Electronic data fuels innovation and productivity for the global economy, but the connectivity that is revolutionizing workplace collaboration is also creating unprecedented vulnerability to data theft, loss and disclosure.
Effective data security must protect the intellectual property of the company and the privacy rights of customers and employees, while at the same time preserving the data accessibility the marketplace demands. Schiff Hardin mobilizes attorneys from across the firm’s practice groups and offices to provide our clients with a multidisciplinary, national Cybersecurity and Data Privacy Client Service Team to address these challenges.
Risk Management Means More Than Breach Prevention
Perfect data security and perfect legal compliance are unlikely in the current environment. Technology provides malefactors, both foreign and domestic, with the upper hand, and the laws governing data security in the United States are a patchwork of inconsistent state and federal statutes and regulations that fall short as a reliable roadmap for corporate best practices. The overlay of an evolving body of global data privacy law only complicates the compliance landscape. Cyber breaches are inescapable for even those companies with the most sophisticated security framework, and the investigations that follow each breach usually uncover at least some corporate compliance issues.
When a Breach Happens, Neutralizing the Business Risk Requires Skilled Advocacy
Meaningful risk management requires much more from outside counsel than a checklist of cyberlaw do’s and don’ts. Our goal, and how we measure success, is helping our clients minimize cybersecurity risk as a threat to customer goodwill, corporate intellectual property and shareholder confidence. We help clients develop and communicate a persuasive company narrative that places a cyberbreach in the proper context and demonstrates to all relevant constituencies — regulators, shareholders, customers, employees and the courts — that they can and should continue to have confidence in the company’s data security and culture of corporate compliance.
The building blocks for this narrative should already be in place before a breach occurs. An integrated data security strategy views legal compliance as an important element but not the final measure of success. Our team is uniquely positioned to help the client neutralize data security as a business risk both before and after a breach occurs.
Our Firm Stands Ready With a Multidisciplinary, National Team
Our Cybersecurity and Data Privacy Team combines the skill sets of trial advocates, subject matter experts and compliance counsel, and reflects our firm’s depth of experience in both trade secrets litigation and corporate internal investigations.
Long before “cybersecurity” became a watchword in corporate boardrooms, our Trade Secrets litigators had substantial experience investigating and bringing to trial complex claims for theft of electronic data, often relying on sophisticated computer forensic analysis. Although cyberbreaches involving consumer information may receive substantial public attention, the breaches of greatest economic value remain thefts of trade secrets and other sensitive commercial information.
At the heart of our Cybersecurity and Data Privacy Team are attorneys who grapple daily with the challenges of translating legal compliance into policies and procedures and of negotiating appropriate contracts to protect and share confidential business and personal information. Our attorneys provide counsel on compliance with industry-specific standards such as the Payment Card Industry (PCI) Data Security Standards as well as industry-specific privacy laws such as those applicable to medical (HIPAA) and financial (Gramm-Leach-Bliley) data. We also advise clients on online data collection and crafting website privacy policies.