MSK sits at the forefront of one the fastest growing concerns in today’s digital world, bringing together experts that provide services to its clients in the areas of cybersecurity and privacy protection. We assist grappling with a host of rapidly evolving concerns, such as:
- Preparedness and internal controls;
- Responses and breach notifications;
- Internal and external investigations;
- Compliance with federal and state data protection and privacy laws and regulations;
- Privacy policies and procedures;
- Website terms and conditions;
- Identification of causation and remedial security activities;
- Reputational and public relations challenges arising from cyber-attacks;
- Developing smart public policies regarding security of critical infrastructure;
- International human rights and public international law issues related to cyberwarfare and government use of cyber tools.
Whether the need is to assess compliance with international law standards; collect and protect citizen, employee or consumer data; comply with existing and rapidly evolving US state and federal privacy laws and regulations; defend or prevent class action lawsuits or other threatened litigation, evaluate insurance coverage, disclose information to and work with law enforcement, or otherwise respond to highly disruptive cyber hacking, MSK’s lawyers know how to address these and the other related and challenging issues.
Spotlight
MSK provides counseling and assistance from the first step of designing and initiating privacy protections and data breach prevention through incident reporting, working with law enforcement, federal and state regulators and your business partners, and providing other crisis management advice.
Through our membership in multiple international law firm consortia and the relationships our lawyers have with practitioners throughout the world, we are able to provide these services on a worldwide basis as companies continue to face the serious challenge of cybersecurity which affects companies of all sizes, regardless of their location. Whether your company directly retains sensitive information for its own use or is holding that information for third parties, you are equally at risk of intrusion. Any machine connected to the internet or an external device, such as a USB flash drive, is susceptible to being hacked.
Cases
Representative Clients
Given the strength of the firm in the new media market, we regularly prepare terms of use, privacy statements and other contractual materials for firms in a wide variety of industries which regularly do business online, including Securities and Exchange Commission disclosure requirements for financial-services providers. We also assist clients with the gamut of issues spanning pre-breach processes/preparations through post-breach claims/dispute resolution, including advising companies about complying with state and federal laws governing the protection of personally identifiable information and requirements in the event of a breach. And, when a specific issue arises, such as a breach, we help our clients respond legally but also assisted with crisis management and interacting with relevant law enforcement authorities.
For example:
- When a national client discovered its system had been hacked and personal information about its employees and customers (located in multiple states) had been posted online, we worked with the company’s legal and IT departments, as well as internal and external investigators and federal law enforcement, to address the breach and its consequences, including remedial activity.
- When a multinational client discovered its system had been breached, they called us in to work with the legal and IT departments to determine the scope of information which had been compromised, including whether personally identifiable information or attorney-client or work product privileged communications and documents had been exposed. We also advised the client regarding addressing the breach and its consequences.
- When the owner of a retail website discovered its IT director had failed to encrypt individual and credit card payment data on the company’s website, we advised regarding the notice requirements in multiple jurisdictions and how to otherwise minimize exposure.
- When our client discovered its payroll and personnel services provider had been breached, we advised about issues related to the protection of employee data and counseled the company regarding how to comply with the relevant notice requirements. We also assisted the client to identify and manage its legal obligations when its health insurance provider was subjected to a breach, compromising the private personal and medical information of the client’s employees located throughout the U.S.
- When it was discovered that our client’s Twitter account was hacked and a defamatory post published, we advised on the appropriate response and the legal options available.
- When a prominent food company discovered its system had been breached, we supported the company’s efforts to track down the source of the intrusion, stop the improper communications, determine whether any confidential or personally identifiable information had been made public, and shore up its systems and internal controls.
