Cyberlaw, Data Privacy and Security
Almost all company data is at risk.
With data security breaches and other such attacks increasing in both frequency and severity, managing such risks is a top priority. High-profile cyber-attacks dominate headlines and beg a pertinent question: If you collect and use customer or other data as a part of your business model, it is not a matter of if a breach, corruption, loss of data or other such event will occur but when and will you be prepared?
Ascentage Law can assist you in evaluating and updating your current data and security practices, classifying and managing data, as well as preparing for, preventing, and responding to threats.
We specialize in the full life-cycle of data privacy and security matters. From assessing network/data security and cyber-liability insurance coverage, advising you with respect to employee and contractor training, helping your business comply with applicable sectoral and other governmental regulations, to guiding you through the mitigation and notice process after a breach, we do it all. Ascentage Law can advise you with respect to every facet of cyber and data risk.
Our services in this field include:
- Identification of sensitive data that is being collected and stored;
- Identifying laws and regulations that govern the collection and use of personal information;
- Drafting necessary security and governance policies, including Terms of Service and Privacy Policies, to meet regulatory compliance standards;
- Reviewing and updating controls used to monitor and protect sensitive data;
- Reviewing and updating processes to conform with permission-based marketing policies (i.e., opt-in or opt-out policies);
- Developing workplace policies for email, instant messaging, and computer use; and
- Preventing and deterring attacks, pursuing perpetrators, responding to problems, and helping clients mitigate risk and loss through insurance.
Regulations that we help clients to manage include:
- The Gramm-Leach-Bliley Act (GLBA);
- The Health Insurance Portability and Accountability Act of 1996 (HIPAA);
- The Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH);
- Identity Theft Protection Act;
- EU-US data transfer and processing regulations; and
- The Child Online Privacy and Protection Act (COPPA).