skip to main content
Bond, Schoeneck & King PLLC
  • Our Firm
  • News, Events and Videos
  • Careers
  • People

    Search by Last Name

    A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

    View All Attorneys Reset Search

  • Practices

    Practice Areas

    • Business and Transactions
    • Business Restructuring, Creditors' Rights and Bankruptcy
    • Class and Collective Action Litigation
    • Collegiate Sports
    • Commercial Lending
    • COVID-19 Essential Resources for Business
    • Cybersecurity and Data Privacy
    • Employee Benefits and Executive Compensation
    • Environmental and Energy
    • Financial Institutions Regulatory
    • Government Relations
    • Health Care
    • Immigration
    • Intellectual Property and Technology
    • Labor and Employment
    • Litigation
    • Mergers and Acquisitions
    • OSHA
    • Property
    • Public Finance
    • Securities
    • Tax Assessment, Condemnation & Property Valuation
    • Tax Law
    • Toxic Tort and Environmental Litigation
    • Trust and Estate

    Industries

    • Agribusiness
    • Exempt Organizations
    • Higher Education
    • Hospitality and Tourism
    • Long Term Care
    • Manufacturing
    • Municipalities
    • Real Estate Development and Construction
    • School Law
    • Small Business
  • Offices

    Offices

    • Albany, NY
    • Buffalo, NY
    • Garden City, NY
    • New York, NY
    • Rochester, NY
    • Saratoga Springs, NY
    • Syracuse, NY
    • Utica, NY
    • Naples, FL
    • Kansas City
    • Boston, MA
Bond, Schoeneck & King PLLC
  • People
  • Practices
  • Offices
  • Our Firm
  • News, Events and Videos
  • Careers

Cybersecurity and Data Privacy

Cybersecurity and Data Privacy attorneys; cybersecurity lawyer; data privacy lawyer

Home Print Email Download PDF Share on Social Media

Content Loading
  • Overview
  • Our Team
  • What We Do
  • News
  • Events and Webinars
  • Webinar Recordings
  • Articles
  • Brochures
Cybersecurity and Data Privacy Contacts

Philip J. Zaccheo, Co-Chair

Jessica L. Copeland, Co-Chair

Syracuse, NY

Philip J. Zaccheo

Buffalo, NY

Jessica L. Copeland

  1. Home
  2. Practices
  3. Cybersecurity and Data Privacy

Overview

Every organization, regardless of size, relies upon sensitive business information and personal information about employees and others—clients, patients, donors, data provided by business partners and contractors—for their operations. 

Attorneys in the Bond Cybersecurity and Data Privacy Practice assist clients across the full spectrum of legal services in the privacy and cybersecurity arenas, offering proactive advice to shore up cybersecurity programs and data privacy practices and respond in the wake of a breach. Our clients have the benefit of deep industry experience as we counsel them about cybersecurity and data privacy. Our attorneys also practice in litigation, corporate governance and transactions, health care, higher education, labor law and private equity. 

Who We Serve
We serve clients across the broad range of industries—finance, manufacturing, hospitality, retail, education, health care, social services and other industries. We advise large and small corporations, not-for-profit organizations and municipal corporations.

Our Cybersecurity Practice
We assist clients proactively to devise sound policies and procedures, review existing policies and practices, provide employee training and prepare for a breach. We also work with our clients to respond promptly and effectively in the event of a breach. Specifically, our services include:

  • Preparation, review and implementation of cybersecurity policies and programs;
  • Advice about applicable laws and regulations, including the NYS Cybersecurity Rule, FTC guidance and oversight, Gramm-Leach Bliley Act, federal banking oversight, HIPAA, FERPA and GDPR;
  • Preparation and review of third party agreements, including Business Associate Agreements;
  • Review and advice regarding cybersecurity insurance policies;
  • Breach response, including investigations, notice, remediation and response to regulatory oversight;
  • Advice about the duty to notify under international, federal and state laws, including GDPR, HIPAA and state breach notification laws;
  • Employee training; and
  • Advice to Boards of Directors about their oversight duties, governance structures and Board training.

