Overview

Data Privacy and Cybersecurity Attorneys

Every organization, regardless of size, relies upon sensitive business information and personal information about employees and others—clients, patients, donors, data provided by business partners and contractors—for their operations. 

Attorneys in the Bond Cybersecurity and Data Privacy Practice assist clients across the full spectrum of legal services in the privacy and cybersecurity arenas, offering proactive advice to shore up cybersecurity programs and data privacy practices and respond in the wake of a breach. Our clients have the benefit of deep industry experience as we counsel them about cybersecurity and data privacy. Our attorneys also practice in litigation, corporate governance and transactions, health care, higher education, labor law and private equity. 

Read Full Overview >

Breach Notification

Our attorneys are solution-focused when dealing with clients in breach response scenarios, as well as in preemptive cybersecurity planning. We advise clients on matters related to compliance with New York General Business Law §899-aa, which requires written notification to the people whose information was accidentally released, and the filing of a specific written notice of the accidental release to the New York State Attorney General, the New York State Department of State, Division of Consumer Protection, and the New York State Police. We also advise on the applicability of other state and federal statutes pertaining to inadvertent releases of private financial information, including: 

  • The restrictions against disclosure of student information under "FERPA”, the Family Educational Rights and Privacy Act of 1974 (20 U.S.C. §1232g); 
  • The "Safeguards Rule" under the Gramm Leach Bliley Act (requiring financial and educational institutions to implement certain security programs to protect against unauthorized access to student financial information); and 
  • The FTC "Red Flag Rules" regarding identity theft protection (16 CFR 68.2).

Compliance

Bond assists clients in a wide range of industries, without regard to size, with their data privacy and cybersecurity compliance.

Our attorneys work with clients to conduct legal assessments, data audits, risk management assessments, trainings, policy drafting, vendor assessments, due diligence review, filings, data subject request responses, data governance, as well as contract drafting and review.

Up to date on the regularly changing landscape of international and domestic cybersecurity and data privacy, we advise clients concerning a number of different regulations including, but not limited to: 

  • European Union’s General Data Protection Regulation (GDPR) 
  • United Kingdom General Data Protection Regulation (UK-GDPR) 
  • California Consumer Privacy Act, California Consumer Privacy Rights Act (CCPA/CPRA) 
  • Virginia Consumer Data Privacy Act (CDPA)
  • Children’s Online Privacy Protection Act (COPPA)
  • Health Insurance Portability and Accountability Act (HIPAA) 
  • Graham-Leach-Bliley Act (GLBA)
  • Fair Credit Reporting Act (FCRA)
  • Family Educational Rights and Privacy Act (FERPA)
  • New York Education Law 2-D
  • PCI-DSS Compliance
  • New York “Stop Hacks and Improve Electronic Data Security” Act (SHIELD), and
  • New York Department of Financial Services Cybersecurity Regulation

Crisis Management and Remediation

An attorney may be the first person contacted in the event of a crisis. Our practice goes to great lengths to ensure that crises are dealt with swiftly or prevented in the first place. 

Data Breach Prevention

It is futile to expect the preservation of any confidential data without the proper systems and procedures in place. Our practice counsels a wide range of clients in this area, from financial planners in their development of apps to government entities and school districts. 

With school districts, we assist administrators in complying with Education Law section 2-d regarding the protection of student PII. We ensure that these districts comply with Section 2-d for all vendor and third party contracts, which includes ensuring proper encryption, safety and recovery protocols for protected information as well as remedies and protections for inadvertent releases of such information.

Incident Preparedness and Auditing

Our attorneys routinely assist a wide range of clients with their cyber incident preparedness, from the business to the education sectors. We have advised boards of directors and management teams on their responsibilities with respect to cybersecurity risk mitigation, including compliance with the recently enacted New York State Department of Financial Services cybersecurity regulations.

Internal Investigations

We work with clients in conducting internal investigations following a breach to determine the facts relating to the incident, review the client’s policies and procedures and make recommendations. We collect all relevant electronic information, interview all pertinent witnesses and prepare reports with factual findings and recommendations.

Trade Secret Protection

All too often, companies react to trade secret theft and competitive threats due to employee departures, rather than position for it. Under these circumstances, they are faced with no choice but to engage in costly litigation.

Our Trade Secret Protection Audit assists companies in identifying critical intangible assets and guides the development of procedures, contract language, employment and non-disclosure agreements designed to protect them. Undertaken periodically, audits are able to help companies anticipate possible threats and reduce the areas of risk most often encountered in the course of conducting business. In performing this due diligence, our attorneys may also call upon other professionals in connection with the evaluation and testing of protocols related to the protection of computer data.

See the link below for more information on the Trade Secret Protection Audit.

In addition to the audit, our capabilities include:

  • Cease & Desist Letters
  • Computer & Information Use Policies
  • Confidentiality Agreements
  • Departure/Exit Protocols
  • Employment Agreements
  • Fraud & Security Audits
  • Invention Assignment Agreements
  • Non-compete Agreements
  • Non-disclosure Agreements
  • Restrictive Covenant Agreements
  • Technology Use Agreements
  • Trade Secret Theft Claims
  • Trade Secret Litigation 

Click here to view Bond's Trade Secret Protection Audit brochure.