Cybersecurity, Data Protection, & Privacy

The importance of data privacy and cybersecurity has been highlighted by the almost-daily news reports of data breaches.

Some of those incidents are the result of internal mistakes, like lost or stolen laptops, while others are the result of malicious attacks through vectors like phishing emails or malware-compromised flash drives. In the last year, the number of ransomware attacks—where malware is used to lock computer files and other electronic assets belonging to the victim until a ransom is paid—have increased significantly.

For these reasons, assuring cybersecurity has become a necessity for businesses across all industries. Jackson Walker’s Cybersecurity practice serves as a resource for businesses taking proactive steps to manage their cybersecurity risks, including helping clients acquire and negotiate insurance coverage to protect their businesses from the consequences of a breach. We are there to walk alongside you when your company experiences a data breach, leveraging the experience garnered from years of assisting clients through the myriad of regulatory, practical and technical steps that need to be taken when a breach occurs and assisting with recovery of any insurance proceeds for losses and liabilities. Our extensive experience litigating insurance coverage disputes allows us to handle the challenging issues presented by cyber-insurance matters.

The consequences of information compromise present business issues that require legal planning and action to mitigate the risks to the enterprise and its owners. We encourage a proactive approach to lay the groundwork to protect legal interests, promote strong corporate governance, and reduce the potential of financial losses, legal missteps, significant litigation, and other actions arising from information compromise.

  • Representing a market leader in secure file transfer, in venture capital investment in a whitelisting application company
  • Defended class action seeking $50 million in damages from an Internet-based publisher of geopolitical analysis that fell victim to an “anonymous” hack resulting in theft of its subscribers’ credit card data.
  • Advised clients on proper procedure and conducts forensic investigations in the event of a security breach, both from external hackers and internally by disgruntled employees.
  • Advised national non-profit regarding ramifications of data disclosure when third party software unintentionally wrote donor/member data into a publicly viewable internet page.
  • Assisted hospital system impacted by employee data disclosure resulting from the Anthem data breach
  • Assisted hospital system with ransomware incident
  • Guided multiple clients through regulatory and industry standards compliance, including Payment Card Industry Data Security Standard (PCI DSS), Critical Infrastructure Protection (CIP) reliability standards, and Automated Clearing House (ACH) transaction standards
  • Assistance in the development of policies in relation to security and enforceability for online transactions for a banking institution
  • Drafted standard HIPAA documentation and forms (including Notice of Privacy Practices, Policies & Procedures, Business Associate Agreements, Patient
  • Authorizations, and breach notification forms) for the Texas Medical Association to provide to its physician members

Our team is composed of attorneys from across the firm. We believe that by taking a multi-disciplinary approach, we can efficiently and effectively provide our clients with the advice and counsel they need for a full spectrum of legal concerns.

  • Health Insurance Portability and Accountability Act (HIPAA)
  • Health Information Technology for Economic and Clinical Health Act (HITECH)
  • Genetic Information Non-discrimination Act (GINA)
  • Gramm-Leach Bliley Act (GLBA)
  • Regulatory compliance
  • Website privacy policies
  • Information security policies and procedures
  • Document retention policies
  • Best practices for information handling
  • Employee training programs
  • Commercial transactions that involve the transfer of personal information
  • Vendor agreements
  • Incident response plans
  • Data breaches and breach notification
  • Working with security professionals and forensic experts
  • Data breach litigation European Union data protection requirements
  • Complying with import and export regulations related to encryption technologies
  • Advising boards and executives on risk management