- Mark A. Cunningham
- Andrew R. Lee
- Bernard F. Meroney
In today's information economy, no company is completely safe from potential data security breaches, denial-of-service attacks, hacking, thefts of trade secrets and intellectual property, and other losses of or threats to highly sensitive corporate and customer information. Equally varied are the perpetrators of these crimes, a diverse assembly of lone-wolf hackers, business competitors, organized crime, foreign adversaries, and terrorist groups. Further complicating the picture, companies targeted by cyber attackers are often penalized twice: first as a direct result of the initial breach, then subsequently by lawmakers, regulators, and the public, who often blame the victim of the crime for having insufficient safeguards in place.
The Privacy & Data Security Team at Jones Walker LLP helps clients identify, prevent, and respond to the full spectrum of data-breach and privacy risks. Our inter-disciplinary team brings together highly experienced attorneys with professional backgrounds in the banking and financial services, healthcare, technology and telecommunications, energy, petrochemical, maritime, government, and retail sectors. We help our clients:
- Achieve their business objectives by formulating practical, cost-effective solutions to their data challenges, whether they concern security, international data transfers, records management, or government information requests and subpoenas
- Mitigate the risk that they will become a cybercrime victim by helping them comply with national and international privacy and data protection standards
- Avoid litigation by proactively managing consumer and employee privacy expectations and complaints by working with them to develop policies and terms and conditions suitable for their websites, social media, and marketing platforms
- Develop and implement crisis response protocols so their leadership and employees know what to do and how to deploy critical resources when network intrusions happen
- Resolve criminal and regulatory investigations associated with data security or export controls whether they arise in a single jurisdiction or across borders in the US, EU, or Asia
- Defend themselves against consumer class actions and high-stakes business disruption litigation arising from data breach incidents
Preparing for and Avoiding a Breach or Data Theft
We advise clients on their compliance obligations under all privacy-related U.S. federal and state laws, including the Health Insurance Portability and Accountability Act (HIPAA), the Children’s Online Privacy Protection Act (COPPA), the Federal Information Security Management Act (FISMA), the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act (FCRA), the Federal Communications Act of 1934, SEC disclosure guidelines, FTC data/privacy regulations, the CAN-SPAM Act, and other data-breach, privacy, and cybersecurity laws. Additionally, as the global regulatory environment for privacy and data becomes increasingly complicated and our clients expand internationally, our attorneys help clients adapt their existing data management practices to meet these new compliance changes without stressing their resources.
Our attorneys help clients better understand their data, where it is located, and where and with whom it is shared. We assess, develop, and revise information collection, storage, disposal, and sharing policies and procedures to make sure they meet regulatory obligations without compromising business workflows, data security and integrity, and identify potential threats and compliance issues. We also help clients develop and implement comprehensive security programs that document policies and procedures clearly and limit access to personally identifiable information, electronic health records, and other key data.
Rapid Response & Litigation Following a Breach or Data Theft
When a data security breach or data theft occurs, we respond to the event quickly and effectively. We help clients stop or contain the incident, analyze the facts and impact of the situation, and ensure compliance with federal and state notice requirements. Our attorneys assemble teams of key in-house staff, outside IT and public-relations experts, and data security professionals to develop a plan for preventing future thefts or breaches and to communicate with the public in an appropriate manner.
A company victimized by a data breach can quickly become the target of litigation and state or federal investigations. Jones Walker attorneys represent clients in related privacy and data security disputes and litigation, such as with shareholders, customers, and credit card agencies. We also represent our clients in related regulatory proceedings.