Our global economy is a direct result of the digitalization of business and our ability to leverage data. This power has also created a potential for misuse of sensitive and personal data. Born of this potential, and actual misuse, regulatory agencies have unleashed sweeping regulatory action worldwide, most recently with the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). Privacy regulations are complex and vary by jurisdiction and by industry. Through the mass adoption of websites, companies now can easily offer goods and services internationally. This makes adherence with the multitude of evolving privacy regulations – which are creating higher demand on how we access, use, transmit, and store client data – a complicated undertaking. The consequences of a misstep can be serious: heavy fines, injunctions, government audits, and even criminal liability.
In our Privacy and Data Security practice, we take an interdisciplinary approach, partnering with experts in IT audit and cybersecurity to deliver specialized risk management services and to develop sophisticated internal and external privacy policies to prevent and address security breaches. Our clients include healthcare companies covered by the Health Insurance Portability and Accountability Act (HIPAA).
As part of our cybersecurity risk management services, we work with penetration testing experts to develop a cybersecurity risk assessment, cybersecurity maintenance plan (for the ongoing remediation of evolving threats and vulnerabilities), and issue periodic cybersecurity maintenance reports (describing the vulnerabilities that were discovered, how the threat landscape may have evolved, and how the identified risks were mitigated or avoided). Beyond penetration testing, our team helps clients evaluate and improve security effectiveness of data both in transit and at rest, through process analysis, policy development, quality management system implementation, and mobile device management.
We also work with penetration testing and intrusion detection experts to facilitate turn key white hat hacking of medical devices.
It is incumbent upon companies to assess and mitigate their technological and operational vulnerabilities to safeguard the sensitive data of their business, their employees, and their customers; to meet the requirements of changing regulations; and to prevent massive financial loss. Legal representation during penetration testing risk analysis provides the company an opportunity to protect the audit and its results with attorney-client privilege and under the attorney work product doctrine. We are able to brief your company’s Board of Directors about its risk portfolio, and use that valuable information to protect your company and customers.
As an experienced privacy lawyer and Certified Information Privacy Professional (CIPP/US), co-author of Privacy Law Primer (chapter in Representing the Ongoing Business Deskbook, 3rd Edition): Minnesota CLE (2019), and member of the International Association of Privacy Professionals, Ellie Vilendrer is well versed in a plethora of complex laws regarding the safeguarding of sensitive data.
We also offer data privacy mediation.