It starts with an innocent click to open an attachment or to follow a legitimate-looking link in an email. A laptop or smartphone is accidentally left in an airport. A briefcase of paper files is forgotten in a coffee shop.
Each of these simple acts can open the gates to a company’s information assets, resulting in the unintentional release of personal information, intellectual property, or other confidential materials. Data breaches have dominated the headlines in recent years, and the trend shows no sign of slowing down.
In this era of the mega breach, businesses face unprecedented challenges in the governance and protection of their information assets and in complying with an ever-changing regulatory landscape. To help our clients meet these challenges, attorneys from Schnader’s Privacy and Data Security group advise on information governance issues and help our clients navigate the complex framework of state, federal, and international laws that impact the way they collect, share, and dispose of sensitive personal information. From highly-regulated financial institutions, to unregulated retail companies, from healthcare providers to higher education and other non-profit organizations, we work closely with our clients to ensure they comply with relevant regulations and privacy best practices wherever they operate.
Schnader attorneys understand the importance of a proactive approach to privacy and data security issues. We perform privacy impact assessments for clients in order to identify potential privacy issues, and recommend measures to prevent or minimize the risk of a privacy breach. We develop policies and procedures that meet our clients’ legal compliance requirements and minimize the possibility of data loss, while honoring their corporate culture, their mission, and their businesses.
In addition to advising our clients on compliance issues, we review and advise on their existing policies and procedures relating to data security, internal security procedures, use of electronic systems, and privacy and data retention. We provide training to our clients’ employees to ensure their compliance with these policies and procedures, and to create an awareness that information assets are valuable and that everyone in the organization has a responsibility to protect them.
We prepare and negotiate vendor contracts involving access to personally identifiable information (PII), personal health information (PHI), and other sensitive information to ensure the appropriate protections are in place. We also evaluate our clients’ existing insurance coverage to help them assess first party and third party risk exposure, and we advise on the combination of insurance products to minimize risk and reduce the length of their business interruption.
We work with our clients to assemble breach response teams and to devise and test incident response plans. In the event of a breach, we manage the response team to implement the incident response, guide our clients through the immediate crisis period, and assess and implement notification procedures, including working with the appropriate state regulators. We also provide post-incident counseling to deal with resulting business interruption, fines and costs, and compliance issues. Our litigation and class action attorneys handle any state or federal investigation or private litigation that results from a data breach.
Our experience includes:
- Counseling clients on compliance with U.S. federal statutes addressing privacy issues, such as the Health Insurance Portability and Accountability Act (HIPAA) and the Children’s Online Privacy Protection Act (COPPA).
- Counseling clients in a wide range of industries on privacy policies and procedures, bring your own device policies, and social media issues.
- Reviewing and negotiating contracts with our clients’ vendors with access to client PII, PHI, and other sensitive information, as well as business association agreements under HIPAA.
- Performing data security assessments.
- Advising clients on data protection requirements of the U.S., the European Union, Canada, and Mexico.
- Counseling clients on information governance, records retention, and eDiscovery issues.
- Advising clients on strategies and risk management in connection with the unauthorized access of data by third-parties.
- Counseling clients on data breach response and notification requirements.
- Instituting and implementing a data breach response plan for a HIPAA-regulated entity.
- Working with client’s insured to ensure proper reimbursement and coverage of data breach related expenses.
- Identifying, vetting, and securing cyber security forensic team to identify cause of breach of PII data within a nationwide staffing agency.
- Advising client on viability of claim against third party vendor for causing data breach.
- Executing notification to state agencies and individuals following ransomware breach of international import/export company.
News & Publications
- What Do the SEC’s Proposed Whistleblower Rule Amendments Mean for Businesses?
