Cybersecurity and Data Privacy Attorneys

Overview

Every organization, regardless of size, relies upon sensitive business information and personal information about employees and others—clients, patients, donors, data provided by business partners and contractors—for their operations.

Attorneys in the Bond Cybersecurity and Data Privacy Practice assist clients across the full spectrum of legal services in the privacy and cybersecurity arenas, offering proactive advice to shore up cybersecurity programs and data privacy practices and respond in the wake of a breach. Our clients have the benefit of deep industry experience as we counsel them about cybersecurity and data privacy. Our attorneys also practice in litigation, corporate governance and transactions, health care, higher education, labor law and private equity.

Who We Serve
We serve clients across the broad range of industries—finance, manufacturing, hospitality, retail, education, health care, social services and other industries. We advise large and small corporations, not-for-profit organizations and municipal corporations.

Our Cybersecurity Practice
We assist clients proactively to devise sound policies and procedures, review existing policies and practices, provide employee training and prepare for a breach. We also work with our clients to respond promptly and effectively in the event of a breach. Specifically, our services include:

Preparation, review and implementation of cybersecurity policies and programs;
Advice about applicable laws and regulations, including the NYS Cybersecurity Rule, FTC guidance and oversight, Gramm-Leach Bliley Act, federal banking oversight, HIPAA, FERPA and GDPR;
Preparation and review of third party agreements, including Business Associate Agreements;
Review and advice regarding cybersecurity insurance policies;
Breach response, including investigations, notice, remediation and response to regulatory oversight;
Advice about the duty to notify under international, federal and state laws, including GDPR, HIPAA and state breach notification laws;
Employee training; and
Advice to Boards of Directors about their oversight duties, governance structures and Board training.

Our Data Privacy Practice
We counsel clients about the industry-specific privacy laws and regulations that apply to them as well as their obligations to protect confidential employee information. We work with clients to build strong privacy policies and practices that comply with the regulatory mandates applicable to their industry or business as a for-profit or not-for-profit organization. Specifically, our services include:

Development and review of privacy policies, gap analysis and implementation;
Third party agreements;
Workforce training;
Board governance structures, training and internal reporting to meet fiduciary standards;
Compliance by health systems, hospitals and other providers with federal and state laws and regulations as they exchange data for population health management and care coordination;
Compliance by institutions of higher education with GDPR, GLBA, FERPA and HIPAA; and
Policies, procedures and GDPR implementation.

General Data Protection Regulation (GDPR)
Bond organized a dedicated group of attorneys to assist our clients to meet the complex challenges posed by GDPR compliance. We developed detailed policies, including template forms and notices, to assist our clients in addressing the demanding requirements of GDPR. We also counsel clients about GDPR implementation, including integration of GDPR privacy requirements with existing privacy programs and rules, focusing on practical solutions that achieve compliance while seeking to minimize disruption to business operations. We prepare third party agreements, advise about the agreements our clients receive and counsel our clients about responding to GDPR requests from individuals such as the right to be forgotten.

Read Full Overview >

Our Team

What We Do

Breach Notification

Our attorneys are solution-focused when dealing with clients in breach response scenarios, as well as in preemptive cybersecurity planning. We advise clients on matters related to compliance with New York General Business Law §899-aa, which requires written notification to the people whose information was accidentally released, and the filing of a specific written notice of the accidental release to the New York State Attorney General, the New York State Department of State, Division of Consumer Protection, and the New York State Police. We also advise on the applicability of other state and federal statutes pertaining to inadvertent releases of private financial information, including:

The restrictions against disclosure of student information under "FERPA”, the Family Educational Rights and Privacy Act of 1974 (20 U.S.C. §1232g);
The "Safeguards Rule" under the Gramm Leach Bliley Act (requiring financial and educational institutions to implement certain security programs to protect against unauthorized access to student financial information); and
The FTC "Red Flag Rules" regarding identity theft protection (16 CFR 68.2).

Compliance

Bond assists clients in a wide range of industries, without regard to size, with their data privacy and cybersecurity compliance.

