Data Security and Information Privacy

Information technology is everywhere today, including in our hospitals and doctors’ offices, generally making life easier and less costly for both service providers and consumers.  Because of the risks of exposure of sensitive or private information, however, cybersecurity and protection of personal information requires a dedicated team of lawyers who have experience with information security and privacy and its constantly changing rules and regulations.  Whether caused by a simple mistake, like an employee misplacing a USB drive, to intentional, like sophisticated cyber attacks by external malicious actors, security breaches can range from a minor nuisance or inconvenience to a crippling

Read More

Information technology is everywhere today, including in our hospitals and doctors’ offices, generally making life easier and less costly for both service providers and consumers.  Because of the risks of exposure of sensitive or private information, however, cybersecurity and protection of personal information requires a dedicated team of lawyers who have experience with information security and privacy and its constantly changing rules and regulations.  Whether caused by a simple mistake, like an employee misplacing a USB drive, to intentional, like sophisticated cyber attacks by external malicious actors, security breaches can range from a minor nuisance or inconvenience to a crippling critical event for a company.

Data Security

Attorneys on Lewis Thomason’s data security team have experience in diverse industries, including healthcare, finance, education, and nonprofit.  Our firm helps clients navigate complex layers of federal and state law, including data breach notification and privacy protection acts and accompanying regulations.  Through our approach working closely with in-house technology departments, we help our clients manage and protect customers’ personal data, proprietary information, and other information assets.  We take a multidisciplinary approach to effectively manage breach responses and mitigate losses resulting from a data security incident.  Our attorneys begin assisting our clients at the discovery of a data security incident, provide a legal assessment of the incident, and, if necessary, guide them through the response stages to ensure that they meet legal, regulatory, and contractual obligations.

To minimize client exposure to liability and mitigate reputational risks, Lewis Thomason provides cybersecurity services in two primary areas:  legal advisory and litigation and regulatory defense.  We offer a range of legal advisory services in this area including internal risk assessment, awareness, mitigation, and training; security policy development and review; incident response plan development and review; data security incident investigation and breach response management; and leading ransomware attack response and recovery efforts.  Lewis Thomason has served as breach coach counsel to companies and organizations in a variety of industries.  We have effectively and efficiently helped clients through the often challenging and complex breach response process in breaches ranging from one individual to hundreds of thousands of individuals.  Our litigation and regulatory defense services include representation in lawsuits as well as state and federal administrative investigations arising from data breach incidents.

Information Privacy

Lewis Thomason provides information privacy services to a wide range of industries, including healthcare, education, including universities, non-profits, e-commerce, and information technology.  We assist our clients in compliance with complex and often changing data privacy laws and regulations.  Our range of information privacy services includes regulated data assessments, privacy policy drafting and review, procedure review and implementation consulting, privacy incident investigation and response, and privacy notice review.

Read Less