Cybersecurity, privacy and data breaches continue to make headlines. No doubt about it, confidential and sensitive personal and corporate information is always at risk of cybercrime and infiltration by nation-state attackers.
The key to defending against cyberattack is preparation; more specifically, developing the policies, plans and strategies necessary to prevent cyber, privacy and data breaches and mitigate potential damage when they occur. To that end, M&R’s cybersecurity & privacy lawyers work diligently to protect our clients’ security environments, maximize uninterrupted use of networks, and avoid unauthorized access and cyber incidents.
Managing risk, liability and litigation associated with cybercrime has never been more important due to the reputational and financial harm such events may cause. Our practice area pros leverage vast legal and technical experience for the benefit of enterprises across industries, providing them with guidance concerning the cybersecurity and privacy requirements they must implement and rigorously follow. As an add-on, we also serve in an outsourced counsel capacity, advising clients on best practices; proactive, pre-breach planning; and post-breach incident response.
Areas of Expertise
Cyber Risk Assessment
Data Privacy & Management Practices
Incident Response & Pre-Breach Planning
Information Security Policies & Procedures
Merger & Acquisition Due Diligence
Privacy Data Policies
Training & Tabletop Simulations
Trained insurance client executives and key employees in incident response plan protocols and advised on methods to improve security policies and procedures.
Counseled health care provider relating to alleged data breach by litigation opponent.
Counseled e-commerce retailer regarding data breach by third-party payment processor and issuance of statutory notifications.
Represented health care provider in breach response investigation and issuance of statutory notifications.
Represented university in breach response investigation and counseled on removal of private data from public websites.
Represented financial service provider in investigating and responding to data breach incidents.
Represented a gaming, hospitality and entertainment company in one the largest ever data breach investigations concerning the exfiltration of customer PII on the Darknet. Successfully avoided fines, penalties or civil actions brought by states attorneys general.
Acted as lead counsel in representing virtual payment industry client in matter involving claims under the Computer Fraud and Abuse Act (CFAA) in a civil context concerning the alleged hacking of client’s computer system and theft of trade secrets by a business competitor.
Acted as lead trial counsel in a case involving claims under the Computer Fraud and Abuse Act (CFAA) in a civil context concerning the anti-competitive hacking of client’s computer system by a business rival resulting in an award of $10 million in damages for client.
Advised clients on FTC, OCR, SEC and state attorney general investigations and enforcement actions for alleged data security and privacy violations.
Advised clients on managing FTC Consent Orders and CIDs in connection with data security incidents.
Advised major health care providers and health plans on all aspects of HITECH security breaches, including HHS OCR and state enforcement.
Advised numerous major retailers, financial institutions, and other companies on proactive cybersecurity readiness, including developing and conducting full-scale tabletop exercises for C-suite executives and boards of directors.
Counseled numerous technology companies (both as publishers and advertisers) on data collection and sharing issues (including online behavioral advertising and big data initiatives), collection and use of geolocation data, and EU-US cross border data transfers.
Counseled major retail and consumer goods companies on privacy issues associated with the use of radio frequency identification (RFID) and data collection from mobile devices.
Advised multiple clients on privacy, monitoring and surveillance issues under federal, state and international laws and prepared related customer policies and operational procedures for data sharing and monetization.
Conducted comprehensive privacy and information security policy assessments of major U.S. gaming, retail, entertainment, hospitality and consumer goods companies, including extensive data flow mapping, implementation of multiple privacy policies, information governance, and security and records management procedures.
Developed and implemented comprehensive global records management program for one of the world’s largest technology outsourced consultancy firms, including preparation and implementation of data security and privacy standards and procedures and numerous records retention schedules.
Counseled software developer on revision of privacy policies, end-user license agreements, end-of-support announcement and requirements for user sweepstakes program.
Represented multi-state financial services client in responding to government inquiries regarding product data security.
Represented multi-state insurance clients in development of incident response plans and network security policies.
Drafted cybersecurity policies, incident response plans, third-party service provider security policies, disaster recovery plan and other cybersecurity policies on behalf of national insurance broker.
Drafted data governance policy and assisted in data mapping exercises for EU GDPR compliance on behalf of international music instrument retailer.
Drafted cybersecurity policies, incident response plans, third-party service provider security policies and other cybersecurity policies for an international supply chain vendor.
Drafted data governance policy and assisted in data mapping exercises for EU GDPR compliance on behalf of international clothing retailer.
Defended corporate victim of security breaches resulting from criminal tampering of POS terminals and ATMs; managed and led forensic investigations, breach notification and PR efforts surrounding crisis management resulting in the successful prosecution of threat actor by the US Secret Service and FBI.
Lead counsel representing an enterprise software company against Crabby Hacker in a case involving a civil ex parte search warrant and claims concerning theft of trade secrets, the Digital Millennium Copyright Act (DMCA) and client’s trademark.