What is SmartCyber Law?
Legal exposure often hinges on a lack of preparedness and perceived failure to comply with laws, public representations and contractual obligations. To combat this, the SmartCyber Law team conducts a variety of risk and compliance assessments around data, cybersecurity and privacy, including a review of legal, operational and technical policies and practices in view of applicable laws, industry standards and public norms.
Attorney–client privileged reviews provide a safer environment to evaluate applicable regulations, assess practices, identify potential gaps and facilitate candid discussions with stakeholders to mitigate risk. Additionally, technical or other experts we engage to assist on your behalf are included as privileged work product under attorney–client protections.
Areas of expertise
Our SmartCyber Law practice spans a full spectrum of services:
- Counseling and program management on system analysis.
- Government policy and regulatory compliance.
- Litigation and class-action defense.
- Incident response, crisis management and insurance.
- Investigations and regulatory enforcement.
Examples of the assessments we perform include systemic privacy program reviews, cybersecurity program reviews and enterprise risk audits.
Our additional expertise includes (click or tap to expand and learn more):
Policies and program management
We help clients document and operationalize programs in compliance with a spectrum of federal, state and foreign legal obligations including the Federal Trade Commission (FTC), Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accountability Act (HIPAA), Fair Credit Reporting Act (FCRA), Children’s Online Privacy Protection Act (COPPA), Driver’s Privacy Protection Act (DPPA), Video Privacy Protection Act (VPPA), California Online Privacy Protection Act (CalOPPA), Controlling the Assault of Non-Solicited Pornography And Marketing Act (CAN-SPAM), Telephone Consumer Protection Act (TCPA), state privacy and security laws, and Payment Card Industry (PCI) standards.
Third-party risk management, contracting and deal support
- Third party contracts: Vendors and other third-party relationships present one of the largest cyber and privacy risk vectors. Many of the worst cyber incidents of the past decade have been attributed to such relationships. Therefore, we advise clients on vendor risk-management programs, contract provisions and negotiation strategies to address intellectual property (IP) and data rights, cybersecurity, data privacy, and liability/indemnity obligations. Our work includes an array of cloud services, customer-supplier deals, software agreements and data licensing.
- Breach preparation, incident response planning and tabletop exercises: Security incidents are inevitable in today’s interconnected world, so it pays to be prepared. That means having an effective Incident Response Plan (IRP) along with a cross-functional team that knows how to use it. We help develop a practical IRP that functions as a playbook for guiding the response team through an incident investigation and key decision points. We also assist in reviewing the plan through a Tabletop Exercise, during which the designated response team meets to work through hypothetical scenarios and “test” the IRP, confirming it meets the organization’s needs and effectively addresses roles and responsibilities, communication needs and decision-making tasks.
- Cyber liability insurance: Shifting cyber and privacy exposure is a core risk-management function. We advise clients on suitable cyber insurance terms and coverage amounts to address their enterprise risk tolerance. Our advice helps clients improve policy language and maximize insurance recoveries.