Privacy & CybersecurityOverviewPrivacy & Cybersecurity are top concerns in today’s boardrooms—with good reason. Regulations have proliferated, cyberattacks are commonplace, and companies are being fined millions of dollars for poor data handling practices. Michael Best’s Privacy & Cybersecurity team provides legal counseling to support risk mitigation strategies across the enterprise, and help clients to stay ahead of emerging threats. Our attorneys have in-house experience and extensive backgrounds working with the highest levels of federal, state, regulatory agencies. This gives us a combination of advanced insight into the thinking of regulators and direct experience in solving real-world privacy and security challenges. We will serve as your Privacy General Counsel and become an integral member of your team to develop, implement, and maintain a reliable corporate cybersecurity strategy. Our proactive approach involves assessing how data is managed across the whole enterprise, identifying your vulnerabilities, and building a customized compliance program to meet your specific needs. We work with all sizes and types of clients, including those in heavily regulated or critical infrastructure industries such as communications, energy, financial services, healthcare, retail, and information technology.
Service Areas
Regulatory Compliance & Data Protection
Michael Best provides full-service compliance counseling across the evolving spectrum of global privacy and cybersecurity law, under U.S. federal and state regulations and industry standards (e.g., CAN-SPAM, COPPA, GLBA, HIPAA, NYDFS, PCI-DSS, and FTC/FCC regulation); European Union regulations, including GDPR; and Latin America and Asia-Pacific regional standards.
We take an innovative approach to managing regulatory issues, with the Best Privacy & Cybersecurity Toolkit, which is an online platform that helps our clients manage compliance with a variety of regulatory frameworks including the NIST Cybersecurity Framework and GDPR.
In addition to our Toolkit, we provide ongoing support in mitigating risk and maintaining compliance with GDPR, as further guidance’s are published.
We also provide counsel on privacy and cybersecurity e-commerce issues including CAN-SPAM, TCPA, Do Not Call, E-Sign, internet privacy, and many others, keep our clients compliant with every changes rules and regulations, enabling our clients to achieve their business objectives.
Public Sector Privacy & Cybersecurity
Our team, which includes the Texas state government’s first chief privacy officer, has critical insight into how federal and state governments define, enact, and manage cybersecurity policy and regulations.
Incident Preparedness & Response
We help clients develop incident response plans, conduct on-site tabletop exercises, remediate data breaches, respond to third party investigations or claims, and manage crisis communications.
We partner with trusted resources to manage and investigate small and large scale breaches arising from all varieties of cybercrimes and threats, engaging third party resources, preserving the attorney-client privilege.
We tailor the tabletop exercise to their business, their people. Through the response to the exercise, we update/craft a response plan to assist in mitigating future risk, in accordance with applicable regulatory requirements.
Governance & Risk Management
We develop robust risk mitigation strategies to help you defend reputational and legal challenges through our customized, integrated approach to policy, procedure, and risk assessment and management.
Investigations, Dispute Resolution & Litigation
We represent clients throughout internal audits and investigations, third-party disputes, federal and state government investigations, and regulatory enforcement actions, helping them navigate federal and state agencies and external auditors.
Our team also focuses on stakeholder preparation and counseling, working with individuals who are externally facing, to prepare them for media spotlight, testimony, depositions, and other public statements.
We strategically partner with our litigation team to provide clients a full range of resources if litigation is imminent. Our team advises and provides support to the litigation team throughout the litigation process, assisting with case evaluation, discovery and settlement strategy, evaluating the merits of the claim, seeking indemnification where available, tendering to cyber insurance carriers and following protocols, all to achieve a beneficial outcome for our clients.
Supply Chain & Vendor Management
We advise customers and suppliers on privacy and cybersecurity risk concerns, including pre-contract diligence, contract preparation and negotiations, and post-contract audits.
Our team is available to assist through the entire life cycle, starting with vendor selection process through contract termination and exit strategy.
Emerging Technologies
When clients are developing or adopting new technologies (e.g., IoT or blockchain), we help them achieve business objectives while being mindful of emerging law and interpretations.
Our team helps clients integrate privacy and cybersecurity into their new technologies and projects from the onset, incorporating the principles of Privacy by Design and Default.
Click here for additional resources.
Privacy & Cybersecurity Education & Training
Our training programs empower your organization to develop a first line of defense in privacy and cybersecurity risk management, by creating a structured program to identify key cybersecurity and privacy issues.
Interactive Gaming & Online Sports Books
We counsel gaming industry clients on crucial privacy and data security issues, creating customized compliance programs for risk mitigation. We advise on the full spectrum of privacy and cybersecurity regulations at the state, federal, and global level. Our experience includes developing privacy policies and terms of service that address gaming regulations across multiple states; counsel on issues related to third-party data transfers; and data breach incident preparation and response.
