Industry-Specific Cybersecurity Experience

We have extensive cybersecurity experience in handling matters for clients in industries particularly vulnerable to cybersecurity attacks, such as:

• Health Care: HIPAA compliance, privacy, and security risk associated with electronic health record (EHR) systems and personal health information; business associate agreements; security breach incident response, including mitigation, remediation, breach notification, and working with IT forensics professionals, state and federal law enforcement and regulators, and affected individuals; notices of privacy practices 
• Financial Services: Gramm-Leach-Bliley Act and Fair Credit Reporting Act/Fair and Accurate Credit Transactions Act compliance; information security best practices and regulatory requirements relating to aggregation and sharing of personal financial information, privacy and security safeguards, outsourcing, and breach incident response and notification; consumer privacy policies 
• Retail: FTC compliance, including disclosure and safeguards for online, mobile, and social media information collection, use, and sharing practices; consumer protection and marketing regulations such as Controlling the Assault of Non-Solicited Pornography and Marketing and the Telephone Consumer Protection Act of 1991; state data security and breach notification laws
• Insurance: Insurance-specific data security program requirements; insurance-specific data breach notification requirements; development of standards and guidance by the National Association of Insurance Commissioners