Data Privacy & Security

Data Breach Preparation and Response

The key is to be proactive, not reactive. We can help you develop your incident response plans and test those through table top exercises to identify gaps and weaknesses in your cybersecurity program. When you experience a security incident or possible breach, we can help by:

  • Hiring outside forensic and other consultants directly in order to enhance attorney-client privilege protection
  • Verifying whether an incident or breach occurred
  • Leading the investigation as a data breach coach, including reviewing forensic reports, applicable law, managing the data breach response team/plan, and advising on communication strategy and notification requirements
  • Preparing and supporting communications regarding the breach to regulators, affected individuals, the media, and others, pursuant to applicable law and best practices
  • Identifying and minimizing the risks related to a breach, such as the risk of a lawsuit and implementing litigation holds
  • Preparing summaries of the event and other relevant legal requirements
  • Reviewing applicable contractual requirements
  • Handling responses from customers, potential litigants, and government agencies, including negotiating with regulators to minimize penalties they may impose

We also work in harmony with strategic partners in forensics and investigation, IT technical and physical security compliance and management, cybersecurity, data classification, data analytics, public relations, and crisis management.

Success Stories

Attack on Point of Sale System

One of our clients, a specialty grocery store chain, experienced an attack on its point of sale system that resulted in a theft of customer payment card information. Our team worked with the client from the moment the breach was discovered to investigate the incident, engage forensic experts and auditors, notify law enforcement authorities, negotiate with affected payment card companies, and develop position statements and press releases. We helped the client handle every aspect of the breach, advising on how to proceed and ensuring that the negative impact of the breach on our client’s business was minimized as a result of a prompt, thorough response.

Social Security Disclosure

Our client, a vendor for the State of Wisconsin, was involved in the inadvertent disclosure of the Social Security numbers of more than 700,000 Wisconsin taxpayers. Our team worked with the client during the highly publicized incident to negotiate and address corrective measures with the state. We drafted and coordinated a notice to the affected taxpayers, as well as helped the client put credit monitoring services in place for those affected. We also counseled the client in connection with the legal and business ramifications of the publicity associated with the event.

Malware vs Health Care

Our team assisted a large health care system with a security incident involving malware attacking its computer systems. We helped the client obtain outside experts for its investigation using our contacts in the industry and developed a security incident response plan. We analyzed and advised on whether the incident rose to the level of a breach of unsecured protected health information under the HIPAA Security Breach Notification Rule. We also analyzed the applicable state breach notification laws and aided in the drafting of the required notifications to affected individuals and covered entities, the media, and regulatory bodies. We also assisted in the development of fact sheets and other materials that were used for internal and external communications regarding the incident.