Our Data Privacy Practice
We counsel clients about the industry-specific privacy laws and regulations that apply to them as well as their obligations to protect confidential employee information. We work with clients to build strong privacy policies and practices that comply with the regulatory mandates applicable to their industry or business as a for-profit or not-for-profit organization. Specifically, our services include:

  • Development and review of privacy policies, gap analysis and implementation; 
  • Third party agreements; 
  • Workforce training;
  • Board governance structures, training and internal reporting to meet fiduciary standards;
  • Compliance by health systems, hospitals and other providers with federal and state laws and regulations as they exchange data for population health management and care coordination; 
  • Compliance by institutions of higher education with GDPR, GLBA, FERPA and HIPAA; and
  • Policies, procedures and GDPR implementation.

General Data Protection Regulation (GDPR)
Bond organized a dedicated group of attorneys to assist our clients to meet the complex challenges posed by GDPR compliance. We developed detailed policies, including template forms and notices, to assist our clients in addressing the demanding requirements of GDPR. We also counsel clients about GDPR implementation, including integration of GDPR privacy requirements with existing privacy programs and rules, focusing on practical solutions that achieve compliance while seeking to minimize disruption to business operations. We prepare third party agreements, advise about the agreements our clients receive and counsel our clients about responding to GDPR requests from individuals such as the right to be forgotten. 

Our Team

What We Do

Breach Notification

Our attorneys are solution-focused when dealing with clients in breach response scenarios, as well as in preemptive cybersecurity planning. We advise clients on matters related to compliance with New York General Business Law §899-aa, which requires written notification to the people whose information was accidentally released, and the filing of a specific written notice of the accidental release to the New York State Attorney General, the New York State Department of State, Division of Consumer Protection, and the New York State Police. We also advise on the applicability of other state and federal statutes pertaining to inadvertent releases of private financial information, including: 

  • The restrictions against disclosure of student information under "FERPA”, the Family Educational Rights and Privacy Act of 1974 (20 U.S.C. §1232g); 
  • The "Safeguards Rule" under the Gramm Leach Bliley Act (requiring financial and educational institutions to implement certain security programs to protect against unauthorized access to student financial information); and 
  • The FTC "Red Flag Rules" regarding identity theft protection (16 CFR 68.2).

Compliance and Reporting

Crisis Management and Remediation

An attorney may be the first person contacted in the event of a crisis. Our practice goes to great lengths to ensure that crises are dealt with swiftly or prevented in the first place. 

Data Breach Prevention

It is futile to expect the preservation of any confidential data without the proper systems and procedures in place. Our practice counsels a wide range of clients in this area, from financial planners in their development of apps to government entities and school districts. 

With school districts, we assist administrators in complying with Education Law section 2-d regarding the protection of student PII. We ensure that these districts comply with Section 2-d for all vendor and third party contracts, which includes ensuring proper encryption, safety and recovery protocols for protected information as well as remedies and protections for inadvertent releases of such information.

Incident Preparedness and Auditing

Our attorneys routinely assist a wide range of clients with their cyber incident preparedness, from the business to the education sectors. We have advised boards of directors and management teams on their responsibilities with respect to cybersecurity risk mitigation, including compliance with the recently enacted New York State Department of Financial Services cybersecurity regulations.

Internal Investigations

We work with clients in conducting internal investigations following a breach to determine the facts relating to the incident, review the client’s policies and procedures and make recommendations. We collect all relevant electronic information, interview all pertinent witnesses and prepare reports with factual findings and recommendations.

Law Enforcement Intermediary

Trade Secret Protection

All too often, companies react to trade secret theft and competitive threats due to employee departures, rather than position for it. Under these circumstances, they are faced with no choice but to engage in costly litigation.

Our Trade Secret Protection Audit assists companies in identifying critical intangible assets and guides the development of procedures, contract language, employment and non-disclosure agreements designed to protect them. Undertaken periodically, audits are able to help companies anticipate possible threats and reduce the areas of risk most often encountered in the course of conducting business. In performing this due diligence, our attorneys may also call upon other professionals in connection with the evaluation and testing of protocols related to the protection of computer data.

