Benesch’s Data Privacy & Cybersecurity Team has been advising clients on data security and privacy issues in the U.S. and around the world for years, helping them to protect sensitive information and data.
Benesch understands that for many of our clients, business is done online. With the growth of the online economy comes a new and constantly unfolding web of best practices, regulations, and legislation meant to manage the privacy and cybersecurity risks associated with the collection, use, and disclosure of personal information. We have more computers, mobile applications, 24/7 connectivity, and evolving security threats than ever before, while being subject to more stringent legal requirements and security standards. Additionally, in certain industries, such as healthcare, financial services, and e-commerce, data security and privacy have taken on extra significance. This complex, evolving landscape makes it more important than ever for clients to have access to experienced data security and data privacy professionals.
Benesch’s Data Privacy & Cybersecurity Team is composed of attorneys from our 3iP (Innovations, Information Technology and Intellectual Property), Healthcare, Labor & Employment, and Litigation Practice Groups, giving you an interdisciplinary team of lawyers who can cover your needs across every part of the data life cycle.
Innovations, Information Technology & Intellectual Property
Benesch’s 3iP Practice Group has more than 25 attorneys, patent agents, and paralegals, many of whom are former scientists or engineers. Several of our attorneys are members of the International Association of Privacy Professionals (IAPP) who have achieved CIPP certifications.
We regularly assist a range of clients, from large, publicly traded companies to privately held middle market companies, in their global data security privacy compliance efforts, breach response and mitigation actions, and related issues. We also regularly handle complex transactions involving all manner of U.S. and foreign data privacy compliance.
We are unique in that we are a large general practice law firm with a full data security and privacy compliance and litigation practice. We provide strategic advice and assist our clients to develop strategies to protect, enforce, and commercialize data, IP assets and rights, and, if necessary, litigate data breach and IP disputes across the country.
We do extensive data security compliance work, helping our clients comply with a variety of federal, state, local, and foreign laws, rules, and regulations in the U.S., Canada, and the EU/EEA, including:
We also assist our clients in applying best practices for complying with the vast array of data security and privacy technical standards and guidelines, including PCI-DSS, AICPA SOC 1 and SOC 2, SSAE 16 and SSAE 18, ISO 27001, ITIL, COBIT, and NIST standards, as well as with data classification, breach response, and mitigation, and in creating and implementing applicable policies/procedures.
Benesch's Healthcare+ Practice
Updates to HIPAA have rippled throughout the healthcare industry to now directly regulate vendors and other service providers to the healthcare industry (“business associates”), along with hospitals, health plans, doctor’s offices, and others within the industry, who must take special care in managing information about patients and their care. One of the most noticeable trends in the industry is the movement to electronic medical records and use of electronic tools to manage care.
Benesch understands the technology and regulations shaping the healthcare landscape. Our team members offer diverse perspectives, specialized knowledge, and experience that provide an insider’s viewpoint and deep understanding to each engagement.
Benesch's Labor & Employment Practice
Employers face major regulatory challenges from HIPAA, the Fair Credit Reporting Act (FCRA), the Americans with Disabilities Act (ADA), and others. Management of the resulting data is critical, which has put a premium on the increased use of technology for data storage, sharing and security.
In today’s workplaces, it is important to have a partner who helps ensure the proper processes, policies and tools are in place to protect the sensitive information that belongs to your business, your employees, and your customers.
Benesch has experience providing training to privacy officers to maintain compliance with data security regulations, and we work with companies to prevent data loss or to help mitigate a data breach. In addition, the team is able to offer pragmatic advice on how to reduce the risk of employee data theft. An expansion of HIPAA has created compliance needs for companies doing business with entities in the healthcare industry. Additionally, more companies are moving to self-funded health plans, which require data security and compliance on par with what is expected of traditional health insurers.
