Cybersecurity and Data Privacy Attorneys

Overview

Virtually every company, organization and institution, regardless of size, has an aggregation of information that is of critical value to its mission.

Unfortunately, we are in an age where that information is under an ever-increasing cyber threat. Data concerning clients/customers, employees, finances, intellectual property and strategic plans are made vulnerable by their accessibility via unsecured mobile devices, e-mail scams, third-party connectivity (i.e., payroll administrators), and out-sourced storage (real or virtual). Furthermore, as technology evolves, so do the laws, regulations and compliance requirements related to the protection of privacy and data, which increases the burdens on institutions of all natures and sizes as well.

The members of Bond’s cybersecurity and data privacy practice are residents of the full range of Bond’s diverse practice areas, and thus draw from the firm’s collective wealth of experience in governance, compliance, and litigation across a wide array of industries and markets. The attorneys in the group provide insight into cybersecurity and data privacy matters concerning business transactions, compliance, information management, governance, human resources, intellectual property, litigation and technology.

Collectively, they possess an extensive reservoir of practical knowledge having counseled a wide range of clients including:

Defense
Education
Energy
Finance
Health Care

High-Tech
Hospitality
Insurance
Manufacturing
Municipalities

Social Services
Software
Retail
Transportation
Utilities

The multi-disciplinary group has experience with counseling clients on compliance with federal and state privacy laws, including HIPAA, FERPA and the Gramm-Leach-Bliley Act, as well as federal and state data breach notification laws. The members of the practice also assist clients in navigating cyber threats and on-going challenges by:

Developing tailored policies and guidelines for client cyber governance, data breach preparedness, and compliance with federal and state notification and accountability laws;
Advising clients of potential and actual liabilities for data breaches, security failures, and counteroffensive measures; and
Assessing clients’ vulnerabilities and risks, auditing existing incident response plans, procedures and protocols, and recommending improvements.

Our Team

What We Do

Breach Notification

Our attorneys are solution-focused when dealing with clients in breach response scenarios, as well as in preemptive cybersecurity planning. We advise clients on matters related to compliance with New York General Business Law §899-aa, which requires written notification to the people whose information was accidentally released, and the filing of a specific written notice of the accidental release to the New York State Attorney General, the New York State Department of State, Division of Consumer Protection, and the New York State Police. We also advise on the applicability of other state and federal statutes pertaining to inadvertent releases of private financial information, including:

The restrictions against disclosure of student information under "FERPA”, the Family Educational Rights and Privacy Act of 1974 (20 U.S.C. §1232g);
The "Safeguards Rule" under the Gramm Leach Bliley Act (requiring financial and educational institutions to implement certain security programs to protect against unauthorized access to student financial information); and
The FTC "Red Flag Rules" regarding identity theft protection (16 CFR 68.2).

Compliance and Reporting

Crisis Management and Remediation

An attorney may be the first person contacted in the event of a crisis. Our practice goes to great lengths to ensure that crises are dealt with swiftly or prevented in the first place.

Data Breach Prevention

It is futile to expect the preservation of any confidential data without the proper systems and procedures in place. Our practice counsels a wide range of clients in this area, from financial planners in their development of apps to government entities and school districts.

With school districts, we assist administrators in complying with Education Law section 2-d regarding the protection of student PII. We ensure that these districts comply with Section 2-d for all vendor and third party contracts, which includes ensuring proper encryption, safety and recovery protocols for protected information as well as remedies and protections for inadvertent releases of such information.

Incident Preparedness and Auditing

Our attorneys routinely assist a wide range of clients with their cyber incident preparedness, from the business to the education sectors. We have advised boards of directors and management teams on their responsibilities with respect to cybersecurity risk mitigation, including compliance with the recently enacted New York State Department of Financial Services cybersecurity regulations.

Internal Investigations

We work with clients in conducting internal investigations following a breach to determine the facts relating to the incident, review the client’s policies and procedures and make recommendations. We collect all relevant electronic information, interview all pertinent witnesses and prepare reports with factual findings and recommendations.

Law Enforcement Intermediary

Trade Secret Protection

All too often, companies react to trade secret theft and competitive threats due to employee departures, rather than position for it. Under these circumstances, they are faced with no choice but to engage in costly litigation.

Our Trade Secret Protection Audit assists companies in identifying critical intangible assets and guides the development of procedures, contract language, employment and non-disclosure agreements designed to protect them. Undertaken periodically, audits are able to help companies anticipate possible threats and reduce the areas of risk most often encountered in the course of conducting business. In performing this due diligence, our attorneys may also call upon other professionals in connection with the evaluation and testing of protocols related to the protection of computer data.

See the link below for more information on the Trade Secret Protection Audit.

In addition to the audit, our capabilities include:

Cease & Desist Letters
Computer & Information Use Policies
Confidentiality Agreements
Departure/Exit Protocols
Employment Agreements
Fraud & Security Audits
Invention Assignment Agreements
Non-compete Agreements
Non-disclosure Agreements
Restrictive Covenant Agreements
Technology Use Agreements
Trade Secret Theft Claims
Trade Secret Litigation

Click here to view Bond's Trade Secret Protection Audit brochure.

Events

Webinars

News

Articles

Brochures

Cybersecurity-and-Data-Privacy