy policies
  • Providing guidance on influencer-related privacy practices
  • Providing privacy expert witness services
Print Friendly, PDF & Email