Benesch's Data Privacy Defense and Response Team
Our Data Privacy Defense and Response Team combines our vast experience in the litigation of commercial disputes with our experience in data security and privacy law to create a focused litigation defense capability in the data security and privacy area. Our Data Privacy Defense and Response Team is national in nature with the capability of handling complex litigation arising from governmental enforcement actions, private actions, and class actions in courts across the United States under the new and growing body of data security law that is emerging within the United States. Working closely with our 3iP, Healthcare, and Labor and Employment teams, our Data Privacy Defense and Response Team ensures that clients have sophisticated counsel in connection with disputes that arise in this burgeoning and risk-laden area.
Working together, our team provides insightful counsel and deep experience in how to protect your business.
Assessing Enterprise Risk
Finding areas where your business is at risk is the first step to protecting it. We have developed standard methodologies and tools to perform comprehensive gap analyses and assess the risk of noncompliance based on the major U.S. and global cybersecurity and data privacy requirements. We take a holistic approach, working with leading cybersecurity and data privacy technology consultants to assess not only legal risk but also technical risk. We have years of experience reviewing our clients’ risk management plans, including their cybersecurity and data privacy insurance coverages. We also counsel boards of directors, given their increasing role in monitoring and effectively mitigating enterprise cybersecurity and data privacy risk.
Developing and Implementing Compliance Programs
We have extensive experience developing compliance programs related to cybersecurity and data privacy, including the essential element of employee education. We work with security experts to identify security vulnerabilities, and help our clients prepare, adopt, and implement response plans. If a potential privacy or security breach occurs, we routinely assist in assessing the situation and determining the appropriate response.
Managing Breach Response and Defending Cyber Liability Claims
Because rapid response is essential if a cybercrime, network intrusion, or other data incident occurs, our 24/7/365 Data Breach Hotline instantly connects our clients to an experienced attorney on the team. We work closely with other trusted professional service providers to assist them in handling incident response, crisis management, and breach mitigation.
Our 3iP practice, Data Privacy Defense and Response Team, and white-collar defense and corporate investigations practice work together to both defend and assist our clients to pursue and enforce their rights, working closely with law enforcement agencies as warranted when a cybersecurity or data privacy event occurs.
Incorporating Cybersecurity and Data Privacy into Transactions
Unlike most general practice firms, our data security and privacy practice is fully integrated into our IP and technology transactions practices. As a result, we bring extensive experience in how to incorporate cybersecurity and data privacy into every transaction. Our team works on the most sophisticated, high-value technology and M&A deals and has helped companies in a variety of industries (manufacturing, IT, financial services, medical devices, health services, and more) in connection with their most significant “bet the company” technology transactions. We have prepared and negotiated hundreds of license agreements, and an extensive array of privacy policies and records retention policies across a variety of industries. We have helped clients close over $1 billion in deal value of data-centric M&A deals in the last several years.
Reviewing & Negotiating Third-Party Contracts
We regularly review and negotiate third-party IP vendor and outsourcing contracts to assure adequate protections for confidential and proprietary information. We have handled these matters opposite some of the largest and most well-known third-party vendors in the world, including numerous engagements representing corporate clients in transactions with the leading IP vendor outsourcing vendors, including IBM, SAP, Oracle, Salesforce.com, Accenture, Deloitte Consulting, PwC, KPMG, Tata Consultancy, Wipro, Cognizant, Verizon, Amazon Web Services, Microsoft Azure, and many other national and international vendors. All of these involve complex data-centric transactions, including business process outsourcing (SaaS, IaaS, PaaS), and include comprehensive confidentiality, data security, and privacy provisions for both on-shore and off-shore outsourcing deals.
Advising On Data Localization Requirements and Cybersecurity Best Practices
We actively assist our clients on data localization matters and requirements, particularly within the U.S., Mexico, Central and South America, Europe, and Asia, and in terms of cybersecurity best practices. We regularly provide guidance on best practices and compliance requirements in connection with the collection, storage, and transmission of personal data and cross-border data transmissions.