Regulatory Compliance and Cyberrisk Assessment
Our assessments identify gaps in organizations’ critical risk areas and include recommendations on how to close them. This includes vendor and contract review, transactional due diligence, evaluating cyber insurance policies, and counseling upper management and board members on the scope of the risk and need for affirmative action.
Process:
- Identify applicable industry-specific and jurisdictional laws, regulations and standards regarding personal and protected data to help ensure regulatory compliance
- Conduct in-depth analysis of our clients’ current security programs, including interviews with key stakeholders, to identify vulnerabilities and establish a cyberrisk profile
- Help clients identify high legal-risk scenarios for security prioritization
- Identify applicable state-specific safe harbors for organizations using consulting services to help mitigate cyberrisk
Deliverables:
- A detailed cyberrisk report with strategic recommendations for developing and/or enhancing information security programs and policies to help ensure regulatory compliance and proactive risk management, including:
- Information governance programs
- Records management policies
- Breach notification policies
- Protocol manuals
- Incident monitoring and reporting processes
- Emergency response plans
- Security awareness education and training
- Negotiate with cybersecurity insurance carriers and brokers to determine appropriate levels of coverage
- Assistance with drafting and implementing policies and programs to address weaknesses identified in the cyberrisk report
Communication Planning
Our pre-breach communications planning services help clients position themselves to mitigate the potentially damaging repercussions of a data breach.
Process:
- Our in-house communications team works with our clients’ communications and public relations professionals, or acts on their behalf
Deliverables:
- Develop or enhance communications management plans to include cybersecurity components and ensure plans address affected internal and external stakeholders
- Provide communications and media training to the designated organization spokespeople
Rapid Incident Response
Upon notification of an actual or suspected breach, we deploy attorneys and IT professionals to coordinate a thorough response under the protection of attorney-client privilege during the critical time when an organization’s investors, customers and regulators are closely monitoring the situation and its potential outcome.
Process:
- Immediately start the process to identify and contain the risk
- Identify the scope of the breach through forensic investigations
- Provide tactical recommendations to prevent additional incidents
- Identify records containing personally identifiable information (PII) and/or protected health information (PHI) and determine which may have been breached
- Provide guidance on notifying affected individuals of breaches involving such information
- Consult on when and how to cooperate with regulatory agencies and/or law enforcement during an investigation
Deliverables:
- Implement comprehensive security breach response to reduce liability and enable compliance going forward
- Guide breached entities in dealing with regulatory agencies and law enforcement
- Provide strategic recommendations for preventing similar incidents from recurring
- Confirm the necessary steps are taken to ensure appropriate insurance coverage
Privacy-Related Litigation and Investigation
Our attorney team has experience handling high-stakes class-action lawsuits, government investigations and regulatory enforcement actions.
Process:
- Provide pretrial guidance including evaluating potential claims and liability risks, as well as assessing options for alternative dispute resolution
- Build and deploy the right attorney and technology team, tailoring specific data privacy and cybersecurity experience to provide innovative, practical and cost-effective solutions for the unique challenges of each matter
Deliverables:
- Represent and defend clients in all aspects of litigation and regulatory investigations arising from data breaches and alleged violations of data privacy requirements – from pretrial and investigative phases through trial and appeal
Communications Plan Execution
We help breached organizations hit the ground running to manage message points, put the controversy behind them, and preserve their image, brand and internal morale.
Process:
- Our communications professionals work side by side with our technical and regulatory compliance teams to provide a timely and efficient response to help protect our clients’ reputations and business interests
Deliverables:
- Develop communications for appropriate channels and stakeholders
- Identify or act as third-party spokespeople
- Conduct media outreach
- Monitor media, including social media, and advise on appropriate response
87% of U.S. chief executives said they were worried that cyberthreats could impact growth prospects, up from 69% the year before.*
*Source: 2015 US State of Cybercrime Survey, cosponsored by CSO, CERT Division of the Software Engineering Institute at Carnegie Mellon University, PwC, and the US Secret Service, May–June 2015