Our attorneys work with clients to conduct legal assessments, data audits, risk management assessments, trainings, policy drafting, vendor assessments, due diligence review, filings, data subject request responses, data governance, as well as contract drafting and review.

Up to date on the regularly changing landscape of international and domestic cybersecurity and data privacy, we advise clients concerning a number of different regulations including, but not limited to:

European Union’s General Data Protection Regulation (GDPR)
United Kingdom General Data Protection Regulation (UK-GDPR)
California Consumer Privacy Act, California Consumer Privacy Rights Act (CCPA/CPRA)
Virginia Consumer Data Privacy Act (CDPA)
Children’s Online Privacy Protection Act (COPPA)
Health Insurance Portability and Accountability Act (HIPAA)
Graham-Leach-Bliley Act (GLBA)
Fair Credit Reporting Act (FCRA)
Family Educational Rights and Privacy Act (FERPA)
New York Education Law 2-D
PCI-DSS Compliance
New York “Stop Hacks and Improve Electronic Data Security” Act (SHIELD), and
New York Department of Financial Services Cybersecurity Regulation

Crisis Management and Remediation

An attorney may be the first person contacted in the event of a crisis. Our practice goes to great lengths to ensure that crises are dealt with swiftly or prevented in the first place.

Data Breach Prevention

It is futile to expect the preservation of any confidential data without the proper systems and procedures in place. Our practice counsels a wide range of clients in this area, from financial planners in their development of apps to government entities and school districts.

With school districts, we assist administrators in complying with Education Law section 2-d regarding the protection of student PII. We ensure that these districts comply with Section 2-d for all vendor and third party contracts, which includes ensuring proper encryption, safety and recovery protocols for protected information as well as remedies and protections for inadvertent releases of such information.

Incident Preparedness and Auditing

Our attorneys routinely assist a wide range of clients with their cyber incident preparedness, from the business to the education sectors. We have advised boards of directors and management teams on their responsibilities with respect to cybersecurity risk mitigation, including compliance with the recently enacted New York State Department of Financial Services cybersecurity regulations.

Internal Investigations

We work with clients in conducting internal investigations following a breach to determine the facts relating to the incident, review the client’s policies and procedures and make recommendations. We collect all relevant electronic information, interview all pertinent witnesses and prepare reports with factual findings and recommendations.

Trade Secret Protection

All too often, companies react to trade secret theft and competitive threats due to employee departures, rather than position for it. Under these circumstances, they are faced with no choice but to engage in costly litigation.

Our Trade Secret Protection Audit assists companies in identifying critical intangible assets and guides the development of procedures, contract language, employment and non-disclosure agreements designed to protect them. Undertaken periodically, audits are able to help companies anticipate possible threats and reduce the areas of risk most often encountered in the course of conducting business. In performing this due diligence, our attorneys may also call upon other professionals in connection with the evaluation and testing of protocols related to the protection of computer data.

See the link below for more information on the Trade Secret Protection Audit.

In addition to the audit, our capabilities include:

Cease & Desist Letters
Computer & Information Use Policies
Confidentiality Agreements
Departure/Exit Protocols
Employment Agreements
Fraud & Security Audits
Invention Assignment Agreements
Non-compete Agreements
Non-disclosure Agreements
Restrictive Covenant Agreements
Technology Use Agreements
Trade Secret Theft Claims
Trade Secret Litigation

Click here to view Bond's Trade Secret Protection Audit brochure.

News

Jessica L. Copeland will Chair Bond’s Cybersecurity and Data Privacy Practice and Amber L. Lawyer will be Deputy Chair
April 26, 2021
Jessica L. Copeland Named Co-Chair of Cybersecurity and Data Privacy Practice
October 14, 2019
Jessica Copeland Joins Bond’s Expanding IP and Cybersecurity Teams
September 4, 2019
Bond Hosts Manufacturing Week Webinar Series
October 1, 2017
Bond Names New Practice Chairs, Co-Chairs, Deputy Chairs and Deputy Co-Chairs
February 5, 2017

