Data Privacy & Security
In today's data-driven marketplace, the amount of information being created is growing at an exponential rate and changing the way we do business. Companies continue to adapt, using data in new and innovative ways to deliver decisive insights. However, that rapid expansion also means that data is under attack like never before, and regulatory scrutiny and compliance challenges are only increasing. Businesses large and small need advisors to navigate this complex risk management and regulatory landscape with pragmatic, cost-effective solutions, and to respond with urgency and agility when the unexpected occurs. We are ready to help.
Much Shelist guides its clients in diverse industry sectors through all aspects of data privacy and security — from risk assessment and management to data breach response and remediation — with the goal of ensuring compliance with regulatory requirements and fiduciary obligations. Our attorneys have investigated and remediated dozens of security incidents and have significant experience interfacing with regulatory authorities concerning data privacy issues. We understand the need for straightforward, practical solutions to the challenging issues surrounding data privacy and security.
Our attorneys offer the following services:
- Data Breach Preparation, Response and Remediation, including developing and implementing data breach incident response policies, leading investigations in the event of a breach, and handling dispute resolution with affected parties and regulators.
- Regulatory Compliance and Counseling, including counsel regarding data privacy and security regimes such as HIPAA, the Gramm-Leach-Bliley Act, the Payment Card Industry Data Security Standard, the EU-U.S. and Swiss- U.S. Privacy Shield Frameworks, and the EU General Data Protection Regulation (GDPR).
- Risk Assessment and Scoring, including analysis and assessment of risk probability and impact to help clients develop a comprehensive data risk strategy.
- Transactions and Third-Party Audits, including counseling clients regarding data protection requirements, indemnification and risk allocation, as well as assisting clients in identifying, auditing and partnering with existing counterparties and business partners to ensure adequate data security and risk management.
General Data Protection Regulation
The European Union's General Data Protection Regulation (GDPR) took effect on May 25, 2018. Data processors and American firms that market goods or services in Europe must develop key strategies for financial protection and compliance. Much has advised clients in multiple sectors concerning GDPR compliance and contracting, and stands ready to work with you in developing a value- and risk-based approach to this new regulatory regime.
Our GDPR Compliance Checklist provides a sample of the considerations that every affected enterprise must consider.