Experience
- Represented various clients in assessing and responding to data breaches, managing multi-state breach notifications, including notification to regulators, and providing credit monitoring
- Negotiated data aggregation agreement between client and major financial institution to allow sharing of financial institution customer information with third parties
- Counseled on sharing of financial institution nonpublic personal information with non-affiliated third parties under joint marketing agreements and service provider agreements in order to increase and refine targeted marketing efforts
- Advised on FCRA issues relating to firm offers of credit involving financial institution, credit bureau, and multiple service providers
Related People Preview Attorney's BiographyJoe is a seasoned data use, privacy, and cybersecurity lawyer with more than 30 years of business and legal experience advising technology and healthcare companies and government entities. He helps clients identify their data privacy and cybersecurity risks and design, implement, and manage programs and policies that minimize those risks.  Preview Attorney's BiographyRyan is a paralegal in the firm’s Corporate Practice Group. He assists Michael Best attorneys with a variety real estate, corporate, and data privacy matters. He conducts property and tax assessment research, performs due diligence, ALTA/NSPS land survey analysis, title and policy review, evaluation of agricultural foreclosures, and manages closings for commercial, residential, and agricultural real estate transactions throughout the country. Ryan L. Habeck* *Names that appear with an asterisk indicate a Michael Best professional not admitted to practice law.  Preview Attorney's BiographyClients benefit from Elizabeth’s extensive experience with a variety of regulatory, cybersecurity compliance, and technology-specific privacy matters. A former Chief Privacy Officer and General Counsel, she brings a unique and informed in-house perspective to her practice.  Preview Attorney's BiographyGuy counsels clients on privacy and data security matters including compliance with U.S. and E.U. data protection and privacy laws, the development of company privacy programs, and responding to and mitigating data breaches.  Preview Attorney's BiographyLiz counsels clients on privacy and data security matters including compliance with applicable data privacy regulations and implementation of proactive cybersecurity measures. She also helps guide clients through all aspects of data security incidents. Liz holds the Certified Information Privacy Professional/United States (CIPP/US) credential through the International Association of Privacy Professionals.
Related NewsEvent April 26, 2022 Event March 29, 2022 Event February 4, 2022 Publication January 28, 2021 Publication December 30, 2021 News December 28, 2021 Event December 6, 2021 News November 23, 2021 Event November 5, 2021 Publication November 4, 2021 Event October 21, 2021 Ransomware: Lessons We Are Learning from Hackers, Black Hat, and the Boardroom Event October 20, 2021 Publication October 20, 2021 Publication October 6, 2021 Publication October 6, 2021 Event September 30, 2021 Event September 29, 2021 Publication September 27, 2021 Event September 22, 2021 Event August 13, 2021 Event July 27, 2021 News June 29, 2021 Event May 28, 2021 Event May 21, 2021 Event May 20, 2021 Event May 13, 2021 Event May 11 & May 18, 2021 Event MAY 6, 2021 Event April 16, 2021 Publication April 5, 2021 News March 11, 2021 News March 8, 2021 News February 5, 2021 News January 19, 2021 Publication January 13, 2021 Event December 8, 2020 Co-Panelist, "Cybersecurity in the Age of COVID-19," Curi - A Medical Mutual Co. Webinar News December 2, 2020 Publication December 1, 2020 Event November 16, 2020 Presenter, "Incident Response," NCACPA 81st Annual Virtual Conference Publication November 11, 2020 Publication October 27, 2020 Event October 22, 2020 Publication October 14, 2020 Event October 2, 2020 Configuring Zoom and Other Platforms for Privacy and Security Event September 18, 2020 Co-Panelist, "Health Care Sector Deep Dive," Cleveland-Marshall College of Law Cybersecurity & Privacy Protection Virtual Conference 2020 News September 1, 2020 Publication August 25, 2020 Publication July 29, 2020 Publication July 22, 2020 Publication July 17, 2020 Event July 15, 2020 Publication July 14, 2020 Publication June 30, 2020 Publication June 25, 2020 Event June 17, 2020 Co-Presenter, "Managing Remote Access & Incident Response Remotely Workshop," NC TECH Webinar in Partnership with TCDI Publication June 11, 2020 Publication June 9, 2020 Event May 22, 2020 Event May 20, 2020 Co-Presenter, "Cyber Security," NCACPA's Business & Industry Spring Conference News December 12, 2019 Publication February 17, 2016
|
back to top |