A robust set of documentation promotes mature business operations while also evidencing reasonable practices in the event of regulatory investigations or legal disputes. We work with clients on public-facing materials, such as website terms of use and privacy policies, as well as their internal cybersecurity, privacy, incident response and employee practices, such as for acceptable use and social media. We also advise clients on the use of data analytics, machine learning (ML) and artificial intelligence (AI), advertising, marketing, sales, and other data-utilization opportunities involving personal data.

We help clients document and operationalize programs in compliance with a spectrum of federal, state and foreign legal obligations including the Federal Trade Commission (FTC), Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accountability Act (HIPAA), Fair Credit Reporting Act (FCRA), Children’s Online Privacy Protection Act (COPPA), Driver’s Privacy Protection Act (DPPA), Video Privacy Protection Act (VPPA), California Online Privacy Protection Act (CalOPPA), Controlling the Assault of Non-Solicited Pornography And Marketing Act (CAN-SPAM), Telephone Consumer Protection Act (TCPA), state privacy and security laws, and Payment Card Industry (PCI) standards.

• Third party contracts: Vendors and other third-party relationships present one of the largest cyber and privacy risk vectors. Many of the worst cyber incidents of the past decade have been attributed to such relationships. Therefore, we advise clients on vendor risk-management programs, contract provisions and negotiation strategies to address intellectual property (IP) and data rights, cybersecurity, data privacy, and liability/indemnity obligations. Our work includes an array of cloud services, customer-supplier deals, software agreements and data licensing.
• Breach preparation, incident response planning and tabletop exercises: Security incidents are inevitable in today’s interconnected world, so it pays to be prepared. That means having an effective Incident Response Plan (IRP) along with a cross-functional team that knows how to use it. We help develop a practical IRP that functions as a playbook for guiding the response team through an incident investigation and key decision points. We also assist in reviewing the plan through a Tabletop Exercise, during which the designated response team meets to work through hypothetical scenarios and “test” the IRP, confirming it meets the organization’s needs and effectively addresses roles and responsibilities, communication needs and decision-making tasks.
• Cyber liability insurance: Shifting cyber and privacy exposure is a core risk-management function. We advise clients on suitable cyber insurance terms and coverage amounts to address their enterprise risk tolerance. Our advice helps clients improve policy language and maximize insurance recoveries.