When security breaches result in lawsuits, M&R’s Cybersecurity Team provides aggressive representation of our clients’ business interests. Lawyers in the firm’s Commercial & Business Litigation Department are well versed in cybersecurity issues and poised to demonstrate client compliance with the ever-evolving best practices in the world of cybersecurity. M&R’s CBL attorneys, always mindful of clients’ business goals when developing litigation strategies, stand ready to zealously litigate cybersecurity cases from beginning to end.

Given today’s cyber climate, it is virtually inevitable that all organizations will experience a security breach at some point during their lifecycle – what is crucial to surviving such an incident is an effective breach response strategy. M&R’s Cybersecurity Team specializes in this area, coordinating with requisite vendors (e.g., forensics, network recovery, public relations, and insurance) as well as law enforcement and industry regulators during this critical time.

M&R also helps companies navigate the relevant maze of state and federal breach notification requirements.  While satisfying clients’ applicable reporting obligations, the firm also focuses on providing client response efforts with the maximum amount of attorney-client privilege protection allowed by law.

State and federal law requires companies to communicate privacy policies to consumers. Such policies must disclose how any given business collects, processes, discloses, stores, and destroys data as it relates to the individuals providing it. M&R’s Privacy Team assists clients in satisfying these statutory and regulatory mandates by creating clear and coherent data privacy policies that inform their customers about the protection and use of private consumer information.

It is important for businesses to develop clear internal policies specifying the types and intended use of consumer data collected. Companies must understand that indiscriminate data collection (i.e. collecting customer information with no immediately identifiable business purpose) can be problematic and could unnecessarily create potential liability in the event of a data breach, with no offsetting organizational benefit.  Also, businesses that collect data from a myriad of sources subject to a wide range of use restrictions must tread lightly given the difficulty in identifying how such information can be utilized.

M&R’s Privacy Team counsels clients on how to align data collection and disclosure practices with current and future business plans. At the same time, the firm provides advice and counsel regarding risk assessment, management, and strategies to (1) expand potential uses for collected data and (2) open up actual or pseudonymous data sets for use in analytics, monetization, or other purposes.

The optimal time to prepare for a potential cyber incident is before the occurrence of a costly breach. Toward that end, M&R’s Cybersecurity Team helps clients prepare tailored Incident Response Plans (IRPs). IRPs allow companies to more easily identify potential threats in their security environments, implement systems for reporting such threats to key stakeholders, and provide roadmaps for satisfying state and federal regulatory compliance obligations in the event of a breach.

When it comes to cybersecurity, one size does not fit all, which is why M&R’s IRPs are tailored to address the unique structure and geographic composition of each of our clients, as well as the responsibilities and capabilities of their key personnel.

An IRP should not be executed for the first time in response to an actual emergency. For this reason, M&R’s Cybersecurity Team trains our clients’ key c-suite and information security personnel to respond to simulated attacks using real-world tabletop exercises. These safe and controlled exercises help stakeholders to fully grasp and internalize the reality of cyber attacks and their impact on business operations. They also prepare executives and staff to confidently respond when actual breaches occur, using the skills and tools developed through this comprehensive training.