Events and Webinars

GDPR, Cybersecurity, and your Capital Region Business: What You Need to Know
April 15, 2019
Thomas Rinaldi on GDPR Panel at Organizational Privacy Summit
April 30, 2018
Stress Tests for Nonprofit Leadership: Critical Issues Facing the Sector
January 16, 2018
Manufacturing Week Complimentary Webinar Series
October 1, 2017
Cybersecurity: What We Should Be Doing - Complimentary Webinar
October 1, 2017
Thomas Rinaldi to Participate in Cybersecurity Panel
January 30, 2017

Webinar Recordings

Cybersecurity: What We Should Be Doing - Complimentary Webinar
October 1, 2017

Articles

Mark Your Calendars: One Month Until New York’s Law Requiring Notice of Electronic Monitoring of Employees Goes into Effect
April 7, 2022
Eye on Telehealth: Opening Doors and Surfacing New Data Privacy Questions as the Pandemic Ebbs
March 2, 2022
World Data Privacy Day 2022: The Importance of Data Privacy in an Increasingly Digital and Remote World
January 28, 2022
Countdown to Data Privacy Day 2022
January 19 - January 28, 2022
Higher Ed’s New GDPR: What Your Institution Needs to Know About PIPL
January 27, 2022
CMS Tool for HIPAA Compliance
January 26, 2022
Why it is Time to Update Your Privacy Policy
January 26, 2022
What’s on the Horizon? 2022 State, Federal and International Data Privacy Action
January 25, 2022
Buyer Beware: Privacy and Cybersecurity in M&A Transactions
January 24, 2022
New York State Education Law § 2-D: Where Are We Now?
January 21, 2022
Your Privacy New Year’s Resolutions: What You Need to Know for 2022
January 20, 2022
Mitigating Risk and Impact of Ransomware Attacks in the Healthcare Sector
December 22, 2021
Banks Have 36 Hours to Report a Data Incident or Breach to Regulators Starting May 1, 2022
November 19, 2021
The 18th Annual Cybersecurity Awareness Month
October 1, 2021
The Great Wall of Data Privacy: China Passes Comprehensive Data Privacy Law
August 31, 2021
The Landscape Gets Rockier: Colorado Becomes Third State to Pass a Comprehensive Data Privacy Law
July 9, 2021
Crafting an Effective Social Media Policy for Employees
July 8, 2021
Website Terms of Use Agreement and Privacy Policy
June 21, 2021
DOL Issues New Cybersecurity Guidance for Plan Sponsors, Plan Fiduciaries, Record-Keepers and Plan Participants
June 21, 2021
Breaking News: European Commission Adopts Much Anticipated SCCs as the U.S. Shifts Focus to New EU-U.S. Privacy Shield Deal
June 4, 2021
President Biden Calls for Significant National Cybersecurity Improvements
May 28, 2021
New York State Department of Financial Services Announces Two Cybersecurity Settlements
May 12, 2021
Oh Canada! – Your Privacy Act is Calling: Canada to Reform its Approach to Consumer Privacy Protection
April 19, 2021
Next Up: Virginia Slated to be Second State to Enact Comprehensive Data Privacy Law
Updated March 3, 2021
Things You Should Know Leading Up to World Data Privacy Day 2021
January 20 - January 28, 2021
World Data Privacy Day: 2021 Likely a Watershed Year for Data Privacy and Cybersecurity
January 28, 2021
HIPAA and Sharing of Medical Information During COVID-19
January 27, 2021
What’s On the Horizon: 2021 State and Federal Data Privacy Legislation
January 26, 2021
In the Wake of the SolarWinds Breach: President Biden Pivots U.S. Towards Prioritizing Cybersecurity
January 25, 2021
Restricted Data Flow: What US Businesses Need to Know about International Data Transfers in the Wake of Schrems II and the GDPR
January 22, 2021
The Aftermath of the FireEye Hack Makes Clear the Importance of a Quick Response to any Breach
January 21, 2021
New Year, New Rules: California Passes the California Privacy Rights Act
January 20, 2021
Apple Implements New Privacy Guidelines for App Store Developers
December 29, 2020
Added Reason to Be Aware of the New York State Department of Financial Services Cybersecurity Regulations
October 12, 2020
Fallout from Capital One Breach Continues as Company is Ordered to Pay $80 Million Fine