See the link below for more information on the Trade Secret Protection Audit.

In addition to the audit, our capabilities include:

  • Cease & Desist Letters
  • Computer & Information Use Policies
  • Confidentiality Agreements
  • Departure/Exit Protocols
  • Employment Agreements
  • Fraud & Security Audits
  • Invention Assignment Agreements
  • Non-compete Agreements
  • Non-disclosure Agreements
  • Restrictive Covenant Agreements
  • Technology Use Agreements
  • Trade Secret Theft Claims
  • Trade Secret Litigation 

Click here to view Bond's Trade Secret Protection Audit brochure.

News

Events and Webinars

Webinar Recordings

Articles

Brochures

PDF File Cybersecurity-and-Data-Privacy-2020

OverviewToggle Button

Every organization, regardless of size, relies upon sensitive business information and personal information about employees and others—clients, patients, donors, data provided by business partners and contractors—for their operations. 

Attorneys in the Bond Cybersecurity and Data Privacy Practice assist clients across the full spectrum of legal services in the privacy and cybersecurity arenas, offering proactive advice to shore up cybersecurity programs and data privacy practices and respond in the wake of a breach. Our clients have the benefit of deep industry experience as we counsel them about cybersecurity and data privacy. Our attorneys also practice in litigation, corporate governance and transactions, health care, higher education, labor law and private equity. 

Who We Serve
We serve clients across the broad range of industries—finance, manufacturing, hospitality, retail, education, health care, social services and other industries. We advise large and small corporations, not-for-profit organizations and municipal corporations.

Our Cybersecurity Practice
We assist clients proactively to devise sound policies and procedures, review existing policies and practices, provide employee training and prepare for a breach. We also work with our clients to respond promptly and effectively in the event of a breach. Specifically, our services include:

  • Preparation, review and implementation of cybersecurity policies and programs;
  • Advice about applicable laws and regulations, including the NYS Cybersecurity Rule, FTC guidance and oversight, Gramm-Leach Bliley Act, federal banking oversight, HIPAA, FERPA and GDPR;
  • Preparation and review of third party agreements, including Business Associate Agreements;
  • Review and advice regarding cybersecurity insurance policies;
  • Breach response, including investigations, notice, remediation and response to regulatory oversight;
  • Advice about the duty to notify under international, federal and state laws, including GDPR, HIPAA and state breach notification laws;
  • Employee training; and
  • Advice to Boards of Directors about their oversight duties, governance structures and Board training.

Our Data Privacy Practice
We counsel clients about the industry-specific privacy laws and regulations that apply to them as well as their obligations to protect confidential employee information. We work with clients to build strong privacy policies and practices that comply with the regulatory mandates applicable to their industry or business as a for-profit or not-for-profit organization. Specifically, our services include:

  • Development and review of privacy policies, gap analysis and implementation; 
  • Third party agreements; 
  • Workforce training;
  • Board governance structures, training and internal reporting to meet fiduciary standards;
  • Compliance by health systems, hospitals and other providers with federal and state laws and regulations as they exchange data for population health management and care coordination; 
  • Compliance by institutions of higher education with GDPR, GLBA, FERPA and HIPAA; and
  • Policies, procedures and GDPR implementation.

General Data Protection Regulation (GDPR)
Bond organized a dedicated group of attorneys to assist our clients to meet the complex challenges posed by GDPR compliance. We developed detailed policies, including template forms and notices, to assist our clients in addressing the demanding requirements of GDPR. We also counsel clients about GDPR implementation, including integration of GDPR privacy requirements with existing privacy programs and rules, focusing on practical solutions that achieve compliance while seeking to minimize disruption to business operations. We prepare third party agreements, advise about the agreements our clients receive and counsel our clients about responding to GDPR requests from individuals such as the right to be forgotten. 

