Every organization, regardless of size, relies upon sensitive business information and personal information about employees and others—clients, patients, donors, data provided by business partners and contractors—for their operations.
Attorneys in the Bond Cybersecurity and Data Privacy Practice assist clients across the full spectrum of legal services in the privacy and cybersecurity arenas, offering proactive advice to shore up cybersecurity programs and data privacy practices and respond in the wake of a breach. Our clients have the benefit of deep industry experience as we counsel them about cybersecurity and data privacy. Our attorneys also practice in litigation, corporate governance and transactions, health care, higher education, labor law and private equity.
Who We Serve
We serve clients across the broad range of industries—finance, manufacturing, hospitality, retail, education, health care, social services and other industries. We advise large and small corporations, not-for-profit organizations and municipal corporations.
Our Cybersecurity Practice
We assist clients proactively to devise sound policies and procedures, review existing policies and practices, provide employee training and prepare for a breach. We also work with our clients to respond promptly and effectively in the event of a breach. Specifically, our services include:
- Preparation, review and implementation of cybersecurity policies and programs;
- Advice about applicable laws and regulations, including the NYS Cybersecurity Rule, FTC guidance and oversight, Gramm-Leach Bliley Act, federal banking oversight, HIPAA, FERPA and GDPR;
- Preparation and review of third party agreements, including Business Associate Agreements;
- Review and advice regarding cybersecurity insurance policies;
- Breach response, including investigations, notice, remediation and response to regulatory oversight;
- Advice about the duty to notify under international, federal and state laws, including GDPR, HIPAA and state breach notification laws;
- Employee training; and
- Advice to Boards of Directors about their oversight duties, governance structures and Board training.
Our Data Privacy Practice
We counsel clients about the industry-specific privacy laws and regulations that apply to them as well as their obligations to protect confidential employee information. We work with clients to build strong privacy policies and practices that comply with the regulatory mandates applicable to their industry or business as a for-profit or not-for-profit organization. Specifically, our services include:
- Development and review of privacy policies, gap analysis and implementation;
- Third party agreements;
- Workforce training;
- Board governance structures, training and internal reporting to meet fiduciary standards;
- Compliance by health systems, hospitals and other providers with federal and state laws and regulations as they exchange data for population health management and care coordination;
- Compliance by institutions of higher education with GDPR, GLBA, FERPA and HIPAA; and
- Policies, procedures and GDPR implementation.
General Data Protection Regulation (GDPR)
Bond organized a dedicated group of attorneys to assist our clients to meet the complex challenges posed by GDPR compliance. We developed detailed policies, including template forms and notices, to assist our clients in addressing the demanding requirements of GDPR. We also counsel clients about GDPR implementation, including integration of GDPR privacy requirements with existing privacy programs and rules, focusing on practical solutions that achieve compliance while seeking to minimize disruption to business operations. We prepare third party agreements, advise about the agreements our clients receive and counsel our clients about responding to GDPR requests from individuals such as the right to be forgotten.