- Internal Investigations: Five Tangible Benefits of Responding Promptly and Decisively to Reports of Misconduct
- Laurel Gift Prepares Testimony for PACDL about Sentence Risk Assessment Instrument
- Theresa E. Loscalzo Receives Philadelphia Business Journal’s 2018 Woman of Distinction Award
- Taking Statements During Internal Investigations: Garrity and the Fifth Amendment May Prevent Use in Subsequent Legal Proceedings
- Pa. Supreme Court Decision Points the Way to Grand Jury Reform
- How Businesses Can Deal With Cryptocurrency Risks
- Ninth Circuit Panel Reverses Denial of Uber’s Motion to Compel Arbitration of Misclassification Claims and Upholds Class Action Waiver
- Philadelphia U.S. Attorney Pledges to Prosecute Trade Secret Theft
- Laurel Gift Joins the Women’s White Collar Defense Association
- The DOJ’s New Officially Unofficial Policy May Enable Federally Regulated Business To Avoid Criminal Charges
- It’s a Slam Dunk: Take Steps Now to Avoid Tough Lessons Learned by Several NCAA Basketball Programs
- How the Federal Grand Jury Process Works
- New PA Superior Court Decision Indicates Extra Precautions Needed by Attorneys to Protect Work Product of Third Party Consultants
- Double SCOTUS Rulings Provide Guidance on Sentencing
- Stephenie Yeung Published “Cybersecurity for Midsize and Smaller Law Firms: 10 Tips to Take Action Now”
- Theresa Loscalzo Presents “Success Begets Success: The Importance of Women Supporting Women”
- Laurel Gift Wins a Burton Award for the Finest Law Firm Writers of 2018
- Theresa Loscalzo Elected to Schnader’s Executive Committee
- Laurel Gift Elected to the PACDL Board of Directors
- Laurel Brandstetter Published “Lessons in Ethics and Compliance: March Madness or March to Readiness”
- Kastner, Yeung, Chou, and Lewis Publish “Crucial Tips for Using IP Watching and Enforcement to Protect Your Business”
- The DOJ’s New Officially Unofficial Policy May Enable Federally Regulated Business to Avoid Criminal Charges
- Laurel Gift Quoted in Corporate Counsel
- Supreme Court Narrows Whistleblower Definition Under Dodd-Frank: Now Are Your Company’s Compliance Systems in Order?
- Whistleblower Status Up For Debate Before SCOTUS: Digital Realty Trust Inc. v. Somers
- Laurel Brandstetter Publishes Op-Ed on Russia Investigation Indictments in Patriot-News
- It’s A Slam Dunk: Take Steps Now to Avoid Tough Lessons Learned by Several NCAA Basketball Programs
- How the Federal Grand Jury Process Works
- Laurel Brandstetter’s Op-Ed on Mueller Grand Jury Published in Philadelphia Inquirer
- Laurel Brandstetter Comments on PA Gaming Control Board
- Stephenie Wingyuen Yeung Named to Schnader Partnership
- Schnader Welcomes Laurel Brandstetter to Firm
- Wenner Quoted in “With Domino’s Lawsuit, New York AG Goes for Joint Employer Liability”
- Privacy Shield Takes Another Step Forward
- Schnader Litigation Practices and Attorneys Recognized in the 2016 Benchmark Litigation Guide
- Theresa E. Loscalzo Received 2015 Most Powerful & Influential Woman Award
- Data Security and the FTC: FTC v. Wyndham Worldwide Corp.
- Contextual Privacy: What Is It and Why Does It Matter?
- Stephenie Yeung Earns Certified Information Privacy Professional Credential
- If you think you have consent to autodial a cell phone, you may need to think again
- Pittsburgh CLE Seminar on “Introduction to Grand Jury Practice”
- Laurel Brandstetter and Nicole Leach Presented about Internal Investigations and Athletics Compliance in Higher Education
- Matthew Tamasco Spoke at SFIA Conference
- Mark Lee Moderated Cyberspace CLE Program
- Protecting Your Intellectual Property in a Digital Age
- Rebecca Lacher and Stephenie Yeung Presented Legal Ethics Workshop
- Anne Kane and Ira Richards Presented “Protecting the Privacy of Your Employees and Customers”
- “Data Breach: Your Organization Needs a Plan”