Our TeamToggle Button
What We DoToggle Button

Breach Notification

Our attorneys are solution-focused when dealing with clients in breach response scenarios, as well as in preemptive cybersecurity planning. We advise clients on matters related to compliance with New York General Business Law §899-aa, which requires written notification to the people whose information was accidentally released, and the filing of a specific written notice of the accidental release to the New York State Attorney General, the New York State Department of State, Division of Consumer Protection, and the New York State Police. We also advise on the applicability of other state and federal statutes pertaining to inadvertent releases of private financial information, including: 

  • The restrictions against disclosure of student information under "FERPA”, the Family Educational Rights and Privacy Act of 1974 (20 U.S.C. §1232g); 
  • The "Safeguards Rule" under the Gramm Leach Bliley Act (requiring financial and educational institutions to implement certain security programs to protect against unauthorized access to student financial information); and 
  • The FTC "Red Flag Rules" regarding identity theft protection (16 CFR 68.2).

Compliance and Reporting

Crisis Management and Remediation

An attorney may be the first person contacted in the event of a crisis. Our practice goes to great lengths to ensure that crises are dealt with swiftly or prevented in the first place. 

Data Breach Prevention

It is futile to expect the preservation of any confidential data without the proper systems and procedures in place. Our practice counsels a wide range of clients in this area, from financial planners in their development of apps to government entities and school districts. 

With school districts, we assist administrators in complying with Education Law section 2-d regarding the protection of student PII. We ensure that these districts comply with Section 2-d for all vendor and third party contracts, which includes ensuring proper encryption, safety and recovery protocols for protected information as well as remedies and protections for inadvertent releases of such information.

Incident Preparedness and Auditing

Our attorneys routinely assist a wide range of clients with their cyber incident preparedness, from the business to the education sectors. We have advised boards of directors and management teams on their responsibilities with respect to cybersecurity risk mitigation, including compliance with the recently enacted New York State Department of Financial Services cybersecurity regulations.

Internal Investigations

We work with clients in conducting internal investigations following a breach to determine the facts relating to the incident, review the client’s policies and procedures and make recommendations. We collect all relevant electronic information, interview all pertinent witnesses and prepare reports with factual findings and recommendations.

Law Enforcement Intermediary

Trade Secret Protection

All too often, companies react to trade secret theft and competitive threats due to employee departures, rather than position for it. Under these circumstances, they are faced with no choice but to engage in costly litigation.

Our Trade Secret Protection Audit assists companies in identifying critical intangible assets and guides the development of procedures, contract language, employment and non-disclosure agreements designed to protect them. Undertaken periodically, audits are able to help companies anticipate possible threats and reduce the areas of risk most often encountered in the course of conducting business. In performing this due diligence, our attorneys may also call upon other professionals in connection with the evaluation and testing of protocols related to the protection of computer data.

See the link below for more information on the Trade Secret Protection Audit.

In addition to the audit, our capabilities include:

  • Cease & Desist Letters
  • Computer & Information Use Policies
  • Confidentiality Agreements
  • Departure/Exit Protocols
  • Employment Agreements
  • Fraud & Security Audits
  • Invention Assignment Agreements
  • Non-compete Agreements
  • Non-disclosure Agreements
  • Restrictive Covenant Agreements
  • Technology Use Agreements
  • Trade Secret Theft Claims
  • Trade Secret Litigation 

Click here to view Bond's Trade Secret Protection Audit brochure.

NewsToggle Button Closed
Events and WebinarsToggle Button Closed
Webinar RecordingsToggle Button Closed
ArticlesToggle Button Closed
BrochuresToggle Button

PDF File Cybersecurity-and-Data-Privacy-2020

Cybersecurity and Data Privacy Contacts

Philip J. Zaccheo, Co-Chair

Jessica L. Copeland, Co-Chair

Syracuse, NY

Philip J. Zaccheo

Buffalo, NY

Jessica L. Copeland

© 2021 Bond, Schoeneck & King PLLC
  • Disclaimer
  • Privacy Policy
  • Cookie and Similar Technologies Policy
  • Site Map
  • Contact Us
  • Subscribe