August 18, 2020
EDPB Issues Guidance on Data Transfers After CJEU’s Decision Invalidating the EU-U.S. Privacy Shield
July 29, 2020
High Court in the EU Strikes Down Privacy Shield
July 16, 2020
Board Directors Beware: Potential Liability in Data Breach Suit
June 15, 2020
Zooming In On Zoom’s Security and Privacy Practices
April 9, 2020
New York SHIELD Act Now Requires Your Compliance
March 21, 2020
Let the Litigation Begin! California Residents Already Filing Enforcement Actions Under the CCPA
March 19, 2020
An Employee Has COVID-19. Now What Do I Do?
March 18, 2020
The Data Protection Act of 2020
March 3, 2020
Things You Should Know Leading Up to World Data Privacy Day 2020
January 22 - January 28, 2020
What's on the Horizon? How US Federal and State Governments are Expanding Data Privacy Laws in the Wake of GDPR
January 28, 2020
World Data Privacy Day 2020: Celebrate with Compliance
January 28, 2020
The CLOUD Act: Where International Data Privacy and Law Enforcement Collide
January 27, 2020
NY SHIELD Act – Are Your Policies in Place?
January 27, 2020
Beyond the Border: GDPR and Other Privacy Considerations in Domestic M&A Transactions
January 24, 2020
HIPAA Compliance: How to Protect Patient Information Inside Your Organization
January 23, 2020
New Privacy Rights for Consumers: What Businesses Need to Know About the California Consumer Privacy Act
January 22, 2020
Preparing for Imminent Changes in the New York State Education Law Regarding Data Privacy
January 7, 2020
2019 Amendments to the California Consumer Privacy Act Clarify Several Important Data Privacy Issues
December 4, 2019
NY SHIELD Act - Are You Ready To Comply?
October 1, 2019
New York Significantly Expands Breach Notification Law
August 7, 2019
New York Enacts Sweeping New Cybersecurity Mandates For Businesses
August 6, 2019
U.S. Department of Health and Human Services Issues Cybersecurity Guidance For Health Care Providers
January 31, 2019
GDPR: Winter is Coming (and Enforcement is Too)
October 28, 2018
Deadline Approaches For Major Requirements Under New York’s Cybersecurity Rule
August 27, 2018
National Study Underscores Best Strategies to Reduce the High Cost of a Data Breach
August 15, 2018
European Privacy Regulation Will Impact U.S. Health Care Organizations
May 14, 2018
Will Your Business be in Compliance with the General Data Protection Regulation (GDPR)?
May 13, 2018
Is Your Institution in Control of “GDPR” Compliance?
January 18, 2018
Cybersecurity and Data Privacy: New York State Revises Final Guidance on Health Care Privacy and Data Exchange
June 22, 2017
Cybersecurity and Data Privacy: New State Guidance Released on Health Care Privacy and Data Sharing
May 31, 2017
Cybersecurity and Data Privacy: Department of Financial Services Issues Final Cybersecurity Regulations With Broad Implications for Health Plans and Health Care Providers
February 28, 2017
Cybersecurity and Data Privacy: New York State Department of Financial Services Issues Final Cybersecurity Regulations
February 23, 2017
Cybersecurity and Data Privacy: Exemption from Cybersecurity Regulations Sought by Bond for Colleges, Universities and other Not-for-Profit Organizations Granted in Final Regulations Issued by Department of Financial Services
February 22, 2017
Cybersecurity and Data Privacy: Bond Public Comments on Department of Financial Services Proposed Cybersecurity Regulations Seek an Exemption for Institutions of Higher Education and Other Not-for-Profit Organizations
February 13, 2017
Cybersecurity and Data Privacy: Proposed New York State Regulations Updated, Implementation Delayed
January 5, 2017

Videos

New NYS Law about Electronic Monitoring Takes Effect May 7
April 13, 2022
The Importance of Updated Data Privacy Policies
January 26, 2022
Why it is Time to Update Your Privacy Policy
January 26, 2022

Brochures

Cybersecurity-and-Data-Privacy-2022