Today, “data” is a critical business resource, just like labor, equipment, and capital. Virtually every business has become “data intensive,” and for many businesses, their data holds significant economic value to them, their employees, and their competitors. That data, and the systems that process and store it, are subject to a wide variety of threats from both internal and external sources. Certain types of data are subject to federal and state regulatory requirements involving its storage, use, and unauthorized disclosure, and the failure to understand and follow these requirements can result in significant penalties, expense, and lost revenue. Vandeventer Black’s cybersecurity and data privacy team has the resources and expertise to guide businesses in managing cyber threats and maintaining data security and privacy compliance.
Vandeventer Black takes a holistic “total business” approach to cybersecurity and data privacy by providing practical, real world approaches to address the entire spectrum of cybersecurity and data privacy issues. We provide guidance and assist businesses, both large and small, in managing the complex challenges associated with cybersecurity and data privacy by:
- Developing and reviewing cybersecurity incident response plans as well as developing and reviewing internal policies for data security, data privacy, employee social media use, and the use of business networks.
- Advising and assisting businesses in understanding the legal obligations created by the data in their possession or under their control.
- Assisting businesses in responding to incidents of unauthorized use and disclosure of proprietary data.
- Assisting businesses in maintaining compliance with state and federal requirements concerning data security, data privacy, and data breach reporting requirements, and providing advice and guidance concerning government audits and damage assessments.
- Managing the consequences of unauthorized intrusions into company systems, unauthorized access to, and unauthorized disclosure of, company information and other sensitive data such as, covered defense information (CDI), protected health information (PHI), and personally identifiable information (PII).
- Advising businesses on cyber risk management and working with insurers who provide first-party and/or third-party cyber liability coverage for Vandeventer Black’s business clients.
Our cybersecurity and data privacy team has experience with investigations and claims pursuant to the federal Computer Fraud and Abuse Act (CFAA) and the Virginia Computer Crimes Act, of unauthorized access to proprietary business data and systems. We help clients comply with state-mandated data breach notification requirements across the country. We assist clients with data security requirements and data breach investigations and advise businesses on laws impacting data privacy and security such as HIPAA, the Fair Credit Reporting Act (FCRA) and the Gramm-Leach-Bliley Act (GLBA). We also assist government contractors in understanding and complying with information security requirements in the Defense Federal Acquisition Regulations Supplement (DFARS).
Vandeventer Black is available to help companies develop procedures to minimize cybersecurity incidents, and address incidents that occur, including crisis management planning and reaction. When necessary, we provide counsel to both pursue responsible persons and defend against resulting incident claims as well as guiding our clients through the entire investigation process.
Our attorneys advise companies across a broad range of industries on state, federal, and international laws. In addition to helping clients understand and address complex and constantly evolving privacy laws generally, we also advise clients on privacy and security implications associated with such matters as mergers and acquisitions, outsourcing arrangements, government contracting, and other transactions.
We focus on helping our clients develop actionable solutions before and after problems arise. Since no system is ever 100% secure, cyberattacks and security breaches can occur despite intensive efforts to avoid them. When they do occur, companies need a coordinated and effective response. Our experience in multi-disciplinary crisis management allows us to advise our clients on handling emergent situations, in order to position them to move past incidents as effectively and efficiently as possible, with minimal impact to processes and operations.